May 10, 2013
How Did You Know That: The Conundrum of Internet Privacy
Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third-parties, and displaying of information pertaining to oneself via the Internet. Internet Privacy is commonly split into two types: Personal Identifying Information (PII) and non-PII. Personal Identifying Information doesn’t necessarily pertain to a person’s date of birth or social security number – those would be extreme cases – but could only be a person’s age and physical address, which would be enough in most cases to identify a specific person. Non-PII includes things like viewing tendencies on a specific website (cookies).
Many argue that information is so readily available on the internet today that protecting internet privacy is a lost cause, such as Steve Rambam, private investigator specializing in Internet privacy cases, who says, “Privacy is dead – get over it.” On the other hand, in his essay The Value of Privacy, security expert Bruce Schneier says, "Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance.” A point commonly brought up by supporters of Rambam is that the majority of internet users aren’t bothered by the risk of the information they put on the internet being seen by prying eyes. In their opinion, complete anonymity isn’t worth the cost of being extremely conservative with their personal information. The revelation of IP addresses, non-personally-identifiable profiling, and similar information might become acceptable trade-offs for the convenience that users could otherwise lose using the workarounds needed to suppress such details rigorously. In contrast to this, proponents of complete internet privacy may try to achieve internet anonymity — use of the Internet without giving any third parties the ability to link the Internet activities to personally-identifiable information of the Internet user.
To reinforce how toxic information sharing over the internet can be, I present one such instance of a horrifying invasion of privacy occurred in August 2011 in eastern Pennsylvania:
"Please help," a young caller pleads. "My dad just killed my 4-year-old sister. He slit her throat. She's bleeding to death. Please help!"
The plea comes not from a traditional phone call, but rather AT&T's Internet Relay Service, which allows the deaf to make phone calls from a text-based interface over the Internet. The grisly scene is unfolding in East Allen Township, responders are told, and an address appears on their computer screens. The caller says he's 10 years old. "I'm [hiding] in the bathroom now," he says. "Help me, please—I'm going to die!"
Moments later, four police cruisers race through the streets of a middle-class enclave, sirens wailing, and pull up onto the lawn of the Yagerhofer residence.
Inside, Lisa Yagerhofer gets up from the dinner table she's sharing with her husband, James, and 16-year-old son, Tyler. She opens the front door to find a Pennsylvania State Trooper yelling, "Get out now!"
"What is going on?" Lisa stammers. "What is this all about?...”
The answer, they would all soon learn: a game that Tyler had played hours earlier on his Xbox 360. He'd had a squabble with another player during online play, which triggered a terrifying modern- day prank. Tyler's irked opponent had jacked into his Xbox Live profile, which contains billing address info, then called the police through a Philadelphia-based Internet Relay Service to hide his location. "There were state cops at my house," Tyler says. "They pointed a gun at my face."
Unfortunately, instances such as this happen far too often. And what’s being done about the issue? The U.S. legislature has put together a bill that is in processing, called CISPA (Cyber Intelligence Sharing and Protection Act). CISPA aims to encourage intelligence-sharing. Companies and