Privacy is not dead
It may very well be the next big thing.
You’ve probably heard the news: “Privacy is dead”. You see, it’s because “people don’t expect online privacy any more”, “good guys don’t need it”, and after all, “that’s the way technology works”.
Allow me to disagree.
“Nobody expects privacy online”: Wrong.
When I sign up for an email account I expect my emails to be private, between me and the people I exchange them. What’s the social or business contract between us, if it’s just a matter of courtesy or an NDA, this is our problem, not my email provider’s. Same thing when I use skype or facebook messaging, or any other one-to-one communication infrastructure.
The service’s terms of use may say what they want: Our expectation is that this kind of communication is private.
“The people who want privacy are the ones with something [illegal] to hide [and they don’t deserve it]”: Wrong.
Everyone has something to hide and it’s our right to have secrets: Private thoughts. Dreams. Fears. Secret relationships. Business plans and agreements. Health issues.
It’s up to each one of us to decide when we will share with the world, with our family, with our business partners, with our friends that we are quitting our job, we are getting married or divorced, we are having a kid, we are sick, or that we don’t like our boss. It is our right to disclose only the parts of our life we want to, if we want to, when we want to. For those few exceptions when we are obliged to disclose information about ourselves, there are very specific laws.
And since we’re at it, if you really believe that you don’t have anything to hide, feel free to give me your passwords as a proof of concept.
“The way technology is going, privacy is practically impossible”. Wrong.
Technology has given everyday people the kind of tools to protect their privacy that even governments didn’t have a couple of decades ago.
Technically, it’s very easy for a web developer to set up a service that encrypts all communications between its users in such a way that nobody can intercept it, not even the developer himself, and it would be extremely difficult even for a government agency to intercept and decrypt it. Making it easy to use, is a totally different subject.
The truth is that most of these tools are not easy to use. But that’s only because the “industry” never got an interest in them —we shouldn’t put all the blame on them, demand was limited too.
For example, people like to point out how complicated Pretty Good Privacy (PGP) is to use. They tend to forget that the industry has seamlessly integrated encryption and digital signatures where they had a need for them.
Consider SSL: you use it everyday when you visit gmail, facebook, amazon, your bank and other services, and it just works. You don’t have to worry how your browser establishes a secure connection with the server, how they exchange encryption keys, how the digital signatures of the encryption keys are validated against trusted digital certificates, what kind of encryption algorithms are used: all these things are actually done behind the scenes, as they should.
Privacy is not dead.
We expect online privacy in many cases, we have a need for privacy, and it is technically feasible. These kinds of things don’t die —not even by law.
The assumption that service providers will have full access to their users’ data and sell this privilege to others is the current dominant business model for consumer services on the Web.It doesn’t have to be the only one.
As we get more and more aware of the value of privacy and the cost of the lack of it, privacy may actually be part of the offering new startups bring to the table, something the incumbents are unable to offer. Yes, the lavabit shutdown is saddening and disappointing, but may also hint at an opportunity for startups outside the US.
If you ask me, privacy may very well be the next big thing.
After all, “privacy included” feels much better than “privacy not included”, doesn’t it?