In 1813, Commodore Oliver Hazard Perry, reporting on American success in the Battle of Lake Erie, sent the famous line to General William Henry Harrison: “We have met the enemy and they are ours.” And, as much as I like that American history tidbit, the parody of Perry’s report published by Walt Henry, the creator of the Pogo comic strip, on April 22, 1971, may be much more relevant to American life in early 2023. In that strip, commenting on a formerly beautiful natural landscape despoiled by pollution, the strip’s namesake character famously says: “Yep, son, we have met the enemy and he is us.”
When it comes to privacy, we are indeed our own (worst) enemy. Now, if you’re wondering what a discussion of privacy is doing in a magazine dedicated to cybersecurity (and hopefully you’re not), you’re not alone. The technical community’s primary focus is on security, but, privacy and security are really two sides of the same coin, with privacy often playing second fiddle.
First, let’s be very clear about the difference between privacy and security. Privacy is about an individual’s ability to control, access, and regulate his or her personal information, whereas security refers to the systems that protect that data and prevent it from getting into the wrong hands, being modified in an unauthorized manner, or being made unavailable to authorized users through a breach, leak, or other cyber-attack. Boiled down, privacy is about individual behaviors whereas security is about technology.
Given that, protecting privacy should be simple, right? All it takes is for people to do the right thing online. Well, sure, but it’s not that simple. If everyone just did the right thing volitionally, there wouldn’t be any cases of driving under the influence, a healthy diet would be the norm, and MMMBop would never have blighted the global soundscape. And, with respect to digital privacy, it’s significantly more difficult for the average person to “eat their vegetables.” We live in the era of surveillance capitalism, where “free” services and applications are like an endless dessert buffet, where everything that tastes good, that is, that makes life digitally convenient, comes with a hidden price tag (that sound you just heard was your privacy arteries hardening), and where YOU are the product. How can we expect people to protect their privacy as a necessary component of their security when a big chunk of the global economy is predicated on assaults on that privacy?
Fortunately, 2023 promises to be a good start. Data privacy laws will take effect in California, Virginia, Colorado, Utah, and Connecticut throughout 2023. Additionally, in May 2022, a bipartisan group of legislators introduced the American Data Privacy and Protection Act, which includes federal preemption of state laws.
However, legislation isn’t enough. Privacy is, in the end, about personal responsibility. Fortunately, the discussion is beginning to encompass a wider audience from all segments of American life, and there are an increasing number of privacy-preserving tools, from browsers to secure messaging apps to shopping aids, available. That’s a good start, but it’s only a start. Privacy is a barbershop quartet where technology is the tenor, legislation is the bass, education is the baritone, and the rest of us sing lead by doing the right thing.
It is time for us to eat our privacy vegetables, boys and girls.
Build it right, America.