Computers have made life in the 21st Century immeasurably better in so many ways that it is virtually impossible to imagine where we’d be without them. From running our most vital infrastructures, to blasting through former boundaries of scientific exploration, computers have put unheralded power at our fingertips. Information on nearly any subject is available with the click of a mouse, and data can be organized, stored and shared faster than we can blink an eye. However, the same tools that can collect, organize and propagate information so efficiently can also be used to exploit personal information, leading to concerns about online privacy.
Online privacy can refer to technologies or practices that protect anonymity and personal or sensitive information online, but it can also be used as an umbrella term to refer to any matter concerning privacy. Concerns about online privacy began with the invention of cookies, text files that stored information about a user in an encrypted state. Cookies were originally conceived to make Web surfing more convenient, but were quickly put to other unintended uses.
Third party tracking cookies help large Web marketers gather detailed surfing profiles on individuals, often linking a real name, address, phone number or other personally identifiable information to the “anonymous” profile. Powerful analytical tools categorize the information, making personal extrapolations based on the types of websites visited over days, weeks, months and even years. Gender, approximate age, marital status, religious affiliations, children, pets, locale, work, hobbies, health issues, political leanings, education and income bracket are just a few of the markers that can be deduced with varying degrees of accuracy.
While the stated purpose of profiling is target marketing, there is no guarantee how the information can or might be used in the future. Databases can also be triangulated between merging or partnering data miners — both on and offline — to compile even more detailed profiles. Such profiles could have potentially adverse effects on individuals. For example, a health insurance company might lease access to a profiling database to screen potential new subscribers, adjusting policy premiums based on “risk” factors present in the profile, such as cigar or alcohol purchases, or potentially unsafe hobbies like rock climbing or hang gliding.
Due to the outcry over what some viewed as a highly invasive practice, cookie controls were implemented into browsers, and today, most savvy surfers leave third-party cookies turned off to reduce market profiling. This still allows first party cookies and the ability for individual websites to maintain records of repeated visits. Some users choose to turn off cookies completely, enabling them only on an as-needed basis.
As that battle was fought, other concerns over online privacy emerged. Vendors were selling products and services without implementing a secure, encrypted, point-to-point tunnel between the website and client. Enthusiastic newcomers to the Internet were entering sensitive information such as name, address and credit card information into online forms that were being sent in the clear, unaware of the security risk.
As people became educated and websites began implementing encryption, tangential issues arose regarding online privacy. Personal information submitted for one purpose was being sold or used for another. As a result, privacy policies were mandated, but without oversight, the policies were meaningless. Watchdog companies like TrustE® were created to issue seals of approval to companies that purportedly stuck by their policies, but even the watchdogs came under scrutiny when major companies they endorsed such as Microsoft®, AOL® and Amazon® each came under fire for alleged major breaches of privacy that made online headlines.
In addition to these growing pains, Internauts had other problems to worry about when it came to online privacy. Malware was becoming more sophisticated. Instead of erasing files or disrupting the system, “bots” were being installed remotely to surreptitiously use computer resources. Trojans and rootkits exploited weaknesses in operating systems, installing back doors for keyloggers to steal credit card numbers and passwords. Identity theft became big business, and today, some 15 million US citizens are victimized each year at financial losses surpassing $50 billion US Dollars (USD), according to IdentityTheft.info.
Protective laws have always trailed technology, but another factor that plays into the exploitation of online privacy is the false sense of anonymity created by sitting at a computer in the privacy of one’s home or office. In reality, any unencrypted communication transferred over the Internet is essentially public. This includes unencrypted email, which is no more private than a post card.
While younger generations that have grown up online might not be as concerned with privacy, others find protecting privacy more important than ever, particularly when its loss can have far-reaching, unintended and unforeseen future consequences. For more information, see organizations like the Electronic Privacy Information Center (EPIC), the Electronic Frontier Foundation (EFF), and Privacy International.