WASHINGTON — What can people do to protect their privacy from massive data-mining efforts by U.S. and other intelligence services? The answer is not much, short of going off the grid completely.
Reports in The Washington Post and the Guardian newspapers this week allege that the government has been secretly accessing the phone records of tens of millions of Verizon customers, as well as online videos, emails, photos and other data collected by nine Internet service providers.
Privacy advocates say most consumers long ago swapped privacy for convenience, but few realize the degree to which their digital activities are being tracked.
“We’ve crossed a digital Rubicon here; there’s no going back,” Chester said. “Big data is ruling our lives, and the big question is whether there will be any kind of limits here, protecting our consumer information and our democratic right to privacy.”
Privacy policies for Google, Yahoo! and other Internet service providers explicitly state that the companies collect users’ data, such as names, email addresses, telephone numbers, credit cards, IP addresses, search queries, purchases, time and date of calls, duration of calls and physical locations.
The policies say that companies may use that information to send you targeted advertising or, if necessary, to comply with requests from government authorities.
Apple, Yahoo!, Microsoft, Google and Facebook denied Friday that they give the government direct access to their servers, saying that the companies provide user data only in accordance with the law.
“Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process,” Google’s statement said. “Press reports that suggest that Google is providing open-ended access to our users’ data are false, period.”
People who are disinclined to believe such reassurances – or who just want to keep anyone from reading or listening to their personal communications – can install specialized “end-to-end” encryption software, which must be used by both parties involved in a conversation. It prevents intermediaries like email or instant messaging providers from reading or understanding those conversations, or giving others access to them.
“Privacy advocates have recommended this for a long time, but it’s seen fairly little adoption as a fraction of online communications because it requires a bit more conscious effort by users,” said Seth Schoen, senior staff technologist for the Electronic Frontier Foundation, a San Francisco-based nonprofit.
“Unfortunately, end-to-end encryption is not a default feature of most communications software, though I believe it should be,” Schoen said. “Software developers have often suggested that they don’t implement it because they believe users mostly prefer convenience to security.”
Tools such as encryption provide limited protection, however. Governments can still try to break into your computer to spy on you, and encryption only protects against someone reading a conversation, not from knowing that the conversation took place, who was involved and their locations, Schoen said.
“This kind of information is now being referred to by the government dismissively as ‘metadata,’ but it’s incredibly significant and has major privacy consequences, including allowing mapping of people’s private activities, beliefs, medical problems and intimate relationships,” he said.
Ultimately, the only sure bet is not to use technology at all. Schoen quoted Robert Morris Sr., a computer security expert who worked at NSA for many years: “The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it.”
But 21st century consumers aren’t likely to toss their mobile devices or swear off Internet access in order to preserve their privacy. One in three consumers would rather give up TV than their smart phones, according to a 2012 survey by Google/Ipsos OTX MediaCT.
People should be able to use new technologies without giving up their rights, said Chris Calabrese, legislative counsel for American Civil Liberties Union in Washington.
“These tools are the way we live our lives now, and we shouldn’t have to give up our electronic rights in order to enjoy them,” Calabrese said.
Even if consumers do take the time to read the fine print in Internet companies’ privacy policies, most don’t expect that spies will be peering at their every move when they sign on, he said.
“Most of us understand that to be the police come with a warrant or a subpoena,” he said. “It’s a particular person, a particular order, a particular investigation, not that everything in the system is an open book.”
The problem is that electronic communication privacy laws are woefully out of date, he said. They haven’t been updated since 1986.
The ACLU also supports a bill to create a “Do Not Track” option online that would require consumers to give explicit permission before their personal information could be collected by websites or apps. Such legislation has stalled in Congress for years.
Rather than retreating to a cabin in the wilderness, swearing off smart phones and saving up for encryption software, consumers can protect their privacy through old-fashioned political action, Calabrese said.
“Sometimes the simple and the old answer is the best one: Call your congressman,” he said. “You’re a citizen, not just a consumer. If you think what the government is doing is wrong, let the government know.”