For more than a decade we've been hearing that privacy is dead, especially when it comes to online privacy. It's hard to argue with the evidence.
Law enforcement agencies routinely obtain location and call data from wireless carriers -- some 1.3 million times in 2011 alone, according to documents obtained by a U.S. Senate committee. Thanks to laws written when fax machines were considered high-tech, government agencies can access data from cloud storage with minimal judicial oversight. And with potential laws like the Cyber Intelligence Sharing and Protection Act (CISPA), Congress wants to enable private companies to share even more customer data with Uncle Sam.
The government is not alone. Virtually every commercial website (including the one you are now reading) deposits cookies that track your movements online. The number of trackers has more than doubled in a year, while advertisers and advocates continue to argue over the definition of terms like "tracking" and "choice." When consumers try to block tracking, companies like Google manage to find ways around it.
Moreover, many of us share data promiscuously on Facebook, Twitter, Google Plus, and other social sites, only dimly aware our personal information is also being collected by both marketers and the government. There's an entire industry devoted to mining that data, matching it to real-life activities, and using it to decide whether you're likely to vote Democrat or Republican, if you're in the market for a car, if you're pregnant, and whether you're a good candidate for credit or a bad insurance risk.
Little wonder then that security expert Bruce Schneier recently authored an essay declaring that we're done:
Despite this gloomy assessment, all hope is not lost. While threats to our personal privacy expand daily, so do potential solutions -- whether it's new privacy legislation, enhanced regulation, stealth computing technology, or the emergence of a consumer-driven data economy.
Legislation: A powerful tool for online privacy, mired by politics
Most Americans would be surprised to learn how little privacy legislation exists at the national level. Aside from limited protections on the sharing of health and financial information (as well as video rental records), most privacy law is based on interpretations of the Fourth Amendment -- which only regulates intrusions by the government, not commercial entities -- and FTC Act provisions against unfair or deceptive practices.
There is, however, no dearth of proposed legislation attempting to treat our privacy ills. The Commercial Privacy Rights Act of 2011 (aka the Kerry-McCain bill) would limit the type of data companies could collect without permission and require opt-outs for the rest. The Do Not Track Online Act would require all online companies to honor do-not-track requests from Web surfers. There are bills aiming to limit how much data mobile apps can collect and what they can and can't do with location data.
Sign up for Computerworld eNewsletters.