How we're losing our privacy online
| Boston
Gail Heyman didn鈥檛 go on Facebook often. In March Mrs. Heyman, who lives in the Atlanta area, opened an account just to keep up with a few friends. She found herself rarely checking the social-networking site, letting days or even weeks slip by between visits.
But in late June, she received a phone call from a cousin. He had responded to what he thought was her emergency plea for money on Facebook and wired her $2,000 鈥 in London. As he thought about it more, he decided to call her just to double-check.
Heyman, who was still in Georgia, was astounded. Someone had figured out her password, taken over her account, and posted the fraudulent request. 鈥淭hey told my [Facebook] friends that I had been mugged, and that I was in a hotel and that I needed money,鈥 she says.
Her cousin was able to quickly contact Western Union and cancel the transfer before the money was picked up by the imposter in London. Heyman, still a little shaken, hasn鈥檛 reopened her Facebook account but hopes to get back online in the future. 鈥淚t鈥檚 made me think differently about doing things online,鈥 she says.
The infiltration of Heyman鈥檚 account is the most egregious form of an invasion of personal privacy that is becoming one of the most pressing issues of the Digital Age. As we live more of our lives online, entrusting our most private information to social networks and other Web-based entities, the Internet is becoming our primary means of communication, as well as our filing cabinet; our shoebox to store photos, videos, and letters; and our safe-deposit box of valuable documents.
But the question looms: How safe or discreet is this material?
Not very, according to a growing number of experts. As we slip further into the Internet era, they argue that we are every day surrendering more of the private us to the public domain. Much of it is innocuous. We send a friend an edgy joke by e-mail, which gets passed around until, at some point, our sense of humor ends up getting deconstructed by half the population of Moldova.
Much of it is just annoying. We go online to buy something and a 鈥淲eb bug,鈥 a software program that monitors our purchases, develops a profile of our buying habits that is sold to businesses. Suddenly, our inbox is flooded with daily pitches for self-coiling garden hoses and mail-order beef from New Zealand.
Some of it is harmful, such as the theft of Heyman鈥檚 identity or the photograph we posted on a personal website, thinking it was funny, but, 10 years later, comes back to haunt us in a job interview.
All this may be the price we pay for progress. The Internet, after all, is an incredible force for good, bringing unlimited information and potential for communication at the tap of a keyboard. Isn鈥檛 a little loss of privacy worth being able to do so much online? As Scott McNealy, a cofounder of Sun Microsystems, put it famously 10 years ago: 鈥淵ou have zero privacy anyway. Get over it.鈥
Yet many people don鈥檛 want their lives to be so transparent just because they use the Web to shop, socialize, and pay a few bills. To them, the erosion of privacy in the Internet Age poses a threat to our emotional and financial well-being, as well as our basic dignity as human beings.
鈥淥ver and over again, our eagerness to exchange privacy for connection is abused 鈥 by law enforcement, by teachers and admissions officers and coaches, by employers, and by faceless corporations,鈥 writes Hal Niedzviecki in 鈥淭he Peep Diaries: How We鈥檙e Learning to Love Watching Ourselves and Our Neighbors.鈥
PRIVACY, OF COURSE, IS something that humans have been losing since the first cave dwellers drew depictions of each other on stone walls. Modern technologies have further narrowed the parameters of discreetness: Remember those rotary phones with the party lines and the nosy neighbor who would listen in?
Then there is the camera, the telephoto lens, and the cellphone with a camera. Everyone seems to be watching: In the name of catching criminals, governments now monitor our movements with surveillance cameras mounted on street corners. Employers can read our e-mail. When we go through an electronic toll with our E-Zpass, a record of our movements exists that might one day be used in a divorce case.
The Internet, in fact, has the potential to expose more of our private information to the public than any technology in history. Part of this is just the nature of the medium. While much knowledge about you has always been publicly available, it was much harder to find in the dusty back room of a library or government archive, or in letters stuffed away in a desk drawer. Today much of this information can be found anywhere in the world at the click of a mouse.
Despite all the talk today about teens who put embarrassing pictures or other highly personal information online, most people aren鈥檛 abandoning their desires for privacy. Mostly, they鈥檙e making what they think are conscious trade-offs 鈥 exchanging information about themselves in discreet amounts and for specific reasons, such as to join a website or conduct a business transaction.
But, more troubling, they鈥檙e giving away information about themselves without realizing just how much is being collected and shared. People disclose far more than they know 鈥 information that can be gathered here and there like so many bread crumbs that together provide a feast of data.
Take Joel Reidenberg and his class at Fordham Law School in New York. Each year, Professor Reidenberg gives his students an assignment to show how public our lives are in the Digital Age. He has them find out everything they can about a person. The only stipulation: The information has to be available free of charge, online.
This year鈥檚 subject was Supreme Court Justice Antonin Scalia, who has said that the Constitution provides little right to privacy, including online.
What might the students have checked? Databases for municipal and county governments, which increasingly put their record keeping online; tax and voter registration information; mortgage details, including how much someone owes a lender. In some counties, the actual layout of each person鈥檚 house is available online. Google offers street views and satellite imagery of homes. Alumni newsletters from a college contain a host of personal information.
News stories in local newspapers are another rich source, as are published birth and death notices. Wedding announcements are a great way to learn maiden names, which lead to a lode of new information.
In short order, the class worked up an impressive 15-page dossier on the justice (which Reidenberg says will not be made public), including his home address, home phone number, his wife鈥檚 e-mail address, the movies he liked 鈥 even his favorite foods.
鈥淚nformation that may be disclosed publicly for valid, great reasons in discreet bits and pieces has a whole different meaning when you begin to compile and assemble it for a purpose that is very different from the one for which it was first disclosed,鈥 Reidenberg says.
And these were just curious students. Imagine if it were someone snooping around the Internet who does this for a living.
鈥淭hings that 10 years ago as a private investigator I had to conduct a very, very in-depth investigation to get, people now consensually put online,鈥 says Steven Rambam, director of Pallorium, Inc., a New York-based investigative firm. 鈥淎nd I mean everything鈥 鈥 name, address, age, religion, sexual orientation, politics, drug use, what you read, what you eat, what music you listen to.
As Mr. Rambam notes, many people willingly give out personal information. It鈥檚 just that the number of people who see it sometimes ends up being far bigger than they expected or imagined.
Consider the current 鈥I Ching鈥 of social contact online 鈥 Facebook. Only five years old and originally conceived as a product for college students, Facebook now has more than 250 million members worldwide and is still growing fast.
鈥淧eople want to reveal, they want to be known, they want to be seen,鈥 Mr. Niedzviecki says. At the same time, he adds, 鈥淭he pendulum has swung too far toward loneliness and isolation, and we鈥檙e using, ironically in many ways, these suddenly emerging social media to try to recapture the feeling that we once had鈥 when people lived in small towns.
Most people, to be sure, are careful about what they post on Facebook. Many are like Ayesha Aleem, a graduate student in journalism at Boston University. She lists a fair amount of personal information on her page 鈥 favorite movies and music, education and work background, e-mail and blog addresses 鈥 but she won鈥檛 put anything that someone can鈥檛 find out by simply Googling her name.
She doesn鈥檛 list her age. She doesn鈥檛 post religious or political views. No home address. No phone number. 鈥淢y policy is if it鈥檚 up on the Internet, it鈥檚 public information,鈥 she says. 鈥淵ou can鈥檛 blame people for accessing your information. If you don鈥檛 want that happening, don鈥檛 put it up in the first place.鈥
Masooma Hussain, who works with a legal advocacy group in Washington, D.C., draws a tighter line. With the increasing visibility of everyone鈥檚 profile online, she has decided to share less and less information. Nothing about her job. No phone numbers. She鈥檚 thinking of taking down the few photos she has up because it鈥檚 so easy for people to download pictures of her from another person鈥檚 profile.
鈥淚 don鈥檛 want people to have immediate access to me,鈥 she says. 鈥淚t鈥檚 a bit creepy knowing that some complete stranger may know who your family and friends are before you鈥檝e even met the person.鈥
Sir John Sawers, the incoming head of Britain鈥檚 secretive spy agency, MI6, can certainly sympathize with that sentiment. In July, a British newspaper reported that Sir John鈥檚 wife put details about the family onto her Facebook page. Lady Sawers, who failed to use even basic privacy settings, disclosed the location of the couple鈥檚 apartment in London and the whereabouts of their children and his parents, making that information available to as many as a quarter-billion people. One photo showed Sir John, currently Britain鈥檚 ambassador to the United Nations, clad unflatteringly in Speedo swim trunks.
Other private revelations on Facebook are less inadvertent and far more costly. Last fall, photos of an 18-year-old cheerleader for the New England Patriots football team appeared on Facebook that showed her posing next to a passed-out man covered in offensive graffiti, according to several news accounts. The photos apparently were taken during a Halloween party at a local college. The Patriots fired her.
Everyone has heard accounts of the college athlete who was drinking and captured on a cellphone camera, only to be kicked off the team; of the person whose private medical records inexplicably became public; of the stolen identity, like Heyman鈥檚. These tend to be the relatively rare breaches.
Yet experts worry about ones that are far more common, even if less insidious. Consider 鈥渂ehavioral advertising.鈥 It occurs when information about the online activities of people is gathered surreptitiously in order to target ads at them. One chief culprit is Web bugs, tags that track users as they move from website to website. They help compile a profile of what a person鈥檚 likes and dislikes are, which can then be sold to companies. A study at the University of California, Berkeley released in June showed that all of the top 50 most-visited websites had between 1 and 100 Web bugs embedded in them when checked over one month. Google alone had placed a Web bug on 92 of the top 100 sites.
THE QUESTION IS, HOW do we keep using the Internet while maintaining some curtain of privacy around our cyber glass house? The easiest answer would be to simply become a Luddite 鈥 don鈥檛 go online at all. But that seems impractical, even irrational, in a wired world.
In fact, some experts worry that if people become too paranoid about online privacy, it could have deleterious effects. 鈥淲e need to be able to trust a bank not only with our money but with our information,鈥 says Helen Nissenbaum, a professor of media, culture, and communication at New York University.
As a start, many people are trying to ensure some level of privacy by putting more starch in the ubiquitous 鈥渢erms of service鈥 agreements. These are the policies we regularly encounter when signing up for websites, which usually include promises of safeguarding privacy.
The problem is most people just hit 鈥渁ccept鈥 and don鈥檛 read them. Those who do usually wish they didn鈥檛. It鈥檚 as if they鈥檙e written in Urdu. Nor do the agreements always disclose the ramifications of the privacy people are giving up.
鈥淧rivacy policies are becoming longer and longer and more complex to read,鈥 says Alessandro Acquisti, a professor at Carnegie Mellon University in Pittsburgh. 鈥淭hey鈥檙e more to protect the company than the consumer. It鈥檚 quite sad.鈥
Under pressure from the Federal Trade Commission and private groups, companies are trying to clean up the cyber Sanscrit. One industry group, which includes AT&T and America Online, is designing new privacy notices.
This summer, Facebook announced it would change its privacy policy to give users a simpler way to control who sees information users share. It鈥檚 probably a good thing: In July, government privacy commissioners in Canada and Australia charged that Facebook was not doing enough to protect users and potentially violating privacy laws.
鈥淟et鈥檚 make it easier for folks to act in the way they want to act,鈥 says Jules Polonetsky, co-chairman and director of the Future of Privacy Forum, a Washington, D.C.-based think tank underwritten by companies such as AT&T, AOL, Intel, eBay, and Facebook. 鈥淵es, I can make a silly joke to my friend. It can be easily watched by my friends, but I can easily make it go away if I need to.鈥
Advertisers are reacting to criticisms, too. Earlier this summer, four leading advertising trade associations announced they would recommend that their members direct users to a site where they could learn what information had been collected on them, how it was being used, and opt out if they wished.
Some people are suggesting a different way to protect against such surreptitious monitoring 鈥 digital decoys. Ms. Nissenbaum and one of her graduate students has developed a downloadable program for Web browsers called 鈥淭rack Me Not.鈥 It automatically sends out massive numbers of fake search queries so the real search is hidden in the chaff, which would prevent a Web bug from compiling information about surfing patterns.
Another program, called 鈥淰anish,鈥 being developed at the University of Washington, makes e-mail messages unreadable after a period of time, preventing them from being stored indefinitely.
In the end, the surest way to protect our privacy might be societal indifference. In the early 1990s, Bill Clinton鈥檚 admission of marijuana use as a youth triggered a mini-scandal. Barack Obama鈥檚 admission of youthful drug use in 2007 hardly drew a talk-show tantrum. People seem more forgiving today.
In that vein, maybe that photo we once posted online of us dancing on the tabletop, thinking it was funny, won鈥檛 come back to embarrass us decades later. As Patricia Abril, a law professor at the University of Miami, puts it: 鈥淢aybe we鈥檒l be more accepting.鈥
In other words, maybe we鈥檒l all just get over it.
路 Husna Haq contributed to this report.
-----
Related:
