Navigating The Three Realms of Privacy

I’m not sure if I’ve blogged this idea before or not, but here’s a mini-thread that came up on Slashdot today. It’s about of the ignorance that a lot of people have about data security that I thought illustrated my thoughts quite well:

>> You have no reasonable expectation of privacy in your email communication.

I think you don’t understand the concept of “reasonable expectation of privacy”. It’s not a technical idea meaning “this data is secure”. It’s a social/legal idea, meaning “third parties are supposed to know that this data is private, and so they should keep out of it even if they are technically able to look”.

The trouble is that this is the first time in history when the three broad realms of “private”, “semi-private” and “public” have been completely mixed together – and it clearly baffles a lot of people.

In the past, if I sat on my toilet with the door locked, that was private. If I went out and spoke to some friends in a bar, that was semi-private (what I said might get around the village, but not much further unless what I said was really amazing). Public was pretty much impossible unless I became a politician or a journalist.

Now, however, it’s very difficult to work out which state you are in at any one time (on line at least, and increasingly off line). What’s worse, you often don’t know what’s public. But not only that, the latter is a state that, for the vast majority of humans, is totally new.