There was a time when people had secrets. Men could discreetly dispose of receipts for flowers, drinks or jewelry, and a last check for lipstick on the collar before turning the key to the front door could hide a multitude of sins.
But times have changed, even if behaviors haven’t. Shopping, chatting and traveling in the digital age means that habits and relationships are all recorded somewhere – whether people know it or not.
And computers are terrible at keeping secrets.
The 30 million users of AshleyMadison.com thought they had some privacy – until hackers last weekexposed their names, addresses and credit card payments. Two suicides have reportedly been linked to the disclosures, which – unlike the almost routine reports about electronic thefts of financial data – have led to consequences far more serious than can be addressed by a credit-monitoring agency.
Along with recent high-profile breaches that have affected retailers like Target and government agencies like the IRS and Office of Personnel Management, the Ashley Madison hack shows online information is never truly safe, despite people’s increasing willingness to hand it over. Consider, for example, how easily people disclose their eating habits on sites like Yelp or Zomato, their traveling destinations on TripAdvisor or Expedia, and their pastimes and politics on sites like Pinterest and Facebook.
People also leave clues through credit card purchases, website visits and phone calls, while mobile phones and vehicle transponders can track their every move.
“That data, while innocuous in each small piece, becomes extremely valuable to online marketing companies trying to maximize their reach,” says Rainey Reitman, director of the activism team at the Electronic Frontier Foundation. “Many apps and services don’t need this data to function, but they are collecting it anyway.”
Indeed, Google is a daily resource for billions of people worldwide in part because it offers its users an individualized experience based on their location and past preferences.
That data, though, is constantly at risk.
So far this year, 505 data breaches have targeted businesses, government agencies and other institutions, exposing more than 139 million records, according to the Identity Theft Resource Center. The sheer number of hacks is evidence of how companies underestimate the threat of a data breach and how the government needs to procure software faster to keep up with the latest cybersecurity technology, says Bruce Schneier, a fellow at Harvard University’s Berkman Center for Internet and Society.
The bigger problem reflected by the breaches, however, is that all this user data is being stored in the first place.
Many people realize Web services like Facebook or Google are monitoring their activities, but companies also collect information in less obvious ways. Large websites and smaller businesses running smartphone apps do everything they can to collect information to tailor advertising or sell it to third parties interested in doing the same. Those third parties, sometimes known as “data brokers,” are in the business of buying information from nearly every digital service to paint a picture of a person’s daily life, Schneier says.
“Everything that touches a computer produces data – and your data moves around a lot,” Schneier says. “There is not much you can do to protect it because you are not holding your data. We are relying on other people who hold that data.”
Government agencies are also collecting that data from companies whether or not they have search warrants, according to confidential documents leaked to the press by Edward Snowden, a former contractor with the National Security Agency.
But Web companies have been desperate to preserve at least the illusion that their information is being kept private. Gathering customer data for advertising purposes or sale to third parties is a part of their business, so companies like Google and Yahoo have pushed back against requests to provide data to the government out of concern people would share less information. Google and Apple, meanwhile, aim to put customers at ease about surveillance by removing the ability to access data stored on iPhone and Android devices, but authorities warn that guaranteeing people that much privacy could endanger national security.
“In the post-Snowden era, there should be no illusions of privacy of the Internet,” Reitman says.
Joe Turow, a professor of communication studies and online privacy at the University of Pennsylvania’s Annenberg School for Communication, says Americans felt powerless about data collected on their daily lives long before news reports exposed the scope of government surveillance. Turow conducted a nationwide survey in 2009 with researchers at the University of California-Berkeley that showed 72 percent of Americans thought the data collected by companies could potentially harm them, while 40 percent thought they had no control of what companies know.
The feeling of powerlessness and a desire for greater protection is shared among Americans of all ages, he says, despite some studies that suggest millennials are less concerned than older generations about the information they share online.
“People are resigned when it comes to online privacy; they are concerned but believe they have no choice,” Turow says. “People have a life, and the Internet is so woven into the fabric of our everyday lives. It is maddening to try to deal with all the cross-cutting information on what people should or shouldn’t do online.”
Despite settling with the Federal Trade Commission in 2011 on charges it misinformed users about what information would be shared and made public, Facebook still attracts 1.5 billion users each month because social networks offer so much convenience that they have become a part of daily life, Turow says.
“How many people today can quit Facebook and not feel they have lost friends?” he says.
People increasingly rely on large companies like Facebook to safeguard their data, but many Americans are fighting for a greater say in how that information is shared. The Obama administration once staunchly defended the need for the NSA’s broad surveillance powers, but public outcry over the documents leaked by Snowden recently led to the passage of the Freedom Act, meant to reform how spy agencies monitor phone records.
Members of Congress are also considering bills that seek to limit information collected on students in schools and extend rules on how driving data can be used. The FTC additionally is pressing businesses to take greater care on privacy when designing the next generation of wearable devices, which can track a person’s movements, eating habits and health information.
Enjoying true privacy is difficult in today’s digital age, but it won’t get easier if people give up on their right to a few personal secrets, Reitman says.
“People are starting to be so frustrated about privacy that they believe they can’t get anything better,” she says. “We have to push back against that idea.“