Peering Through an Open Window: The Evolution of Privacy and Its Infringement

By Kristen Beaumonte

Hacker 4031973 640

Image by pixel2013 from Pixabay

Companion Material

Essay Prompt

Doors lock to provide privacy to whoever is inside. Without a key, it should be impossible to see what's on the other side unless you are actually let in. However, sometimes people peer through windows to invade the privacy the locked door seems to protect. This is how today's media works. Online corporations constantly monitor consumer behavior, often without their knowledge, spying on activity while their doors are locked. When information privacy first became a concept, a locked door was all it took to protect people because technology was not advanced enough to reach a window, but as the digital age dawned, this window became ever more accessible. Misled by privacy policies and a false sense of security, most people failed to pull their blinds down, so privacy infringement became common, though undetected, until people were urged to turn around and see those spying on them through their window. Some may say that it is not important for this type of surveillance to be stopped because of its seemingly harmless nature, but privacy of information is indeed critical to the sense of public security because it provides a basis of social trust that prevents people from being harmed via their online presence. Therefore, as technology develops in ways that make privacy easier to breach, the basic laws that protect against infringement must evolve as well so as to prevent wrongdoings that jeopardize public security and damage the framework of an otherwise moral society.

First, in order to understand the intricacies of privacy in the modern world, it is important to look into the past and start at the origin of privacy regulation in the United States. It is upon these timeworn precepts that current privacy laws are built, so without this background knowledge, it is impossible to truly grasp what is occurring today. The beginnings of media privacy came about nearly a century after the birth of the United States. At the conception of the American Constitution, the protection of privacy was less necessary because the technology of the time did not allow for people's lives to be unknowingly observed, but as time progressed the need for privacy laws became evident. During its first century, America thrived without privacy protection as people's lives and information were their own and primarily known by those close to them. However, just before the close of the nineteenth century, the instantaneous photograph was developed, making it possible for a picture to be taken of an unassuming citizen and published in print the next day.[1] While in modern times this new technology seems menial, it was the the country's first encounter with public access to one's private life. So, two men, Supreme Court Justice Louis Brandeis and attorney Samuel Warren, began the fight against surveillance.[2] On December 15, 1890, they published the article, "The Right to Privacy" in the Harvard Law Review, claiming that instantaneous photographs had "invaded the sacred precincts of private and domestic lives" fulfilling the people's fear that "what is whispered in the closet shall be proclaimed from the house tops." [3] Brandeis and Warren make clear that these new images coupled with the "personal gossip" of people's lives would "result in a lowering of social standards and morality."[4] In short, they believed that if there were no consequences for gossip or defamation of character, America would descend into a slanderous and malignant society. Therefore, Brandeis and Warren argue that a legal concept that protects one's right "to be let alone" and shields against "injury of feelings" is just as important as the laws that protect one's body from injury and property from theft.[5] The ideas presented by Brandeis and Warren in "The Right to Privacy" over 100 years ago provided the basis on which our modern laws of privacy were built.

Throughout the next century, privacy regulations based upon Brandeis' and Warren's proposal proved adequate in protecting the rights of United States citizens, but with major technological advancement on the horizon, it was necessary for adaptations to be made. These adjustments specifically regarded the younger people that were becoming more ingrained in the online world, unwittingly putting themselves at risk of privacy breaches as the internet became more accessible at the turn of the twenty-first century. Therefore, in 1998, the Children's Online Privacy Protection Act, COPPA, was put into effect, essentially forcing online sites to "get verifiable consent from a parent or guardian before collecting personal information from children."[6] According to the Federal Trade Commission, FTC, which act as the country's consumer protection agency, under COPPA parents are given authority over the information that their children can disclose to online strangers.[7] This not only provides extra precautions to protect kids from mistakenly divulging information to internet predators, but more generally, it also emphasizes the internet's role in the ease of consumer data collection. Clearly, COPPA was primarily intended to shield children from accidentally revealing private information, but it also indicated the struggle between the internet and privacy that was approaching.

After the initial implementation of privacy protection for both the general population and children, most people rightly believed that their personal information was secure, but as time and technology further progressed, the laws they so trusted became insufficient and cracked open the door to a privacy breach. In the past, privacy drew a clear line between observation and identification, defining the former as an inevitable effect of going out in public and the latter as an intrusion on the life of a specific individual. In short, privacy laws made the distinction that "we consent to be observed constantly; we rarely consent to be identified."[8] However, with the advent of new tracking technologies that allow for "sustained monitoring," this once clear line has become blurred; these recent developments are transforming observation of people in the public internet marketplace into the identification of these individuals by name, age, and even credit card information. Therefore, companies like Google are taking advantage of the lack of regulations regarding this gray area.[9] Because it profits mainly from advertisements, Google has begun to use customer data as a means to keep paying advertisers satisfied with the success of their campaigns. Specifically, on May 23, 2017, Google formally announced that it is collecting data regarding the credit card behavior of its consumers via their activity on applications like YouTube, Gmail, and Google Maps. This information is then connected to the online promotions shown to consumers as proof that Google is successfully providing the advertisers the marketing service for which they paid.[10] All of this data collection is possible due to the recent availability of sustained monitoring technology, which is not only able to track the online activity of an unassuming internet user, but also has not been made illegal. Clearly, it is essential for privacy laws to evolve over time to encompass new developments that put people at risk of identification to which they do not actively consent.

Despite the prevalence of this tracking, the public has remained startlingly blasé about their situation, which is incredibly risky because, for privacy, ignorance is not bliss. For example, after Google made public its use of customer data, it seems that individuals should have turned against the company, but because the public views development in a positive manner, that is not the case. Most modern Americans have come to accept that "the integration of online and offline identities" is unavoidable and even sometimes a positive part of life, so individuals often fail to differ between sharing personal information face to face and through a screen.[11] It may even be argued that consumers are not acting in this manner because of ignorance but instead because they are willing to sacrifice security for the ease that comes with online shopping, banking, and communication. However, in this compromise, the sacrifice is far greater than the gain. Blind trust in online interactions, no matter the motive of the consumer, puts private information at risk, a danger with repercussions far worse than traveling to a brick and mortar store.

This trust is built off of the false sense of security given to consumers by privacy policies, which seemingly protect consumer privacy but are often times misleading. It is commonly thought that privacy policies are blanket statements that essentially ensure that the application in use will not share the personal information of the consumer. However, there is one small but significant caveat in this assumed definition. Instead of confirming information security, privacy policies usually "explain how companies will use your information - because they are using it."[12] Therefore, while it may at first seem that this miscommunication is rooted in the misreading of the policies themselves, the incorrect definition is actually based on the misinterpretation of the term "privacy policy," which in turn keeps people from reading the policies at at all.[13] This confusion was exemplified in 2010, when Facebook, a site that encourages users to post updates about their personal lives, amended its privacy policy to make customer information less secure with little backlash. After being called out in The Wall Street Journal for sharing consumer data with advertisers without the proper consent, executives edited their privacy policy to gain just that.[14] A few savvy Facebook users noticed this change and planned to boycott the site, but they were undermined by the millions of others who "did not protest and simply continued using Facebook."[15] Of course, it is easier to simply agree to policy changes than to read them through, especially if a user has no intention of leaving Facebook, but the flagrant indifference of Facebook users to a policy change that endangered their personal information indicates a dangerous trust that everything on media is secure, which makes them incredibly susceptible to privacy infringement.

Inevitably, this nonchalance about privacy was going to be destroyed because media inched ever closer to the fine line between what was subtle enough to be acceptable and what was an obvious, gross violation of privacy. It was Facebook that finally crossed this line, shattering the facade of privacy security for even the most ignorant of consumers when it was rightly accused of leaking customer information to aid in the targeting of political campaigns. While the scandal was not uncovered until March of 2018, the data of over 50 million Facebook users was compromised and obtained by Cambridge Analytica in 2016 to distribute targeted election propaganda for the Trump campaign through the Facebook platform.[16] Cambridge Analytica, a data processing company, was able to determine which types of political messages to send to different people using data that should have been concealed from them according to Facebook's privacy policy. In an interview with CNN, Facebook CEO Mark Zuckerberg apologizes for this breach, revealing that developers like Aleksandr Kogan, who were given access to exorbitant amounts of consumer information, were the unknown bridge between Facebook's protected data and Cambridge Analytica.[17] However, Zuckerberg is doing more than just apologizing for the corruptness of a few of his employees. He is rightly taking responsibility for developers' unrestricted access to secure data and launching an investigation of every application associated with Facebook.[18] Even so, trust in Facebook has plummeted, as users are finally realizing how at risk their private information is. Obviously, the Facebook data scandal was corrupt and a major breach of privacy, but it also brought to light the harsh realities of online security and the need for better privacy regulations.

Even with the prominence of this scandal, smaller scale infringements were still going unnoticed as the public continued to turn a blind eye towards most privacy breaches. In fact, the Cambridge Analytica scandal was only part of Facebook's recent privacy wrongdoings as the company has also been accused of breaching COPPA with their new application, Messenger Kids. According to Jim Graves, staff attorney and teaching fellow at Georgetown's law center, this new platform, which is intended to allow children ages five to thirteen to contact their friends, "blatantly violates COPPA's protections for children's privacy by collecting children's personal information without informed, verifiable parental consent."[19] While this infringement of COPPA is not a major scandal in its own right and can be easily resolved by amending the access of the app to youth, its timing with regard to the Cambridge Analytica misconduct has labeled Facebook as even more untrustworthy, for children and adults alike, which should cause people to further question the success of privacy laws.

Clearly, privacy infringement is becoming a prevalent issue of the digital age, so in order to determine the next steps to take, it is critical to understand how privacy is currently evolving. For the individual consumer, protecting oneself is paramount, and the best "general advice given is 'user be aware,' don't over-disclose, and use the highest privacy settings possible in all contexts."[20] However, even with these precautionary measures, it remains necessary to champion more comprehensive privacy laws for media sites to follow. It is not surprising to learn that it is nearly impossible to remain anonymous when using media because of the interconnectivity of everything online, so attempting to completely ban the collection of data is fruitless.[21] Therefore, regulations on what companies are able to do with the information they gather are critical because without them consumers might shy away from participating in the electronic society, which constitutes a large portion of the nation's commerce, governance, and even public services.[22] In today's world, it is the distribution of consumer data that must be controlled because it is the action of buying and selling people's identities that is at the core of current privacy issues.

Undoubtedly, monitoring information dispersal is difficult due to the many layers of the online marketplace, but there are several paths the United States can follow to stem this unacceptable flow of private data. One option is to follow the example of the European Union, which has instituted the General Data Protection Regulation, G.D.P.R., a law that requires media sites to disclose what exactly they plan to use gathered information for. Under this regulation, if the intended data usage is not within one of six acceptable use categories, information cannot be collected without legal consequences.[23] These categories essentially ban the accumulation of data as a means to target the the consumer in any way, including advertisements, junk mail, and even hacking.[24] In fact, though laws like this have yet to be seen in the United States, big corporations are anticipating a shift towards these types of policies as a means to appease the general public concern for its privacy.[25] In anticipation of these laws, companies are working on changing their policies by implementing privacy measures in six distinct stages: development, planning, assessment, implementation, measurement and sustainability, and response.:[26] Clearly, as privacy is evolving, media corporations are expected to change along with it and adapt themselves to new customer expectations by carefully preparing for regulations that will better safeguard people's data.

Over the years, privacy laws have changed slowly, allowing technological advancements to far outpace them. This lag has left ample room for security breaches, like those of Google and Facebook, which affect consumers of all ages. Though people are indeed beginning to shed their blissful ignorance and protect themselves by using strong privacy settings and securing their accounts, many are starting to realize the necessity of a regulation like G.D.P.R.. Still, we must go further. While some may say that habitual breaches in privacy are the price paid for the ease of an online lifestyle, in truly understanding the costs of these infringements, it becomes clear that, for most, the price is far greater than the benefit. Not only could your inbox be inundated with junk mail and advertisements, but you could also jeopardize your physical safety and even your identity. As more people have begun to realize that their curtains must be closed and those peering through windows must be stopped, the movement for better privacy regulations has begun, and to ensure its success media users must come together and push for change. So, if you've ever joined a media site and given it your name, you too should join the fight to keep your life from becoming just another piece of manipulated data.