Perhaps computers have changed the landscape so radically that our minds are not adequately prepared for the task. Much of our evolution as a species probably adapted us for circumstances that do not quite match our very unnatural modern settings. Consider why so many of us are unnecessarily harmed over and over again every day because automobiles demand that we adapt to speeds that we are not naturally prepared to handle. Consider why we find the general theory of relativity and much of quantum physics to be against our intuitive understanding of the world around us. Consider how very unnatural is much of technology.
It is to be expected that computer security and privacy problems are similarly confounding problems. How many of us are aware that electronic book readers watch what you read? Do we know who is watching us on web sites? How many of us have thought about how people with smartphones might accidentally tell others about where we are? Did you know that your smartphone sensors could give you away? People are so surprised by these findings and more that there have been congressional hearings about what computing giants can see about us. I could inundate you with seemingly endless examples, but I think you understand my point: it is a terrible cognitive burden to place on others when we expect them to understand every single thing that could go wrong in computing.
As David Brin and others have observed, we have always been able to watch what other people around us are doing. If we had expended the effort to connect the dots, then many hitherto obscure signals would be revealed. So what is different today? Perhaps the biggest differences are due to two new pieces of technology: computers and networks.
Memory is crucial to any computing machine. In fact, you get computers with different powers depending on, for example, how much memory the computer has, or how it accesses that memory. The most powerful computer that is known to be physically realizable requires infinite memory. Now, no single man-made computer has infinite memory, but one way to approximate that is to share memory over a network.
There are then two properties that emerge from this interaction. One is that we have written software that are very good at persisting data in durable memory, so much so that the European Union is trying to counteract this with the Right to be Forgotten. (As intellectuals love to point out, Thamus has warned Theuth about the effects of writing on memory and wisdom.) The other is that networks help to link otherwise disparate pieces of data, the result of which, as we know from endless research, is all sorts of privacy conundrums.
The other thing computers are very good at is making some (but not all) problems tractable or scalable. As Mitch Ratcliffe is supposed to have said, “A computer lets you make more mistakes faster than any invention in human history…with the possible exception of handguns and tequila.” Not only do security or privacy attacks happen much faster with computers, the profits and losses induced by networked computers are also more extreme. Additionally, networked computers permit cowards to be attackers: this asymmetry means not only that you may not know what they know about you, but also who knows these things about you.
Furthermore, privacy is a problem of the abstract versus the visceral: you do not literally see that information about you is seeping away from the machines around you.
Finally, one must also consider the feudal model of security and privacy on the Internet when thinking about this problem.
Why do you think we are losing privacy on the Internet?
Privacy@Poly 
Nice article. Regarding your question, I would say the lack of user controls is the primary reason for lack of privacy. You do not have control over how the information you already shared gets re-shared or used. However, there is a POSSIBILITY for the users to control how, what and with whom they can explicitly share the data. Consider the analogy of a water tap connected to a reservoir. Currently most companies do not provide USABLE privacy controls (or water taps) to the end user, either because they want to grab as much data as possible or implementing such systems is too much of an overhead for them. Whatever be the reason, lack of usable controls is one primary reason, and DO NOT TRACK and other initiatives are trying to give the control back to the user.
This is a nice point, and I like the comparison to a water tap. However, giving a user privacy controls assumes that there is some awareness of the data sharing that is taking place. However, that is often not the case. The average user has little to no knowledge of the ad/tracking ecosystem powering his online experience, so offering him a way to “control” his digital trail wouldn’t do much good. (Of course, I don’t mean that Do Not Track isn’t helpful – rather that it will still leave gaps.)
I agree with both of you. Usable privacy control mechanisms would be a welcome relief. However, there are a few things working against this. One is that many businesses are against giving us such usable privacy control mechanisms. The other is that we are often not aware of how we are losing privacy online. If there are too many ways to lose privacy, then controlling that loss becomes problematic. Finally, I am more inclined to have computers do the job as much as possible for us, and I like your idea of us having the final say over what (but not how) the computer will do.
Advocating for privacy is an uphill battle because there are many incentives promoting surveillance. Firstly, and most importantly, there’s the safety objective: surveillance can discourage crime, and it can also help law enforcement find perpetrators both before and after the fact. And in the online context, there is also the economic argument: tracking pays for a good portion of the content we consume online. Privacy is a more nebulous, less practical argument: discussions about it end up in a more theoretical place with words like “autonomy”, “liberty” and “communication.” Combined with the poor mental models we generally have of the internet, it is hard to frame and motivate good arguments towards privacy-preserving behavior.
Agreed: privacy is a hard sell. That is why we should we have a public debate about online privacy, and why we should build sensible privacy-preserving defaults right into the software. We have a lot of work ahead of us, and the time is right.
Would it make sense to build a system where providing a much better privacy control is more economically beneficial for the service provider, than not offering such controls? One vaguely related example is the use of hotel cards that allow you to open the door, and activate the power supply. When these cards weren’t available, customers had to manually switch off each light / AC / fan. If they forget, it would increase the hotel electricity expenses. Using the cards is more usable for the end users and is also a less expensive alternative for the hotels.
Only reason I can find so far for offering privacy controls, is to identify privacy conscious people and target them accordingly.
Why not write a blog post about it and ask the group? 🙂