Privacy advocates were aghast when President Trump signed a bill on April 3 that overturned restrictions on data sharing by internet service providers (ISPs).
But to paraphrase Shakespeare, methinks they protest too much. The fact is, unless you take precautions, you already have exactly zero privacy online. Your online data is there for the taking by the likes of Google, Facebook… and the NSA (National Security Agency). And thanks to the new law, by ISPs such as Verizon and AT&T as well.
The rules Congress overturned were passed by the Federal Communications Commission (FCC) last fall. They would have required ISPs to obtain explicit consent from consumers to share sensitive data, such as financial or health information or browsing history. But the rules applied only to ISPs. They didn’t cover massive data collectors and aggregators like Google or Facebook. Or for that matter, the NSA.
That’s one reason I think the self-appointed privacy advocates are overreacting. And if enacted, the proposed rules would have given consumers a completely false sense of security.
Let’s start with the NSA. For at least the last decade, the world’s largest intelligence agency has been vacuuming enormous quantities of data from cyberspace. Your email records, browsing history, and just about everything else you do online is fair game. The quantity of data the NSA has accumulated is so massive that it has been forced to construct enormous data centers to store it in. The first one – in Utah – is a million square feet in size.
Perhaps you’re not concerned – or are even reassured – that the NSA is keeping a close watch over cyberspace to monitor terrorists and other malfeasants. But even if you’re in this category, there are legitimate reasons to protect your privacy online.
Hackers are the biggest threat. As I noted in this post, hackers have developed increasingly sophisticated tools to steal money from your financial accounts. But it’s much more common for a hacker to monitor a Wi-Fi access point and steal your login credentials to gain access.
If hackers steal money out of your US account, in most cases, you’re not liable for the loss. But that protection applies only to personal accounts. Business accounts, which often have much higher account balances, have much weaker legal protection.
But maybe you don’t worry about hackers either. Even then, though, you should be concerned about what Google, Facebook, and other companies do with your online data.
Let’s say you visit the doctor one day. He discovers something suspicious and takes a biopsy. A few days later, he tells you that you’ve been diagnosed with cancer.
Naturally, you’re horrified by the news. You decide to take matters into your own hands and conduct some online research into cancer. But once you press the ENTER key on Google or a similar search engine, you’ll be far from the only one who knows what you’re searching for.
Research conducted by Tim Libert, a Ph.D. candidate at the University of Pennsylvania, found that 90% of search results for common disease names were disclosed to hidden parties. Many are advertisers like you see on Google and Facebook. But lurking on these pages are links to “data aggregators” whose business model is to sell your personal information to the highest bidder. For instance, if you’re so inclined, you can buy lists of people who have been raped or suffer from AIDS – or cancer.
Federal law requires that certain types of data – such as medical information – be anonymized before it’s sold. But there are numerous techniques available to de-anonymize it. For instance, it’s possible to use your group memberships on Facebook or other social networks to uniquely identify you. A data broker holding databases of several companies might be able to de-anonymize the anonymized data it purchases.
Returning to our example of an online search for cancer, the most obvious threat would be your health insurance carrier to canceling your coverage if it learns of your diagnosis. But this practice is illegal, at least for now.
On the other hand, people who run up big medical bills – say, to obtain treatment for cancer – may find themselves in financial distress. And they could find themselves with a lower credit rating. Credit bureaus have an enormous incentive to determine credit risk by acquiring data from whatever source is legally available.
So how do you to protect yourself? In my case, I take the following precautions, among others:
-
Private browsing. I use Mozilla Firefox as a browser and put it in “Private Browsing” mode. This prevents it from saving visited pages, searches, cookies, or temporary files – all grist for the likes of Facebook, Google Analytics, etc.
-
Defeat tracking. As an add-on to Firefox, I use a plug-in called “NoScript.” Among other capabilities, this program identifies all the web sites that are secretly tracking me and allows me to block none, some, or all of them.
-
Virtual private network (VPN). To prevent hackers from stealing my login credentials, I use a VPN. This software constructs an encrypted data channel between my computer or smartphone and the internet so that my data stream can’t be monitored. As a bonus, it prevents the kind of ISP spying Congress just authorized. The VPN we use at The Nestmann Group is Cryptohippie.
-
Private email. Hackers routinely penetrate domestic email services. Last December, for instance, Yahoo disclosed that hackers had stolen login credentials of nearly one billion accounts. Here at The Nestmann Group, we protect ourselves from these sorts of incursions by using Thunderbird as our email client and the Enigmail plug-in to encrypt our messages. Even if someone manages to hack into our servers in Switzerland, all they’ll find there is encrypted gibberish.
Congress has proven it has exactly zero interest in protecting your online privacy. If you want to protect it, you’ll need to act on your own. Right now would be a good time to start.
