Technology users are failing to take adequate steps to protect their digital privacy

According to Lahlou, and other authors in the special issue describing recent experiments, the combination of information and communication technologies and pervasive computing will soon enable continuous monitoring of individual activity, beyond what was imagined by 1984 author George Orwell.

What Lahlou terms "the system" – referring to the mass of interconnected data-collection devices from mobile phones, to internet sites, to surveillance cameras – can search, compare, analyze, identify, reason and predict the movements, motives and actions of individuals, he warns. Even such a transient event as gaze is now traceable by automatic devices.

What is more, if several systems for tracking movement, position or activity are combined – for example, combining GPS information with phone signals or triangulation with wireless internet signals – then individuals stand little chance of being able to hide their position or actions.

"We are creating a system that will be aware of all that we do: when we turn on the washing machine, what we write and to whom, where we go and what we do there, what we buy and when with whom and how we use it … and this virtually from cradle to grave. The system as a whole will know more about us than we know about ourselves," Lahlou writes.

But while many surveys show that such developments leave users concerned about privacy, they are not taking appropriate measures to protect themselves or their data. Lahlou explains this discrepancy by invoking what he calls the "privacy dilemma": the fact that social interaction through new technologies requires disclosure of personal data: information is fed into the system precisely to get better or customized service.

Surveys of system designers also show that although they seem as privacy-concerned as system users, they do not prioritise protection measures in their products, citing reasons such as lack of moral responsibility or the necessity to prioritise maximum efficiency of the system. And, argues Lahlou, because current guidelines – which advise limitation of data collection, protection of collected data, limitation of use to initial purpose, right of access, etc – are negative rather than positive, i.e specifying what designers should not do rather than what they should, they do not help promote respect for privacy into new technologies.

He proposes a new definition of privacy as something he terms "face-keeping": "We all have many faces (combinations of role and status), but each one is used only in some settings," he explains. Privacy breach, Lahlou argues, is being presented with a 'wrong' face, one that is not consistent with the situation (e.g. being seen at work in a family role).

So, reasons Lahlou, given that continuing technological advances will leave few with the option of withholding information about themselves, users' privacy should be protected by employing an approach to design in systems that helps users to wear exactly the face they want to show in the domain at hand and nothing more.

He suggests a constructive approach through the development of positive guidelines for designers, giving them concrete steps to be taken to ensure the protection of users, combined with well thought out limits on the expansion of data collection. "If we want to safeguard privacy, we must turn to limitation of the tracking systems themselves and to legal regulation," Lahlou says. "The face-keeping perspective gives designers a positive goal because they can tailor systems to a very specific set of roles and statuses for the user, instead of following vague instructions for avoiding potential problems."

"We believe a good system should always be on the user's side. Forcing the designers to take the user's point of view in the construction of specifications is one more step in that direction," he concludes.

Source: SAGE Publications