The Backdrop
Ever
since the advent of internet and the associated cyber activities, questions of
privacy of data have been discussed and analysed at various forums and levels. Sometimes it is wrongly argued that social
networking sites are replete with issues of privacy of data but e-mail service,
use of mobile phone, internet etc do not have such issues. At the outset it is better to have a proper
understanding of the term privacy in the context of cyber activities. A clear
misconception is so prevalent that the ‘unauthorised access and use of data kept
private by the user’ and the ‘access and use of data made public by
the user’ are wrongly considered as one and the same.
For
instance, at Face book, users may keep some data (mobile number etc) as private
while some other data as public (employer details, native place etc). There
will be not be any access to the former while everybody who log into Face
book can access the latter. It is simply
plain that both are not same entities.
But there is a propensity to consider both as same phenomenon and
whenever problems happen with them they are often wrongly referred with the
term ‘privacy issues’.
Again,
with e-mail service, the contact details etc are kept as private by default but
some data is made public (not by the user)
due to the lapses of software involved (like rough idea about location from which the mail has been sent).
As
a matter of fact, in simple terms, privacy of data means the user who generated
the data has complete control over its accessibility. No other person, other
than the persons permitted by the original user, can access it in any manner.
If access to the data is available to others who do not have the legitimate
right from the original user, it would amount to lack of privacy of data. It is also considered as an intrusion into the
private data.
On
the other hand, ‘access and use of data made public by the user’ by any other
person cannot be considered as an attack or intrusion into the privacy. If the
data are made public by the user himself and are used by any other person even with
a malicious intent, it can only be considered as ‘misuse of data’. There is
absolutely no attack or intrusion into the privacy as there was no ‘privacy of data’ even before
the further usage of data! The data has been, knowingly or unknowingly, made
public by the user himself and nothing is private there. Further usage of public data by anybody else
hence cannot be considered as privacy intrusion. The most that can be said
about this phenomenon is that it is a misuse of data!
To
recapitulate, the ‘unauthorised access and use of data kept private by
the user’ will become a privacy issue whereas the ‘access and use of data made
public by the user’ by anybody else with a malicious intent will amount to
misuse of data and the further ‘access and use of data made public by
the user’ by anybody else with a bona fide intent will be considered as usage
of data. It is worth noting the fact that ‘privacy issue of data’ and ‘misuse of data’ are two altogether different concepts.
The
fundamental distinction between ‘issue of privacy of data’ and ‘misuse of data
made public by the user’ is that the former is associated with the various
errors in the software used to generate and transfer data where as the latter
is associated with the indiscriminate disclosure of data by the user. Theoretically,
the latter has no relationship with the soft wares involved in the process.
Many a times the indiscriminate disclosure of data by the user is a consequence
of lack of awareness among users regarding the possibilities of misuse of
revealed data. The table given below summarises the kernel of the discussion.
Sl. No.
|
Issue
|
Reason/Consequence
|
1
|
Unauthorised access and use of data kept private by the user
|
Errors in the software/Privacy
Questions
|
2
|
Access and use of data made public by the user by other with a
malicious intent
|
Indiscriminate disclosure of data/Misuse of data
|
3
|
Access and use of data made public by the user by other with a
bona fide intent
|
Use of data
|
Software Environment and Errors
In a digital world, every digital
activity is accomplished by using appropriate soft wares. Soft wares in general
can be broadly categorized into three; system soft ware, programming soft ware
and application soft ware. Notwithstanding these distinctions, software is
nothing but a set of instructions or commands written in a particular language
with an express purpose of accomplishing a specific task by utilizing the
machine power of a computer.
The most popular softwares that are
familiar for the user community are operating system soft wares (UNIX, Linux,
Windows, Sybian, Android et. al) and application soft wares (Office
applications etc). These soft wares are often installed in the devises that we
use. However, in the cyber world when we communicate or interact with others,
we are taking the help of application soft wares that are not installed in our own
systems. The e-mail service (provided by Gmail, Rediff, Yahoo et.al) and the
social networking service (provided by Face book, Google plus, Twitter et.al)
are in fact services provided by ‘application soft wares’ installed in the
server computers of the providers.
Furthermore there is absolutely no
conceptual difference between the software that provides email service and
social networking service. The differences between them depend only upon their
differences in purpose. The former does
not provide the user any option to make the various components public where as
the latter does provide options to make them public or private according to the
preference of the user.
As mentioned above software is
nothing but a set of instructions or commands written in a particular language.
In a broad sense, it can be likened to a document with several words, lines,
paragraphs and pages. Every document contains multifarious types of errors and
can be refined by continuously editing and revising it. Remember, there is no end for the process of editing and
revising as new perspectives, ideas etc emerges continuously.
Similarly every software contain
innumerable errors popularly called as software bugs caused by errors committed
by the programmers in the source code and its design or caused by the compilers
that generate erroneous source codes. Some
bugs make the software (system software or application soft ware) crash-prone
or unstable while others make the software unsecure by wide opening pathways
that could be exploited by a malicious user to bypass the access controls which
eventually facilitate him to have control over the data stored in the
application.
As pointed out above, as in the case
of a document, these software errors can be completely rectified only
asymptotically. In simple terms it means that these software errors could be
completely wiped off only after infinite number of editing and revising. In a
practical sense, it implies that every software contain errors that could be
exploited by a malicious user! (In the after math of Julian Assange episode it
is highly wrong to refer every user who exploits the software errors as
malicious user!)
It is this unauthorized access and
control over the data by a malicious user by exploiting the errors in a
software, be it an operating system software or an application software, that causes concerns of privacy. It is referred as ‘privacy concern’ just
because of the reason that the data kept by the user is considered as ‘private’
and ‘personal’ to the legitimate user. Since these errors could be rectified
only asymptotically, every
software invariably contain errors and hence have ‘problems
with respect to the security of the data’ popularly referred as ‘privacy
concerns’.
E-Mail Service, Social
Networking sites and Privacy Concerns
It has been mentioned above that
both e-mail service and social networking sites are provided by application soft
wares running in the servers of respective providers. Since they are soft wares,
just because of the reasons cited above, they invariable contain errors and are
unsecure to that extend and hence have privacy issues.
Sometimes it is argued that e-mail
is secure but social networking sites are unsecure and have privacy questions
attached with them. In the light of the facts narrated above it is easy to see
that such arguments are made without understanding the basic and fundamental
ideas underpinning software applications! If it is a software it will certainly
contain errors and always prone to privacy concerns. There is no get away
avenue even for the e-mail service from the questions of privacy (Any number of stories can be cited for this.). If anybody has a pathological
concern towards privacy questions he must better keep away not only from social
networking spaces but from e-mail service, use of mobile phone (because it also
functions with the help of software),
internet surfing etc as well!
Social Networking sites,
Openness and Misuse of Data
The basic tenet of social networking
is that the user must keep at least some personal information public. Otherwise
it will amount only to private networking. If every data generated by the user
is kept as private, in that space there would not be any scope for interaction.
Hence in the social networking space users maintain some amount of personal
data public.
But once you make data public it
would facilitate a malicious user to exploit and manipulate it. But even this
avenue can be controlled by making appropriate changes in the ‘privacy settings’
so that the social networking space can be converted into a ‘limited
networking’ space with access only to friends alone. If the settings of access of user data is increasingly made available
within a limited circle, the ‘limited
networking’ activity would march more towards private networking!
This is a dilemma that if access to
every data is made increasingly limited to avoid misuse of data it would become
‘private networking’ where as if data is made public and ‘social networking’ is
attempted it would open up avenues of misuse! As a matter of fact, this dilemma
is a flimsy one and will vanish away once the user discern and realise the
consequences of his own cyber behaviour. Social
networking is something like talking in the public and if the misuse of
whatever talked in public is to be avoided better not to talk sensitive things
in public. It does not mean that you should not talk at all in public and one
should talk only within home or in private. In fact, this is what every person
is practising in his own daily life.
No rational
person would keep silent just because of the fear that there is possibility of
misuse if anything is said in public, instead he would make use of his cerebral
power and became vocal in a sensible manner! In fact the cyber world also needs
a sensible person with a discerning behaviour.
Recapitulation
Questions of privacy of data are related to errors in software and it has
nothing to do with the malicious use of ‘data made public by the user himself’.
The latter can be considered only as ‘misuse of data’. Since the misuse of data
is made possible by the user himself by making his data public it could be
easily dealt with by adopting a sensible cyber behavior. But if anybody has a pathological concern with the privacy of
data, since it originates from the errors of a software, better not to use any
cyber space or digital devise, be it e-mail, social networking, internet
surfing, mobile phone etc.