News has leaked out in dribs and drabs over the last several months about a US-led drive to negotiate an international treaty called the Anti-Counterfeiting Trade Agreement, or ACTA. Conducted under a veil of secrecy, these negotiations have been the source of considerable speculation and not a little alarm among advocates of online freedom.

Part of the reason for the alarm is the utter lack of publicly verifiable information concerning the content of the treaty. When US organisations attempted to gain access to a copy of the draft, their government withheld them, citing national security, of all things.

Intellectual Property expert professor Michael Geist writes, “The United States has drafted the chapter under enormous secrecy, with selected groups granted access under strict non-disclosure agreements and other countries (including Canada) given physical, watermarked copies designed to guard against leaks.”

In spite of their best efforts, however, details of the online enforcement aspects of the treaty leaked out last week, following a negotiating round in Seoul, South Korea.

The details don’t look good.

Geist summarised the broader strokes in a recent blog post, noting that the leak “provides firm confirmation that the treaty is not a counterfeiting trade, but a copyright treaty.”

The net effect of the proposed rules is that copyright would be radically redefined. The ability to make copies of or deconstruct other people’s content, for example, would be severely limited. Activities that breach copyright would be subject to increased scrutiny and penalties for all involved – including, potentially, Internet Service Providers who provide the connection over which such breaches occurred.

This is a real worry for ISPs. iiNet, one of Australia’s largest service providers, was recently sued by media organisations merely for allowing its customers to download unlawfully copied movies. Online rights watchdog Electronic Frontiers Australia remarked, “This lawsuit is the latest attempt by the movie industry to bully Internet Service Providers into becoming copyright police.”

ACTA would make this the norm. If the leaks are accurate, it would effectively make ISPs responsible for the conduct of their customers. While ISPs have traditionally cooperated with courts and police in their investigations, they worry that they’re being made liable for actions over which they have no real control.

Consumers find this troubling too, because such a regime would almost certainly impose a level of surveillance unacceptable to most. In the worst case scenario, it could create a situation similar to the infamous Great Firewall of China, in which everyone’s online activities are under constant scrutiny.

Pacific Island nations have thus far played no part whatsoever in these top-secret negotiations. Whatever regime emerges, however, would almost certainly be imposed on them in years to come. Australia’s copyright laws are already increasingly circumscribed by the bilateral trade agreement they signed with the US. Their participation in ACTA negotiations has been characterised as simply ensuring that they remain ‘in the tent’.

Jordan Carter of InternetNZ, a New Zealand Internet governance group, warns that Pacific Island nations need to be aware of the progress of these negotiations, as “the agreement would set a de facto standard for anticounterfeiting policy.”

Carter went on to stress that we can’t really be certain of the exact nature of this regime, as the details of both ACTA and PACER Plus have yet to be officially disclosed. Other commentators noted that it was more likely than not that ACTA’s requirements would be included in any regional trade dialogue, if only because of the perceived need in Australia to achieve a single regional solution.

If events transpire as anticipated, this could give rise to significant sovereignty concerns. EFA’s Nic Suzor states:

“The threat that we see is that sovereign states abdicate their responsibility to determine acceptable copyright policies for their own countries, and are forced into the harsh measures that are being pushed by the US copyright industry. We believe firstly that these measures mostly do not reach an appropriate balance, and second that developing copyright policy in secret trade negotiations which are essentially forced upon nation states are rarely likely to be an effective and beneficial mode of creating legislation.”

Viewed in this light, ACTA’s secretive negotiation process seems distinctly alarming. In practical terms, though, it’s unlikely that the treaty’s provisions would have significant impact on Pacific Islanders’ day-to-day lives. Like so many treaties before, it might simply be ignored. More to the point, the rest of the world might simply ignore us.

In the lead-up to its first abortive attempt at WTO accession, Vanuatu voted through laws with respect to the Berne Conventions on Copyright, but neglected to gazette them. Neither the vote nor the neglect seem to have ruffled many feathers.

A more likely scenario in which ACTA’s draconian copyright regime might make itself felt here in Vanuatu is if a foreign-owned ISP were to set up shop and simply apply the same set of rules to its Vanuatu customer base as it does to its overseas customers. In such a circumstance, however, market forces would mitigate against undue inconvenience. If people don’t like how they’re treated, they can simply cross the road to the competition.

“Privacy issues aside, I’ve never had any trouble with Flash.”

To which I replied:

I like your logic: Aside from a single tile, the space shuttle Columbia’s last mission went flawlessly.

Seriously, though: you’ve underlined the single greatest problem in computer security today – what we don’t see can hurt us. I’ve written about this at greater length elsewhere, but to put it simply, privacy is the battleground of our decade.

The struggle to come to terms with privacy will manifest itself in the legal, moral and ethical arenas, but it arises now because of technology and the cavalier approach that the vast majority of people take to it.

The ramifications of our ability to transmit, access and synthesise vast amounts of data using technology are consistently underestimated by people because of the simple fact that, as far as they’re concerned, they are sitting in the relative privacy of their own room with nothing but the computer screen as an intermediary.

On the consumer side of things, this creates what Schneier calls a Market for Lemons in which the substance of the product becomes less valuable than its appearance. As long as we have the illusion of security, we don’t worry about the lack of real protection.

On the institutional side, we see countless petty abuses of people’s privacy. There is nothing stopping a low-level employee from watching this data simply out of prurient interest. In fact, this kind of abuse happens almost every time comprehensive surveillance is conducted. In a famous example, low-level staffers in the US National Security Agency would regularly listen in on romantic conversations between soldiers serving in Iraq and their wives at home. The practice became so common that some even created ‘Greatest Hits’ compilations of their favourites and shared them with other staffers.

They would never have done so[*] had the people in question been in the room, but because the experience is intermediated by an impersonal computer screen, which can inflict no retribution on them, their worst instincts get the better of them.

When discussing software in the 21st Century, we cannot ever treat privacy as just one incidental aspect of a greater system. Privacy defines the system. Starting an argument by throwing it aside in the first subordinate clause gives little weight to any argument that follows.

They would never have taken this unsanctioned action had they had any sense that they were being subjected to similar – or any – scrutiny.

This week, the Australian government moved closer to implementing its controversial Internet Content Filter. The ICF represents the Rudd government’s latest attempt to curtail access to illegal or ‘unwanted’ online materials by requiring that all Australian Internet providers implement this filtering system. News sources report that the government has released the technical specification of its pilot implementation.

I’ve written before about the technical, ethical and legal problems surrounding this plan. I maintain that the system is ineffective and inappropriate, foisting a law enforcement role on the nation’s ISPs, and threatening free speech without providing sufficient protection from the very content it seeks to block.

With Internet deregulation on the horizon in Vanuatu, it seems timely to take a look at some of the basic issues underlying the debate.

At the core of the debate over access to Internet content is the issue of privacy. The question of privacy has a few particular wrinkles here in Vanuatu, where family-centric village life still dominates our culture.

There are two fundamental approaches to privacy in the online world. The first takes an individualistic, contractual approach. It states that all information pertaining to you is yours and yours alone, though you may choose to negotiate away some of your personal information in exchange for a given service. In this light, privacy is a desirable, valuable commodity; it’s up to the individual to ensure that they don’t give away too much of it.

I like to call this the American approach, because of its strong emphasis on personal liberty and responsibility.

The second perspective on privacy contends that the cat is already out of the bag. We live in a global community where information about us is available to any who chooses to look. If we accept that point, then the only things left to do are to make sure that nobody gets a monopoly on access to information and that everyone’s information if equally accessible. So if a nosy government wants to know everything about us, that’s fine, as long as we get to know everything the government knows. Proponents of this approach claim that this creates a culture of civility, because anyone who pokes his nose into others’ business will soon find his deepest personal secrets exposed as well. What’s good for the goose is good for the gander.

I call this the Japanese approach, because such a regime relies on mutual respect, restraint and conformity to function properly.

In the American approach, individuals must carefully guard their own personal information. But what happens if they don’t?

Suppose someone joins an online dating service, even though they’re already married. Let’s say they later run for political office. If it comes out that the candidate propositioned women in a discussion forum, well, too bad for him. He disclosed the information; now he has to live with the consequences.

On the other side of the issue, if our candidate contracts an STD, then goes online to order drugs to treat the condition, how should we treat his actions? Does his Internet Provider have a right to know this? How about the government? The American approach says no.

In this context, a content-filtering programme creates huge worries for individuals. In order to filter out the ‘unwanted’ material, a content filter needs to look at every URL you type in. It would be bad enough if the government were looking at this information, but in this case, the people with their eyes on the data would be private Internet Service Providers.

There is nothing stopping a low-level employee from watching this data simply out of prurient interest. In fact, this kind of abuse happens almost every time comprehensive surveillance is conducted. In a famous example, low-level staffers in the US National Security Agency would regularly listen in on romantic conversations between soldiers serving in Iraq and their wives at home. The practice became so common that some even created ‘Greatest Hits’ compilations of their favourites and shared them with other staffers.

The American approach contends that anyone who abuses a person’s privacy is liable to civil or even criminal prosecution. But how to police something like this? The American approach basically states that you are responsible for protecting your own data, but you should have powerful legal tools available if someone betrays your trust.

In order to act though, we have to know someone is spying on us. More often than not, all we have is someone’s promise that they aren’t.

At the other end of the privacy continuum, the Japanese approach to privacy states that personal information is only valuable to the extent that others are willing to respect it. It’s more a cultural approach than a legalistic one.

Let’s take the same example we used above, where a candidate tries to set up an adulterous liaison in an online forum. Everyone can see the information, but before they talk about it, they consider whether this site is considered a public or private space.

In an essay titled ‘Privacy and Paper Walls’, I wrote:

“In the past, most Japanese houses were made of wood and featured sliding doors made mostly of paper. They were useless, of course, for blocking noise or preventing willful intrusion, but they were extremely effective at establishing a distinction between public and private space. A couple in a crowded household might have a furious argument, for example, but if the fusuma, or sliding door, is closed, then as far as anyone in the adjoining room is concerned, the quarrel hasn’t happened.

“It’s hard to imagine how one could possibly ignore something so obvious, but consider the social transaction involved: If you agree to ignore what happens on the other side of the door, I will agree to do the same. Now consider the number of potentially embarrassing noises that could emanate between these spaces, and you’ll begin to appreciate just how useful such an agreement would be.”

Put in terms closer to home for many in Vanuatu: We should consider carefully the beam in our own eye before commenting on the mote in our brother’s eye. Who else uses that dating forum? How comfortable would it be for all of us if public attention were drawn to that site? If society collectively decides that the site should be subject to scrutiny, so be it. But it’s equally possible that people might choose to leave such information alone – no matter how much they might personally disapprove of it – because the public cost would be too high.

A dating site might not be a perfect example of a site people would prefer to consider a private space, but let’s go back to content filtering services:

If people find out that staffers were regularly watching what sites they access, the vast majority would disapprove, because even innocent information can prove dangerous. A woman who’d miscarried several times would not want anyone but her closest confidants to know that she was pregnant again, not because it’s wrong, but because discussing it would be too painful. Likewise, a devout Christian experiencing a crisis of Faith would not necessarily want it widely known. It’s perfectly normal that we should face such moments in our lives, but it’s not something most of us choose to make public.

The Japanese approach, therefore, relies on a social contract in which everyone respects everyone else’s secrets in order that their own remain protected.

It’s pretty easy to see how knotted and difficult privacy becomes in an online world whose very basis is cooperative information sharing. Whether we think that people should take care to protect their individual privacy, or that privacy should be protected through mutual discretion and respect, it’s clear that attempting to regulate online behaviour inevitably creates complicated, difficult and often troubling problems for everyone.

Whether we use online systems or administer them, or both, we all benefit from a minimalist, agnostic approach that avoids prying wherever possible.

Let’s talk about people instead.

‘What a piece of work is a man!’ says Hamlet. ‘How noble in reason! How infinite in faculty! In form and moving how express and admirable! In action how like an angel! In apprehension how like a god!’

This speech has always puzzled me, because many of the human beings I know may qualify as a ‘piece of work’, but lack somewhat in the expressive, admirable, angelic and god-like categories. It only follows, therefore, that if humans are less than angelic in their actions, the things they do with technology might likewise be flawed.

The Australian government announced this week that they wanted to extend the temporary anti-terrorist powers granted to them following September 11, 2001. They proposed allowing employers to intercept their employees’ emails and other Internet communications without their consent. The justification they used was that the nation’s IT infrastructure could be used to attack its financial systems, power grid and even its transport.

Attorney-General Robert McClelland used the example of recent attacks on Estonia’s Internet services, which brought communications to a halt for days. Such a gambit, he warned, ‘would reap far greater economic damage than would be the case of a physical [terrorist] attack.’ He neglected to mention that it’s since been determined that the Estonian attack was the work of a single rogue hacker against a particularly vulnerable and poorly constructed communications system.

Security and privacy are often portrayed as a zero-sum game. Put plainly, this means that 100% security implies 0% privacy. Knowing what we know of human nature, such an assertion has alarming implications.

People are gossips and busybodies by nature. There are few, if any, exceptions to this rule. So it’s not difficult at all to imagine countless scenarios where a nosey boss might use the legally mandated right to snoop on his staff for any number of reasons other than fighting terrorism.

More to the point, it’s difficult to imagine how this attack on privacy could have any effect whatsoever in diminishing terror. Who but the most inept of terrorists would ever use the company email account to talk with his partners in crime?

Privacy and respect in the workplace are always in contention with the employer’s right to ensure that operations are smoothly conducted, that customer service is maintained at a high level, and that the company is not seen to be anything less than the paragon of corporate citizenship. On accepting employment within a given organisation, people willingly surrender some modicum of their individuality in pursuit of the company’s goals. But it’s a poor manager indeed who doesn’t recognise that staff will thrive through empowerment and responsibility. Constant scrutiny and mistrust have exactly the opposite effect.

Technology feeds the constant temptation to peer into other people’s lives. And people’s lack of understanding of the implications of a world-wide network often lead them to expose themselves far more than they would by other means.

A question: If you knew for a fact that the person taking a photo of you at a party, tipsy and laughing in a silly hat, would post it to Facebook, would you let them go ahead? What if you knew that prospective employers, contractors, media types – even police – would be able to see that photo for years to come? Would you still let that photo be taken?

Or what about that angry, poorly considered statement that you spurted out in a momentary fit of pique? What if you knew for a fact that it would be seen by someone you wanted to date? Would you be prepared to be judged by it for the rest of your life?

Very few people truly understand the vastly public nature of the Internet. The majority of people have trouble understanding how exposed they are to the scrutiny of others because they compose their missives in the relative privacy of their home or office. As far as they can tell, it’s something between them and their computer screen.

Others vastly underrate the impact of their snooping. Once again, because there’s no one there but them and the screen, they have trouble visualising how deeply uncomfortable it would be for both if the object of their curiousity were present in the room at the time.

Among those whose job it is to think about these things, there are two dominant responses. One side advocates an approach that can be summarised as Full Disclosure. They say, let’s accept that the information genie is out of the bottle and learn to live our entire lives in the open. Let’s not grant anyone the right or the ability to monopolise information. Let’s do that by making it visible to everyone.

Succinctly, Full Disclosure advocates assume that what’s good for the goose is what’s good for the gander. If I know something embarrassing about you and want to capitalise on it, I need to consider that you could just as easily find something embarrassing about me. As long as we all live our lives with the proper level of transparency and respect however, we can achieve an entente that will be acceptable to everyone.

At the other end of the privacy argument are those who advocate strict controls on access to information for anyone entrusted with it. The basic assumption here is that respecting individual privacy is a sacred trust that must not be abused. Advocates of this approach want strict limits placed on all entities with access to potentially compromising information.

There are compelling aspects to both these perspectives there is not enough space here to amplify on either. All this humble writer can do is implore you to consider how best to balance these considerations at the workplace, in policy and in your day-to-day life.

In Vanuatu the cornerstone of Kastom is respect. The vast majority here live as they have for over 3000 years. The Internet is in many ways a more fully realised rendition of Marshall McLuhan’s metaphor of the global village. McLuhan intended the image to be derogatory, ridiculing modern humanity’s embrace of television and mass culture. He imagined a world returned to a primitive state, staring dumbly at the flickering light of the TV screen, as he imagined villagers once gazed into the communal fire.

He was wrong, of course, to assume that village life was one iota less complex than in the 21st century. He was wrong to assume that village life lacked subtlety, nuance, even byzantine political and social machinations.

He was right, though, about one crucial thing. We all live in the same place now. Just as we weigh our words around the camp fire, just as we weigh the respect we show others in the nakamal against what we expect in return, we need to think carefully about what we say and do on the Internet.

But it also looks like swearing, doesn’t it? In fact, the use of characters like this to denote swearing is a simple (dare we say crude?) kind of encryption. A child too innocent to know such words derives no meaning from the random collection of characters. Someone well versed in the ways of the world, though, can add up the number of characters and quickly deduce what was intended.

On and off over the last two months, we’ve been looking at various aspects of online security. This week, we’re going to consider what steps we can take to make the information we send over the Internet secure from prying eyes.

We’ll also consider why it is that no one uses these measures, and why most of us won’t any time soon.

When you talk with someone over the Internet, it’s useful to imagine that you’re sitting down with them in a busy café. It’s not exactly a wide-open place, but it’s not very private either. As long as you keep your voice down – and as long as the waiter doesn’t eavesdrop – you have a reasonable expectation of privacy. Nonetheless, there are some things you simply would not say.

The Internet, unfortunately, has very few truly private places. It takes a great deal of effort to establish security strong enough to be guaranteed that nobody knows who you’re talking to, or what was said. It’s often easier to learn a few little tricks to make sure that no one understands what you’re saying, even if they can hear you.

One technique that works really well for some people is to speak in a language that nobody else understands. The US Army used this trick during the Second World War. They enlisted a number of Navajo Indians to work as radio operators. The Navajo language was not documented anywhere, and the US was confident that no one aside from the Navajo people themselves spoke the language, so they took advantage of this, and used them extensively to provide secure communications in places where going through a lengthy encryption/decryption process would cost lives.

That’s more or less what encryption is. It’s a newly-minted code (language, if you like) that only you and the computer at the other end of the link can understand.

The most common kind of encryption on the Web today is something called Secure Sockets Layer, or SSL. It uses a fairly simple process to establish a kind of a tunnel between you and the server you’re connecting to. The mechanics of the transaction are actually somewhat complex, but in layman’s terms, the process works something like this:

Joe wants to log into GMail. He goes to gmail.com and clicks on the login link. The server sends some information back to the browser that says, “I really am the server that he meant to click on. Here’s my ID. I want to talk to Joe privately.” The browser examines the ID and, provided it’s legit, cooperates with the server to invent a language that only the two of them understand. Joe can now talk with the GMail server without fear of anyone else understanding what’s being said.

Setting up something like this is fairly easy when each party in the transaction is known to the other. Public servers can obtain virtual ID cards, called certificates, which allow us to verify that someone else isn’t just pretending to be them. A good web browser will warn you before it establishes a secure connection with a server that isn’t trusted in this way.

The process isn’t foolproof, but it’s much better than nothing.

There are two big problems with encryption, though. First, it’s too easy. Second, it’s too hard.

When used in a web browser, the process of establishing trust between two machines usually happens without any intervention from the user. The idea is that it should ‘just work’. Developers went to very great lengths to find ways to make that happen. Unfortunately, that means that most people are never aware whether they’re sending their information securely or not, or whether the information is actually going where they think it’s going.

In effect, browser makers are victims of their own success. They were so good at hiding the complex process of establishing trust that they made it too easy for users to ignore security completely. In fairness, they have all worked hard recently to try to provide visual clues about the nature of the sites people visit, but many users remain oblivious to the warning signs when things are not as they should be.

So the most common kind of encryption is one that we use everyday, but we never actually see. That’s possible because it’s based on knowing a given computer’s identity. Google is not likely to change from one day to the next; therefore it’s possible to infer that if it was trustworthy yesterday, it will be trustworthy tomorrow. It’s also well-known enough that we don’t have to rely so much on our own judgement as on the experience of others.

But what about those numerous occasions when someone whom you don’t know very well asks you to send them confidential information? Let’s say you want to send the results of a recent pregnancy test from the hospital in Australia to a doctor here in Port Vila. This is absolutely not the kind of information you would want to send out in the open. You wouldn’t paste such information onto the back of a postcard and send them that way, would you?

When you send information by unsecured email, that’s exactly what you’re doing. You’re relying on people not to let their curiousity get the better of them.

So why don’t we all use encryption then? The answer is very simple and very complex all at once.

The simplest way to explain it is that the process of setting up trust between two computers is a little complex. It’s not beyond the ability of an intermediate-level computer user, but it might take them a little while to get used to the process.

It’s just hard enough, however, to keep the majority of people from using it easily. And encryption is one of those things that’s kind of useless unless everyone can agree to use it, and to use it in the same way as everyone else.

The biggest problem is that we can’t see, touch or hear encryption, so software applications using encryption have to get in the way a little bit. They have to intrude on what would normally be a simpler process, asking questions, wanting confirmation for this or that. For many people, it’s disconcerting, even alarming to have their computer suddenly start talking about security using jargon they don’t understand.

We find ourselves caught in a bit of a dilemma. Most of the time, we’re happy with the notion of the Internet as a wide public plaza. We stroll around, taking in the latest sights, catching up on news, what have you. But occasionally we run into someone we really want to talk to, and lo, there’s no quiet place the two of you can go. The contortions required to establish your own special language for two require time, effort and knowledge, and most often there’s not enough of any of those.

Encryption is really the only useful way to protect what you send over the Internet from prying eyes. Given the number of prying eyes on the Internet today, it’s a shame that personal encryption techniques are so hopelessly behind the needs of the average computer user.

We’ll all use personal encryption some day, but that day is yet to come.

A ‘translator’ service,  for example. The user ‘invents’ an imaginary language, then decides who among her friends is allowed to speak it with her. She then instructs her ‘translator’ (e.g. her own personal Navajo) to convey messages between herself and her friend’s translator.

(Only the personal Navajos actually need to speak this ‘language’ of course. As far as the two correspondents are concerned, the only change is that they’re sending the message via the ‘translator’ rather than directly, but even that is a wafer-thin bit of functionality once the channel is established and the communications process automated.)

Quick encryption, well understood, and easy to implement. Most importantly, you don’t have to explain encryption, public and private keys,  or any other security gobbledygook to someone who really doesn’t want – and shouldn’t need – to hear it.

Update: Of course, the greatest weakness to this idea is if Microsoft were to create an implementation of this and name it Bob.

Before we go into detail, though, it’s important to establish a bit of context. We’ve already described how people often make the wrong assumptions about the level of privacy they enjoy when using computers and the Internet. But let’s look at this issue in more practical terms.

Everyone in Vanuatu knows what ‘Coconut Wireless’ means. It refers to the lively rumours that spread via word of mouth concerning anything – or anyone – of interest to people as they idle away their spare time. In small doses, it’s generally unreliable, but when information is amalgamated from numerous sources, an assiduous listener can gather a good deal of interesting (sometimes deliciously scurrilous) and surprisingly accurate information.

The ability to benefit from such information requires a degree of skill. It’s important to understand one’s sources and to rank them according to their authority on a particular topic. You also need to know how to play the game. One never takes information without giving as well. Our most trustworthy friends receive the best, most detailed information, while those whom we don’t know – or don’t trust – often receive only vague allusions to the facts.

Sometimes, it’s convenient to spread information widely; sometimes it’s more politic to keep our own counsel and to repeat nothing at all. The system is therefore incomplete, erratic and occasionally wildly off-base. But every newcomer to Vanuatu soon comes to the realisation that it’s an important and remarkably efficient way to pass the news.

To this day, word of mouth remains the most common medium for transmitting the news. People listen to the radio for cyclone warnings and other critical items, but the vast majority of detailed information is transmitted face to face.

Recently, this writer’s employer decided to start offering Internet services through WiFi. The decision to name the service Coconut Wireless represented more than just a cute play on words. It accurately reflects the nature of the technology, its resemblance to age-old patterns of communication, and most importantly, the fact that this medium is a public one.

Computer users often go to great lengths to ensure that nobody can peek over their shoulder and watch what they’re doing. But they seldom think much about what happens when what they’ve typed is no longer on the screen. It’s a reasonable reaction, of course. Out of sight, out of mind.

If only it were that simple. Consider this story: Somebody sees a friend of theirs walking along the other side of the street. They smile and wave, as people here always do, and shout, “So blong yu olsem wanem?” (i.e. “How’s that nasty infection?”) It’s just a joke, of course, and the two of them laugh and continue on their way.

But everyone else has heard this exchange. Those who know the two don’t think anything of it, but what about those who don’t? Suppose someone has heard this exchange, then sees the recipient of the joke talking to a nice girl outside the church after service the next Sunday? Suppose they feel the need to inform this nice girl about her interlocutor’s dark secret?

The Internet is a public place. Any conversation we have there should be considered the same as a conversation in Port Vila market on a Saturday morning. The only difference is that the market only has a few hundred people present, whereas the Internet has millions and millions. There is always someone within earshot. Unless you take steps to hide what you’re doing, everything you do is out in the open, accessible to prying eyes.

Whenever you send information using the Internet, try to imagine that you’re having a conversation in a public place. That email you sent to your lover, detailing the ways in which you would unleash your unbridled passion when you were next reunited? Public. That forum you posted anonymously in, lambasting your employer? Public, and possibly traceable.

Wireless Internet services are even more ‘public’. Anyone with a mind to do so can watch every single byte being transmitted over such a network. You see, the only way to make such networks useable to the average non-geek is to open them up entirely. The moment you start to put protections on them – passwords and the like – they become cumbersome and awkward for someone who just needs to check their mail quickly, confirm a flight departure time, or chat for a few minutes in Skype.

It’s possible to talk quietly in a public place. It’s possible to have a private conversation using the Internet, too. Some effort and care is required, but it’s not so hard to do. All the rules that we apply to our conversations can be applied to computers as well. We can alter how loudly we speak, we can choose where to say certain things, we can choose who we talk to, and more importantly, who we talk near.

Here’s a simple exercise to help you better understand computer privacy: Whenever you write something, imagine you’re dictating it to a friend standing on the other side of the street. If you feel the need to cross the road and say something quietly, you should take measures to ensure that your message is transmitted safely, and only to the right recipients. If you don’t want to say it at all, and would rather whisper it in the privacy of your own home, then use encryption to hide the document from anyone but your most trusted friends and colleagues. We’ll talk more about how to do this in the weeks to come.

Every community has its prying busy-bodies, its gossip-mongers and tattle-tales. There is also the occasional fraudster or con-man who abuses people’s goodwill to his own ends. Most commonly, there are well-meaning but naive people who try their best to be useful to others but who don’t think enough about the consequences of their actions.

All of these exist on the Internet, too, of course. The only difference being that the numbers we meet in real life are dwarfed by the number we’ll encounter online. Spammers take advantage of our propensity to forward emails and sign up for ‘fun’ websites and services. They abuse our desire to build online social networks, and they steal from us when they can.

The governments of the US, China and many other nations are world-class busy-bodies. They record literally every bit of Internet traffic that crosses their borders. They store it, cross-reference it and use it to spot threatening patterns and trends. None of us in tiny, innocent Vanuatu are likely to be under suspicion, but nonetheless, consider that it might be unwise to shout “So blong yu?” too loudly.

In the majority, though, are the websites and services that mean well, but sometimes make mistakes. They gather all kinds of information about us in order that we can more easily find stuff that’s interesting and useful. They help us manage our time, our relationships, even our idle chatter and gossip. There’s nothing intrinsically wrong with all of this, but it’s useful to treat sites like this as a well-meaning but slightly stupid friend who doesn’t always know when to shut up. By all means keep talking, but consider that what you say might get misconstrued, or just blurted out without forethought.

The Coconut Wireless is a useful – even essential – tool here in Vanuatu. The Internet is essential to communications now, too. But don’t let the gadgets fool you: We’re still standing on the sidewalk, chatting to our friends, catching up on gossip and making plans to meet.

Happily, the answer is no. If planes worked the way computers do, nobody would ever fly again.

This news comes as no surprise to most people. Most, if not all, of us have had a computer crash, a virus infection, some greater or lesser affliction that makes us wonder if computers are a blessing or a curse.

Most everyone who’s used a computer has had some kind of drama with it at some point. Why then do we continue to use them as we do? Questions like this sometimes drive IT professionals to despair (or at least to an extra shell or two of kava on a Friday). Viewed from the perspective of someone aware of the intricate series of events that follows every mouse click, it really is astounding that people continue blithely treating their PCs like their bank, their best friend, their lover, their confessor and their job.

The problem is that people watch for danger in the wrong places. It’s quite common to see people take steps to hide their screen from prying eyes. On more than one occasion people have shown real reluctance to change their password with yours truly standing over their shoulder. My standard response to that reflex is to say, ‘Don’t worry, I don’t need to know your password to see your data.’

The danger of people prying into your data is real. But it’s not your office mates you need to worry about. It’s the people you share your computer with.

No, those last two statements are not contradictory. To make sense of that statement, though, we need to understand something about how the Internet works. Computers store bits and bobs of data, and in order that this information can be shared, they do so in a predictable way. Information has more value when it’s shared, so it makes sense for computers to make that process easier.

Just about every Internet-based service is predicated on sharing information as simply and easily as possible. In fact, the whole premise of the Internet is that data is passed cooperatively over our networks. This should make intuitive sense to anyone raised in the village here in Vanuatu. For the most part, everyone knows where everyone else is at any given moment, and what they’re doing. Knowledge-sharing is so ingrained in Vanuatu society that ‘Yu go wea?’ is the standard greeting.

There are some kinds of information, of course, that we don’t want to share, whether we’re in the village or in a corporate office. Bislama has a wonderfully evolved level of euphemism that – in this writer’s opinion, anyway – is designed to address exactly this issue. It’s possible to go through the motions of quenching others’ curiousity without actually giving anything away. Likewise, many of the things that one hears or sees in the village are simply not acknowledged in public. For better or for worse, what happens inside a household is often not fit for open discussion.

In the past, most Japanese houses were made of wood and featured sliding doors made mostly of paper. They were useless, of course, for blocking noise or preventing willful intrusion, but they were extremely effective at establishing a distinction between public and private space. A couple in a crowded household might have a furious argument, for example, but if the fusuma, or sliding door, is closed, then as far as anyone in the adjoining room is concerned, the quarrel hasn’t happened.

It’s hard to imagine how one could possibly ignore something so obvious, but consider the social transaction involved: If you agree to ignore what happens on the other side of the door, I will agree to do the same. Now consider the number of potentially embarrassing noises that could emanate between these spaces, and you’ll begin to appreciate just how useful such an agreement would be.

The Internet has such paper doors. But the problem is that we haven’t learned to use them properly. Some businesses build profiles of people’s online habits, rationalising publicly that they’ll be respectful of the fact that they can see virtually everything one does online.

Often enough, we learn the dangers of Too Much Information the hard way. One couple received an education in the perils of data sharing when they announced their engagement on Facebook, one of the world’s most popular social networks. They quickly realised that far more people had access to that information than they intended when the bride-to-be was inundated with marriage-related advertising.

Their situation went from bad to worse when they tried to undo the damage. No sooner had they reset their personal status to ‘single’ then all of their Facebook friends received an update telling them that the pair were no longer engaged!

This may seem amusing, but consider another example: Facebook recently announced that they would start providing a service that allowed people to share their shopping and web browsing preferences with all their friends. The plan backfired terribly when Facebook decided to pass on information about its users’ activities when they were outside of the bounds of the social network, too. Imagine using Amazon to buy a book about living with HIV/AIDS for a friend, only to discover that all of your Facebook friends have been told about it. Facebook has since backed off this scheme in the face of countless outraged users.

But businesses aren’t the only ones nosing around in your data. Some governments have assumed that it’s okay to watch every single thing that happens on the Internet just because they can. There is a dearth of legislation anywhere in the world to cover this, and human rights organisations are only now beginning to come to terms with the importance of online privacy.

There are no easy ways to cope with this issue. The fact remains that much of the Internet’s value is predicated on our willingness to share information. Computer security is usually about keeping that same information from prying eyes. So to an extent at least, if we want the Internet to remain useful, we have to make trade-offs where privacy and security are concerned.

The amount of personal information about you will only increase in the future. Your credit rating, your shopping habits, your social circle, your private conversations and personal beliefs, even your sexual preferences – all that information is likely already there for anyone willing to look.

There is no way to put this particular genie back into the bottle. We’ve opened ourselves up and accepted the virtues and benefits of publicly shared information. What we need to do now is develop a moral and ethical map that we can use to establish the limits of acceptable behaviour where this information is concerned.

In order for that to happen, we need to accept a few premises. First, information sharing cannot be a one-way street. Nobody – not the government, not anyone – can reserve the exclusive right to look. Likewise, we need to know what’s visible, and to whom, and most importantly, we need to know who’s looking.

We need to remember what it’s like to live in the village, and think about who might be listening to us. The entire population of the Internet could stand to learn a little Bislama, to stop talking quite so loudly and blithely as they do now. Sometimes it’s downright embarrassing for others.

We also need to decide for ourselves what’s alright to ‘know’ and what’s not. We need to build our own Japanese walls and accept what they represent. We need to respect others’ information as we would their personal space, and we need ours to be respected too.