by Matthew L. Schafer
Note: This report originally appeared on the media blog Lippmann Would Roll.
In February of 1996 USA Today called the Internet an “Electronic Pandora’s Box,” the Star-Tribune wrote that the public was “selling their privacy,” and today the Los Angeles Times conceded that most Internet users are painfully aware that “they have little or no control over [their] data.”
Internet users, the government, and tech companies have had contemporary online privacy concerns on their radar since 1995. In 1998, the United States government sought to create what it called an “Electronic Bill of Rights” under which Americans would be protected from undue intrusion into their privacy. The European Union adopted sweeping legislation to protect users data in 1995.
“Privacy is a basic American value, in the information age and in every age,” Gore said at the time. “It must be protected. We need an electronic bill of rights for this electronic age.”
That was then. Today, there is no “Electronic Bill of Rights.” Not without want th0ugh. In 2008, the popular technology website TechCrunch made the case for a “Digital Bill of Rights,” which would protect the free flow of information, control over personal information, and the control over one’s digital identity.
“For the most part, the expectation of privacy is dead on the Web,” Erik Schonfeld of TechCrunch wrote. “But the privacy of certain types of information will always need to be protected.”
Currently, online privacy is in a battle with both corporate and government interests. Recently, President Obama, in an attempt to modify an existing law, sought to expand or clarify the lawful ability of the government to search digital records without a warrant.
By adding the words “electronic communication transactional records” to the law, the Washington Post reported, the FBI will be able to gather information about email recipients, times that emails were sent, and Internet users browsing history. This comes despite the Electronic Communications Privacy Act of 1986.
“It shall not be unlawful… [for] a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment,” the law says.
In spite of the law, the government abuses of online privacy run rampant. According to the Electronic Frontier Foundation, government abuses of civilian privacy rights have taken place at the Federal Communications Commission, the Federal Bureau of Investigation, and the Department of Homeland Security, among others.
The invasions of privacy, which range from requests for information on Internet users via “National Security Letters” to the unlawful monitoring of the Internet phone company Skype to questions regarding the digitization of government documents by private companies, are outlined in tens of thousands of documents at the Electronic Frontier Foundation.
The government is not the only player in the erosion of online privacy rights. Indeed, examples of corporate overreach or a lack of privacy protection in products abound. In an article released by the Wall Street Journal on Monday, the Journal reports that Microsoft actively gutted privacy protections that were proposed for its new web browser Internet Explorer 8.
Programmers attempted to revive the flailing Explorer by creating the most powerful built in default privacy protections of any browser on the market. According to the Journal, the top 50 websites in the United States download an average of 64 pieces of tracking technology on a testing computer. Despite the rise of these tracking technologies, Microsoft executives abandoned the project fearing that advertisers would run the other direction.
“In the end, the product planners lost a key part of the debate,” Nick Wingfield of the Wall Street Journal wrote. “The winners: executives who argued that giving automatic privacy to consumers would make it tougher for Microsoft to profit from selling online ads. Microsoft built its browser so that users must deliberately turn on privacy settings every time they start up the software.”
Advertisers have also whittled away at online privacy as they have become increasingly savvy at targeting potential customers. Using cookies, as the Journal explains in this informative video, advertisers are able to track where Internet users wander online and use that information to build profiles on users. Companies can then target ads at users that are potentially relevant to that users interests.
“These firms place their own cookies into the computers of those who visit the websites and then track people’s activities into the many other sites that affiliate with the adserving firms,” Professor Joseph Turow wrote in a 2003 report.
Google feels differently about using cookies, writing that “Google uses cookies to improve your experience and to provide services and advertising. Cookies help us keep a record of your preferences… We also use cookies to provide advertising more relevant to your interests.”
As consumers have became wise to the use of cookies, however, the industry has began using both normal cookies and local shared objects (a.k.a flash cookies) in the event that users would delete the normal cookies. Flash cookies allow websites to track users’ online predilections even if cookies are turned off in the browser. Personal flash cookie settings can be modified here.
The privacy concerns don’t stop at cookies, advertisers, and government abuse unfortunately. Mobile devices like iPhones are notoriously lousy at protecting basic user privacy rights. This includes privacy concerns regarding both the geolocation of the cell phone user, as well as third party applications that download information about the user.
Recently, a security firm called Lookout found that 14% of third party apps, which are not subject to Apple’s terms of use can “see” user contact information. Only a quarter of free apps in the iTunes app store even have a privacy policy Lookout discovered. This comes at a time when it was recently discovered that over 1 million Facebook profiles including the names, friends, and pictures of users were made available on a file sharing website.
“Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details,” Ron Bowles, the security tester who originally made the names available on the file sharing website, said. “If the user has set their privacy higher, at the very least I can view their name and picture. So, if any searchable user has friends that are non-searchable, those friends just opted into being searched, like it or not! Oops “
It appears that the USA Today may have been correct in their 15 year-old estimation that the Internet, as far as privacy is concerned, is an “Electronic Pandora’s Box.” It’s unclear whether Congress will move on privacy legislation and while the Federal Trade Commission is expected to release a report in support of a Do-Not-Track list, for now it appears that the user is on his own. The best solution to confronting privacy online may be taking it into your own hands.
Leave Your Comments