Information security began as more of a concern for businesses and governments. These organizations used computers and networks to manage information well before the rest of the public came online. But as the internet and smartphones began connecting people all over the world, new services appeared that processed more and more data from average consumers. This evolving landscape created new potential disruptions for people’s lives.

信息安全起初是企业和政府关注的问题。 这些组织使用计算机和网络来管理信息，直到其他公众上线。 但是随着互联网和智能手机开始联系世界各地的人们，出现了新的服务，该服务处理了越来越多来自普通消费者的数据。 不断变化的景观为人们的生活带来了新的潜在破坏。

For example, AOL released a dataset of user searches in 2006 for research purposes. While the company removed account information, researchers were able to identify people based on their search terms alone. Similar breaches of confidentiality fell under the rubric of privacy, since they aligned well with our understanding of privacy violations in the non-digital world: someone wrongfully gained access to previously secret information about a person.

例如，AOL在2006年出于研究目的发布了用户搜索数据集。 当公司删除帐户信息时，研究人员仅凭搜索字词即可识别人员。 类似的违反保密规定的行为落入了隐私权的范畴，因为它们与我们对非数字世界中侵犯隐私权的理解很好地吻合：某人错误地获得了有关该人先前的秘密信息的访问权。

But seeing privacy as simply security applied to user data fails to capture the full scope of what changed when everyone began engaging with the digital world. In the past, information moved around in fairly mechanical ways, requiring significant time and resources to spread broadly. Even as we developed technologies for broadcast and distribution, most people only engaged with them as viewers or consumers.

但是，将隐私视为仅应用于用户数据的安全性并不能涵盖所有人开始接触数字世界时所发生变化的全部范围。 过去，信息以相当机械的方式移动，需要大量时间和资源才能广泛传播。 即使我们开发了广播和分发技术，大多数人还是以观众或消费者的身份参与其中。

When we step into today’s online world, all of us can quickly send vast amounts of information to anywhere on Earth. This opens up all sorts of new information flows that no longer follow the rules we had come to expect offline, leaving us to navigate a very different landscape. Suddenly, most people do not understand how things work, and have to adapt.

当我们进入当今的在线世界时，我们所有人都可以将大量信息快速发送到地球上的任何地方。 这就打开了各种各样的新信息流，这些信息流不再遵循我们离线期望的规则，从而使我们可以浏览非常不同的情况。 突然之间，大多数人不了解事情的运作方式，不得不适应。

For direct communications, we have come up with new ways to express context and set norms, such as abbreviations and emojis. But while we had ways of recognizing when someone was staring at us in the offline world, others in the online world can more easily “stare” without detection. When Samuel Warren and Louis Brandeis first penned “The Right to Privacy” in 1890, the invention of portable cameras evoked similar concerns for them about who was learning what and how they might use that knowledge.

对于直接通信，我们提出了表达上下文和设定规范的新方法，例如缩写和表情符号。 但是，尽管我们可以识别离线状态下有人在盯着我们看，但是在线状态下的其他人可以更容易地“盯着看”而不被发现。 塞缪尔·沃伦(Samuel Warren)和路易·布兰代斯(Louis Brandeis)于1890年首次提出“隐私权”时，便携式相机的发明引起了人们类似的担忧，即谁在学习什么以及如何使用这些知识。

Even then, the real issue involved more than simply keeping our private lives hidden. More broadly, it meant people should have a degree of control over information about themselves and their activities when broadcasting such information did not serve the public interest. In other words, the right to privacy was about recognizing people’s interests when knowledge about them is shared, and that they should have a say in such exchanges. This leads to my preferred definition of privacy in today’s online contexts: respecting people’s agency and interests when handling their information.

即使那样，真正的问题所涉及的不仅仅是隐藏我们的私人生活。 从更广泛的意义上讲，这意味着当广播此类信息不符合公共利益时，人们应该对自己及其活动的信息有一定程度的控制。 换句话说，隐私权是关于在分享人们的知识时承认人们的利益，并且人们应该在这种交流中拥有发言权。 这导致了我在当今在线环境中对隐私的首选定义：在处理人们的信息时尊重人们的代理和利益。

For companies handling personal data, this notion of privacy also encompasses much more than simply ensuring PII does not leak. You need to be asking questions about whether you should collect such data to begin with, about how it actually gets used, about what your users expect you to know and do. These questions often become more values-driven and difficult to capture in tidy metrics, but that does not diminish their importance. Since this whole concept involves people and their behaviors, it naturally gets fuzzier and more organic than other more technical aspects.

对于处理个人数据的公司而言，这种隐私保护概念还不仅仅包括确保PII不泄漏。 您需要提出以下问题：是否应该首先收集此类数据，有关数据的实际使用方式，用户希望您了解和做的事情。 这些问题通常变得更加以价值为驱动力，很难以整洁的指标来体现，但这并没有削弱它们的重要性。 由于整个概念涉及人及其行为，因此自然比其他技术方面更模糊，更有机。

It also means expertise in security does not automatically translate to expertise in privacy. Security vulnerabilities can certainly have an impact on privacy, and security techniques such as defense in depth remain useful in a privacy context. But security alone will not help answer the full range of privacy questions that arise when products or features alter information flows. You can violate someone’s privacy expectations in a very secure way.

这也意味着安全方面的专业知识不会自动转换为隐私方面的专业知识。 安全漏洞肯定会对隐私产生影响，而诸如深度防御之类的安全技术在隐私上下文中仍然有用。 但是仅靠安全性并不能解决产品或功能改变信息流时出现的所有隐私问题。 您可以以非常安全的方式违反某人的隐私期望。

If you are interested in learning more about privacy apart from its overlap with security, start with these resources from three excellent researchers:

如果您想了解除隐私与安全性重叠之外的更多信息，请从三名优秀的研究人员那里获得以下资源：

• In 2010, danah boyd (founder of Data & Society, Principal Researcher at Microsoft Research) gave two talks on the public/private binary which remain highly relevant (links to transcripts): “Making Sense of Privacy and Publicity” at SXSW and “Privacy and Publicity in the Context of Big Data” at WWW2010

  2010年， danah boyd ( 数据与社会创始人，微软研究院首席研究员)就公共/私有二进制文件进行了两场演讲， 这些话题仍然高度相关(与成绩单链接)：SXSW上的“ 了解隐私和公共性 ”和“ 隐私” WWW2010 在大数据背景下进行宣传和宣传 ”

• More recently, Helen Nissenbaum (Professor of Information Science at Cornell Tech, creator of the “contextual integrity” framework) gave an interview on why we should not simply rely on consent for privacy (paywalled link, but you can find archives): “Stop Thinking About Consent: It Isn’t Possible and It Isn’t Right”

  最近， 海伦·尼森鲍姆 (康奈尔大学科技的“语境完整性”框架的创建者信息科学系教授)介绍了为什么我们不应该简单地依靠同意隐私(paywalled链接，但你可以找到档案)的采访时说：“ 停止关于同意的思考：这是不可能的，也是不正确的 ”

• Finally, Maritza Johnson (researcher at the International Computer Science Institute) gave a 10-minute talk at the 2018 OURSA conference on baking privacy into the user experience (video link): “Wait, how was I supposed to know?”

  最后， Maritza Johnson ( 国际计算机科学研究所的研究员 )在2018年OURSA会议上做了10分钟的演讲，主题是将隐私融入用户体验(视频链接)：“ 等等，我应该怎么知道？ ”