(ready for review. thanks)

Apathy, Vigilance, and an Amorphous Fear

-- By YuShi - 16 Nov 2009

By now most people in my generation probably have some degree of awareness that they do not hide behind a veil of anonymity while online, nor are their activities forgotten once they go offline. After all, these days we are inundated not only with news articles that warn of privacy invasions, but also frequently hear of stories in which people land in embarrassing situations because of something that they placed or did on the web. While many of us are no longer oblivious to the idea of online privacy invasions, I find - at least among my peers - that many people’s responses to this threat tend to be either one of nonchalant apathy or extreme vigilance. In this paper, I first describe the two contrasting types of response and argue that neither is rational, and then I explore a possible explanation for why my peers are handling this issue in very different but nonetheless irrational manners.

Group 1. Let’s Be Paranoid

One day this past August, I suddenly noticed that my number of Facebook friends dwindled by at least twenty. It did not take long to figure out that many of my peers here at Columbia have deactivated their Facebook accounts in preparation for Early Interview Program (EIP). This is an example of the kinds of extreme measures that some people take in response to threats of online privacy invasion.

As a risk-averse person myself, I am more often than not sympathetic to the “better safe than sorry” school of thought. Deactivating one’s Facebook account for EIP, however, seemed absurd even to me. Although Facebook certainly has more than its share of privacy loopholes, it does have privacy settings that one can adjust so that only a selected group of people is able to view the profile. Most of the people who deactivated their account already had their profiles set to “private” anyway, limiting their information to just their friends. The only way, then, an employer could have seen their profile would be to ask one of the student’s friends to look at it and report back any shady findings. That is by all means a highly-unlikely scenario. Circumspection is one thing, but to think that a law firm will take the effort to find out who your friends are, then to contact that friend for information about you, and finally to have your friend agree to sabotage you by consenting to deliver unseemly information about you to the firm borders on absurdity.

Group 2. Privacy Views: Apathetic

In direct contrast to the previous group, the apathetic ones know that their information is probably not secure online, but they just do not care. They have public Facebook profiles, with links to their blogs (not privatized), and even their full dates of birth shown. All their photos are, of course, also open to public viewing. People in this group usually defend their nonchalance by saying that they only post innocuous content on their personal pages, or that they are too insignificant for anyone to want to “target” them in any way that might be threatening.

With the growing sophistication of identity theft, it is naïve to think that such complete disclosure of personal information can be forever harmless. In the summer of 2008, about 5,000 current and former Columbia undergraduates were notified that a security breach resulted in their private information being exposed for a period of time. The breached information alone may not have been enough to pose significant danger to the affected people, but if combined with additional data such as one’s hometown and date of birth (taken from public Facebook profiles), an identify thief could have wrecked substantial damage on someone’s good name. Public Facebook profiles leave the door open for such attacks, and there is no justification for why someone cannot take three seconds to modify their Facebook privacy settings so that their profiles are only visible to friends.

An Amorphous Fear

While a sizeable portion of my peers do take a reasonable amount of precaution to secure their online information, the number of people who fall into the two groups described above is too significant to ignore. It is my contention that there is such an incoherence of response to online privacy concerns within a similarly-educated group because people do not truly have a precise understanding of what the threat is. The danger is not as tangible as that of writing one’s name and social security number on a sheet of paper and taping it to a lamp post, and it is certainly not as real as a thief breaking into one’s house and taking confidential files. Instead, for most of us we learn of online privacy dangers through warnings from the media and anecdotes from friends. This creates an almost mythical kind of fear, an amorphous fear that is always lurking, but one that can be dismissed as easily as it can be sensationalized. As a result, like the myriads of ways in which children react to ghost stories, people respond to the online privacy threat in ways that reflect their “gut feeling” rather than any reasoned process of thought.

---

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" on the next line:

# * Set ALLOWTOPICVIEW = TWikiAdminGroup, YuShi

Note: TWiki has strict formatting rules. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of that line. If you wish to give access to any other users simply add them to the comma separated list