| & |
by Peter Goodspeed, [email protected]A profile of your personal habits is being assembled. Every time you turn on your cellphone, visit a Web site, or use a credit or debit card, you leave a personal information trail. This trend has privacy advocates worried.
 Data collected while you go about your daily business can include your health, credit, marital, educational, and employment histories ... |
 ... your banking history ... |
 ... lists of people you talk to on the telephone and the length of the calls ... |
 ... credit card purchases, and e-mail messages. |
As the world rushes into the heady new era of e-commerce and surfs a tidal wave of information stored on the Internet, the traditional notions of personal privacy are being radically transformed and life is becoming virtually transparent: Your deepest secrets are just a click away from becoming very public.
Every day, in countless unobtrusive ways, you trade little bits of personal information for something perceived as a benefit or a mere convenience.
"There used to be a famous cartoon that claimed: 'On the Internet, no one knows you are a dog,' " chuckles Austin Hill, the Montreal-based founder and president of Zero-Knowledge, a privacy software manufacturer.
"But that's no longer true. Today, on the Internet, people know you are a dog, what kind of dog, what fire hydrants you frequent, and what kind of dog food you like."
The comfortable sense of anonymity that used to pervade the Internet has been obliterated.
Technology now makes it possible for online businesses and advertisers to monitor and record your daily voyages into cyberspace, frequently without your knowledge or consent.
Data routinely collected about you and stored at various sites on the Internet and in huge, privately owned, databanks, include your health, credit, marital, educational, and employment histories; lists of people you talk to on the telephone along with their phone numbers and the time and length of the calls; your banking history, credit card purchases, e-mail messages, video rental preferences, drugs and medications you take, and anything you may have borrowed from the local public library.
Any electronic message you have ever sent out on the Internet to a newsgroup or chatroom is publicly archived and is likely to remain there forever.
But it doesn't stop at the computer.
In nearly every aspect of your personal life, you leave a huge information trail and data retrieval companies are sifting through it all, storing their findings for possible future use.
Your movements are tracked whenever your cellphone is turned on. And whenever you use an Air Miles card, you are allowing strangers to find out what, when and how much you buy.
"People don't understand how their personal information is being used", says Colin Bennet, a privacy expert and political science professor from the University of Victoria. "There is a general sense that their privacy is being invaded by a whole range of technological and institutional forces over which they have no control.
"New technologies and recent trends in business and politics have transformed the privacy protection landscape", Prof. Bennet says. "The solutions of the past are insufficient to protect citizens from invasions that know no borders. Privacy protection is becoming big news all over the world."
The increasing sophistication of information technology with its ability to collect, analyze, and distribute data on individuals in mere milliseconds has injected a sense of urgency into demands for new laws to protect privacy.
That compulsion has driven Canada's House of Commons to enact legislation regulating how the private sector collects, shares, and distributes personal information.
Bill C-6, an act to promote electronic commerce by protecting personal information, is the country's first major piece of new privacy legislation in 17 years and the first federal law to regulate how the private sector deals with personal information.
Gradually, over the next three years, the law will apply to all firms involved in collecting, using, or disclosing personal information, forcing them to obtain consent before harvesting or using personal data.
Canadians will also have the right to check the accuracy of information being held and the right to take any complaints to a federal privacy commissioner.
The legislation is widely hailed by privacy advocates who have campaigned for years against the indiscriminate and secretive practices of marketing companies who have been developing massive personal profiles on consumers.
"We have a fundamental objection to the assembling of profiles about people without their knowledge or consent", says Jason Catlett, president of Junkbusters, a New Jersey-based privacy group that campaigns against all forms of unsolicited commercial communications.
"If a company is storing information about you, you should be able to see it and to stop it, if you want to."
But despite Canada's new law, chances are much of your personal information has already leaked into cyberspace.
The very technologies that have facilitated our everyday existence have also created a new set of vulnerabilities where strangers can rummage through our lives.
"It's a safe bet that 99.9% of all Internet users have been profiled at one time or another. Now the question is what is in those profiles, and how deep those profiles go", says Mr. Hill of Zero-Knowledge.
"If I told somebody that in their profile was their sexual orientation, their job interests, and their health-care issues, I think everyone would be very concerned and upset. If you told that same person you know they like football over baseball and that they really like Mercedes Benz cars, they might not be really upset", he says.
"One of the biggest problems right now is that no one can really find out what kind of profiles are out there."
The biggest threat to privacy on the Internet comes from "cookies" -- small bits of electronic data that Internet Web sites place on the computers of everyone who visits their pages.
Every time a computer user enters a Web page, the server holding that page logs the visitor's Internet address along with the time and date of visit. The site then plants a cookie on the visiting computer, notes what site he came from when he entered, what pages he visits in the Web site and what, if any, transactions the visitor performs while there. Finally, the cookie will record where the visitor goes after leaving the Web site.
In addition to planting cookies, some individual Web sites may ask visitors for their name, address, and other personal details before allowing further access to the site.
Online marketers value the data dredged up by these surveillance methods, and view them as the key to successfully tapping into an electronic market that is estimated to top $11.5-billion (US) by 2003.
Cookies also benefit computer users, who can store passwords for various Web sites on their own computers, rather than repeatedly signing in every time the sites are entered.
Cookies also allow users to order customized content, like stock quotes, weather reports, or special categories of news reports, when entering a personalized home page.
But the reality is that every little bit of data surrendered on the Internet can ultimately turn into a massive invasion of privacy.
What you do online can reveal a great deal about yourself -- your interests and opinions, how you spend your money and where you like to spend your time. And when data mining companies comb through your Internet surfing data -- something they can do by simply matching a cookie to an e-mail address -- they can build a massive profile for each visitor.
Technology has advanced to the stage where these profiles can be retrieved instantly to enable companies to tailor individual ads aimed at your interests each time you enter a Web site.
In the past, companies building such consumer profiles claimed their databases did not include personal identifying information, but instead relied on unique identification numbers embedded within a cookie on each visitor's computer.
Lately, a series of business mergers within the marketing industry have created a situation where a handful of companies now find themselves controlling several databases containing massive amounts of information on individual consumers.
Most recently, DoubleClick, an American Internet ad service that places banner advertisements on thousands of Web sites, created a storm of controversy when it announced it was abandoning its policy of anonymous monitoring to specifically target individual computer users with specialty ads.
DoubleClick, which already had profiles on more than 100 million Internet users, decided it could combine those files with the databanks of Abacus Direct, another marketing firm it had just acquired. The combination would allow DoubleClick to pitch tailor-made ads your way on the Internet, knowing your name, your address, what you buy, and where you surf the Internet.
Amid a storm of public outrage and a flurry of invasion of privacy lawsuits, the company quickly abandoned its plan.
Still, there's nothing to stop other companies from quietly doing the same thing and that may play directly into a growing public apathy about the loss of privacy to new technology.
"When people use their e-mail or their cellphones or their pager, they have a science fiction view about how they can so easily be put under surveillance", says David Jones, a computer science professor at McMaster University in Hamilton, Ont., and president of Electronic Frontier Canada. "Rather than become concerned and motivated to take steps to protect their privacy, they become resigned. 'It's too late', they say, and give up", he says.
"That's the lazy way to deal with a complicated problem. Saying 'It's too late', means they don't have to do anything about it."
And people are willing to give up their privacy for remarkably little.
At least 60% of Canadian households have at least one Air Miles card and participate in programs where they obtain travel discounts in exchange for allowing a database company to document their consumer history, Prof. Jones says.
"Most reasonable, educated adults know your purchase information is being recorded and sold", he says.
"But one of the reasons there is so much tolerance for these kinds of intrusions is that it is not in your face. If somebody handed you a printout and said these are all your purchases for the last calendar year, you'd say 'God, they know what shaving foam I use, they know what I eat for breakfast.' If someone phoned you and told you those things, you'd be terrified. But when they are hiding it in the background, no one worries."
Privacy advocates fear the cutting edge of new technologies are shredding our privacy even further. New software surveillance programs have been developed to steal a computer user's encryption codes or any other data intended to protect privacy.
Once implanted on a computer, the new stealth programs, usually attached to an e-mail message, can monitor a computer's keystrokes and transmit them to another computer conducting the surveillance.
In another twist, some computer experts insist they have found evidence that Microsoft may have built a secret "back door" into its Windows operating systems to enable the National Security Agency (NSA), the U.S.'s chief electronic spy agency, to read encrypted information.
Microsoft vehemently denies the accusation, but last August, Andrew Fernandes, a Canadian computer code specialist, claimed he found a mysterious security key labelled "NSAKEY" embedded in the Microsoft software that exists in all recent versions of the Windows operating systems.
In yet another privacy scare, U.S. and British police have requested official authorization to establish permanent monitoring sites on the Internet enabling them to intercept and analyze e-mail and regular Internet traffic in a modern form of wiretapping.
The move has caused alarm among human rights groups, but it has already been matched in Russia by the Federal Security Service's demand that Internet service providers give them a "black box" and high-speed links that let them monitor Internet traffic.
In China, the government has also introduced new regulations restricting the use of the Internet, censoring the content available to Web surfers and implementing new monitoring measures.
"We're literally on the edge of a revolution", says Stephanie Perrin, former director of privacy policy for Industry Canada and now an executive at Zero-Knowledge.
"We are now at a point in time where there is so much transactional information being generated and collected, massaged and used as never before", she says.
"For 20 years, we talked about the arrival of the information age and the Information Revolution. But I don't think anybody could imagine or conceptualize what is happening now. It's just exploding."