From October the 12th to the 14th London will host the RSA conference, which gathers together information security experts from across the world to discuss the most pertinent emerging issues in information security.
The safeguarding of users’ privacy is one of the most important and frequently discussed issues in the field of information security, and is therefore a major topic of the RSA conference. In particular, BT's chief technology officer, Mr Schneier expressed his concern about how web companies deal with users’ privacy; he stressed the need for regulations and laws to create or encourage improved management of this issue (http://www.bbc.co.uk/news/technology-11524041).
There are two points of Mr Schneier’s speech which I believe are particularly worthy of close attention. The first is his observation that: “the falling cost of storage and processing power made it far easier to keep data such as e-mail conversations, Tweets or postings to a social network page than it was to spend the time managing and deleting the information”.
The web has a long memory; what is uploaded is rarely erased and often stays there for an indefinite period of time to be accessed by potentially any internet user. This aspect of the internet is particularly relevant to the millions of teenagers who carelessly upload embarrassing videos on Youtube, pictures onto Flickr and personal information onto a range of social networking sites; as this material will remain accessible when they are adults. A simple search will reveal not only how they looked and dressed at high-school, but what parties they attended, and how they behaved. It will be as if their private diaries or journals remained eternally public for all to see.
This leads us to Schneier’s second point: “everyone has to be the guardian of their own privacy policy”. Legislations and regulation may help in erecting boundaries to limit web companies’ ability to store and use personal information; but it should be noted that this will create serious conflicts of interest. Companies such as Google and Facebook make their profits by selling their users’ information to advertising companies. It is unlikely that web companies will ever autonomously develop an ethically-oriented approach to data collection or storage.
The right to privacy is a fundamental individual right and web companies should not knowingly breach it, however the time has come for users to become more aware of their actions on the web and of the consequences these actions may bring. It is important to consider that the on-line world affects the off-line one, and for users to cease approaching the web as a virtual game, where actions have no real impact on their real world lives
If users waive, even without knowing, their right to privacy, why should a company which makes profit from private information respect such a right?