Information Sharing

-- By JanethLopez - 16 Oct 2012

Introduction

This course has focused my attention on a problem that I, along with other users of "free" online services, face - the disconnect between what we think we are sharing with one party for a specific purpose and the reality of being spied on in ways and for purposes that aren't as obvious.

The main problem with the way I live my life is that I use free applications that, in the aggregate creates a very accurate view of a user's digital self. For example, Google’s Privacy Policy and Terms of Service allows Google to share information taken from all of its services, aggregating information on a user as Google tracks her every move online. Google looks over my shoulder as I read messages on Gmail, watch videos on Youtube, enter appointments into my Google Calendar. It knows where I travel, anticipating my daily commute using Google Maps, what I search for in Google Search, the purchases I made with Google Wallet, the games I download to my mobile phone, and even the music I listen to with Google Play Music. As I use their cloud-based service to create and share documents, Google pretty much knows everything I write. I have handed Google all the information it could possibly want - if not for themselves, to sell to others.

Why should we care? Before this course, I was always aware that these "free" programs came with some strings attached, in the form of data collection, but I hadn't paid much attention to the dangers of how the data would be traded with others and used to automate behavior, and how our privacy laws do little to limit access to my information, especially when it comes to access by government agencies.

Information Sharing

Web searches, gps location, calendar appointments, emails, and purchases, when mixed with the abundance of information available on social media sites, including private conversations, family photos, employment information, and details on significant events (births, deaths, marriages) give a far too detailed view of an individual. And companies like Google are strongly incentivized to share this extensive data set with those who are interested in personally identifying users. And, the data collected is not just used for targeted advertising, but also shared with credit card companies, insurance companies, and government agencies for the purpose of surveillance and risk management, raising important privacy concerns.

The information is shared in ways that affect our daily lives, used by companies to make determinations about how we will behave without our knowledge and without an opportunity to challenge these determinations. One example we have seen in this course is that personally identifiable data is shared between banks or credit card companies and insurance firms, who later make assumptions or predictions about their customers' behavior. Even putting aside the clear privacy issue of having personal information shared without consent, there are far too many possibilities for abuses and false positives. An alternative concern is that the lack of an online presence could also hurt me. As a greater online presence has come to be the norm and not the exception, a refusal to provide information online could be regarded as suspicious. Right now, insurance companies and banks are interested in inserting code into Facebook and Twitter to find clues about policyholders or to find promising leads (Economist). What happens if a credit card company or health insurance company decides that a particular individual is actually a higher risk simply because she does not have the kind of online presence that would provide relevant information on her activities?

Government Access to Information

The course has also brought up concerns about how outdated our privacy laws are, which makes our data available to government agencies without the need for a warrant. The government standards for monitoring of internet communications is outlined in the now 26 year-old Electronic Communications Privacy Act of 1986(ECPA). While the ECPA generally regards online communications as private and protected by the Fourth Amendment, requiring the government to obtain a warrant before they can "listen in" or intercept communications, it treats communications stored on the servers of an email service provider for more than 180 days as abandoned property, not subject to the warrant standard. While 26 years ago, emails kept on the service provider's server could arguably be "abandoned", today's online users have a different expectation. The reality is that the way we live our lives now, maintaining all of our messages, calendars, photos, documents, and other very sensitive information, in the "cloud" instead of on our own hard drives, means that the government is no longer bound by the Fourth Amendment and need only ask these service providers for the data.

The courts have been little help, in some cases noting that the third party doctrine, which states that an individual does not have a Fourth Amendment privacy interest in information that they convey to a third party and which that third party later conveys to the government, means we give up our expectation of privacy in the communications we store on these servers. The doctrine extends not only to communications, but also to any documents we store with these companies (see United States v. Miller, 425 U.S. 435 (1976)).

In practice, many online companies, including Facebook, Microsoft, and Google, openly cooperate with government agencies' request for user data. Google seems to be the most transparent, releasing information on the amount of government requests and admitting to complying either fully or partially with over 93% of these government requests in the United States ([http://www.google.com/transparencyreport/userdatarequests/][User Data Requests - Second Half 2011]]). The number of requests not only for user information but for the removal of content has increased steadily in the past few years, raising concerns about how Google (and presumably other online companies monitoring online movements) responds to requests that violate users' rights to privacy and free expression (Google Transparency).

Conclusion

All of this information sharing creates a scary world in which these "free" services are not just collecting information to target advertisements, but also using the information against us, automating our behavior, and making assumptions that we are not able to challenge. In addition, just as a person might vitiate any Fourth Amendment protection to information by making a disclosure or giving up documents to a government informant, even without knowing the person's true identity, keeping our information in the "cloud" makes our service providers "informants" for the government. In order to make a conscious decision about whether or not to use these services, users need to know what kind of information is being collected and to whom it is being sold. At the very least, if assumptions are being made about a user by a bank or insurance company based on online activity or offline purchases, they should be made aware of what information is being used and be given a chance to challenge the assumptions, much in the same way we are able to look into credit reports when denied credit. In addition, until outdated privacy laws related to government access to communications stored information is updated to address the ways in which users actually interact with these services, we should be wary of keeping our lives in the "cloud".

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.