The New Universal Identifier

Josh commented on my last post that privacy requires control over both (a) personal data and (b) the platform on which the data is used. My gut instinct is that our expectation of privacy is only the former.

Privacy is a moral issue but, as with most moral issues, the ideal compromises with practicality in our reasonable expectations. We can reasonably expect that personal data under our control will be kept private. We can reasonably expect that if we give personal data to someone else and they promise to keep it private, that it will be kept private. But I don't think we can reasonably expect that if we give personal data to someone else and all they promise is that they will make it kind of hard to get to that it will be private.

We've discovered this over and over: with real estate records, campaign donations, Google Street View. The probabilistic idea of public actions being effectively private by being lost in a sea of noise, being alone in the crowd, has been confronted with technological reality (although, as with most erosions of privacy, we have been slow to notice or meager in protest.)

I don't think this is a good thing, I just think that the expectation of this sort of privacy is so unrealistic that it's not worth complaining about. There are ways to use technology to counteract the loss of privacy from technology, and that's what we should be asking for. In this case--where our email addresses are used as universal identifiers, the new social security number--we should complain about any service allowing someone to see our email address at all. Given the way things are going, it won't be many years before you can register for a driver's license with just your email address as ID. Email addresses have become our new true names, and we shouldn't let anyone but our trusted friends have them.