Privacy and the Internet: Anonymity and New Standards

Art by Grace Sun
Art by Grace Sun

The NSA monitors your emails. The Library of Congress archives your tweets. And a simple Google search can lead to your least favorite prom picture. The Internet is forever, and now your web activity is increasingly public property. The web — that once digital realm of anonymity — is gone, replaced instead by an Internet where every action a user makes leaves a digital footprint. As companies, law enforcement officials and criminals increasingly take advantage of this feature, users are grasping at what is left of their right to privacy.

Americans are seeking to fulfill the desire to regain online anonymity. Users have turned to Snapchat for “private” photo messaging and Yik Yak or Whisper for anonymous Twitter-like text updates. According to a report released last year by Pew Research, 59 percent of Americans believe the Internet should be used with complete anonymity. Yet, the same percentage of those surveyed did not believe that this was possible.

The laws that regulate the use of an individual’s online history in the United States are nebulous and have been criticized for doing little to protect Americans’ modern-day privacy. Included in this set of privacy rules is the 1986 Electronic Communications Privacy Act (ECPA), initially meant as an extension of restrictions on telephone wiretapping. According to the regulations, government agencies can request user data from any company that obtains and stores information online, often with just a subpoena and no form of judicial review. At the time of the law’s passing, most data was stored solely on personal computers in the long term. As services have moved almost completely online, that same data, such as emails or cell phone usage, is now stored on third-party servers, often indefinitely. Because US law states that information you have shared with someone else — including a company online — is no longer private, the government has access to nearly everything that is stored online through third-party servers, even without a warrant or probable cause.

In the first half of 2014, Google’s Transparency Report found that United States law enforcement officials submitted 12,539 user data requests, more than any other country in the world. Of those requests, 84 percent were granted to some degree; in Germany, the country with the second-highest number of requests, only 48 percent were granted.  Although the expedited ease of tracking possible criminal activity may be good for law enforcement, this loose definition of what constitutes “private” weakens interpretations of the Bill of Rights and its overarching right to privacy. It specifically undermines the Fourth Amendment’s “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” Under the broad allowances of the ECPA and other subsequent court rulings — including one last year that determined that cellphone location data is a “business record” and unprotected by the Fourth Amendment — if “papers” are in electronic form, they are as good as up for grabs.

The Pew Research study also found that 66 percent of Americans agree that current privacy laws are insufficient — a belief that holds true across party lines. However, the majority of concerned citizens are more concerned with the possibility of hackers, advertisers and people they know accessing data they’d rather keep under wraps than government abuses.

The laws we currently use to regulate online privacy were enacted in an earlier era of computing, when few people had access to the Internet, and decades before the advent of cloud storage and company servers that handle everything from dating profiles to medical documents.

In 2012, concerns over the ubiquity of search engine use and its capacity to degrade online reputation resulted in the European Union’s declaration of the “right to be forgotten and to erasure”. In 2014, the European Court of Justice decided that Google must give people the option to request removal of links to potentially damaging personal information from its search results. Citing the human “right to privacy,” the Court sided with a Spanish citizen who argued that the top search results under his name, which referred to a debt case that had been resolved years earlier, should be removed by the search engine. According to the ruling, the economic interests of “data processors” like Google do not justify interference with a person’s control over their personal life. Since May 29, Google has evaluated nearly 500,000 URLs, removing about 42 percent of them from search results, the largest number of which have been linked from Facebook.

In the United States, the “right to be forgotten” has occasionally been applied in cases relating to libel or slander, but it often conflicts with the Second Amendment’s right to free speech. The Internet’s commitment to freedom of information further complicates the issue. However, it’s possible to uphold the rights of the individual without veering into the terrain of censorship by using strict standards ensuring that approved requests of removal only target instances where defamation would prove more harmful to the requester than to the public. This could include references to victims of a crime, activity from when the person was a minor or evidence of sealed or expunged criminal records.

Many tech interests also advocate ECPA reform, arguing that it should be updated to match the increased reach of modern technology. An updated ECPA should include consistency across all forms of technology and require an increased legal burden of proof on law enforcement requesting user data. The laws we currently use to regulate online privacy were enacted in an earlier era of computing, when few people  had access to the Internet, and decades before the advent of cloud storage and company servers that handle everything from dating profiles to medical documents.

To be involved in modern American society necessitates a certain degree of digital participation, enough that our online presence is not simply an addition to, but an integral part of our lives. Yet public and private sectors’ neglect of the notion of privacy has come to define our online presences. Today, despite the Internet’s status as a public domain, there is an increasing acceptance that by entering it you relinquish the power to control your own personal information. Such loss of control flips the virtues of openness and freedom afforded by the Internet, turning them into threats of invasion and an endangerment to our ability to lead private lives.