On March 23, Congress repealed something that had not been implemented. And everyone lost their minds because they’re being told that they will lose something they never had in the first place — internet privacy.
This is a subject that is rife with partisan politics, misinformation, irrational fear, and constitutional implications. I’ve had a few friends ask me about this topic, so I’m writing this article as a single place to share what I believe are some non-partisan, accurate, dispassionate information about the security and privacy of your personal data.
Here’s the TL;DR (Too Long; Didn’t Read) summary:
- Nothing is changing. This vote repeals protections that had not yet been implemented. It’s business as usual but you wouldn’t know it from the media headlines designed to agitate you.
- Some things need to change. There are plenty of things that need to change in order to protect our digital data.
- This is nothing new. Credit card companies have been selling your (very personal) purchase history for 50 years. Once again, the media want you to believe this is unprecedented and apocalyptic.
- Marketers are pretty harmless. All good marketers (and most bad ones) desperately want to leave you alone if you’re not a good prospect.
- The government isn’t. The most common explanation for this vote is that it’s crony capitalism. I’m sure that’s part of it. But I think it’s more about the data itself. The intelligence community doesn’t want this gold mine to close down.
- You can fix it. If you don’t want your online history available to marketers like me or to [insert name of any POTUS you think is evil incarnate], there are steps you can take to shield yourself.
So What Hasn’t Changed?
Congress voted to repeal FCC rules that would require internet service providers (ISPs) like Comcast or AT&T to get your permission before collecting and sharing electronic data about you. This data can include websites you visited, phrases you searched, software you’re using, etc. They can use this data to show you ads and/or sell it to advertisers.
These rules were scheduled to go into effect later this year. That means that nothing is going to change. ISPs were already doing this and will continue to do so.
What has changed is that Congress is trying to prevent such rules from being passed in the future.
What Should Change?
If you don’t like Facebook’s privacy policy or Google’s terms of service, theoretically you can choose not use their service. However, you likely only have one choice for internet service. That makes this situation a little different.
Here’s what internet security expert Bruce Schneier has to say about the risk:
What can telecom companies do with this newly granted power to spy on everything you’re doing? Of course they can sell your data to marketers — and the inevitable criminals and foreign governments who also line up to buy it. But they can do more creepy things as well.
They can snoop through your traffic and insert their own ads. They can deploy systems that remove encryption so they can better eavesdrop. They can redirect your searches to other sites. They can install surveillance software on your computers and phones. None of these are hypothetical.
I think it’s disingenuous for Bruce to call this “newly granted power.” Just a few sentences later he contradicts himself saying that these are all things ISPs have done before. But he continues with this warning, which I think is at the root of the problem:
And, of course, governments worldwide will have access to these powers. And all of that data will be at risk of hacking, either by criminals and other governments.
Governments and criminals are arguably redundant. Nevertheless, I believe these are the bigger threats. I’ll talk a little more about how this data is used by marketers in a bit.
This Is Nothing New
Very few people are aware of the fact that banks and credit card companies have been selling their very personal purchase history to marketers for decades. About five years ago, they began selling it to online marketers. Your purchasing patterns can be used to determine when you’re pregnant, fighting off a cold, in the market for a new home, shopping for car insurance, etc. In many cases, this information is kept permanently and it’s for sale.
Many would argue that this is new because of the quantity of data, the scale, and the security risk. Those are fair arguments and they’re the ones I would like to focus on.
Marketers Are Pretty Harmless
We marketers get a bad rap, I think. Here are a few absolute truths about online marketing many people don’t consider:
- We want to give you stuff. Discounts. Coupons. Free giveaways. Most aren’t trying to trick you or harm you.
- We desperately want to leave you alone. This probably sounds counterintuitive to you. But think about it. As a marketer, it costs me money to show you ads. If you hate the product or service I’m offering, that money is wasted. The single most important job a digital marketer has to do is to leave most people alone. It saves us money and improves our results. But the only way we can do that is to understand your interests and affinities.
- You will always see ads. You get to choose whether they suck. Most of the services you love to use, like Facebook, Instagram, Google, etc. exist because of advertisements. They cannot survive without them. So you will see ads. You can’t avoid them. You can, however, choose whether or not those ads are relevant to you. The more information you share, the better those ads can be targeted to show you offers for things you want and/or need.
The Government’s Pot ‘O Gold
Every bit of commentary I’ve read on this topic alleges that Congress was bought off by the big telecomm corporations. I have no doubt this is at least partly responsible. Another factor is the Republicans’ focus on reducing regulation and supporting free markets. But there’s a legitimate argument to be made that internet service is not a free market. It’s mostly a monopoly. For that reason, some government regulation is necessary.
However, I think there is a much larger issue responsible. If ISPs can’t sell or otherwise profit from this data, why would they bother to collect it in the first place? It costs money and resources to do so. And if all of this usage data disappeared, law enforcement and the intelligence community would lose a very large source of information they can and do tap on a very regular basis.
I think keeping their pot ‘o gold is at least as much of the reason for stopping these rules as crony capitalism.
The fact that this data exists at all is more of a problem — in my opinion — than the way in which marketers can and do use it. It is available for criminals to hack and then leverage for their profit.
And the government’s surveillance state is constantly weakening the ability of private businesses to protect your information. The NSA has hacked routers all over the internet so that they can intercept traffic (without a search warrant). Law enforcement and Congress are constantly pressuring mobile device makers and app developers to implement back doors into their products and services that make it easier for criminals to steal your personal information.
The government does not care one bit about your privacy. Don’t believe the rhetoric.
You Can Fix It
OK, so now that we’ve established the nature of the data that’s collected and the associated risks, how can you protect yourself?
First, let me clarify something at does NOT protect you: Using a browser in private or incognito mode does nothing to protect your privacy from IPSs. The only thing that private browsing does is not collect browsing history or cookies during that session. Everything you do is still visible to the network you’re using.
Virtual Private Networks
The best protection against anyone (your ISP, your employer, or your government) following you around the internet and collecting information is to use something called a virtual private network (VPN). These services encrypt all of the data between your computer and the website you’re using and it also hides your tracks by masking your IP address.
If you’re interested in learning more about how these work and whether you should use one, you can read this comprehensive article on Lifehacker.
Update: Here’s an even better article on VPNs by Krebs on Security.
If you don’t want to go to the trouble and expense of using a VPN, another option is to use the Opera browser, which has a free, built-in VPN. It’s not as safe and secure as a full VPN service but it’s better than nothing.
Force HTTPS
Another way to keep your data safe-ish is to make sure that websites you’re browsing are encrypted. This means that the little padlock icon in the top of your browser is present. While it doesn’t hide the fact that you’re visiting the particular website, it does encrypt the data itself so that nobody can see what information you’re viewing. This is something that’s out of your control: The website owner/operator needs to enable this but you should be aware of whether or not your web traffic is encrypted.
TOR
For those hyper-concerned about privacy, a combination of a VPN service and the TOR browser will be your best bet. This software package encrypts all of your web browsing data and continuously “hops” around the internet, making it difficult/impossible to track the source of the traffic.
Conclusion
Many are hyping this up for their own agendas and want you to believe that something drastically changed last week. Data privacy is a big problem but it has been for a long time. I’m obviously biased, but I think there is an irrational fear of marketers and an equally irrational lack of fear of government.