An increasing amount of my work time lately seems to be devoted to issues of data integration, data security, and data privacy. I don't even pretend to be an expert, but I do know that a good deal of data paranoia is a not terribly subtle attempt to sell products and services. While businesses and other organizations are welcome to spend their technology dollars to fortify their data ramparts, schools when doing so are chosing to NOT spend their dollars on the educational applications of technology. It's a balance, of course, but I hope schools factor in both sides in when chosing to purchase any new security service or system.

Anyway, this post is more about personal security and privacy...

By now, most of us have figured out that when we are arranging the pickup of a large stash of cocaine; supplying arms to a rebel militia; or making a date with a prostitute, hit man, or lobbyist, we simply don't use e-mail. Unincarcerated teachers and parents know this is something we want our children to understand as well. 

But when the issue of online privacy becomes much more nuanced than that, I get confused.  Much concern has been raised over how much privacy Google gives it e-mail users. Or is this concern simply anti-Google groups out to create a false scare. Do I stop using e-mail completely, uber-encrypt my e-mail, or just stop worrying?

Here are some things I do know with a certain degree of confidence:

1. No message or data that uses the Internet as a carrier or is stored on a networked server is 100% secure - but then what in life is? We've got to start thinking about the Internet as a public space, not as our living room. By speaking, appearing, and acting in public, we all give up some privacy rights. When e-mail first came into education, our rule of thumb was "Don't put anything in e-mail you wouldn't write on a postcard." Still valid advice.

2. Google Apps for Education and personal Google Accounts have different levels of privacy associated with them. You pay for your personal Gmail account by "selling" information about your interests, buying habits, etc. to commercial interests. Don't like it? Go someplace else, and good luck with that. With GoogleApps for Education, read their Security and Privacy page. In part it reads:

Google Apps is governed by a detailed Privacy Policy, which ensures we will not inappropriately share or use personal information placed in our systems. Google complies with applicable US privacy law, and the Google Apps Terms of Service can specifically detail our obligations and compliance with FERPA (Family Educational Rights and Privacy Act) regulations. 

3. Students and employees using school technology resources have always had a "limited right to privacy."Students and staff need to know that school network users have a "limited right to privacy." If school officials suspect evil deeds are being done on the school networks, they can and will read one's e-mail, stored files, and browser history. But then authorities do locker checks too. Businesses work the same way when it comes to business-owned technology resources. Get used to it.

4. Privacy just may be a thing of the past, with e-mail security the least of our problems. See: A cheap spying tool and Google knows what you're looking at - so what? The debate over the appropriateness of NSA's data collection, the debate over cameras at intersections to capture red light runners, and the debate over allowing GoogleGlass into bars, all highlight how technology has made us both more spied upon - but perhaps more secure as well. It's a bit of a dilemma: I don't want to get a camera-generated ticket in the mail for running a red light, but if such cameras reduce red light running and keep my grandchildren safer, I am OK with that. The Circle, a novel by Dave Eggars, does an interesting job of exploring this conflict. (Read the book - it's much better than the movie.)

5. Everyone eventually gets caught. My dad taught me this lesson at a very young age - through example. I never got away with squat. I'm guessing the same would hold true today. As much as I'd like to think I could get away with illicit uses of the Internet (I can't think of any right now, which is pretty sad), I seriously doubt I would. 

I value both my privacy and my safety. The use or misuse of data collection, monitoring, and scanning can violate the first and improve the latter. The ideologues on both sides of this privacy/safety should be listened to - but with a bit of rational skepticism.
 

Original post August 15, 2013