America's Perilous Patchwork of Privacy Laws
As a concept, the notion of online privacy seems to rank right up there with the Tooth Fairy.
Facebook has declared that all posts by members on their walls are public property; Google keeps getting into trouble with various governments over the data its Street View cars collect; and you can forget about your Tweets being private -- the Library of Congress is recording them.
"Consumers can't expect much privacy in online services like Google, Facebook and Twitter," Rainey Reitman, activism director at the Electronic Frontier Foundation, told TechNewsWorld.
There are few laws protecting consumers on the Web, Reitman pointed out. Meanwhile, law enforcement "continues to seek ways to expand their online surveillance powers."
For example, a federal magistrate judge in Virginia has ruled that the government can collect the private records of three Twitter users as part of its investigation into WikiLeaks, and that it can prevent those users and the public from seeing some of the documentation submitted to justify obtaining those records.
This could set a precedent that will let the government secretly amass information related to individuals' communications over the Internet, the EFF has cautioned.
Federal Thud and Blunder
Even when the federal government tries to introduce new services, new problem areas open up.
For example, the United States Department of Transportation has come up with the Next Generation 911 Project in an attempt to let consumers contact emergency services through multiple means, including text messaging, photos and email.
However, the EFF pointed out in comments filed with the Federal Communication Commission that the proposal might provide data such as medical histories to first responders. That's a well-intentioned move that could backfire because, as the EFF stated, 911 calls are subject to public disclosure in most parts of the country. This could conceivably make details about a person's illness or medical history publicly available to anyone who asks for them.
"We can expect very little privacy when we visit Google or Facebook," Darren Hayes, a professor at Pace University's Seidenberg School of Computer Science and Information Systems in New York City, told TechNewsWorld.
For example, the Google search engine saves the searches users make. This could be used to identify the searchers.
Google's end user license agreement "clearly states that they are allowed to read through your Gmail messages," and your emails may end up on Google even if you don't have an account with the Internet giant because they may have been forwarded by the recipient, Hayes remarked.
The Yin and Yang of Being Online
It seems nobody's nailed down just how much control we should, or want to, have over our personal information on the Internet.
For example, users often put an astonishing amount of personal information on social networking sites to which they belong, or on their personal websites. At the same time, many of them scream in outrage when they're tracked online.
Consumer objections to online tracking have led the major browser vendors to work on plans to implement so-called do-not-track features into their products. This will let consumers indicate when they don't want to be observed online.
For example, Microsoft's Internet Explorer 9 browser, which was released earlier this week, includes beefed-up controls that let users control what information about their behavior they're wiling to share with others.
Consumer resentment at online tracking is fueled to a large extent by targeted online ads -- a poll conducted jointly by Gallup and USA Today in December found that 67 percent of respondents don't think advertisers should be allowed to match ads to their specific interests based on websites they've visited.
However, consumers' outrage is perhaps overblown -- if you leave tracks on public sites, which many free online communities and services are, you can hardly complain when someone collates that information.
"Surfing the Internet should be viewed as no different than walking down Main Street," Daren Orzechowski, a partner at the law firm White & Case, suggested.
"The problem is that people do not think this way when using a computer in their home," Orzechowski remarked.
What Is Privacy, Anyway?
Privacy "is a right to be free from unauthorized observation or intrusion," Orzechowski told TechNewsWorld.
However, the scope of that right is defined by the law. While Europe has "very strict" laws around data privacy and protection, the United States framework is "much more relaxed" for now, Orzechowski said.
That then raises the question of what is the scope of the right to privacy.
"In the constitutional area, where the government is involved, the law is much clearer," Orzechowski said. "In the private sector, it is not, and that is the issue being debated."
New privacy laws or regulations may emerge in the next year or two, Orzechowski added.
In the meantime, consumers would do well to remember that the Constitution doesn't contain any guarantee of privacy.
"I think there is an unsupported view by the general public that there is a broad right to privacy, when in reality any such rights, to the extent they actually exist, are not as broad as people think," Orzechowski warned.
Where Is the Law?
Part of the problem with protecting our privacy is that the United States, unlike other developed nations, does not have a federal consumer data protection law, the EFF's Reitman pointed out.
Instead, we have a patchwork of laws that apply in different situations. We have laws that apply to medical records, other laws that apply to banking records, still others that apply to data collected by the government, and so on. Some of those laws are stronger than others, Reitman said.
Another part of the problem is that these laws are based on an outdated model that associates consumers' privacy rights with demonstrable financial harm.
"This ignores the fact that many consumers want to control the flow of data about them for reasons beyond financial harm," Reitman opined. "Users often feel exposed by privacy-invasive practices."