Covering subjects ranging from reputation to national ID card schemes, from DNA collection to online safety of children, is ‘Virtual Shadows’ ( www.vivagroupindia.com ), a recent publication that is ‘small enough to fit in your pocket and read on the train when you are on your way to work,’ as the author Karen Lawrence Öqvist describes.
“The subject space of the book is vast, because in the information society that we are all a part of today, we are connected and sharing, which surfaces significant concerns regarding our privacy. The book is like a ripple on the ocean, giving you a sensation of the vastness of what lies underneath without going into any depth,” she adds, during the course of a quick email exchange with Business Line .
“I have over 20 years experience in IT and during the day I work in information security as a consultant,” reads the ‘about’ page in her blog www.virtualshadows.com “In my spare time I do loads of outdoor activities, that is when I am not publishing or studying for my MBA.”
Excerpts from the interaction, in which the author focuses on two key issues, viz. reputation and identity.
You talk about identity and reputation in your book…People often tell me that in order to protect your reputation that you should not have an online presence. You should not have a Facebook profile, MySpace or Linked In profiles. In effect online you should be invisible. If you are not there you cannot be damaged, can you?
This opinion is not without foundation. After all what you do online will inevitably over time enable you to build one or more online reputations. There is a distinct relationship between your identity and reputation since, first, what you do in your life both online and offline has an impact on your reputation (professional, personal etc.) and, second, it is by building your reputation that you create for yourself an identity, almost a type of personal branding.
Then it is true that what you do online can cause people to judge you in a negative way? For example, when you apply for a job?
Yes and no, in fact the consequences can be positive or negative. It is positive if it reaffirms what you have stated about yourself. If it does not, e.g. there are photos of you half naked and drunk on your MySpace profile, then this information has the potential to be damaging to what you want to achieve today or tomorrow and doubtless in your professional life, both online and offline. Digital information has a persistence value i.e. it never goes away.
Is one right in assuming that the safest bet is to be invisible online?
My opinion is no, it is not. Being invisible online is no longer an option. Why do I say this? Well, being invisible was fine yesterday, however this is changing. If you don’t have a ‘positive’ online presence it can prove damaging to your career in this new information society that we are all a part of today. In this world if you don’t exist online, if you are invisible then you have no reputation, nothing that proves what you have stated about yourself. In fact in the future having no reputation online could be as, if not more, damaging to your career than to have a bad online reputation. Let us take an example.
Imagine if head hunters are ‘Googling’ for you when you apply for a job. Today this has become common practice. Take an example of three types of applicants, each type presenting excellent cvs, sharing experience and academic achievements:
1. Applicants have an online presence. MySpace profile, no privacy controls enabled so it is open for browsing to the head hunter. They twittering with their ‘friends’, and nature of communications indicates that the applicant has an ‘attitude’ problem. There are revealing photos. The findings do not reflect what was claimed in the cv.
2. Applicants have no online presence. They are invisible.
3. Applicants have an online presence. They are active in technical forums, they have a Facebook profile, but the privacy controls are enabled so the head hunter can’t get in. They are professionally networked via Linked In. They have a profile that reflects their achievements on the cv along with recommendations from existing and ex-colleagues (also on Linked In) on their good work on their profile. Their online presence confirms a solid applicant for the post.
Now what if there are 200 applicants for a single post. Which applications will get eliminated first from the process? In all likelihood it will be all applicants of type (1), because this applicant type appears to have an attitude problem and could be unreliable.
Now which applicant types will the headhunter want to meet? Most probably the third applicant type because the headhunter has found evidence that supports what the applicant has claimed on their cv.
Then what about the invisible applicants? They also have a great cv and no damning evidence online. The answer is simple; it depends on how many suitable applicants have already been shortlisted for an interview. It is quite likely that the headhunter is already spoilt for choice and doesn’t feel motivated to waste time with these applicants.
You mentioned that it could be better to have a bad reputation rather than be invisible?
Yes. Not now in today’s society, but I believe that in the future the selection process could become even more interesting. Today’s generation would have grown up as a part of the information society and with different perceptions on privacy and reputation than what our generation has today. When this generation becomes the headhunters of tomorrow, they will throw the invisible applicants in the bin first; because they have no evidence of a social or professional network, alas no reputation to speak of. Hence for the headhunters of tomorrow if you are one of the invisible applicants, you just will not exist.
Is a national identity card a good thing?
This question I get asked quite often, and my response is normally “it depends.” It depends on the intentions of the government for its implementation, the culture of the country, the politics… there are lots of factors.
ID cards are in use in one form or another in virtually all countries of the world. The type of card, its functions and integrity vary enormously. While several countries have official, compulsory, national ID cards that are used for a variety of purposes, many countries do not. One good example is Sweden where the ID card is not compulsory but to live and work in the country without one is almost impossible, as it is the official means with which to present your personal ID number that is requested in many everyday transactions. Nonetheless it is successful and Swedish residents today could not imagine living in a society without it. A national ID card with a unique identifier has proved to be very convenient. (The Swedish personal ID number is represented as the date of birth of the holder with an extra four digits, even numbers for females and odd numbers for males, in the format ‘YYMMDD-xxxx’.)
Are there many countries that have a national ID card like Sweden?
No, not many countries are like Sweden and proposals to establish national ID cards have sparked protests in countries around the globe. The UK, the US, Australia, the Philippines, South Korea, Taiwan, Portugal and Hungary are examples where any attempt to introduce a national identity scheme has failed. In some cases, such as the attempted introduction of the Australia Card in 1987, has lead to a near collapse of the initiating government.
Why then is this topic so sensitive? And why do governments still persist on introducing identity schemes despite strong public resistance?
Let us take the second question first. What is so cool about national identity schemes that make governments feel impelled to keep trying?
In fact from a practical perspective a national ID scheme has many advantages for the citizen: if there is a common level of privacy expectations in the implementing country; and this is enforced with privacy law that establishes the rights of the data subject.
Such an example can be provided by Sweden whereby every newborn is provided with a personal ID. This is used throughout their lives. This unique identifier has in recent years facilitated the linking of health records, which means that if you end up in accident and emergency one day, by checking your personal ID the staff treating you are able pull up your health records and make better informed decisions, so as to have a better chance of saving your life in extreme situations. This brings to mind really important issues concerning a national identity card scheme, and back to the first question on the sensitivity of this topic.
If your country implemented an ID card scheme, your personal data contained within the card – that could incidentally include biometric data – needs to be stored in a database somewhere. This could be one database, or undoubtedly once fully integrated with other systems, (e.g. healthcare, banks, etc., everywhere where you need to confirm your identity) many databases. The question you should be asking yourself is two-fold:
1. Do you trust your government authorities to implement the appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access? Remember once databases are connected there is potential for one person with the ‘golden key’ to access everything on you.
2. And, do you trust your government to have the right intentions concerning the use of your personal data, both today and in the future?
In fact this is the underlying reason why governments are failing to implement successfully national identity schemes even if an explicit right for privacy is acknowledged as a right in the initiating country, and even if this is enforced with privacy law protecting the rights of the data subject. The citizen, i.e. the data subject, it appears does not trust the government to do the right thing.
Did Sweden succeed because they had perfect government administration processes and good intentions?
Not completely. They have not been perfect when it comes to securing the personal data of its citizens; their administrative processes are not perfect.
So, what is different?
Well one fact is that the population of Sweden is only nine million; this makes it technically simpler, than for other countries such as the UK with a population of 64 million to implement such an initiative. Still the primary explanation could be more fundamental and linked to the culture. It is nothing to do with numbers, or with how good the government has been in securing their citizens’ data. It seems that years of a socialistic government have given Swedish citizens the feeling that the government cares for them. If you ask a Swedish if they trust the government with their personal data, they may look a bit confused. For them it is an odd question, of course they trust the government, even if the government does sometimes get it wrong. This is different from other countries, such as the UK where trust is a big issue.
What is your next book about?
Well I have two in the pipeline. The book that I’m researching now will dive into the privacy landscape in different countries around the world, including India. For each country I have a local researcher that is an expert in security and privacy. This is because in my experience many privacy issues are driven by the local culture, politics, etc., of the country, so a local researcher is crucial in order that the context is understood before judging why things are the way they are. The second book I haven’t started yet so I am not ready to share details.