As I was reading chapter 7 of Lawrence Lessig’s book Code: and Other Internet Laws, I began to reflect on his theory that code is what threatens our liberty in cyberspace. Code is the tool used to architect, regulate, and constrain the environment. Lessig point outs that through code “laws, norms, the market, and architectures interact to build the environment that “Netizens” know.”
My reflections took me to a time several years ago when I was working at an Internet Service Provider (ISP) as part of their Community Action Team while working on an undergraduate program. Basically my role was to aid with the enforcement of a section of their Terms of Service (TOS), which actually rolled up as part of the End User License Agreement (EULA). My function was more associated with community and social norms as it related to online appropriateness than the code as this point.
Worry not! I did not spend my time scouring online communities and forums looking for TOS violations by invading individual privacy or spying on users; potential concerns were reported to our team by end users or community volunteers using methods that allowed us to verify authenticity of the report. Once reports were validated, then end users were either coached, other times asked to not return to our service, and in some cases the violations required being reported to the authorities.
The reason I share my experience is that I found one of the most interesting aspects to be that most people were consistently surprised that an organization would know that much about their online activity. The violations would have the date, time, user name, location of the offense (email, IM, chat room, etc.), and the exact wording or details of the action committed listed in the account. The idea that someone they had never met would know that much about them came as a shock. I mean they were using a pseudonym (screen name), weren’t they? Does that not imply a type of privacy and freedom?
So how does this story relate to the topic of data privacy? First, code and EULAs have matured over the last 12 years!
Today code architects an online space or software to force users to freely provide an extensive amount of data to the corporation and its affiliated partners. The amount of information collected today would not have been possible years ago. Cookies collect usage patterns so that technology companies can leverage that information to increase their value. EULAs are written in a way that an individual’s choice is all or nothing: Use the software, give up your privacy. Period.
Technology companies can, with your permission via the EULA, collect, store, and sell your private data. Data that may even be outside of your usage pattern within their software can be collected via a cookie stored on your hard drive.
This all sounds rather nefarious, doesn’t it?
Truth is, it is. The average user’s privacy is infringed upon on a consistent basis to increase profit margin or projected values of a corporation. Advocacy groups are pushing law makers to increase privacy regulations as it pertain to children online, but we also need to look at the extent to which privacy impacts us all. Technology companies collect such an extensive amount of data on their users, the NSA has tried to strong armed them into releasing the data to them in the name of national security. It is time to push back. Push back against corporations and proposed legislation like SOPA and CISPA.
You may wonder how privacy-enhancing technology (PET) may aid in privacy retention. My take is that while it helps when sending encrypted messages and data, it does not fully impede corporations from collecting and leveraging your data as a practice. More specifically, these technologies are aimed at only protecting a particular customer based in a narrow scope of usage. PETs enable safe purchasing options, password encryption, and the access of personal data that would be illegal for an organization to collect. Mainly PETs block the collection of data without eliminating the object attempting to collect it. I believe there needs to be options to enable and expand PETs for continued and sustained use in protecting an individual’s personally identifiable information. Although I realize that doing so would alter technology and its ability to capture Big Data.
But for now remember that, when online, someone is always recording, analyzing, and leveraging your personally identifiable information and associated data. Worried yet?