• by Adam L. Penenberg , April 2, 2008

Is there any point in fretting over lack of privacy?

While researching a cover story for Forbes, I hit a snag. I had planned to ask a private detective to investigate me starting with just my byline to see how much he could dig up. As I was pitching the concept at a story meeting, my editor stopped me. "No offense, Adam," he said, "but you're boring. You should investigate someone more interesting, like... the CEO of Kroll Associates" - the big-time detective agency.

This struck me as a bad idea, and I told him so. But he overruled me, as editors tend to do. [Leaving this in against my better judgment. -Ed.] Dutifully, I phoned a corporate spy to float the idea. "Well, you know, you could easily find someone to do that," he said, "but" - and he named someone high up on the magazine's masthead, claiming he possessed pictures of the guy's mistress. "And if I've got 'em, Kroll's got 'em." Just by researching a piece on privacy, I had almost breached someone else's privacy. You should have seen my editor's face when I told him. "Oh my God," he said, spilling his coffee. "We could have gotten fired. Okay, okay, investigate yourself."

Eventually, I lined up a detective who agreed to play ball, and, in less than a week, he upended every notion I had about privacy (or whatever remained of it). Needing only a keyboard and telephone, he uncovered the innermost details of my life - who I called late at night, how much money I had in the bank, my salary, rent, utility bills, credit card statements, unlisted phone number, what stocks I owned, who I wrote checks to. He started by accessing a database that held my Social Security number and date of birth, leveraged this by accessing my credit report, then simply called my bank, money manager, telephone company and long distance carrier posing as me - or someone close to me. It's called pretexting, and although not technically illegal, it was certainly unethical - and, I learned, widespread.

The story caused quite a stir when it came out and was read into the Congressional Record during hearings on privacy. Over the years, I revisited the privacy topic. I penned a feature titled "Welcome to Surveillance Nation" as part of a cover package for Wired right after 9/11, and in Mother Jones I wondered whether Google, "with its insatiable thirst for your personal data, has become the greatest threat to privacy ever known, a vast informational honey pot that attracts hackers, crackers, online thieves and - perhaps most worrisome of all - a government intent on finding convenient ways to spy on its own citizenry." For Slate I looked at the commoditization of privacy - if you want it, you might have to pay for it - and for Fast Company, I lined up a computer security expert to hack Apple's iPhone and turn it into a spy device, which he demonstrated by showing how he could steal e-mail and voicemails, hijack the Web browser, illicitly record conversations and surreptitiously snap pictures.

But after almost a decade of exploring the issue of privacy, I've come to the realization that most Americans simply don't care. Sure, they say they do. A UPI-Zogby International poll from last year found that 85 percent of respondents claimed privacy of their personal information was important to them as consumers, and 91 percent said they were worried about identity theft. In another UPI-Zogby poll, 50 percent of participants expressed concern over the privacy of their medical records. But most aren't concerned enough to do anything about it.

Defining Moments

Source: The Surveillance Camera Players

If privacy is, as Supreme Court Justice Louis Brandeis proposed 80 years ago, "the right to be left alone - the most comprehensive of rights and the right most valued by civilized men," which he included as part of a set of conditions "favorable to the pursuit of happiness" laid down by the founding fathers in the Constitution, how would he view our current surveillance society? Over the course of a day the typical American is caught on camera 200 times - at traffic lights, paying highway tolls, walking their dogs, taking money from ATMs, shopping in convenience stores and a tiny fraction caught committing crimes. Within a 20-block radius of New York University, where I teach, there are over 500 surveillance cameras, which catch me doing everything from buying a falafel, racing past the iconic fountain in Washington Square Park on my way to class, or purchasing Claritin-D - for which I am required to show my driver's license because it contains a common decongestant used to make meth.

If privacy is "the state of being free from unsanctioned intrusion" - that's the American Heritage Dictionary definition - what about the Department of Motor Vehicles, famous for peddling your personal information to anyone who will buy it? Or the credit rating agencies like TransUnion, Equifax and Experian, which profit by selling access to your financial history? Or the most brazen of all, the government, which stiff-armed companies such as AT&T to record your phone calls and sniff your e-mail, all in the name of fighting terrorism?

Or if "privacy is the power to selectively reveal oneself to the world," a view tendered in the essay "A Cypherpunk's Manifesto," what's the deal with Facebook, which makes it nearly impossible for you to erase your profile if you decide you want out? Or Google's Gmail, which keeps carbon copies of all your e-mail correspondence forever, so it can barrage you with more "relevant" ads. Or American Express, which collects the details of billions of customer transactions, weaves them into a model of behavior, and sells this data to junk mailers of all stripes and sizes.

The truth is, the battle over privacy (no matter how you define it) has already been lost. As Sun CEO, Scott McNealy, infamously put it, "You have no privacy. Get over it." He's right. But since we consumers have been complicit in this post-privacy smack down, it's not necessarily bad either. In fact, it could be good, and not just for the corporations who profit from it or for the government that taps into it to control its citizenry.

The Price You Pay

"Information wants to be free" is the hackers' credo. In reality, information has a price - in the form of convenience, cash or security. It's why we shop with credit cards, even though they lead to mailbox-cramming junk mail, and sign up for loyalty cards with Barnes & Noble or CVS' ExtraCare program, which has enrolled 34 million Americans who receive 2 percent back on every purchase and an additional dollar for every two prescriptions they fill in exchange for tracking every purchase. It's the reason we use cell phones when we are out of the office, Global Positioning Services (GPS) when we are on the road, and OnStar for the few who buy gm cars, all of which can pinpoint our location. We still surf the Web, despite our Internet Service Provider (ISP) knowing what sites we visit and how long we stay, and search with Google, which maintains lists of all the terms we've queried - remember that late-night tequila binge and that curiously odd sexual... never mind. None of these are spy technologies, but they might as well be.

Of course, there are the occasional kerfuffles, like Facebook's clumsy implementation of Beacon, its intrusive ad service that shared users' purchases on some 40 Web sites with a network of their friends - not only without their permission, but without their knowledge. A minor rebellion (led by moveon.org) ensued and the company backed off - a little - by apologizing and strengthening the opt-in provisions. But few, if anyone, abandoned Facebook because of it. (And you can be sure Facebook will simply repackage the idea and get its way.)

Donald Kerr, principal deputy director of national intelligence, said in a speech last October that Americans would have to change their view of privacy, which "no longer can mean anonymity," he said. "Instead, it should mean that government and businesses properly safeguard people's private communications and financial information." He added, "Protecting anonymity isn't a fight that can be won" - creepy coming from one of our nation's top spies. No surprise the blogosphere squealed. After all, a staggering 127 million sensitive electronic and paper records were lost or pierced by hackers last year while identity theft runs rampant, affecting one in eight Americans (and growing every year). The idea of the government safeguarding our information is laughable.

Naturally, we can blame technology and the greater interconnectedness of our world, since it replicates our personal information and spews it far and wide in cyberspace, stashing it in far-flung databases outside of our control. We don't just have Big Brother to contend with, we have a series of little brothers - your Googles, DoubleClicks and ISPs, the credit-rating agencies, social networks like MySpace and Facebook and marketers who want to know everything about you. With advanced data-sifting techniques, the rise of massive databases and the permanence of the Web, once your information is out there it can never be taken back - our deepest, darkest secrets instantly available to anyone with the desire and know-how to learn them.

If Eric Schmidt, CEO of Google, can't keep secret his home address, the value of his house, date of birth, net worth, value of Google stock, hobbies, quotes he'd just as soon take back (like "Evil is what Sergey says is evil"), what chance do the rest of us have? With Google Earth you can even view his home and property. (It's amazing what $3 million will get you.) If you recall, in 2005 Google briefly blacklisted CNET because a reporter Googled Schmidt, then published what she found. (Things like he wandered the desert at "Burning Man" and earned $140 million dumping Google stock.) The company didn't like the fact that CNET published the Google CEO's private information, which the reporter found using the company's own product.

Alas, it's easy to find people to gripe about privacy, laying blame at the feet of big business and big government, but what to do about it? Talk to the privacy hawks at the Electronic Privacy Information Center and they'll tell you what the problem is, decrying the actions of the credit agencies, Google and the government, but not how to fix things, other than to offer consumers bromides like "pay with cash where possible," "don't share any personal information with businesses unless it is absolutely necessary," and "choose supermarkets that don't use loyalty cards."

Companies have a powerful profit motive - your information, the more personal the better, is worth billions. The better they know you, your likes and dislikes, the easier it is for them to induce you to buy buy buy and the more money they'll make. The only way to keep your personal information personal is to unplug from the grid - pay with cash, don't surf the Web from home or your job, don't go out in public without a mask, don't drive a car, don't maintain a checking or savings account, don't use a cell phone or PDA, and under no circumstances should you take out a mortgage. Good luck.

Mr. Brightside

Yet this doesn't mean we are heading toward some William Gibsonesque techno-dystopia. Since we can't parry the privacy hounds, we need to embrace the idea of a more transparent world. Realize for all the brouhaha surrounding the issue, there's little tangible harm that arises from your personal information being used to target more relevant advertising at you. Google knows you have a taste for mud wrestling or midget tossing? So what? They're not talking. Facebook told your "friends" you rented a slasher flick from Blockbuster? Big whoop. Yahoo has proof that you've been using Webmail to conduct a hot, tawdry affair? Yahoo is the least of your worries.

Looking on the bright side, the wide dissemination of our personal information - that's the unintended by-product of Web 2.0 - could lead to a more tolerant, less judgmental society. Because shame is generational. My parents' generation didn't talk about their feelings; today you can barely stop people from telling you their life stories. And today's youth, congregating on social networks, share the most intimate aspects of their lives, hewing to an ethos of karmic bulimia. If they don't announce something on Facebook it's like it never happened. And they are shaping the privacy debate as profoundly as the corporations that mine our data, the banks that sell it, the credit agencies that profit from it and the government that vacuums it up.

Because what is blackmail but information arbitrage - exploiting differences in markets for financial gain? Being divorced reflected poorly on you 30 years ago and could even have affected your job status. If you went into rehab you were shunned in some circles. If you came out of the closet as a homosexual you might have ended up a pariah. In 1975, Oliver Sipple became a hero for helping prevent an assassination attempt on President Gerald Ford. In the ensuing media coverage, he was outed as being gay - a secret he had been desperate to keep - and his mother disowned him, he was ridiculed publicly and privately, and moved to sue seven different papers for the breach of privacy. Can you imagine that happening today?

Part of the cultural change over the past three decades is due to the emergence of media as a daily part of our lives, spreading information on how our politicians, athletes, celebrities, friends and neighbors live their lives, often focusing on their foibles (which are usually deemed more newsworthy). Now this process of tolerance is sped up exponentially as we become even more interconnected, because we are all vulnerable to having our secrets shared, and there is little point in pretending to be holier than thou. As people spend more and more time online, their lives become broadcast fodder.

Of course, identity theft is a real threat, but it's not the information that commits the crime. The credit card companies and banks cover most of your losses (passing it on to the merchants). It can be a headache to clean up the mess but usually it's not disastrous. Because banks and credit card companies have a vested interest in preventing fraud, identity theft victims have powerful allies (that profit motive again). Among the ironies here, of course, is that these measures were put in place to protect the public and there are those who feel safer because of them.

It's easy to cry about the loss of our privacy, but what can you do about it realistically? Boycott Google and other search engines? Won't happen. Stop using credit cards and opening bank accounts? Get real. Protest stores and businesses that install surveillance cameras? Fat chance. And you weren't expecting the government to step in, were you?

You might as well look on that bright side. The loss of privacy could mean the opportunity to build a better society. It beats the alternative, because there is no alternative. Sad? Perhaps. But by no means fatal.