In 1999, David Brin wrote a book entitled The Transparent Society. His main thesis is that the increased surveillance by governments on their citizens is not going to go away. Stated differently, the fight for our privacy by preventing surveillance is futile. Rather, he suggests that we should enforce far stronger controls upon those observing us. More specifically, we should force our observers to be transparent by observing them back. This will then prevent them from misusing their power. It is a very interesting read and is highly controversial. You are unlikely to agree with everything he says, but he definitely has some interesting points to make.

So, why am I writing about this today? First, I happened to hear him speak at the IBM T.J. Watson research center this week while I was visiting there. More importantly, the transparent society may be beginning. The inclusion of cameras into cellphones means that ordinary citizens have cameras with them all the time. They are now using these to document misbehavior by officials. The observed are now beginning to observe back! For two recent examples of this phenomena, see the videotaping of a police officer pushing over a cyclist, and a general discussion here.

When will people learn that you can't remove obvious identifiers and then expect that the result is anonymized data that won't breach anyone's privacy? Google (YouTube) will release "anonymized" data to Viacom as part of a court order regarding copyright infringements; see here.

If you have a short memory, here are two recent examples of what can be done to anonymized data. First, AOL released a huge amount of search keywords (in anonymized form), but it was quickly shown that the result was very far from anonymous. Second, Netflix released anonymized data for the Netflix prize, which too was completely deanonymized.

In short, data is not easily anonymized, and don't trust anyone who says that it is. In this specific case, the claim is that the data is not being released to the public, just to Viacom. So, what's the problem (I won't dignify this claim to even bother answering).

Have you thought lately about how much information you give up while browsing the Internet? Here are some examples:

• Have you used an online translation tool? Did you think about the fact that the document you translated contains confidential information (personal or work oriented)?
• Have you searched the web to understand your illness better? Did you think about the consequences if your employer has access to these search words (and s/he probably does)? 
• Have you researched your confidential new project by searching the web? Did you think about the fact that your computer ID (which may contain the name of your company) is freely available and linked to these searches?
• Did you search the web for self-help articles about difficulties in your marriage or with your kids? Did you think about the fact that your kids and spouse can easily see what you searched for (because the keywords are by default remembered by Google "for your convenience")?
• Do you remember that it's not difficult to actually find your true identity through your search words (remember AOL two years ago)?

The above are just a few examples, and I haven't even started on the amount of information we consciously put up on social networking sites. We are a society that is concerned about privacy while freely giving it up, sometimes consciously and sometimes without realizing it! If you really want to get frightened, then think about the ramifications of someone linking all of the above together in order to build a detailed profile about you. Who would do such a thing? Well, potential employers may (they are already searching MySpace and Facebook to see what you say about yourself there).

So, what should you do? That's already a difficult question. One possibility is to use an anonymous routing service like TOR. Otherwise, you can just be a bit careful:

• Try not to use social networking sites beyond a minimum, and if you must, keep in mind that a future employer may be looking (your kids may also have a look at what you posted, next year or in 20 years time).
• Clean up your search history and set the defaults on your browser to not remember your searches. (You can also disable automatic fill-in).
• Be careful about what you search for at work. This includes your personal searches (that you don't necessarily want your employer to know about) as well as searches that may give away confidential company information.
• Before you use any online service, make sure that you are not transferring confidential information to an outsider that has no interest in protecting it.

These are just a few short ideas. The main lesson is to be aware. If you don't watch out for your privacy - at least minimally - then you can't expect to have it.

It has been reported that the passport records of the Presidential candidates Hillary Clinton, John McCain and Barack Obama have been breached; see CNN. This is making a lot of noise and shows that data that is considered confidential (and in this case protected by the Privacy Act) can be accessed, seemingly without too much difficulty. However, the main point of the story is not whether someone accessed the Presidential candidates' records. Rather, the question we really need to be asking is would we ever know if our own personal records were accessed? We live under the illusion that our private medical and other records are actually kept private. But is this the case? The unfortunate truth is that the "ordinary person" will usually never know if a breach of this kind is carried out against them.

Just to conclude on a chilly note: when someone doesn't get a job, do they know if it's because they weren't good enough, or perhaps it's because of an error in their private medical files that says that they have a serious heart condition. Since they are never told, they may not even know that the error exists!

For the sake of this post, we'll define privacy as the goal of protecting sensitive or confidential information related to our personal lives (whatever that may be). Furthermore, we'll define security as the goal of protecting valuable data (this includes trade secrets, credit card information etc.). Of course, these definitions are far from being comprehensive or even accurate, but they'll suffice for this post.

So, what's more important - or more specifically - what should we be more concerned about: our security or our privacy? Many security advocates state correctly that security is a basic need and so is far more important. This argument is usually used in the context of homeland security, terror etc., but the same argument stands for financial security. It is clearly much worse that someone steals all my money than it is to have my private life posted on the Internet. However, the line is not always so clear. What about leakage of my medical history? This is a privacy issue, but one that can have a great effect on my ability to earn a living! Nevertheless, there is another distinction that is less-often considered, and this is the issue of recovery after the fact.

It is typically possible to recover from a security breach, albeit with a lot of time, hassle and some money. Victims of identity theft can attest to the problems they incur when trying to get back control over their identity. In some cases the damage really is huge, and I am in no way belittling the suffering of these people. However, in most cases, the result is a huge headache and a small financial loss. In contrast, once someone's privacy has been breached, there is no way of recovering! It is impossible to recall information that has been posted on the Internet, or to recover dignity after one's entire community learns a person's secrets (note that the person need not do anything criminal, but it is enough for them to be somewhat deviant in some way). Thus, at least in this sense, a breach of privacy should concern us much more than a breach of security.

Just to set the record straight: I am not saying that we should focus less on our security. Rather, I am trying to make the point that we have to take our privacy seriously as well, and to realize that at least in some ways, a loss of privacy can be worse than a (temporary) loss of security. I also want to encourage everyone to educate youngsters about the importance of their privacy and to stress to them that posting personal information in semi-public domains on the Internet can be very bad for their future. It's bad enough when someone forcibly takes away your privacy; it's much much worse when you voluntarily give it away.