Over the past week, there has been considerable debate among privacy advocates about the comments made by a senior U.S. security official at a conference in October. A portion of his speech is copied below:

Donald Kerr, the principal deputy director of national intelligence, at the 2007 GEOINT Symposium, October 23, 2007 in San Antonio:

“When I’m at work, and throughout my day, security is safety, as a barrier against physical or emotional harm. When I go home at night, security is privacy, as an expectation of freedom from unnecessary burdens. In the intelligence community, we have an obligation to protect both safety and privacy…..

concern for privacy. Too often, privacy has been equated with anonymity; and it’s an idea that is deeply rooted in American culture. The Long Ranger wore a mask but Tonto didn’t seem to need one even though he did the dirty work for free. You’d think he would probably need one even more. But in our interconnected and wireless world, anonymity – or the appearance of anonymity – is quickly becoming a thing of the past…

Anonymity results from a lack of identifying features. Nowadays, when so much correlated data is collected and available – and I’m just talking about profiles on MySpace, Facebook, YouTube here – the set of identifiable features has grown beyond where most of us can comprehend. We need to move beyond the construct that equates anonymity with privacy and focus more on how we can protect essential privacy in this interconnected environment.

Protecting anonymity isn’t a fight that can be won. Anyone that’s typed in their name on Google understands that. Instead, privacy, I would offer, is a system of laws, rules, and customs with an infrastructure of Inspectors General, oversight committees, and privacy boards on which our intelligence community commitment is based and measured. And it is that framework that we need to grow and nourish and adjust as our cultures change.

I think people here [at the 2007 GEOINT Symposium], at least people close to my age, recognize that those two generations younger than we are have a very different idea of what is essential privacy, what they would wish to protect about their lives and affairs. And so, it’s not for us to inflict one size fits all. It’s a need to have it be adjustable to the needs of local societies as they evolve in our country. Eventually, we can only hope that people’s perceptions – in Hollywood and elsewhere – will catch up.

Our job now is to engage in a productive debate, which focuses on privacy as a component of appropriate levels of security and public safety…”

As part of the Office of the Privacy Commissioner’s outreach effort, we are exploring other vehicles for communicating important privacy issues. We have already begun this blog, are experimenting with videos on YouTube and Google Video, and now have finished a Flash presentation.

The Flash presentation found below asks “what would you want a friend of a friend of a friend to know about you?” From our point of view as privacy advocates, a lot of online users do not take the time to really read and understand the user agreements required by all social networks. As online media consumers, we are used to “clicking” a box and ignoring the text inside.

It’s becoming obvious that a lot of Canadians - and others - are signing over their privacy rights to these companies in exchange for access to increasingly popular social networks.

This is a choice they can make, but we would hope that people would take a minute to think about their choices - and how much information they end up handing over to corporations, advertisers and marketing companies.

View the presentation: What does a friend of a friend of a friend need to know about you?

Last week, British Prime Minister Gordon Brown spoke on the subject of liberty - a wide ranging speech that touched on British constitutional history as well as modern concepts of liberty, privacy and access to information.

It’s important to remember that the British system of laws and government is different to the Canadian system, but we have similar values about privacy, access to information and liberty.

“… I want to explore how together we can write a new chapter in our country’s story of lliberty - and do so in world where, as in each generation, traditional questions about the freedoms and responsibilities of the individual re-emerge but also where new issues of terrorism and security, the internet and modern technology are opening new frontiers in both our lives and our liberties…

… In my view, the key to making these hard choices in a way that is compatible with our traditions of liberty is to, at all times, apply the liberty test, respecting fundamental rights and freedoms, and wherever action is needed by government, it never subjects the citizen to arbitrary treatment, is transparent and proportionate in its measures and at all times also requires proper scrutiny by, and accountability to, Parliament and the people…

… The information age has, as Tom Friedman has so well drawn out, flattened hierarchies and potentially increased the power of all citizens. So we should not fear the advent of the information age - and it should not lead us to abandon or fear for our values - but at the same time I believe we require a new and imaginative approach to accountability and to winning people’s trust in the ways in which information is held and used…” (Text of Speech)

On the second day of our conference, Professor Valerie Steeves spoke about how children interact with popular sites like Webkinz, Neopets and Barbie Girls. We have already provided a brief summary of her presentation and her fellow speakers on the subject, but thought you would like to see her speech. The presentation deck she used for her speech, and to which she refers, is also available online.

Chatting, texting, blogging and spending time on sites like Facebook and Myspace are part of everyday life for millions of students.

Most of us post information about ourselves to stay in touch with friends. We think about our personal sites as private, when in reality, many of them can be seen by friends, employers, university officials, and even parents. Our information may be seen and used by someone we don’t even know.

What can you do to protect yourself and to avoid embarrassment?

• Never expect absolute privacy. Know what you’re getting into by reading the privacy statement and policies. Many sites allow all registered users to view all the information you post on your site with no exceptions.
• Before you join a site and post your profile, find out if you can join a closed network, where only those with an email address from your school can register, for example. Find out if the site allows others to see your profile without your consent.
• Choose the highest and most restrictive security setting available and do not give out information like your birthday, full name, phone number, Social Insurance Number or address.
• Take a second to think about what you’re posting about yourself and your friends. Is it something you would post if your professor, boss, kid sister or arch rival was standing right behind you? Even though we tend to think about our personal sites as private, in reality, many can be seen by just about anyone. Is there information about you that is embarrassing or that fraudsters could use? Remember that what you post could be online forever.
• Keep in mind that even sites with extensive privacy options may be required to make your personal information available to certain authorized persons, including law enforcement agencies. Actually, you might want to remember to call your parents regularly before they resort to checking your Facebook page for updates.

We heard from Peter Fleischer, the Chief Privacy Officer for search company Google, on Friday.

Speaking in French, he touched upon how Google faced different expectations to protect personal information and privacy from consumers and advocates in different countries and jurisdictions around the world.

As could be expected, he also argued for the creation of global privacy standards. Mr. Fleischer also emphasized that some data needs to be retained in order to personalize the services offered by Google and other online applications - and emphasized that users find the personalization of services extremely valuable and convenient.

The video is divided into two parts, and is only available in French. Sorry.

Stepping away from the privacy advocate’s point of view, I point you to a blog post by Patricia Seybold. She discusses, at length, how Google and other search engines are dealing with questions about privacy and data retention. Importantly, she provides us all with a clear explanation of what data she expects to be retained from her online activities, and what she expects can be done with that data:

“Here’s my bottom line. I have opted into personalized search for Google, and I know I can control it. I expect the merchants with which I have dealings to maintain a history of our transactions together. And I demand that that transaction history is private to me (and/or my firm, if it’s a business transaction). I own that information. It’s mine. Nobody should be allowed to sell, mine, or otherwise use my personally identifiable trail of activities unless I explicitly opted in. Not 18 months from now, but now.”

As we mentioned earlier this week, Professor Michael Geist spoke at the closing session of the Conference. He noted that we already live in a world where surveillance is common place, and our personal data trail crosses borders and oceans and lives in countless databases.

“Chertoff came to us and said “this is my world, this is my vision, what are you prepared to do about it?”

We have posted the video of Professor Geist’s speech on YouTube, and you can view it below.

Videos are posted in the language of the original speaker.

You know, the Office of the Privacy Commissioner doesn’t want to appear technophobic. We appreciate the benefits of new technology and the ease in communication that social networks like MySpace and Facebook can bring to society.

But we have to remind Canadians that they should be careful about the information they share online. We don’t just mean the usual suspects: birthday, address, social insurance number.

The same technological leaps that have provided us with these social networks have also provided companies with the computing power to scour the very same networks for reams of information. Information that can be used to categorize you.

And this is the subject of a New York Times article from earlier this week: “MySpace to Discuss Effort to Customize Ads”

“A 100-employee team inside the Fox Interactive Media offices … has designed computer algorithms to scour MySpace pages. In the first phase of the program, which the company calls “interest-based targeting,” the algorithms assigned members to one of 10 categories that represents their primary interest, like sports, fashion, finance, video games, autos and health.

The algorithms make their judgments partly on certain keywords in the profile. A member might be obvious by describing himself as a financial information enthusiast, for example. But more than likely the clues are more subtle. He might qualify for that category by listing Donald Trump as a hero, Fortune magazine as a favorite publication or “Wall Street” as a favorite movie.

The system also looks at the groups members belong to, who their friends are, their age and gender, and what ads they have responded to in the past. “Our targeting is a balance of what users say, what they do and what they say they do,” said Adam Bain, executive vice president for production and technology at Fox Interactive.” (New York Times)

Can you imagine your world 13 years from now without surveillance? Well, Robert Gellman certainly can’t and he’s come up with eight “fanciful” but somewhat apocalyptic musings about how watched the average citizen might become. Here’s an abridged version of his list:

“Auto tracking. Every car will be required to have a transponder, and automated highway readers will record all trips. The transponders will allow agencies to monitor driving habits and to issue electronic tickets for violations. The system will collect fees for using congested roads, replace parking meters and prevent undesirable people from driving in certain areas.
Very personalized PC. Every computer will have a static IP address. No one will be able to operate a computer without registering through a token, fingerprint or other identification device.
MySpace is mandatory. Every individual will be required to maintain a personal Web page with basic contact information accessible by the government and the public. People with out-of-date pages will be fined.
Society caught on tape. Surveillance cameras will be even more universal than they are today. You will not be able to walk down a street, enter a store, park in a garage, ride the subway, sit at your desk at work, open your front door or do anything else outside your home without being recorded.
Penniless marketplace. Currency will disappear and all money will be electronic. Every transaction will be permanently tracked. Private money systems will develop using tokens, gold and other forms of intrinsic value.” (Source: Direct Marketing News)

Of course, the underlying point here is that today’s seemingly innocuous surveillance technologies can take on scary lives of their own tomorrow. By that time in the future, these surveillance applications would be the ‘new normal’ for those who don’t remember anything different.

We as regulators can play an active role by continuing to “sound alarms,” about today’s seemingly harmless intrusions with the hope that someone out there becomes concerned enough to just say NO!