Arrow-right Camera


Experts say online tracking is almost impossible to avoid


WASHINGTON – What can people do to protect their privacy from massive data-mining efforts by U.S. and other intelligence services? The answer is not much, short of going off the grid completely.

Reports in the Washington Post and Guardian newspapers this week allege that the government has been secretly accessing the phone records of tens of millions of Verizon customers, as well as online videos, emails, photos and other data collected by nine Internet service providers.

Privacy advocates say most consumers long ago swapped privacy for convenience, but few realize the degree to which their digital activities are being tracked.

The reality is that your personal information isn’t just shared with the government, but also sold to third parties such as online advertisers and mobile-application developers, said Jeffrey Chester, the executive director of the nonprofit Center for Digital Democracy in Washington. It’s all there in the privacy policy you probably didn’t read when you signed up for Facebook or Gmail.

“We’ve crossed a digital Rubicon here; there’s no going back,” Chester said. “Big data is ruling our lives, and the big question is whether there will be any kind of limits here, protecting our consumer information and our democratic right to privacy.”

Privacy policies for Google, Yahoo and other Internet service providers explicitly state that the companies collect users’ data, such as names, email addresses, telephone numbers, credit cards, IP addresses, search queries, purchases, time and date of calls, duration of calls and physical locations.

The policies say that companies may use that information to send you targeted advertising or, if necessary, to comply with requests from government authorities.

Apple Inc., Yahoo Inc., Microsoft Corp., Google Inc. and Facebook Inc. denied Friday that they give the government direct access to their servers, saying that the companies provide user data only in accordance with the law.

“Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process,” Google’s statement said. “Press reports that suggest that Google is providing open-ended access to our users’ data are false, period.”

People who are disinclined to believe such reassurances – or who just want to keep anyone from reading or listening to their personal communications – can install specialized “end-to-end” encryption software, which must be used by both parties involved in a conversation. It prevents intermediaries like email or instant messaging providers from reading or understanding those conversations, or giving others access to them.

“Privacy advocates have recommended this for a long time, but it’s seen fairly little adoption as a fraction of online communications because it requires a bit more conscious effort by users,” said Seth Schoen, senior staff technologist for the Electronic Frontier Foundation, a San Francisco-based nonprofit.

Tools such as encryption provide limited protection, however. Governments can still try to break into your computer to spy on you, and encryption only protects against someone reading a conversation, not from knowing that the conversation took place, who was involved and their locations, Schoen said.

“This kind of information is now being referred to by the government dismissively as ‘metadata,’ but it’s incredibly significant and has major privacy consequences, including allowing mapping of people’s private activities, beliefs, medical problems and intimate relationships,” he said.

Ultimately, the only sure bet is not to use technology at all. Schoen quoted Robert Morris Sr., a computer security expert who worked at the NSA for many years: “The three golden rules to ensure computer security are: Do not own a computer; do not power it on; and do not use it.”

But 21st century consumers aren’t likely to toss their mobile devices or swear off Internet access to preserve their privacy. One in three consumers would rather give up TV than their smartphones, according to a 2012 survey by Google/Ipsos OTX MediaCT.

Even if consumers do take the time to read the fine print in Internet companies’ privacy policies, most don’t expect that spies will be peering at their every move when they sign on, he said.

The problem is that electronic communication privacy laws are woefully out of date, he said. They haven’t been updated since 1986.

The American Civil Liberties Union also supports a bill to create a “Do Not Track” option online that would require consumers to give explicit permission before their personal information could be collected by websites or apps. Such legislation has stalled in Congress for years.

Rather than retreating to a cabin in the wilderness, swearing off smartphones and saving up for encryption software, consumers can protect their privacy through old-fashioned political action, said Chris Calabrese, legislative counsel for the ACLU in Washington.

“Sometimes the simple and the old answer is the best one: Call your congressman,” he said. “You’re a citizen, not just a consumer. If you think what the government is doing is wrong, let the government know.”


There are 13 comments on this story »