Unlike most aspects of the financial crisis, it’s fairly easy to understand the Goldman Sach’s debacle. The company put its own interests ahead of its clients by encouraging them to invest in a mortgage product that the bank itself had bet would fail. But while politicians, the public, and the media take aim at the shenanigans of Wall Street, a similar breach in public trust is emanating from Silicon Valley amidst a wash of money and public ignorance.  The currency they’re manipulating though is worth billions: your personal information.

In April, Facebook launched Open Graph, its newest social platform that aims to turn the web into a more social experience by sharing user information and preferences with other sites.  Company founder Mark Zuckerberg heralded its launch as “the most transformative thing we’ve ever done for the web.” He’s right, but not for the reasons he says.

Facebook is chasing after Google’s dominance in the advertising market, which rewarded Google with $22.9 billion last year alone.  With personal information the increasingly valuable currency of the online marketplace, technology companies are scrambling to collect and share personal data with advertisers and other third parties.   In the process, your privacy is being compromised, with little debate or realization by society.

Over the past several years, as Facebook and other companies have launched new social tools and platforms, they have followed a fairly consistent rollout model: First, they automatically opt you into sharing your personal information. Then, they give you the option to opt-out but only after your privacy has been violated. After all, once information is out on the web, it is impossible to contain. The privacy controls you think you have are thus worthless.

In an effort to mitigate potential public backlash, both Facebook and Google are attempting to convince you that privacy is dead. Last December, Google CEO Eric Schmidt declared: “If you have something you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” A month later, Zuckerberg said privacy was “no longer a social norm.” But despite what the CEOs say, the public’s desire for privacy is far from dead. A recent study conducted by the University of California, Berkeley and the University of Pennsylvania found that 88 percent of people have refused to give out information to businesses because they felt it was too personal or unnecessary.

“Facebook and Google do not bear the cost of experimenting with our personal data – we do,” said John Clippinger, Co-Director of the Law Lab at Harvard University in a recent interview. And as research is beginning to illustrate, the consequences are immediate and oftentimes severe.  Danah Boyd, a social media researcher at Microsoft and fellow at the Berkman Center for Internet and Society at Harvard, recently relayed the story of a young girl and her mother who fled from an abusive father, only to have their location revealed as a consequence of Facebook’s ever-changing privacy policies. They, like most of us, couldn’t keep up with the company’s frequent and confusing privacy policy changes (at least six revisions in the past five years).  Even the experts, such as former Google employee and current White House Deputy Chief Technology Officer Andrew McLaughlin, have been burned by the myth of ‘control’ over personal information.  When Google launched Buzz, a feature that automatically shares the names of your most-emailed contacts, McLaughlin found his White House contact list blasted across the Internet within minutes.

Those who don’t mind sharing personal information with other companies should know that this process can impact their friends simply by association.  Two students at MIT last year demonstrated they could predict with 78 percent accuracy whether a Facebook user was gay based on the percentage of his friends that were gay.

Aggregating and publicizing information can of course be beneficial to society. Google Flu Trends for example, is able to estimate flu activity effectively two weeks before the Center for Disease Control by compiling search queries about the flu.  But the “public by default” policy pursued by both Facebook and Google over the last few years benefits companies, not society.

Without sensible regulatory oversight and an informed public, technology giants like Facebook and Google will continue to whittle away at the institution of privacy while raking in staggering profits. Goldman Sachs and Wall Street lobbied for deregulation, so that they could pursue wild-eyed schemes with less accountability. These companies asked us to trust them.  Let’s not make the same mistake twice.

- Zeba Khan is an independent social media consultant and writer

Can there be security and privacy online after the fact? That was the question posed at a March 17th public roundtable on consumer privacy sponsored by the Federal Trade Commission. The roundtable brought together academics, industry experts and government officials to discuss the challenges of building a secure and authenticated layer for the Internet on top of the original open and trust-based structure.

In her opening remarks, outgoing FTC Commissioner Pamela Jones Harbour cited the recent launch of Google Buzz and Facebook’s rollout of its new privacy settings as well as the 2007 release of Facebook Beacon as examples of irresponsible conduct by technology companies with respect to consumer privacy. In those instances, consumers were automatically signed up for the rollouts or launches and had to opt-out after the fact. “Unlike a lot of tech products, consumer privacy cannot be run in beta. Once data is shared, control is lost forever,” Harbour said.

In its early days, the Internet was used to facilitate communication among a number of researchers at various universities around the country. It was a small, known, and trusted environment. However in the decades since, its nature has changed dramatically. An architectural layer was built on top, encompassing a complex commercial enterprise, social-networking, and search functionality.  In time, a variety of popular services rose up, many of which to this day only employ encryption technology for initial log-in information, leaving all subsequent data sent unencrypted. Experts say this practice exposes consumers to significant risk when they connect to popular cloud-based services using public wireless networks in coffee shops, airports, and other public areas. Without encryption, hackers can easily intercept user data.  As new technologies are continuously being developed and new business models are created, many experts are focused on how such privacy concerns and future privacy challenges can be met.

One of the most significant issues in online security is the lack of an authentication layer within the architecture of the web. The current and cumbersome system of using usernames, passwords, and shared secrets is continuously threatened by the possibility of phishing and identity theft. “Personally identifying information can be constructed from non-identifying information,” said John Clippinger, co-director of the Law Lab at Harvard University’s Berkman Center for Internet & Society. “You have to have a user-centric, interoperable system that allows people to control information about themselves and have a chain of trust that can be traced back to the individual.”

The panel encouraged the use of protocols that have already been developed like SSL encryption as a first step towards tackling current privacy issues. Looking towards the future, several panelists referred to the work being done to develop new types of authentication technology to address the usability of privacy. One such technology is the information card, which allows users to sign into hundreds of websites using the one card with no usernames or passwords. The underlying technology provides a different personal identifier to each website, ensuring that no correlatable identifier is being shared across all those sites. These new kinds of identifiers such as the I-Card will give consumers more control over their digital identities, allowing them to control what and how much of their information is shared with other parties while protecting their privacy.

Another issue of discussion was concern over the lack of a clear directive from any regulatory body to technology companies on consumer privacy protocol. Some panelists felt that technology companies are learning harmful lessons from each other’s attempts to push the envelope and are encouraging copycat behavior. With the emergence of business models based upon aggregating information and making it available, correct business incentives and audit mechanisms will play increasingly important roles. “There’s great wealth and opportunity and things that could happen when you use this information effectively, so you don’t want to sequester it. But at the same time, you want to have governance principles that are enforced quickly, transparently, and effectively that grow with the technology,” Clippinger added. “Otherwise, it will get co-opted.”

The event was the final of three public events sponsored by the FTC to explore the privacy challenges that are posed by technology and business practices that collect and use consumer data.

View the webcast here.