Thanks to Google, most people know who Eric Arthur Blair is. Doesn't ring a bell? You might know him better by his pen name, George Orwell. You know — 1984, Animal Farm? The question is, if he were alive today, what would he think of Google, and its power to spread information — sometimes very personal — to anyone who can type? Would he have a Facebook page or a Twitter account? Or would he be writing furiously (on paper), protesting that they're all evil forces of dystopian ruin?
In today's world of webcams, social networking and tweets, have we traded away our right to privacy in return for fun and convenience? And after willingly and knowingly surrendering our privacy online, do we have any right to know what someone is doing with our private information?
Rather than recount the entire history of civil liberties and the Web, let's consider a recent example. Google amasses huge amounts of personal information; in fact, it's pretty much their business model. More than a few people have wondered exactly what Google knows about them. To address the issue, possibly appease a few critics and maybe preempt legislation, last week Google unveiled Dashboard. It aggregates data that Google collects from services such as Gmail, Picasa Web Albums, Checkout, Reader, Web History, and YouTube. In other words, Google is letting you see some of what it knows about you. The advantage is that you can see this personal information, and adjust your privacy settings in Dashboard, rather than separately in the various accounts.
Dashboard only discloses data for accounts where a user must log in. Missing from Dashboard is any search records for users not logged in, or any cookie data (which Google uses to target ads). Google's argument is that cookie data is usually associated with a computer's IP address, and not an identifiable individual, so it doesn't fall within this personal-information disclosure.
A Dash of Openness?
Dashboard got mixed reactions from privacy advocates. While some viewed it as a useful step forward, others were critical. For example, the ability to adjust your personal-information settings seems like a good thing. But those settings only pertain to protecting your privacy from other people, not from Google itself.
More nefariously, it was suggested that Dashboard is only another way for Google to crosscheck your individual identity with your IP. Others were particularly critical of the lack of IP disclosure — the real gold in the data-mined hills. John Simpson of Consumer Watchdog noted, "Google isn't truly protecting privacy until it lets you control that information." In other words, privacy advocates argue that Dashboard is a fraud because it does nothing to prevent or control Google tracking you across the Web. Of course, Dashboard is only a crevice into a multibillion-dollar data-mining industry. What other information about you don't you have control over? The answer is, no one knows.
So in practical terms, what can we do to protect our online privacy? I suppose anyone is free to log off the Internet forever. Good luck with that. Or, I suppose you could resolve to never visit data-collecting sites. Good luck with that, too. Look at a clock and then log on. How long until you're on Google, Yahoo or Bing? More realistically, it would be helpful to at least reduce your exposure. Accounts such as Facebook are clearly collecting private data; it's easy to simply not participate. Things can be tricky. Companies can change their privacy policies without your knowledge. And when you cut ties with a service, there's no way to get your data back. (To their credit, when Facebook changed its terms of ownership of content, they caved into the backlash and withdrew the change).
Last spring, Congress called in executives from Google, Facebook, and Yahoo to ask about their consumer tracking, but no action was taken. (The executives argued that "self-regulation" was the best approach.) The reality is that when you hit the OK button on a website, you are agreeing to a de facto personal-information or privacy waiver. Unless you want to personally fight the good fight in court, you probably have no particular basis to object to anything.
Still, there is hope. Part of a good defense is simply using common sense. For example, a cyclist might upload GPS bike routes to a fitness page. Unless the "private" box is clicked, the routes are publically available, letting anyone see the start and stop point, which could be your home address. By conscientiously using whatever privacy tools that are available (clicking the "private" box) and forgoing the obvious temptation to share the innermost details of your life with complete strangers, you can go a long way towards keeping things private. Hey, don't leave keys to the front door under the flowerpot, and your password shouldn't be "password." In the same sense, simply being aware that companies are aggressively data-mining your private data will help you choose actions to deflect at least some of their intentions. Yes, that is a pretty weak defense. But at least for now, it's probably the only one you have.
Paid for by Privacy
Online, the number of "free" services is increasing by the day. Free e-mail, free image/video hosting, free phone numbers — fantastic stuff. But of course, none of it's free. Big corporations like Google make their money by knowing a lot about you, so they can allow other companies to efficiently direct advertising to you. Consciously or not, you pay for the "free" services with a valuable currency called privacy. I wonder which paradigm would bother Mr. Blair the most — when someone takes our privacy without our knowledge, or when we cheerfully sign away our privacy ourselves.