You-have-the-right-to-remain-silent-online_SQAccording to a recent report, law enforcement requests for Facebook data are up 24 percent since last year. Police agencies, which for a long time resisted modern technology, have embraced it with a vengeance, utilizing social media and other online communications as investigative aids to the extent allowed by law – and in some cases to an extent that many feel oversteps the boundaries of constitutionality.

As a former police officer and now a network security expert, and an advocate of a balanced approach to privacy in our ever-more-connected world, I have some strong opinions and some mixed feelings regarding technology as a tool for obtaining evidence of criminal behavior, and also about the disclosure of “TMI” – too much information – to the public in general. In this post, I’ll attempt to sort out the issues involved and discuss where I believe the lines should be drawn, and where the responsibilities lie.

At no time in my lifetime has suspicion of the motives and actions of our own government been at such a high level in the U.S. as it is today. Reports over drone surveillance and NSA interception of online communications and phone calls are no longer confined to “fringe” publications; they permeate mainstream news and Internet privacy advocate organizations such as the Electronic Frontier Foundation devote a good deal of time and effort to opposing such policies.

Ironically, some would say, the government utilizes its resources to warn citizens that they need to protect their privacy online. Federal laws such as the Gramm-Leach-Bliley (GLB) Act and the Health Insurance Portability and Accountability Act (HIPAA) require businesses in certain industries (financial services and healthcare) to provide customers with written copies of their policies that impact individual privacy (personal data). Individual U.S. states have their own laws that address privacy issues. The European Union’s Data Protection Directive governs privacy of personal data in member nations.

Governments, it seems, are very interested in helping us keep our sensitive information under wraps – except from themselves. The questions asked by the U.S. Census bureau have become more and more invasive over the years, with the “long form” (called the American Community Survey), which is sent to households randomly, taking 40 minutes to complete and asking about financial information, marital information, even what time you leave to go to work and how long you’re there.

There has been a good deal of backlash against the intrusion by cities, states and the feds into the personal lives of ordinary, law-abiding citizens that has been gradually increasing for decades. There has been even more public protest regarding the measures taken to attempt to detect and intercept violent criminals, particularly terrorists, which has ramped up tremendously since the September 11 attacks in 2001.

Another aspect of the privacy issue is what online retailers do with our payment information. Shopping from the comfort of our homes is fast and convenient, and often saves us money – at least until we discover thousands of dollars in unauthorized charges on our bills because a hacker stole our account numbers from a badly secured database. The long list of major data breaches over the last few years makes you wonder whether it’s safe to divulge your credit card information to anyone, online or not.

But privacy isn’t just about keeping the law enforcement out of your personal business. And it’s not just about how well the companies with which we do business protect our credit card numbers. There are plenty of others who have nothing to do with the government or the corporate retail world, who can cause you a great deal of grief if they find out too much about you. For criminals as well as law enforcement officers, the Internet in general and social networking in particular have created a feast of information that they can use to their advantage.

We all enjoy sharing our good times (and sometimes our not-so-good ones) with our friends. We like to show off our new possessions, share photos of our vacations or nights out on the town, and talk about our plans. And that’s normal and natural. The problem comes in when we share that info not just with people we know and trust, but with people we’ve never met and know nothing about. Some people are “friend collectors” on the social sites. They accept every friend request that comes along, and then they share everything they do with all of those “friends.”  That can come back to bite you – hard.

One of those new friends could be a police officer looking for evidence of wrongdoing: maybe yours or maybe that of another of your friends. Something you say in jest could be taken literally and misinterpreted as evidence of a crime. Even if you’re perfectly innocent, do you want to be the subject of an investigation? And if you have done something that’s against the law (don’t be quick to say you haven’t; were you aware that merely picking up the feather of certain birds and keeping it as a souvenir is a violation of U.S. federal law?), you could find yourself in a big legal bind.

Even if there are undercover cops on your friends list, what about undercover criminals? One of those random friend requests could have come from a shady character in your town who’s there to look for news that your house is empty for the day, so he can break in and steal the new flat screen TV he saw in your recent “look what I got for my birthday” post.  Even worse, it could be a stalker who wants to know when you’re home alone or going out by yourself at night.

Even if you only accept friend requests from people you know, you still have to be careful. Sometimes those are the ones who can do us the most harm. Employers have been known to scroll employees’ timelines to make sure they aren’t badmouthing the company, revealing trade secrets or otherwise violating company policies, and almost half of them say they use social networks to screen job applicants.

Anyone who’s ever watched a police drama on TV knows the Miranda warning by heart, the one that starts with “You have the right to remain silent.” Sometimes even when you’re not under arrest, remaining silent is a very good idea. That’s especially true when you’re talking to a few hundred (or thousand) “friends” you wouldn’t recognize if you walked past them on the street.

But … that’s no fun. And as good as the advice might be, those who say to never reveal any personal information online are probably being unrealistic. It’s human nature to want to share our lives with others, and in today’s world, the Internet is the medium we use to communicate. What we need to do is start using that technology more intelligently.

Part of that is simply about paying attention and thinking before you “speak” – even (or especially) when you’re speaking through a keyboard. Remember that unlike spoken words, what you say on the Internet is mostly “in writing,” and even though it might disappear quickly into the timeline stream, it can be copied and saved by someone else without you knowing.  The other part is technological. Put those controls that are built into social sites to use. Divide your friends into permissions groups and only post personal things to the group that contains only real, proven friends. I have numerous groups for different purposes. What I say to my IT colleagues isn’t necessarily what I want to say to my family members or my dog owners group or my clients. Sure, it takes a little more time but that’s a good thing. It gives you time to rethink what you wrote and decide whether you want to say it at all. I rarely ever publish anything, other than links to my articles, to the “public” group.

Ultimately, protecting your privacy is your responsibility. Nobody is going to do it for you. Some say there’s no longer such a thing as privacy, and to an extent, that’s true. But that doesn’t mean you should give up and “let it all hang out”. There are still ways to minimize the chance that the information that’s “out there” will end up hurting you.

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.