You might have heard of the "need to know principle" used in movies and such (usually in a comedic way). Despite the mockery people assign to the phrase, it is not only quite valid, but a very good rule of thumb.

In the classic form, any decision to provide information to someone must pass the "need to know" test. If the person requesting information has no legitimate need for the information, you don't provide it.

People who, like me, who think Internet communication and collaboration is a great thing and that open and transparent government are vital to the health and continuation of our country usually think that need to know is the exact opposite of those ideals, when it fact, it is not.

The truth is that open government doesn't mean that people know EVERYTHING. They can't and shouldn't know everything that our police and courts know because if they did, enemies of our country could use them against us.

Similarly, people have been learning for a few years now the consequences of what happens when they post too much online or aren't careful with who they add to their friend's list on social networking sites. Getting embarrassed, fired, robbed, etc.

The Geek Privacy Principle

Need-to-know doesn't go far enough

Remember that privacy is the right to decide who knows what about you and when. It's your information and as long as you haven't performed criminal acts, you maintain that right. Therefore, even if someone has a need or right to know in some sense, you should first decide if there's any specific benefit to providing the information. Benefits usually fall into one of these categories:

Now to bring it together:

If there's no purpose or benefit to providing information, the only possible consequence is negative Given these odds, wouldn't you agree that it's much smarter to keep things to yourself?

How to apply the principle

In social situations

In social settings, there may be many situations where someone asks you something you don't want to provide. A business interview, a neighbor, an old schoolmate you see one day in the grocery store; all of these might tread a little to far into your personal life.

If you learn to adopt the Geek Privacy Principle, you won't tell them any more than they need to know and certainly nothing that you're uncomfortable providing. To respond to a question that goes too far, try this:

1. Ask, "Why do you want to know?", "What do you mean?", or "Why do you ask?". Doing so buys you a little time to think about whether you really want to answer or not, but it also gives them the chance to clarify. They may drop the subject right then realizing they went to far or they may not have meant what you thought at all.
2. Once you have clearly determined that you do not want to answer, a simple way of handling it is to say "I prefer not to say", "That's a bit personal", or in a business situation "I don't believe that question is relevant to my work performance". It takes some guts to do this, but it's well worth learning.

For obtaining goods and services

1. You receive a request for information. Ex. "What's your phone number?".
2. Determine their need for the information by asking them why they want it. In this case, let's assume that the haircut place will remember the details of your cut so they can repeat it easily the next time.
3. Decide if you benefit from the information request. For example, do you care if they remember what "numbers" they used for your haircut?
4. Question the validity of the request. Ex. Must they have your phone number for that? Won't any number do? If so, now would be a good time to apply your privacy alias (explained later in this guide)
5. In cases where it's not legal (when dealing with courts), not ethical, or not practical (to obtain healthcare with your insurance) to provide your alias information, your only option left is to decide to provide the information or walk away (but be willing to walk away when necessary).

In Summary

Always remember that the more information someone has about you the more creative and successful they can be if they ever decide to destroy you. The neighbor who hates your guts, the spurned ex girlfriend or boyfriend, the guy who you accidentally cut off on the highway.

And sometimes, you can't tell the difference between a regular person and a psycho killer which is why you should never, ever say "I've got nothing to hide…" (go to next section). Tags: Nothing to Hide, The Basics

Being innocent isn't enough

(Image used under: Creative Commons 2.0 [SRC])

It's a proven fact that there are more strangers than people you know. While there may be some percentage of complete strangers who will treat your private life with the same care and diligence as a close friend or family member would, odds are that most won't. Though most people aren't dangerous, some are and they don't come with forehead labels so you can tell the difference.

Why should I care? I've done nothing wrong

According to who? Some would say that because you have a house and a TV and maybe a nice phone, your privilege grants them the right to target you for burglary. When I was a government worker, that fact alone justified harm in some people's minds (stick it to "the man"!) while elsewhere in the world, simply being a US citizen means you're guilty and deserving of death. What if you simply look similar to a known terrorist? Did you leave a big enough tip at the restaurant?

("from): mom's ex boyfriend. He was a waiter at a very elite restaurant and had normally expected very nice tips. Some guy left him a $5 tip for an over $100 bill and he got pissed and posted the customer's information on Facebook.

The world is made up mostly of people who don't know or care about you, but might depending on what information they find about you. Whether you post it yourself or its exposed accidentally, all it takes is one errant tweet or photo taken out of context to get you fired, harassed, or sent death threats.

Once someone decides to target you, the ways they can harm you is limited only by what information they have about you and their imagination.

Outrage doesn't stop to consider or wait for an explanation. Evil doesn't feel remorse or mercy. Once someone decides they don't like you, the ways they can harm you is limited only by what information they have about you and their imagination.

Did you know that thieves are watching social posts to find out which houses are unguarded while the family is on vacation (and if your insurance finds out, they may not pay)? What if someone doesn't like how you treated them and can find out where you work? It's not especially difficult to contact someone's boss and make a case for why you shouldn't have a job anymore… and depending on what I know about you and share with the boss, it might not be that hard of a pitch.

It's worse than you think

Why you should never talk to the police
(See online!)

Snooping and judging is the new norm. Do you imagine I won't dig up everything I can find on someone who wants to date my daughters? Do you still think you can get a job and not have your own social posts brought up in the interview?

Our courtrooms live and breath on the evidence that comes from your online activity. Lawyers, co-workers, or ex-lovers may all be motivated to paint you as someone you're not. Could they use your emails and comments to make you look biased, predisposed, violent, or whatever else they need to win? Sometimes police and politicians are under so much pressure to make someone pay that they're not very careful about who actually goes to jail. It's in your best interests not to hand them the knife they stab you with

Small bits of data can add up to a clear picture... and it might not be one you want people to see

And then there's the everyday data gathering businesses and online sites do every day to profile you and exploit your weaknesses for money. Even when it's as simple as giving private information to the dentist or rental car company, information they hold has a habit of leaking away to even more people you don't know. When you give information to organizations like these, you have no idea how many people or what kind of people will end up in possession of it leading to ID Theft or worse.

Summary

Privacy is simple risk management: there are far more people in the world that you don't know and trust compared to people you do. Giving information to people who's motivations and capabilities are unclear is not smart and not safe. Stop saying "I have nothing to hide" and start saying "why do you want to know?"

Until and unless you can determine a specific and valid reason to give up private information, you shouldn't give it. Learn more about protecting your data and identity in my Goodbye Identity Theft course.