Food photos. Baby pictures. Details of pregnancies, ailments, treatments, and triumphs. These are just a few of the data points that millions of people have shared online. Employees, executives, and their families have ‘friends’ around the world whom they’ve never met, and with whom they blithely share the minutiae of their lives. From a corporate security standpoint, though, the ease of digital communications and the friendly nature of social media often translates into corporate secrets and personal information being divulged by well-intentioned board members, management and staff.
The detailed information that people reveal online is a predictable outcome of decades of being nudged into believing that nobody cares about privacy.
In the years since the Internet came into existence, organizations have waged a sustained messaging campaign reminding us that it is somehow good and proper to give up privacy. For convenience. For public safety. For the sake of our children.
While all of that was going on, privacy practitioners struggled to ensure that personal information was properly safeguarded, and security practitioners were busy assuring businesses that data was protected by software and hardware security measures.
In 1986, Sun Microsystems—a company that sold hardware, software, and was founded to sell low-cost high-performance desktop computers running the UNIX operating system—made its largest single sale of computers to a government agency when the National Security Agency signed an agreement for $500 million worth of Sun equipment. Within six years of starting up, Sun’s annual sales exceeded $1 billion.
Sun was surely a heavy-hitter in a new and influential technology industry. It was also a member of the Online Privacy Alliance, a diverse group of more than 30 global corporations that came together to “introduce and promote business-wide actions that create an environment of trust and foster the protection of individuals’ privacy online.”
In 1999, Scott McNealy—then Sun’s Chief Executive Officer—famously said, “You have zero privacy anyway. Get over it.”
Sun was not alone in offering assurances. Many Online Privacy Alliance members and other companies posted (and continue to post) privacy policies that promise to respect privacy. With that assurance, and with no way to use many platforms without accepting the terms of service in an all-or-nothing Faustian bargain, we click ‘Accept’ every time we log onto a new platform.
Despite the concerns expressed by consumers and companies alike, we have been shamed into posting and sharing intimate details of family events, personal and professional achievements, opinions and interests. We are encouraged to spit into a vial and pay for the privilege to have private companies analyze our genetic make-up, and tell us what we already know. And while we are assured that these organizations respect our privacy, we are seldom cautioned that many of these same service companies have little compunction about sharing results with third parties who might be anywhere in the world.
Anyone bold enough to question the groupthink pressure is treated with disdain, as if their wish to preserve some shred of personal privacy is somehow an affront or threat to everybody else. That makes objectors—the only ones who care about their privacy—different. And in being seen as different, they become a pariah and are pushed to the periphery.
Privacy advocates who recognize the risks to personal information and sound the alarm bells are often dismissed or disbelieved. Like the Greek princess Cassandra, daughter of the King of Troy, privacy professionals have insight and perspective akin to the gift of prophecy, and share Cassandra’s curse when others disregard their warnings.
When those who understand the risks are shunned, sidelined and silenced, it increases the predictable outcome of political and individual ignorance—even as corporations and governments amass detailed databases about each of us.
Google Chrome Privacy Notice — 4210 words
Google Play Books — 585 words
Google Payments Privacy Notice — 1374 words
Google Fiber Privacy Notice — 1121 words
Project Fi Privacy Notice — 1385 words
Google for Education — 1341 words
YouTube Kids Privacy Notice — 1442 words
Privacy Notice for Google Accounts Managed with Family Link (“Privacy Notice”) — 1638 words and its associated Family Link Disclosure for Parents — 2604 words
Google is not unique. Many organizations, including some whose business is directed at young people, have similarly lengthy terms and policies.
So, can a 13 year old really understand and exercise appropriate choice? Will they—or their parents— take the time to slog through the fine print? Or will they simply acquiesce with the resignation of knowing that they have no bargaining power, and resisting invites FOMO: the fear of missing out on whatever everyone else is enjoying.
Unless human nature changes, it’s easy to anticipate that most people will feed their desire for acceptance, and be driven by a fear of retribution, by simply clicking I Accept and living with the consequences — that will create even more challenges for privacy and access professionals.