Facebook, a company already facing scrutiny over its security practices, announced on September 28 that an attack on its system had compromised the accounts of nearly 90 million users. Three software flaws in the company’s security system led to the breach, the largest in the platform’s 14-year history, affecting not only Facebook accounts but also thousands of applications that allow logins through Facebook. Hackers were able to view users’ accounts in full, including their private data and messages, and could even have initiated actions within user accounts. At first, this seemed to me to be but another measure of this year’s steady drumbeat of data breaches, and yet it expands beyond one mishap.
To assess these issues, it is important to articulate a precise definition of privacy. The idea can be illustrated within a 1980 case, when Supreme Court Justice Louis Brandeis and attorney Samuel Warren published an article in the Harvard Law Review which defined privacy. The invention of the instantaneous photograph had made it possible to photograph anyone without their consent, and necessitated a redefinition of familiar ideals. The article argued that privacy amounted to an individual’s right to “be let alone.”
The Facebook breach is an unwelcome reminder that it is impossible to be completely free from the specter of surveillance. Facebook has nearly 2.2 billion users around the world, and its program connects with thousands of other services. Its sheer scale makes it futile to even attempt complete security; and since Facebook is one of the largest login systems available, third-party apps like Instagram, Spotify, and others will also be affected.
For those that do not believe in the importance of privacy, one question continues to be repeatedly materialized: why care about privacy if you aren’t doing anything that requires obfuscation? This fatalistic complacence— a view that privacy is both irrelevant and an illusion— has even crept into my own attitudes about data. As a digital native, I have become inured to the fact that my personal data will inevitably become public online.
And yet, the belief that we have much less freedom when we know we may be observed influences the lives of tech moguls including Facebook’s very own Mark Zuckerberg, who bought the four houses surrounding his home to maintain his privacy. We all take risks when we know that no one is watching: belting Mariah Carey songs in the shower, or dancing crazily in our rooms. But when we know we are being surveilled, we stop making these choices, almost without realizing it. Our free will is limited by a need for social acceptance. These risks reach far beyond clandestine performances — a lack of privacy can impede our ability to set goals, try new ventures, and be creative.
A single innovative or creative thought is gleaned from countless infeasible or ill-conceived ideas. In short, scrutiny robs us of our freedom to fail. The Facebook breach debacle illustrates a key tenet of our ideas about privacy. If we now know that attackers can view our internal accounts at any moment, people might not correspond in the same way. Our messages may potentially become less personal, and our comebacks less creative. All innovation hinges on privacy, and our free will to be imaginative and innovative could disappear if privacy is disregarded.
It is important to redefine our ideas and definitions regarding privacy. We must respond to quickly shifting technology, just as Warren and Brandeis did to the instantaneous photograph in December of 1980. Privacy is not dead, nor will it ever be; it is a primal urge, an instinctual quest for freedom. When we know we are being surveilled online, risk-taking is ripped from us. Our choices are constricted. Our imagination is stolen. Protecting our privacy and reaffirming our commitment to online safety as a community must be emphasized globally because breaches continue to be a symptom of a much larger problem—that of blasé acceptance of loss of privacy.
Gayatri Rajan is a Junior from Mason, Ohio. Contact the author at firstname.lastname@example.org.