We live in a world where information derives power and commercial value, and can mean the difference between social control and chaos. For these reasons, governments, commercial enterprises and even the individual crave more and more information acquisition; in fact we have become consumers of information as per any other global resource. You need only consider your own social media addictions to realise that we have, as a people, become obsessed with information about our friends, families, favourite soaps, or world affairs.
What has gone largely unnoticed as a result of this cultural shift is that we have all become less sensitive to information disclosure than we have been in the past. In fact, generationally, there is a marked difference between what the current generation considers public or private information vs that of a prior generation. Hence, enhanced risk acceptance or tolerance levels have led to a much more open world of information today than that of generations before. A common example of this paradigm shift is we have come to accept, for the sake of convenience, that it is acceptable for our favourite stores to capture and manipulate information about our shopping habits, so that we may better be served as a consumer.
But with this new world of open information exchange, data collection, and expected levels of visibility about us and the world we live in comes a host of new issues related to data ownership, privacy and use of information. For instance, is it acceptable for our favourite stores to collect information on our shopping habits and then to provide that information to a third party so that they may use it to profile our behaviour? We enter into transactional contracts with commercial entities at the point of sale and as such expect some information about us to be exchanged, but who owns that information and for what purpose may it be used under that contract? Is it possible to really own one's identity in a modern society, or are we just a single row of data in a very large database, available to be analysed by the highest bidder?
These questions way heavy on legislators and those who fight for appropriate control of information. However, when such information can be aggregated with many other information sources to provide governments with the ability to employ predicative analytics designed to highlight behavioural patterns that may be a threat to society, such as terrorism and public disorder, how can those same legislators strike the right balance between legitimate use and potential abuse? In fact, when the context of the information becomes the variable and the information itself the constant, how can it be policed appropriately, and by whom? Our information world is truly global, cross border and open, while our physical world is geo-political with legal complexities and different tolerances to what is and is not acceptable dependent on nation state. Given this reality, how can we truly police a global world without making it too easy to manoeuvre between the boundaries of the legislation?
Unlike prior generations, where today’s news became tomorrow’s fish and chip wrappers, we now have added complexity of the absence of a delete button on the internet. The very nature of the internet and its underlying technical architecture is such that everything is cached, if only for a few seconds. Search engines like Google offer a ‘find it in our cache’ feature in case the site is down, and services like the ‘internet time machine’ exist to create copies of content for future generations. So how do you undo that statement, or remove that photo from public view, when it is likely replicated around the globe in a few seconds? This creates a need for us to control the information we perceive to be valuable to us, and to control the flow of information as it leaves us, so that it is what we want it to be before it is consumed and analysed by the world.
This foreword has posed more questions than answers, but is done so deliberately, as these are the questions we need to consider as individuals. Only we can answer them, and only we can determine what is appropriate for our information.
Jay Abbott, Director of the Threat & Vulnerability Practice at PricewaterhouseCoopers