There’s Privacy Then There’s Privacy
There are two kinds of privacy. Only one is the responsibility of vendors and providers to ensure. The rest is up to you.
Regulations like HIPAA and PCI-DSS are designed to guarantee that providers storing electronic personally identifiable information, or PII in the vernacular, is safeguarded against theft or accidental disclosure. They are not designed to provide consumers with any kind of “social gag” that might alert them they are offering up information or photographs the likes of which they may later regret sharing. While social networking sites like Facebook now provide “privacy” options that allow consumers to control who can see photos and read information posted, it does not force (though it does prompt and encourage occasionally) the use of such controls. That is completely up to the consumer.
Rielle Hunter is extremely upset with the three photographs of herself featured in the latest issue of GQ magazine. The woman who was involved in a months-long affair with Democrat John Edwards told ABC’s Barbara Walters Monday she found the images - two of which feature her without pants - “repulsive” and, Hunter also told Walters, she cried for two hours because she felt they were so terrible. […] When I asked, ‘Well if that was the case, why did you pose the way you did?’ She said that she trusted Mark Seliger, who she said is a brilliant photographer, and she quote ‘went with the flow,’” Walters said on ABC’s The View. — Hunter upset over GQ photos
Like Hunter, some people become upset when photos or information they intentionally shared with others through a variety of digital media options become “more” public than perhaps they’d like. Hunter claimed she “trusted” the photographer. Trusted him to what? Not publish photos he was paid to take? Like Hunter, some consumers may claim they “trusted” site X and just “went with the flow.” But again, trusted them to what? Not publish content intentionally provided for that purpose?
Controls such as those offered by Facebook or additional privacy-focused features will not help consumers hell bent on sharing every embarrassing detail of their lives with the public. And it certainly shouldn’t be blamed for the subsequent “exposure” when a consumer decides a particular piece of information or photo has turned out to be a not so good thing to share.
Data Leak Prevention (DLP) solutions such as those provided by Web Application Firewalls (WAF) seek to prevent the accidental or intentional exposure of confidential data. That’s the aforementioned PII: account numbers, credit card data, social security numbers – basically information that could enable a thief to more easily steal one’s identity. It does not prevent, shall we say, language or other information you wouldn’t want your mother (or grandmother) hearing/seeing/knowing about. But could it? Possibly.
Infrastructure “scrubbing” services similar to those used to implement HIPAA and PCI (DLP solutions) could provide additional services to consumers to “scrub” content for specific keywords. Perhaps it could be the case that sites like Facebook could provide a service, enabled via an Infrastructure 2.0 capable solution, to partake in a workflow that would look for a consumer-provided list of keywords that forced an additional “sanity check” on the consumer when posting.
This is very much a “reverse” content-filtering style application of a proxy, often used to prevent unsuitable content of the NSFW variety from entering the network. But these content-filtering systems are generally designed to prevent requested content from being delivered.
In this case, we are potentially preventing unsuitable content – as specified by the consumer – from being POSTed in the first place, which is a bit of a twist on the traditional content-filtering scheme for two reasons:
1. It’s happening on the request rather than on the response.
2. It’s working from a set of user-defined “unsuitable” trigger-words rather than the provider or organization’s list, which may be very different.
It’s very similar to traditional content-filtering systems in that it’s being implemented as a network infrastructure component rather than in the application itself.
The reason such a solution would require an Infrastructure 2.0 capable solution is that the consumer would need to somehow “program” the infrastructure component to recognize their list of “naughty (or trigger)” words, which requires integration and control-plane capabilities that non-infrastructure 2.0 capable components lack. Imagine that as a consumer set up their “policy” within the application the application actually communicated that back to the infrastructure via Infrastructure 2.0 control plane mechanisms. Or perhaps the application sets a cookie that can be examined by the infrastructure and used to trigger the appropriate action – submit to the application or return with a “Are you sure you want to do this? Y/N” option. This allows providers the means to offer “value add” services that might generate revenue while not bogging down the entire infrastructure by always enabling the functionality for every customer. 
Regardless of actual implementation this offloads the “searching” of the content to an external device and prevents additional use of network, network infrastructure, and application infrastructure components within the architecture. It’s more efficient to stop requests – whether malicious or unsuitable by anyone’s definition – at the point furthest from the application as it prevents the unnecessary consumption of resources.
Of course the best place to stop the needless consumption of resources due to the posting of unsuitable content is at the keyboard, but it’s understandable that as we (people) continue to integrate digital media into the ebb and flow of our daily lives we just might occasionally need a reminder that what we’re about to share may be something we’d regret the next morning. And the next morning…and the next morning…and the next.
Because while the “do you remember what you said/did last night” coming from friends will eventually fade into memory, it takes a lot longer when there’s three million “friends” that want to say it.
Check also related entries: