Paragraph-Response

Tracking is an assault of liberty

by Nicholas Carr

In a 1963 Supreme Court opinion, Chief Justice Earl Warren observed that "the fantastic advances in the

field of electronic communication constitute a great danger to the privacy of the individual." The advances

have only accelerated since then, along with the dangers. Today, as companies strive to personalize the

services and advertisements they provide over the Internet, the surreptitious collection of personal

information is rampant. The very idea of privacy is under threat.

Most of us view personalization and privacy as desirable things, and we understand that enjoying more of

one means giving up some of the other. To have goods, services and promotions tailored to our personal

circumstances and desires, we need to divulge information about ourselves to corporations, governments

or other outsiders.

This tradeoff has always been part of our lives as consumers and citizens. But now, thanks to the Net,

we're losing our ability to understand and control those tradeoffs—to choose, consciously and with

awareness of the consequences, what information about ourselves we disclose and what we don't.

Incredibly detailed data about our lives are being harvested from online databases without our

awareness, much less our approval.

Even though the Internet is a very social place, we tend to access it in seclusion. We often assume that

we're anonymous as we go about our business online. As a result, we treat the Net not just as a shopping

mall and a library but as a personal diary and, sometimes, a confessional. Through the sites we visit and

the searches we make, we disclose details not only about our jobs, hobbies, families, politics and health,

but also about our secrets, fantasies, even our peccadilloes.

But our sense of anonymity is largely an illusion. Pretty much everything we do online, down to individual

keystrokes and clicks, is recorded, stored in cookies and corporate databases, and connected to our

identities, either explicitly through our user names, credit-card numbers and the IP addresses assigned to

our computers, or implicitly through our searching, surfing and purchasing histories.

A few years ago, the computer consultant Tom Owad published the results of an experiment that

provided a chilling lesson in just how easy it is to extract sensitive personal data from the Net. Mr. Owad

wrote a simple piece of software that allowed him to download public wish lists that Amazon.com

customers post to catalog products that they plan to purchase or would like to receive as gifts. These lists

usually include the name of the list's owner and his or her city and state.

Using a couple of standard-issue PCs, Mr. Owad was able to download over 250,000 wish lists over the

course of a day. He then searched the data for controversial or politically sensitive books and authors,

from Kurt Vonnegut's "Slaughterhouse-Five" to the Koran. He then used Yahoo People Search to identify

addresses and phone numbers for many of the list owners.

Mr. Owad ended up with maps of the United States showing the locations of people interested in

particular books and ideas, including George Orwell's "1984." He could just as easily have published a

map showing the residences of people interested in books about treating depression or adopting a child.

"It used to be," Mr. Owad concluded, "you had to get a warrant to monitor a person or a group of people.

Today, it is increasingly easy to monitor ideas. And then track them back to people."

What Mr. Owad did by hand can increasingly be performed automatically, with data-mining software that

draws from many sites and databases. One of the essential characteristics of the Net is the

interconnection of diverse stores of information. The "openness" of databases is what gives the system

much of its power and usefulness. But it also makes it easy to discover hidden relationships among far-

flung bits of data.

In 2006, a team of scholars from the University of Minnesota described how easy it is for data-mining

software to create detailed personal profiles of individuals—even when they post information

anonymously. The software is based on a simple principle: People tend to leave lots of little pieces of

information about themselves and their opinions in many different places on the Web. By identifying

correspondences among the data, sophisticated algorithms can identify individuals with extraordinary

precision. And it's not a big leap from there to discovering the people's names. The researchers noted

that most Americans can be identified by name and address using only their ZIP Code, birthday and

gender—three pieces of information that people often divulge when they register at a website.

The more deeply the Net is woven into our work lives and leisure activities, the more exposed we

become. Over the last few years, as social-networking services have grown in popularity, people have

come to entrust ever more intimate details about their lives to sites like Facebook and Twitter. The

incorporation of GPS transmitters into cellphones and the rise of location-tracking services like

Foursquare provide powerful tools for assembling moment-by-moment records of people's movements.

As reading shifts from printed pages onto networked devices like the Kindle and the Nook, it becomes

possible for companies to more closely monitor people's reading habits—even when they're not surfing

the Web.

"You have zero privacy," Scott McNealy remarked back in 1999, when he was chief executive of Sun

Microsystems. "Get over it." Other Silicon Valley CEOs have expressed similar sentiments in just the last

few months. While Internet companies may be complacent about the erosion of personal privacy—they,

after all, profit from the trend—the rest of us should be wary. There are real dangers.

First and most obvious is the possibility that our personal data will fall into the wrong hands. Powerful

data-mining tools are available not only to legitimate corporations and researchers, but also to crooks,

con men and creeps. As more data about us is collected and shared online, the threats from

unsanctioned interceptions of the data grow. Criminal syndicates can use purloined information about our

identities to commit financial fraud, and stalkers can use locational data to track our whereabouts.

The first line of defense is, of course, common sense. We need to take personal responsibility for the

information we share whenever we log on. But no amount of caution will protect us from the dispersal of

information collected without our knowledge. If we're not aware of what data about us are available

online, and how they're being used and exchanged, it can be difficult to guard against abuses.

A second danger is the possibility that personal information may be used to influence our behavior and

even our thoughts in ways that are invisible to us. Personalization's evil twin is manipulation. As

mathematicians and marketers refine data-mining algorithms, they gain more precise ways to predict

people's behavior as well as how they'll react when they're presented with online ads and other digital

stimuli. Just this past week, Google CEO Eric Schmidt acknowledged that by tracking a person's

messages and movements, an algorithm can accurately predict where that person will go next.

As marketing pitches and product offerings become more tightly tied to our past patterns of behavior, they

become more powerful as triggers of future behavior. Already, advertisers are able to infer extremely

personal details about people by monitoring their Web-browsing habits. They can then use that

knowledge to create ad campaigns customized to particular individuals. A man who visits a site about

obesity, for instance, may soon see a lot of promotional messages related to weight-loss treatments. A

woman who does research about anxiety may be bombarded with pharmaceutical ads. The line between

personalization and manipulation is a fuzzy one, but one thing is certain: We can never know if the line

has been crossed if we're unaware of what companies know about us.

Safeguarding privacy online isn't particularly hard. It requires that software makers and site operators

assume that people want to keep their information private. Privacy settings should be on by default and

easy to modify. And when companies track our behavior or use personal details to tailor messages, they

should provide an easy way for us to see what they're doing.

The greatest danger posed by the continuing erosion of personal privacy is that it may lead us as a

society to devalue the concept of privacy, to see it as outdated and unimportant. We may begin to see

privacy merely as a barrier to efficient shopping and socializing. That would be a tragedy. As the

computer security expert Bruce Schneier has observed, privacy is not just a screen we hide behind when

we do something naughty or embarrassing; privacy is "intrinsic to the concept of liberty." When we feel

that we're always being watched, we begin to lose our sense of self-reliance and free will and, along with

it, our individuality. "We become children," writes Mr. Schneier, "fettered under watchful eyes."

Privacy is not only essential to life and liberty; it's essential to the pursuit of happiness, in the broadest

and deepest sense. We human beings are not just social creatures; we're also private creatures. What we

don't share is as important as what we do share. The way that we choose to define the boundary between

our public self and our private self will vary greatly from person to person, which is exactly why it's so

important to be ever vigilant in defending everyone's right to set that boundary as he or she sees fit.