The Illusion of Online Privacy

As the Ashley Madison hack demonstrated, Web companies can't guarantee privacy.

There was a time when people had secrets. Men could discreetly dispose of receipts for flowers, drinks or jewelry, and a last check for lipstick on the collar before turning the key to the front door could hide a multitude of sins.

But times have changed, even if behaviors haven’t. Shopping, chatting and traveling in the digital age means that habits and relationships are all recorded somewhere – whether people know it or not.

And computers are terrible at keeping secrets.

The 30 million users of AshleyMadison.com thought they had some privacy – until hackers last week exposed their names, addresses and credit card payments. Two suicides have reportedly been linked to the disclosures, which – unlike the almost routine reports about electronic thefts of financial data – have led to consequences far more serious than can be addressed by a credit-monitoring agency.

Along with recent high-profile breaches that have affected retailers like Target and government agencies like the IRS and Office of Personnel Management, the Ashley Madison hack shows online information is never truly safe, despite people’s increasing willingness to hand it over. Consider, for example, how easily people disclose their eating habits on sites like Yelp or Zomato, their traveling destinations on TripAdvisor or Expedia, and their pastimes and politics on sites like Pinterest and Facebook.

People also leave clues through credit card purchases, website visits and phone calls, while mobile phones and vehicle transponders can track their every move.

“That data, while innocuous in each small piece, becomes extremely valuable to online marketing companies trying to maximize their reach,” says Rainey Reitman, director of the activism team at the Electronic Frontier Foundation. “Many apps and services don’t need this data to function, but they are collecting it anyway.”

Indeed, Google is a daily resource for billions of people worldwide in part because it offers its users an individualized experience based on their location and past preferences.

That data, though, is constantly at risk.

So far this year, 505 data breaches have targeted businesses, government agencies and other institutions, exposing more than 139 million records, according to the Identity Theft Resource Center. The sheer number of hacks is evidence of how companies underestimate the threat of a data breach and how the government needs to procure software faster to keep up with the latest cybersecurity technology, says Bruce Schneier, a fellow at Harvard University’s Berkman Center for Internet and Society.

The bigger problem reflected by the breaches, however, is that all this user data is being stored in the first place.

Many people realize Web services like Facebook or Google are monitoring their activities, but companies also collect information in less obvious ways. Large websites and smaller businesses running smartphone apps do everything they can to collect information to tailor advertising or sell it to third parties interested in doing the same. Those third parties, sometimes known as “data brokers,” are in the business of buying information from nearly every digital service to paint a picture of a person’s daily life, Schneier says.

“Everything that touches a computer produces data – and your data moves around a lot,” Schneier says. “There is not much you can do to protect it because you are not holding your data. We are relying on other people who hold that data.”

Government agencies are also collecting that data from companies whether or not they have search warrants, according to confidential documents leaked to the press by Edward Snowden, a former contractor with the National Security Agency.
Tom Risen
Photo by Dylan Roberts on Unsplash