This weekend, I was mulling over the question of how responsible we are – individually – for our online privacy. That's not an easy question to answer on a global basis. Coincidentally, I came across a couple of recent articles on the subject. What makes them interesting – and perhaps a bit distinctive – is that each addresses how much fault should be apportioned to the end-user.
Information Week comes right out and says so in their article, "Google's Privacy Invasion: It's Your Fault". The New York Times Bits Blog is more subtle in their take, "Disruptions: And the Privacy Gaps Just Keep On Coming." At least they spread the blame around, somewhat.
I waded into the issue myself about three weeks ago with my, "Beware the Ides of Google" post, when I pointed out that these companies give us all this free stuff for a reason.
However, they don't exactly fall all over themselves to clearly explain to the general public why they give us all this free stuff, either. I bet if I asked the average person, "How does Google (or Yahoo, or Facebook, or…) make money?", they wouldn't be able to articulate it very well (save for possibly being able to say that they make their money through 'advertising', whatever that means to them). The better question to ponder is, how these companies use your information to make money.
Everyone's screaming for 'the government' to regulate these matters; and 'the government' has responded with clunky, well-meaning and/or self-serving attempts like SOPA. No doubt, to a certain extent, the end-user is responsible for their own security, but I really like the way the NYT article attempts to equate the issue to how government, safety advocates (Ralph Nader, anyone?) and the general public drove (pun intended) the automobile industry toward seat belts, air bags and center tail lights.
I don't agree with it, but I really like it.
In my opinion, the reason this type of equivalency doesn't work is that the general public understood seat belts, air bags and tail lights. They could easily envision a head-on collision (in fact, they didn't have to envision it, since car crashes are reported in gory detail nightly on the evening news). On the other hand, they don't have a clue to life how their information is lifted from their devices and deposited in the hands of others; nor how, in a technical sense, to stop it.
In other words, the general public wants security protection, but they don't really know how to ask for it. Even if they install software or hardware that tells them they're more secure, they have no idea how to confirm that it's true (and many times, it's not, either because the stuff just doesn't work, or through lack of understanding, they either fail to complete the set-up process or complete it incorrectly). Ask me how many times I see unsecured wireless routers in range that are named LinkSys or Belkin. The purchaser plugged the thing in and went on their merry way, oblivious to the fact that it must be configured. But, they sleep better at night because they think they're secure.
To one extreme, the opinion is that the responsibility falls squarely on the end-user. To the other, the opinion is that Google, Facebook, et al, are techno-heroin. They hook the public, then when everyone's an addict, they siphon off private information. When the public inevitably complains, they retort, "You don't like it? Stop taking heroin!"
Maybe the solution is A.A. for the Internet…