Bruce Schneier: Social networks talk big about privacy, but do very little

Online social networking tools have changed how people view privacy, according to Bruce Schneier, chief security technology officer at BT.

Share

Online social networking tools have changed how people view privacy, according to Bruce Schneier, chief security technology officer at BT.

“Much of our lives are moving from evolved social systems to digitally-created systems, a shift from the informal to the formal,” Schneier told IDC’s IT Security Conference in London.

“Technology enables massive invasion of privacy.”

According to Schneier, data control is more about context than secrecy.

“We have many contexts in our lives. The data we share with our doctor is different to the data we share with our friends,” he explained.

But networking sites are enabling what Schneier referred to as ‘context collisions’ – when different aspects of people’s lives cross paths. For instance, when your mother comments on something you’ve written for your friends on Facebook.

“Normally, we deal with context through our social systems. Traditionally, we know what to do,” said Schneier.

“But on the internet, the evolved social systems become engineered social technical systems. We need to have a privacy policy. We’ve never needed a privacy policy before – we knew what to do, we didn’t have to write it down. But we do now.”

While a number of privacy experiments have concluded that people’s beliefs about privacy are contradictory and not consistent, Schneier believes that there are also major differences when comparing different generations.

“Young people are much more used to living more of their lives in public. It used to be that living in public was what only the rich could afford – now anybody can. That’s extraordinarily empowering for young people,” he said.

Schneier added that young people also have a thicker skin, and that they’re used to being attacked publicly, online, and that they tend to abandon personalities and websites as they grow up.

Another big differentiator is that the younger generation does not care about platform – how they access their data.

“Platforms are over,” said Schneier. “People are used to getting their data on the closest screens to them – their computer, their phone, their friend’s phone. There’s no such thing as platform.”

Despite this, Schneier said that young people do care about privacy – but it’s a social, rather than institutional privacy, that they care about. For example, they may share their passwords with friends as a sign of trust. Also, while he said that young people do use privacy settings on social media, he believed that “they’re not very good at it”.

Schneier blamed social networking sites like Facebook for lowering people’s expectations about privacy.

 “Managing your privacy settings is unnatural. They’re deliberately confusing and a lot of people just stick with defaults because it’s easy,” he said. “The effect is that younger people have much lower expectations.”

He added: “Social networks talk big about privacy, but do very little.”

Schneier described the privacy settings on social sites as coarse, very flat or very limited. For example, on Twitter, you can set your profile to be public or not, whereas socially, people are used to “fine-tuning” their privacy.

Although he said that he didn’t know what the future would bring in terms of privacy, Schneier warned: “[Social networking sites] want more users, more people spending time on their site and entering their data, so that they increase their revenue. It’s a myth that you are Facebook’s customer. You are Facebook’s product. You are a product to sell to Facebook’s customers.

“We’re finding social norms are being set by people with profit notions. The younger generation doesn’t know it’s a problem yet.”

Meanwhile, to highlight the problem of managing data and privacy now and in the future, Schneier described data as the “pollution” in the “information society”.

“It stays around, its secondary uses are what’s interesting and we have to find ways to deal with it,” he said, equating it to the physical pollution of the industrial age.

“We will be judged by our grandchildren by how we deal with data in the information age.”