Secrecy vs. privacy

When Bob Blakley talks, I listen. Blakley is vice president and research director for the Burton Group's Identity and Privacy Strategies. Before that he was chief scientist for security and privacy at IBM. He rarely speaks about identity and security issues without weighing all of the possibilities and coming to a reasoned conclusion. So when he says that an analyst from another organization is "dead wrong" you can bet he'll back it up with an elegant argument.

Health privacy undermined: Worst breaches of 2009

The Gartner Group's Andrea DiMaio recently posted a blog entry entitled "Forget Privacy: It Is Just An Illusion". He says: "I have come to realize that, [it] does not matter how careful we are, we are going to lose control of our privacy." He goes on to illustrate this by citing photos posted online by friends, traffic surveillance cameras, GPS-enabled devices and more.

But, as Blakley correctly points out, what DiMaio is actually talking about is secrecy or anonymity -- neither of which are actually part of the definition of privacy. 

As Blakley puts it: "As long as your personal information is secret, you don't even have a privacy problem. It's only when somebody else knows your personal information that you have a privacy problem. Privacy is the problem you have after you share sensitive information."

The example Bob offers is a telling one: "When you discover that you might have a socially awkward medical condition and you go to the doctor, you don't keep the condition secret from him -- you tell him about it so that you can get treated. And when you leave the office, you don't control your doctor; you trust him with your secret. You trust him with your private information because he has taken an oath to behave sociably and to use your personal information only in ways which benefit you."

There is nothing we can do technologically to prevent the doctor from giving that information to someone else. We can legally enjoin him from doing so. Even more, though, we have a social contract with the doctor, an unwritten social contract but one understood by us both. This social contract was built up over many years, many generations, many centuries. It cannot be subsumed into a technological process in just a few years, if ever (and I really doubt that it can).

In many ways technologists do act like the workman whose only tool is a hammer and so sees every problem as a nail. Wishing we can solve a problem technologically does not make it so. Attempting to create impossible technology is a huge waste of both time and money. Maybe that effort could be refocused on educating people about social responsibility.

Read all of Blakley's piece and see if you agree.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.