“If the Internet were your living room, there would be crowds of people peeking through the windows,” says Mark Ghuneim, CEO of New York digital marketing agency Wiredset, “and you would have unwittingly granted them permission to watch and record everything going on.” Among the Peeping Toms: George Orwell’s figurative Big Brother—the government—but also, potentially, your employer (and future employers) and marketers, as well as so-called data miners who’ve made a multibillion-dollar business out of buying and selling intimate details about you.
In an age of social networking and oversharing, our lives are open books. What we do in our homes with our technology doesn’t always give us what the law calls “a reasonable expectation of privacy.” How easily can others get their hands on all the information floating around cyberspace about you and your family?
Who Can Read Your E -Mail
You just sent a message to a friend about a trip to St. Petersburg you’re thinking of taking. Somewhere a computer is probably “reading” that e-mail with keen interest, using sophisticated software to discern your plan to travel as well as the specific destination—which is why you might suddenly start noticing your e-mail provider serving up ads for, say, St. Petersburg hotels and restaurants.
Google, whose Gmail service keys ads to e-mail content, announced in late March that it will be refining its system to serve up more “relevant” ads (“For example,” Google helpfully explains, “if you’ve recently received a lot of messages about photography or cameras, a deal from a local camera store might be interesting”). The company reassures users that the process is “fully automated” and that “no humans read your messages.”
Whether you use Gmail or another service—and no matter how much information about yourself you volunteered when setting up your account—any e-mail you send from your home is likely to be associated with a specific IP (Internet protocol) address. In other words, if you set up a Hotmail account under the name Jane Doe, it may be directly traceable to you by law enforcement. (Prosecutors across the United States have successfully sought to subpoena records from Internet service providers to demonstrate such links in criminal cases.) You may think you’ve sent an anonymous e-mail, but for all practical purposes, it’s as good as signed.
Of course, if you use an anonymous service like GuerrillaMail—which allows you to create a temporary e-mail address that lasts just one hour—and log in from a public location such as a coffee shop with free Wi-Fi Internet access, you should be able to cover your e-mail tracks. But such disposable e-mail addresses (which some people use to gain access to websites that require an e-mail address during the registration process, hoping to avoid spam) aren’t practical for the vast majority of us.
On some sites, the price of admission is your surrender of privacy.
And as for e-mail you send from work, beware: Dr. Darren Hayes, a Pace University professor and expert in data security, says, “The legal presumption is that no matter what you do on your employer’s network, there should be no expectation of privacy.” In other words, your employer doesn’t have to tell you that the computer on your desk and everything that passes through it is being automatically monitored.
Who Can Track Your Web-Surfing History
Michael Fertik, CEO of reputation.com, recommends that you “always browse in privacy mode.” (In Firefox, look for Start Private Browsing under the Tools menu; in Internet Explorer, click the Safety link, then select InPrivate Browsing; in Safari, look for Private Browsing under the main menu.) “That might mean,” he adds, “that you have to log in every time you go to your banking site, but guess what: That’s better anyway.” It’s important to note that some websites won’t function properly unless you allow them to place cookies on your computer. In other words, the price of admission is your surrender of privacy.
Every Web browser allows you to clear cookies after visiting sites. That’s a useful tactic if, for instance, you’re checking e-mail on a computer that other people can access.
Both Internet Explorer (from Micro soft) and Firefox (from Mozilla) recently added so-called do-not-track features designed to limit the amount of information marketers can collect about you as you surf the Web. So far, though, marketer participation in do-not-track programs amounts to self-policing, as there is no force of law behind them. That’s why the U.S. Senate’s commerce committee has been considering legislation that would mandate the ability of consumers to opt out of being tracked.
Keep in mind that clearing your cookies or turning on a do-not-track feature does not erase your tracks. Your service provider may maintain detailed logs of every site you’ve visited, and other evidence of your surfing habits may persist on your computer. In 2007, a New Jersey woman was convicted of murdering her husband. Before the crime, she’d entered four words into Google’s search box: how to commit murder.
Comments left anonymously, or under assumed names, on website message boards are traceable too. The administrator of a site, for instance, can see the IP address of the computer of any posted comment—information that can be subpoenaed by law enforcement. (Some websites even make IP addresses of commenters visible to other commenters to not so subtly encourage civility.)
As for social networks, reputation.com’s Fertik maintains that even the most rigorous privacy settings are not good enough: “The social networks will still take your data and give other people access to it. That’s their business model. So just assume that no matter what you post, no matter how private you think it is, it’s going to find its way to someone else.”
While Facebook, for instance, allows you to limit what nonfriends can see, people in your social circle may not have the same scruples about your information. And once information is out there, it can be used against you. In 2010, the American Academy of Matrimonial Lawyers reported that four of five surveyed divorce attorneys reported seeing information from social networks being used in divorce cases. In 1988, Congress passed the Video Privacy Protection Act after a D.C. newspaper published Judge Robert Bork’s video-rental records during his unsuccessful confirmation hearings for the Supreme Court. Fast forward to 2011: Chances are no matter what you watch on television—through cable or via a service like Netflix—at some level, it’s being tracked digitally, seamlessly, and automatically.
Who Can Track What You’re Watching on TV
In fact, cable companies such as Cablevision have been experimenting with “addressable ads” that deliver commercials tailored to your household. Bob Fetter of Massachusetts- based Pluris Marketing, a company that helps cable providers and other firms conduct such so-called data mining, doesn’t think that’s always cause for concern: “Sometimes sharing your data leads to a better customer experience.” For instance, Disney and Toys“R”Us have participated in Cablevision’s tests, and while they don’t reveal whom they’re targeting, it’s obvious that they’re interested in reaching, for instance, middle-class households with children. Their spots might be more welcome than, say, commercials for erectile-dysfunction drugs. Those who balk at addressable advertising can, of course, opt out. The burden, in other words, is on you, the consumer. “In the past decade, the stakes for privacy have dramatically changed,” says Jules Polonetsky of the D.C.-based advocacy group Future of Privacy Forum. Today, though, even if you do all the right things on your computer—surf in private mode, enable the do-not-track feature, etc.—you are likely being followed more closely than ever, thanks to what you’re carrying around in your pocket or purse. “Your cell phone,” Polonetsky points out, “is a sophisticated computer that knows all your contacts, including all your friends, and knows your location because you always have it with you.”
What Your Cell Phone Can Reveal About You
As the New York Times reported this spring, a German politician recently sued his cell phone provider, Deutsche Telekom, to force it to reveal the data it was tracking about him. It turned out that over six months, the company had recorded his exact location, in the form of longitude and latitude coordinates, more than 35,000 times. As the law stands in the United States, cellular providers don’t have to reveal to their subscribers what sort of information they routinely collect and to what degree. Just the same, for most users, the benefits may outweigh privacy concerns.
For instance, even cell phones that lack sophisticated global positioning system (GPS) circuitry can determine your location by triangulating your distance to nearby cell phone towers. Good news if you’re lost in the Dismal Swamp, of course, and good news for law and order. Both GPS and tower data have successfully been used in court to demonstrate a suspect’s proximity to a crime scene.
Verizon, incidentally, has a service that’s specifically designed to invade privacy—of children. Verizon Chaperone uses GPS to allow parents to pinpoint the location of their kid’s phone at any time (on the theory that kids are entirely inseparable from their mobiles). But the biggest privacy threat to cell phone users, both children and adults, may be one they bring on themselves through services like Foursquare, which lets you publicly check in to locations (for example, announcing to your friends that you’re at the mall), and Facebook and Twitter, which let you add your locations to updates and tweets.
In fact, in the winter of 2010, a group of activists launched pleaserobme.com to raise awareness about the danger of broadcasting your location to the world. Indeed, last September, police in Nashua, New Hampshire, busted a burglary ring that targeted homes whose occupants had posted their whereabouts on Facebook, graciously letting thieves figure out exactly when they wouldn’t be home.