Thirty years ago, there was no World Wide Web, almost no one had a cell phone and finding information required tedious manual searches at a library using the Dewey Decimal System. It was also the last time Congress substantively updated our digital privacy laws.
Since 1986, technology has advanced at a breakneck speed, making privacy laws governing it grossly outdated and out of touch with how people use, store and share information nowadays.
“U.S. privacy laws are so far behind the rest of the world that it … falls short of the requirements of international human rights norms,” says Jeremy Malcolm, an analyst at Electronic Frontier Foundation, a digital rights group.
As a result, our digital footprint is being tracked by the government, businesses and even schools in ways that were once unthinkable. Ongoing high profile cases, such as the feds’ battles with Apple and Microsoft to access customers’ data, are comparatively innocuous intrusions – at least for those, authorities got search warrants and the public found out.
Although law enforcement officials typically need a warrant to search people’s home computer, read their mail, eavesdrop on their phone conversations or even to see which library books they borrowed, they often don’t need one when creeping into Americans’ virtual lives.
Under the Electronic Communications Privacy Act (ECPA) of 1986, warrants are needed only to access online communications – emails, text messages and chats – less than six months old. If it’s older than six months, no warrant is necessary. Draft emails, Web browsing history and files stored in the cloud are available without a warrant regardless of how old they are.
The government isn’t the only one abusing America’s outdated laws.
Cell phone carriers, internet service providers, websites and apps can mine all kinds of personal information about their users and sell it to the highest bidder. That’s why users often see ads that mirror the content of their messages.
Many schools and employers now “Google stalk” applicants without their knowledge. A person could be rejected for a job or college because of a scandalous photo a friend posted of him on Facebook years ago – and never know why.
Hiding online is increasingly difficult. To circumvent social media privacy settings, some employers have gone so far as requiring applicants to reveal passwords.
Even Americans who choose to avoid the internet altogether are not immune from privacy concerns. For example, ZabaSearch is one of many sites that provide details on almost any person, including age, address, assets, relatives’ names and more. This information was publicly available pre-internet, but technology has made it much easier to quickly dig up information about anyone. That’s made stalking, identity theft and blackmail easier than ever, too.
An online industry has developed around the controversial practice of posting mug shots of local residents who were arrested, including mere jaywalkers and children. While the sites are based entirely on information already publicly available from police, they do not detail who was ultimately convicted of a crime or had charges dropped. Some opportunistic websites charge $400 to remove arrest information, even if a person is innocent.
Unlike people, the internet never forgets. Thirty years ago, if people did something embarrassing, others eventually forgot about it or at worst, they could change their name and move away. Now, that information lives online forever – unless you live in Europe, where “right to be forgotten” laws allow individuals to request that search engines remove listings for their name.
These problems can be fixed. But don’t count on Congress. Lawmakers blocked a 2012 proposal to prevent employers nationwide from demanding social media passwords. And they haven’t made much progress on legislation first proposed five years ago that would update ECPA.
Meanwhile, the Supreme Court has been reluctant to address these issues and make broad declarations on how ECPA should be interpreted in the Internet Age. Given that justices admit to being behind the times and not using email, perhaps we shouldn’t hold our breath.
Tennessee’s General Assembly has begun taking matters into its own hands, implementing a series of digital privacy laws in recent years. But state laws aren’t enough because they’re limited in scope and the internet is borderless.
Until federal lawmakers reform or our highest court clarifies the law, Americans will have to choose between new technology and privacy.
Mark Grabowski is a professor at Adelphi University, where he teaches internet law. Each month, he provides commentary on current events.