By Connie Ogle
How many times did you go online today? Did you update your Facebook status? Do a web search? Order a new pair of shoes?
If you did, author Lori Andrews warns, someone has invaded your privacy.
Andrews, a law professor and director of the Institute for Science, Law and Technology at the Illinois Institute of Technology, tackles the question of privacy and the Internet in her new book I Know Who You Are and I Saw What You Did (Free Press, $26).
She’ll talk about her unnerving findings Saturday at Miami Book Fair International. Among the alarming revelations (and there are many): Data aggregators not only sell your information to advertisers but also make it available to other parties, where it can be used against you by a prospective employer, a credit card company, a stalker — or in a court of law.
“I think people realize if they put a drunken photo on Facebook it might hurt their chances with employers, but people may not realize searches on private emails can be used to make judgments,” Andrews says. “If over Gmail I say to my sister, ‘I’m thinking about getting a divorce,’ I could be offered less-good credit cards because people going through a divorce are less likely to pay their credit card bills. Google a medication for a friend or elderly relative, and people think you’ve got the disease. I write mysteries, so I’ve Googled the ingredients of date rape drugs! There are whole criminal cases built on Google searches. People get prosecuted.”
Andrews cites many such cases, all of them deeply troubling (including one in which a Pennsylvania school system sent home laptops with students and neglected to mention the computers had built-in cameras for surveillance that shot more than 50,000 photos inside the users’ homes). Her solution? Adopting a Social Network Constitution, a sample of which she includes in the book (you can also see it at www.socialnetworkconstitution.com).
“We need a private sphere outside public life,” Andrews says. “It’s how we build relationships, how we parcel out information. If I’m in a job where I might be discriminated against for certain beliefs, I get to keep those beliefs private.”
Q. How widespread is the problem of third parties viewing our data?
Seventy-five percent of employers require Human Resources to look at people’s online presence. A third turn people down because they see a picture of the person with a glass of alcohol in their hand, even though they’re adults and just drinking a glass of wine. Women who have a sexy picture on Facebook or MySpace have been denied custody of their children. The IRS is looking at whether you have expensive items on your Facebook page. … Doctors can’t blab about your privileged medical facts, but now third parties get around that by discriminating against you based on information from the web. Employers are asking for Facebook passwords. … since I’m a writer — I’ve written 14 books — I love Dictionary.com. But Dictionary.com puts 233 tracking mechanisms on your computer to follow wherever you go on the web.
Q. You write in the book that third parties can easily misinterpret the information they get from web searches and social network pages. How?
Organizations are telling life insurance companies, ‘Don’t get a blood or urine test; that’s costly. Look at the person’s social network page.’ If someone is an avid reader the notion is they’re too sedentary. But people read on a treadmill! Actual research shows that people who read a lot are less likely to get Alzheimer’s. There are important health benefits to reading. They also deny life insurance to people whose friends are skydivers. Why? Because they say, “behavior is contagious.” I have a friend who loves Harley Davidsons. I buy Harley shirts online as gifts. It doesn’t mean I ride a motorcycle!
Q. Why do judges treat Internet privacy cases so differently from other invasion of privacy cases?
I think what happened is that judges made a wrong decision early on. They said as long as Facebook or a website you’re visiting gives consent to take your personal data you don’t have to be asked for permission. I think that’s completely wrong. They misinterpreted the law. They should’ve protected privacy. Privacy is a fundamental value under our Constitution. Websites say, ‘You agreed to give it up.’ But is it likely we’d allow Facebook to say, ‘To use us you have to give up your right to vote or to have children’? What I’m trying to do is get our online rights in tune with the rights we have offline.
Q. What’s the best way to protect ourselves online?
I’m in favor of an “opt-in” solution: They can’t do anything unless I actually request it. We could push for something like the Fair Credit Reporting Act. If I’m denied credit I’m entitled to know the reason and to correct inaccurate information. We should have these rights here, too. … What astonished me doing research for this book was that with new technologies people initially said privacy was dead. But the courts have started to expand our privacy rights. The Federal Trade Commission is considering a “do not track” list sort of like the “do not call” list. Under that data aggregators can’t secretly follow you across the web unless you say it’s OK. It’s up to you to decide. … There’s also an interesting move in Congress to protect minors from data being used against them, to protect kids when they reach the age of 18 so their lives won’t be over just because they liked a violent video when they were 14. When that gets passed, you’ll see adults say, “Why don’t I have the same right?”