Can we afford privacy from surveillance? Do we want to?


A couple of weeks before I started my position as University Librarian, the UC Berkeley School of Information invited me to give a talk on the future of individual privacy; here is a video of that talk.  Last week, nationally-syndicated radio show host Katherine Albrecht interviewed me on this topic for about 45 minutes; here is an MP3 of the show (with many commercials, I’m afraid).

In short, I think the economics of surveillance and protection from surveillance are leading inexorably to a not-very-distant future of radical transparency, at least for any information about us that is captured and stored on digital, networked-computers (which is more and more all the time, and will be even more when the Internet of Things really takes off).  I don’t see an alternative: we get to much value from selective revelation of information about ourselves, value that will be increasing as we learn better ways to network and use that information.  And the costs of capturing networked information are going down faster than the costs of protecting ourselves, and I think this is a technologically unavoidable fact driven by the nature of selective revelation in a networked world.

Relevance for libraries?  You might be thinking, “libraries have strong policies to protect the privacy of their users information.”  Yes…sort of.  First, policies are themselves a technology, and they are costly to enforce.  How good is our security against data breaches?  Better than at the IRS, or at JP Morgan Bank?  How fast are our budgets for security growing?

Another issue: to provide our users with access to the rapidly expanding networked stores of information, we provide them with access to an ever increasing array of third-party tools and databases.  What sort of privacy protections do we have on how those third-parties protect our users’ privacy?  Do we have contractual provisions with all of them? No.  (Can you spell “Google”?)  And contractual provisions are another type of policy, that needs ever-increasingly expensive enforcement, whether it be cybersecurity against external attacks, or protection against unscrupulous employees who might sell access.