Privacy is a
four-letter word

It’s time to clean up our language

You and me? We’re being tracked whether we like it or not.

Use a web browser, apps on your phone — there’s a company (or companies) out there amassing reams of data about every click, tap, photo, song, notification, or icon in your digital life. But don’t get up in arms over the loss of your “privacy”. This word, “privacy”? — it’s a problem.

In common usage, it’s one of those words that kills useful conversation and prevents many of us from thoughtfully engaging with how the information economy uniquely affects each of us.

At best it obscures; at worst it perpetuates technologically-induced inequity. “Privacy” is a word that puts people on the defensive and confuses them about the choices and rights they have (or should have) as 21st century digital citizens.

We must fix this. We don’t, we jeopardize the acceptance and use of new apps and services, and their potential to uplift humanity. Fer realz.

Privacy ≠ Secrecy≠ Security

At a recent White House summit on cybersecurity and consumer protection, Apple CEO Tim Cook said: “If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money. We risk our way of life.”

But doing everything in our power starts with clarifying the language that shapes the dialogue around these issues.

Let’s start by separating privacy from secrecy, and define security:

  • Privacy is the set of boundaries that we define for ourselves about what we will or won’t reveal to others. We trust software to help us maintain and manage these boundaries online. Every time we choose to share something, we’re deciding where to set a privacy boundary given the audience and how comfortable we feel sharing in that specific context.
  • Secrecy is choosing to keep something to ourselves knowing that there may be consequences if it were to be revealed. Since these consequences may not affect us personally (i.e. if the secret relates to someone else), secrecy can be considered independently from our privacy boundaries.
  • Security is the robustness of the defenses against intrusion that the platforms that store or transmit our information offer. In other words, it’s how good they are at protecting our information from unwanted access, use, or tampering.

We must remember that privacy is about boundary setting and secrecy is about preventing access to information. Security is what ensures that privacy boundaries are enforced, and that secrets stay secret.

In the past, privacy and secrecy have been used interchangeably. To illustrate this, we need only look at the user backlashes against Facebook that ensued whenever they changed their service. Invariably users would complain that the company had violated their privacy, but was that true? Facebook hadn’t changed the secrecy of its users’ data, nor had the security of the site been compromised… Rather, Facebook changed the publicness and publicity of certain profile information, in violation of its users’ expectations. For example, in 2006 Facebook boosted the visibility of relationship status changes by surfacing them in the newsfeed. Previously you had to visit a profile directly to see this. So Facebook hadn’t violated the secrecy of its users’ data, rather it had moved an understood privacy boundary without asking for explicit permission, surprising users, and leaving them feeling exposed. For its part, Facebook was simply building the product that it believed people wanted, and for better or worse, was willing to boldly experiment with the default privacy boundaries it set for user information.

Thus, as digital citizens, every time we see the word privacy, we should consider whether secrecy would be a more appropriate concept, and vice versa. This basic understanding should help us better evaluate decisions concerning our personal information, set privacy boundaries that we’re comfortable with, demand secrecy when necessary, and take the steps necessary to ensure the security of our choices.

This is the first of two posts on privacy and being #datapositive. The inspiration came from my Thoughts on Google+. For the last decade, I’ve worked on internet identity, security, and social web technologies at Google, Mozilla, and the OpenID and OpenWeb Foundations.

☞ If you’re interested in hearing more from me in the future, sign up for my newsletter or follow me on Twitter.

☞ If you found this interesting, provocative, or useful, please click “Recommend” below. This will help to promote this piece to others.