These days, unless someone’s willing to drop off the grid entirely, it’s nearly impossible to live without leaving a digital trail. There’s that article you wrote long ago for the college newspaper, the pictures on a friend’s Facebook page, a YouTube video of you dancing at your friend’s wedding, and six years’ worth of emails crammed into your inbox.
My generation was among the first to grow up on the Internet (I got my first Prodigy email address in 1994 at age fourteen), and over the course of our lifetimes, we’ve watched the world transition from pen-and-paper records to electronic files. Much of that electronic information is harmless—unless someone wants to bemoan the grammar mistakes in that college essay—but even for those diligent few who cherish and protect their privacy, there’s still a lot of personal identifying information that gets left behind. We don’t often think about what happens to it, but most people assume that it’s protected. Unfortunately, a great deal of our personal electronic information is much more public than we believe.
Obviously, if you use a company-issued email account, your boss is legally allowed to search your messages, and often the IT department will also screen each one for any keywords or phrases that might indicate suspicious behavior. NPR’s Planet Money blog compiled a list of terms never to put in a business email, including “huge mistake,” “unsalvageable,” “very sensitive,” and “don’t share this.” But a personal email account isn’t always the solution. You might not have Big Brother looking over your shoulder, but you still have to worry about the entire rest of the Internet. When you use a web-based service like Hotmail or Gmail, your messages are electronically screened for relevant keywords so that the company can serve you targeted ads. If you use your email’s chat program, those conversations are mined for keywords, too. Google assures customers that it’s only computers that do the screening, but as we all know, computers can be compromised.
The Electronic Communications Protection Act (ECPA) makes it a federal crime to snoop on an email, but that doesn’t prevent hackers from intercepting wireless signals. The ECPA also makes it legal for your Internet service provider (ISP) to screen all of your incoming messages. Most of the information gathered can’t legally be disclosed, but many ISPs require customers to sign agreements basically waiving their right to online privacy and allowing the ISP to gather whatever information about you it “deems necessary.”
Enacted in 2003, the Health Insurance Portability and Accountability Act (HIPAA) protects medical records stored electronically at your doctor’s office and medical facilities. However, HIPAA doesn’t apply to insurance companies, and if you’ve applied for individual insurance coverage, the company (whether it accepts you or not) is not legally forbidden to disclose your personal information. In fact, insurance companies report applicants’ health information to the Medical Information Bureau (MIB), a consumer reporting company that tracks medical information such as prescription history, health insurance history, and conditions like diabetes, depression, and heart disease. The Privacy Rights Clearinghouse estimates that about 20 percent of individuals have a MIB report, composed of whatever data they’ve divulged to insurance companies, and whenever these people apply for individual insurance, the carrier can check applications against this database for accuracy.
Credit scores are based on a complicated and proprietary algorithm that’s usually not available to the public. It’s common knowledge that it takes into account factors like payment history and amount of available credit, but in 2008, a lawsuit filed against Atlanta-based credit card issuer CompuCredit confirmed what many already suspected: lenders also use customers’ spending habits in order to assess creditworthiness. CompuCredit flagged accounts that included transactions at “undesirable” merchants, such as liquor stores, tire shops, massage parlors, billiard halls, bars, or discount stores. Transactions at one of these establishments marked customers as potential risks, which resulted in lower credit limits or higher interest charges. Regulators actually had no problem with this scoring model, only with the nondisclosure of the formula to their customers. CompuCredit claimed that their scoring algorithm was standard in the industry, meaning that it’s highly likely that most other lenders use a similar method of purchase profiling.
It may seem convenient to have an account with a search engine—all your searches saved in case you ever need them—but those search terms are also used to compile information on you. Yahoo, Google, and MSN all analyze what sites you visit, when you do your browsing, what news stories you clicked on, and your other online habits.
You probably already know that most Web sites are constructed in such a way that when you’ve clicked a link on a page, it turns a different color than unclicked links. Some Web sites can run programs that look into your computer’s browsing history and tell if you’ve visited certain sites based solely on how the links are colored. This tactic can tell only whether you’ve visited a predetermined set of links, but it can give some Web sites valuable information about whether and how often you visit their competitors. (To see this trend in action, visit www.whattheinternetknowsaboutyou.com.) Of course, there are also spyware and malware programs embedded in some Web sites’ code that (unbeknownst to you) download a program onto your computer that sends information on every site you visit and every keystroke you make—including information entered into online purchase forms.
It’s nearly impossible to be totally anonymous online. Everywhere you go, you’re leaving cookies, cached data, and personal information behind, to be found by someone with a little know-how. There’s only so much a person can do to stay private—deleting cookies, clearing browser history, and being choosy about which Web sites to visit are all good habits. Not putting the information out there to begin with is always preferable to trying to clean up once your secrets are out.