Saturday

July 22nd, 2017

Insight

Privacy is price we pay for always-on internet

 Stephen Carter

By Stephen Carter Bloomberg View

Published April 5, 2017

Info privacy

President Donald Trump signed legislation to overturn Federal Communications Commission rules forbidding internet service providers from selling data they have vacuumed up about the online habits of their customers. Privacy groups are understandably perturbed. But I wonder whether all the brouhaha is just shouting at the horse to come back long after he's left the barn.

Yes, it's a little disturbing that Verizon and AT&T will be able to start behaving like Google and Facebook. But Google and Facebook are already behaving like Google and Facebook. They recognize what we ourselves refuse to see: that we are no longer entirely human.

We may not (yet) be sporting wired implants, but with so much of life spent online, we are increasingly integrated into the digital world. Our smartphones and tablets and computers long ago ceased to be our servants. They are also not our masters. Whether we are at work or at home, in the street or in the car, at school or on vacation, the devices that were once our tools are now our partners and our symbionts. The day has become unimaginable without our ability to connect at leisure.

We march through the world shedding digital information with every step we take. Whether we are browsing online or browsing in a store, our symbionts surround us and embrace us ... and steal from us. We like to call the bits we leave behind "our" data, but the truth is that what we shed in our online travels we also abandon -- if not as a matter of law, then as a matter of practical fact. Most of the time we do little to protect our leavings. We dribble data in our path and never look back, on the cheery assumption that nobody will ever want to examine what we have tossed aside.

For the Internet behemoths -- Facebook and Amazon.com and Alphabet's Google -- the data constitute a treasure-trove. Their business models are built around finding ever more complex methods of mining what we leave behind for information that advertisers will buy to target us, anonymously but effectively. Yes, the algorithms work imperfectly -- all of us have stories of being served ads for products we hate -- but they work.

The giant internet service providers -- Verizon Communications Inc. and AT&T Inc. in particular -- look enviously upon the ability of other tech companies to monetize our digital trails. The ISPs peer greedily into their vaults, packed with data potentially even more detailed than what Google and Facebook collect, and wonder why the companies whose signals ride their fiber optic networks can exploit this vast collection and the owners of the network cannot. In their version of the story, the ISPs try to dip their toes in the water, and a Washington establishment that sits in awe of Google and Facebook reacts with horror and bans them from the beach. With the FCC rules out of the way, it's everybody into the sea.

This isn't the end of privacy. Privacy ended already. The FCC rules about to be cast aside, like many other regulatory and legislative barriers, represented mere fingers in the dike.

Nowadays a Wal-Mart or Nordstrom's might use your mobile phone, connected to the store's Wi-Fi, to follow you around the store, combining browsing habits with buying history to personalize offers that are then sent straight to the phone.

In his fascinating if disturbing book "The Aisles Have Eyes," Joseph Turow sharply criticizes this practice, but also tells us where it came from: the need to compete with Amazon, which with its reams of data about customers can both target ads and price discriminate minute-by-minute.

If the brick-and-mortar stores couldn't find a way to exploit similar technologies, they would be left in the dust even faster. A National Security Agency data center opened three years ago in Utah is estimated to be able to store several exabytes (a quintillion bytes) of data, and although the organization is no longer allowed to store most data on our telephone calls, privacy advocates believe that considerable information about our internet usage might be preserved there. (I am not saying they're right.)

And don't forget the hackers, who do a lot more than occasionally raid the database of a retail shop. Now that it is possible to scan every port on the Internet (the IPv4 space) in mere minutes, any connected device is likely to be attacked. If the device is poorly protected, it will be hacked. Not might be. Will be. Last year, the Atlantic magazine constructed a virtual wireless toaster to see how much time would pass before an attack was launched. The toaster, which mimicked an actual device connected to the IPv4 space, went live at 1:12 p.m. The first hacking attempt came at 1:53 p.m. By midnight the virtual device had been attacked more than 300 times.

And our big privacy worry is that Verizon and AT&T will now be allowed to behave like Google and Facebook?

We lost long ago the battle to be able to protect the data we shed in our wake as we move through the world. The FCC rules were a desperate throw, and, in the long run, perhaps not an important one. It's time we better armed ourselves. We can delete our cookies when we are done browsing, and we can travel mainly to websites using HTTPS rather than HTTP protocols. But experts agree that such measures are only partly helpful. Using "do not track" commands probably doesn't help at all.

Most likely we will see another online civil war, such as the one being fought now between users of ad-blocking software on the one hand, and, on the other, websites that support themselves with advertising income. I expect that we will see more apps like TrackMeNot, which runs in the background in your browser, intermittently sending out random search queries, in an effort to make it harder for anyone who might be tracking you (including your ISP) to assemble accurate personalized information.

In the end we should expect little return from our efforts. We will go on shedding data and others will go on scooping it up. We made the big decision when we chose to live in symbiosis with the internet. Remember your high school biology: In a symbiotic relationship, both parties profit.

Comment by clicking here.

Stephen L. Carter is the William Nelson Cromwell Professor of Law at Yale, where he has taught since 1982. Among his courses are law and religion, the ethics of war, contracts, evidence, and professional responsibility. His most recent book is The Violence of Peace: America’s Wars in the Age of Obama (2011). He is an author and Bloomberg View columnist.

Columnists

Toons

Lifestyles