Spying on Users

The Already Big Thing on the Internet: Spying on Users
By ADAM COHEN

In 1993, the dawn of the Internet age, the liberating anonymity of the
online world was captured in a well-known New Yorker cartoon. One dog,
sitting at a computer, tells another: "On the Internet, nobody knows you're
a dog." Fifteen years later, that anonymity is gone.

It's not paranoia: they really are spying on you.

Technology companies have long used "cookies," little bits of tracking
software slipped onto your computer, and other means, to record the Web
sites you visit, the ads you click on, even the words you enter in search
engines - information that some hold onto forever. They're not telling you
they're doing it, and they're not asking permission. Internet service
providers are now getting into the act. Because they control your
connection, they can keep track of everything you do online, and there have
been reports that I.S.P.'s may have started to sell the information they
collect.

The driving force behind this prying is commerce. The big growth area in
online advertising right now is "behavioral targeting." Web sites can charge
a premium if they are able to tell the maker of an expensive sports car that
its ads will appear on Web pages clicked on by upper-income, middle-aged
men.

The information, however, gets a lot more specific than age and gender - and
more sensitive. Tech companies can keep track of when a particular Internet
user looks up Alcoholics Anonymous meetings, visits adult Web sites, buys
cancer drugs online or participates in anti-government discussion groups.

Serving up ads based on behavioral targeting can itself be an invasion of
privacy, especially when the information used is personal. ("Hmm ... I
wonder why I always get those drug-rehab ads when I surf the Internet on
Jane's laptop?")

The bigger issue is the digital dossiers that tech companies can compile.
Some companies have promised to keep data confidential, or to obscure it so
it cannot be traced back to individuals. But it's hard to know what a
particular company's policy is, and there are too many to keep track of. And
privacy policies can be changed at any time.

There is also no guarantee that the information will stay with the company
that collected it. It can be sold to employers or insurance companies, which
have financial motives for wanting to know if their workers and
policyholders are alcoholics or have AIDS.

It could also end up with the government, which needs only to serve a
subpoena to get it (and these days that formality might be ignored).

If George Orwell had lived in the Internet age, he could have painted a grim
picture of how Web monitoring could be used to promote authoritarianism.
There is no need for neighborhood informants and paper dossiers if the
government can see citizens' every Web site visit, e-mail and text message.

The public has been slow to express outrage - not, as tech companies like to
claim, because they don't care about privacy, but simply because few people
know all that is going on. That is changing. "A lot of people are
creeped-out by this," says Ari Schwartz, a vice president of the Center for
Democracy and Technology. He says the government is under increasing
pressure to act.

The Federal Trade Commission has proposed self-regulatory guidelines for
companies that do behavioral targeting. Anything that highlights the problem
is good, but self-regulation is not enough. One idea starting to gain
traction in Congress is a do-not-track list, similar to the federal
do-not-call list, which would allow Internet users to opt out of being spied
on. That would be a clear improvement over the status quo, but the operating
principle should be "opt in" - companies should not be allowed to track
Internet activities unless they get the user's expressed consent.

The founders wrote the Fourth Amendment - guaranteeing protection against
illegal search and seizure - at a time when people were most concerned about
protecting the privacy of their homes and bodies. The amendment, and more
recent federal laws, have been extended to cover telephone communications.
Now work has to be done to give Internet activities the same level of
privacy protection.

Copyright 2008 The New York Times Company


Viva Liberty!