We tend to expect online privacy to match our physical understanding of it. If I went to the library and used the card catalog to locate articles about pressure cookers and backpacks in an encyclopedia, I wouldn't expect the librarians to tell the police, and I wouldn't expect the police to come and knock on my door to ask me about it.
Interestingly enough, that's an incorrect expectation[0], which makes it a great example of how poorly understood privacy rights actually are, both in physical space and the virtual space.
Our expectations of the physical world derive from our experience of the physical world; they're valid notions in that sense.
How would the FBI monitor me using a card catalog and getting a book off the shelf? With a camera? If it was a camera, it's still not what we expect from the physical world, because we don't physically expect that we are being watched unless there are actually eyes staring at us.
If there was an FBI agent watching me look up things from a card catalog, and another one watching me read the books, this would match my physical understanding of a lack of privacy.
I talk about this a bit in another comment; the analogy is breaking down because we're equating active surveillance (guys in suits watching you) with passive data collection (cameras in the library that catch you carrying around a book on pressure cookers).
In a public library, it is not a reasonable person's expectation that the books that person is selecting are not going to be seen by others in the library. A reasonable person would not expect privacy in a public library, because it is, by definition, public.
Facebook isn't public, though. Expectations of privacy change here, and that's where we get into murky waters - we have no meatspace equivalent to Facebook or Google, so we don't really know what to expect.
> A reasonable person would not expect privacy in a public library, because it is, by definition, public.
A library is public not because there is a lack of privacy, but because it owned by the state. Do you not have privacy in a public restroom? The same arguments here about the physical expectations of privacy apply to private libraries in private universities.
Yes, when I go to the library, I notice from time to time the covers of books or magazines that other people are reading. However, in retrospect I cannot remember a single instance of who read what book, not their names if I know them nor their faces. I'm a pretty observant person with a good memory, so I have the same reciprocal expectations of others. If I were to walk up to somebody and straight up ask them what book they were reading, or to start reading over their shoulder, that would be considered an invasion of privacy.
Of course I don't have any way to prove this, but I would be astonished if a stranger in the city that's only ever seen me in the library could tell you what I've taken off the shelf.
Facebook is kind of like posting things on bulletin boards. Email is like sending postcards. Google is the aforementioned card catalog.
That's a fair point about the public library, but it is still a public place.
The standard of expectation of privacy is set by society[0], not you specifically. Even if you don't write down the books other people are carrying around, it's not illegal or even morally wrong to do so, nor would it be an invasion of privacy to ask a person what book he/she was reading. Not sure about literally reading over their shoulder, but that's not what we're talking about.
There is zero legal precedence for this idea of "anonymous in a crowd" that I do see every now and then when talking about privacy. I am legally allowed to take as many pictures of public places and people in public places as I want, so while a person might not be able to directly recall your face, I could easily and legally take your photograph in a public space and thus track your movements this way.
Oh, yeah, I was talking about subjective expectations of privacy. I didn't realize you were arguing a legal perspective. When I say expectations, I don't mean societal rights, I just mean what I expect to happen. I think they derive largely from how we experience the world physically, and I think that they translate poorly to online privacy. In particular, we usually consider conversations between two people to be private, but two computers talking to each other is quite often public.
Absolutely. It's one of the hardest parts of all of this - translating physical space expectations to the Internet.
Congress should draft up some kind of "rules of engagement" for the Internet, explicitly setting expectations. We know we're going to get searched at the airport, but we have no clue what the US government is going to do to us when we're online. That would be friggin' helpful to know.
Nitpicker point: It's been a while since I used a CC, but used to a lot, and the user stands pretty close to the cards as they read them (specially for the lower drawers). A drone might have a chance, but not a FIB-cam.
Everything doesn't need to be private, but we expect it to be, just like we expect letters sent in the mail to be.
It's not like Wikipedia is shifting to HTTPS because people reading about the "American Revoltionary War" are going to get flagged for rendition. That HTTP session didn't need to be private.
Wikipedia is shifting because they don't want NSA snooping with any of their users' traffic. But if they didn't want NSA snooping then certainly they didn't want ISPs, hackers on the same cable modem loop, etc. snooping, so they could/should have done this switch awhile ago.
Even should we change the law to match our expectations regarding Internet privacy, https is still a better idea as the NSA is really the least of worries for the vast majority of us who have bigger threats with organized crime from Eastern Europe, spammers forming botnets, etc.
