The online confessions, stripped bare photos, and frank opinions of Gen Y can make Baby Boomers cringe. One journalist wrote of a young bartender she had met in person, “I had liked Kitty: She was warm and funny and humble…But reading her [online journal], I feel thrown off. Some of it makes me wince. Much of it is witty and insightful. Mainly, I feel bizarrely protective of her…she seems so exposed.”

Although Gen Y may be more willing to post revealing information than their elders, some are also more controlling of it. “The Pew Internet Project has found that people in their 20s exert more control over their digital reputations than older adults, more vigorously deleting unwanted posts and limiting information about themselves”.  The Project also found that teenagers obscure their physical locations and personal data online. In the words of a 19 year old university student, “I have to look out for me.”  A University of California study showed that most 18-24 year olds are actually “in harmony with older Americans regarding concerns about online privacy, norms, and policy suggestions.”

Yet Gen Y’s “aspiration[s] for increased privacy” do not always match their participation “in an online reality that is optimized to increase their revelation of personal data”. They mix caution with carelessness and a desire to connect. Some Gen Y believe the sheer volume of personal information published online provides anonymity and they will only be identified by positive connections who want to collaborate or open career paths for them. This naivety can be dangerous. As I wrote in “Is online privacy an illusion?”, seemingly harmless information shared online can be used to deduce your movie rentals, political affiliation, and, (alarmingly) your social security number.

So why aren’t Gen Y acting on their privacy concerns? In short, they don’t understand the limits of privacy law. Gen Y are “more likely to believe that the law protects them both online and off. This lack of knowledge in a tempting environment, rather than a cavalier lack of concern regarding privacy” explains their behavior.

It may be time to start treating the entire web as one interconnected data collection form. Innocuous information you share online can be used to deduce your movie rental habits, political affiliation, and even your social security number.

Consider this:

•    Netflix inadvertently revealed the identities of some of their subscribers even though they removed personally identifying information from their publically available database. Two University of Texas researchers were able to match Netflix subscribers’ to their reviews of vulnerable movies on sites like IMDB.

•    Another discovery out of the University of Texas, this time involving an assistant professor and his student, was that peoples’ political affiliations can be inferred from social networks. Group membership, music preference, and friendship connections were particularly indicative of political affiliation. The dataset for this experiment was 167,000 online profiles and 3 million ‘friends’ in the Dallas-Fort Worth area.

•    Even those who are unconcerned that others can see their movie rental records, or know their political persuasion, would be upset if their social security numbers were uncovered. Another duo of researchers, in this case from Carnegie Mellon University, were able to destabilize the Social Security numbers of 8.5% of US citizens born from 1989 to 2003 based on publically available data including social network profiles.

As Maneesha Mithal of the Federal Trade Commission’s privacy division stated in The New York Times, “Technology has rendered the conventional definition of personally identifiable information obsolete…You can find out who an individual is without it.”

So do we need to protect the next generation of Internet contributors, those born since 1995 referred to as Gen Z? In The New World of Wireless: How to Compete in the 4G Revolution Scott Snyder writes that Gen Z are the most likely generation to accept reduced privacy in order to participate in the “immersive, ‘user-centric’ wireless experiences” delivered by 4G mobiles. Encouragingly, this generation is demonstrating an ability to engage and minimize their public exposure. Regulatory body Ofcom’s media literacy audit found that a full quarter of 8-12 year old UK citizens have social networking profiles on Facebook, MySpace, or Bebo. A vast majority of this active quarter, 83%, have set their privacy settings to only allow their friends to see their profiles.

I think Gen Z will be just fine; we don’t need to instill a mistrust of academics that travel in twos or teach them about the interrelated nature of the Internet. Let’s concentrate on ourselves and realize that by placing our first name on one site and our last name on another site we’re effectively placing our full name in the same place.

When Google rolled out Buzz in mid-February, people were angered by the type of privacy breaches which have plagued another social medium. The three main issues for Buzz were:

• auto generation of follower lists from individuals’ private email and chat behavior
• auto completion of some email addresses in a feature similar to Twitter’s @reply
• auto connection to Google Reader and Picasa Web Albums.

Google responded to privacy concerns within days. However, for some who had very real privacy concerns, this simply wasn’t good enough.

I use my private Gmail account to email my boyfriend and my mother.

There’s a BIG drop-off between them and my other “most frequent” contacts.

You know who my third most frequent contact is?

My abusive ex-husband.

Which is why it’s SO EXCITING, Google, that you AUTOMATICALLY allowed all my most frequent contacts access to my Reader, including all the comments I’ve made on Reader items, usually shared with my boyfriend, who I had NO REASON to hide my current location or workplace from, and never did.

There’s still a lot to learn about how we integrate privacy into new products, but we know the golden rule – personal information should never be published without personal consent.

Update: US Congressmen have asked the Federal Trade Commission to examine complaints about Google Buzz.

Remember the first time you saw Barack Obama?

If you’re like most Americans, it was roughly four and a half years ago at the Democratic National Convention. I refer you now to one line in particular of that historic speech:

“We worship an awesome God in the Blue States, and we don’t like federal agents poking around in our libraries in the Red States.”

There is a reason the confidentiality of library records is sacrosanct: it is because the use of them for government intelligence virtually guarantees an imposition on civil liberties.

When we think about going to the library and checking out a John Grisham or a Stephen King, it’s hard to imagine what all the fuss is about. But imagine instead that you’re interested in religion and you check out a Bible or a religious reference book. Now imagine that instead of a Bible, you check out the Koran.

There are millions of versions of this scenario. You love planes and you check out a book to see how jetliners work — now imagine you’re of Middle Eastern descent. You’re fascinated with serial killers. Your friend David recommends Devil in the White City. You’re a student of human behavior and pick up a copy of The Lucifer Effect. Any one of these situations could imply suspicious activity — and, in more than 99% of cases, that suspicion would be dead wrong.

In the book Free Expression and Censorship In America, Herbert Foerstel describes the FBI’s attempts to monitor communist activity through the library system:

At [the University of Maryland, College Park], the agents asked librarians to report on anyone with a “foreign-sounding name or foreign accent” who used the libraries. Such a characterization would fit the majority of students and faculty on most American campuses, yet librarians were asked to monitor reference questions and on-line literature searches, including searches of [the National Technical Information Service], in order to establish the subject interests of these suspicious foreigners. All of this surveillance was conducted despite the fact that the UMCP libraries contained no classified materials, and their collections were presumably open to anyone. When the university complained about the surveillance, an FBI representative claimed that the libraries should feel no obligation to protect the access and privacy rights of noncitizens.

This backstory is why I was glad to see that a court is allowing a lawsuit against Blockbuster to proceed. The lawsuit is backlash from Blockbuster’s participation in Facebook’s ill-conceived Beacon program, which shared user purchase activity across the social network.

Just like libraries, it may seem that the potential harm from this program is minimal. You rent a copy of Wild Things, and the next thing you know your out-of-town girlfriend spots it on your News Feed and you’re having to explain yourself. But just like library books, movies can be an indication of who we are. Unfortunately, they are symptoms that point in a million different directions — symptoms that carry with them a potential for misinterpretation as tempting as a serpent’s apple.

We are eternally trying to find the right balance between freedom and security. Thankfully, books and other media coexist with speech firmly on the ‘freedom’ side of the line. Let’s keep it that way.

What do you think?

I had the privilege this week of attending a lecture by Professor Hal Varian, Chief Economist for Google. Varian discussed the advent of computer-mediated transactions and how they transform our business practices.

There were a couple of interesting points he raised: historical (in a pre-literate and pre-numerate era, how could people shipping barrels of olive oil have any confidence that the amount of oil that left was the same amount that arrived?), logistical (computer-mediated transactions enable more and more complex contractual arrangements), and conceptual (behavioral targeting, etc.).

This last, conceptual, is a big thing for Google these days, since they’ve been in the behavioral targeting business for all of two weeks. It’s also where Varian started to get into Web Genome Project territory. I found one thing he said particularly interesting:

In general, people have no problems with the intended use of data (more relevant content, etc.). What people are worried about is the unintended use of data (AOL’s massive data spill, etc.). The problem, therefore, is not so much a privacy problem, but rather a security problem.

That’s a pretty interesting comment, and it certainly rings true to me. “I don’t want Google knowing all this stuff about me,” people say. “Who knows what they’re going to do with it? What if somebody unscrupulous gets their hands on it?”

The core proposition of the Web Genome Project is personalisation with privacy. In light of Varian’s comments, however, it’s worth revisiting that proposition, because in fact it’s much stronger than that. The WGP model means that no clickstream or historical data is ever collected in the first place. If a thief were to break in, the vault would be empty; there’s just nothing there. So the model actually eliminates the entire question of privacy. It doesn’t much matter whether I can keep your data private if I don’t have any data on you to begin with.

Gratifying stuff from someone who’s earned his stripes. What are your thoughts about privacy vs. security?

I have been saying for some time now that our biggest unsolved problem is not a need for more information, but more assistance in finding what we want, when we want it, without getting bogged down in the infinite content made possible by UGC and Web 2.0.

In other words, what the market needs right now is clarity, not quantity.

Ideally, one type of entity that should be able to assist in clarifying the landscape is thinktanks. Ostensibly independent organizations, whose job it is to, well, think, these groups should be acting as advocates for us, collating, analyzing and synthesizing information so that we mortals can bypass all that messiness and cut straight to the heart of the matter.

Would that it were so.

Two weeks ago, a new thinktank was launched: The Future of Privacy Forum. Now, if ever there were a topic that called for clarity, online privacy is it. Nobody knows where the lines are or how gray is gray, and only the die-hard evangelists have any idea what data portability even means.

This Future of Privacy Forum is just one of several — there are also SafeCount, the Network Advertising Initiative, and the Center for Democracy and Technology, for example. The FPF (they don’t call themselves that, but I’m a lazy typist) was founded by Jules Polonetsky, former AOL Chief Privacy Officer, and is funded by AT&T. Where it gets a bit tricky, though, is in its first recommendations: delete your cookies and use AskEraser.

Wendy Davis at the Daily Online Examiner points out the inherent conflict of interest with this recommendation: AT&T has a long-running feud with Google over net neutrality and privacy. So is the FPF merely a way for AT&T to take a one-step-removed dig at the search giant?

At the same time, SafeCount and the Network Advertising Initiative both point out that cookies are what allow us to access all of that great free content. The “complex advertising and marketing mechanism” warned of by the FPF is the same mechanism that makes sites like YouTube possible.

Finally, just today, the Center for Democracy & Technology called on the Obama administration to pass new privacy laws, starting with a new definition of PII (personally identifiable information). We need one, by the way. Privacy and anonymity are two different things.

Anyway, all these recommendations are starting to make my head spin. What we need is a thinktank of thinktanks. What do you think?