How to Limit the Flow of Information to Internet Companies

June 15th 2015

Kathleen Toohill

With the recent expiration of Section 215 of the Patriot Act (which was meant to be primarily directed towards non-citizens and allowed the government to collect data on the length and recipients of phone calls), along with whistleblower Edward Snowden’s lingering influence on public policy, the idea of privacy, or the lack thereof, may be more closely associated with the National Security Agency (NSA) than with any other government or private sector entity. 

Yet, we cannot ignore other tools of data collection that many of us unknowingly accept on a daily basis. 

The NSA versus Silicon Valley 

In a speech delivered to the NSA and later published in Newsweek, Sen. Sheldon Whitehouse (D-R.I.) suggested that privately held corporations often get a pass when collecting data about individuals, while government agencies such as the NSA are the object of paranoia and vilification.  

"In the Internet economy, information is everything," said Sen. Whitehouse. "The more a company knows about a consumer, the more carefully it can tailor its advertising to that customer, and the more revenue it can generate in return."

Given that the government can access user data from tech giants like Facebook, Google and Yahoo under the 2008 Foreign Intelligence Surveillance Act (FISA) Amendments Act of 2008, trying to separate the actions of the government from the actions of these corporations is not quite that simple. And it is important to note that ways in which this data can be utilized by the government versus the private sector are vastly different: the government has the power to prosecute individuals based on their private correspondence, while tech companies are generally looking to increase advertising revenue through highly specific targeting and grow their user bases. 

Typically, individuals have more agency in terms of how much information they choose to make publicly available online than they do when it comes to preventing companies from collecting their private data. Sometimes, however, websites collect and publish private information about individuals without their knowledge. The website Whitepages.com publicly lists home addresses and phone numbers, and even provides specific locations visited in the past (to the best of my knowledge— Whitepages has not responded to my request for comment). 

Though White Pages (and Yellow Pages, for businesses) published addresses and phone numbers long before the advent of the Internet, it feels different, in my mind, at least, to have this information displayed publicly not just to neighbors but to anyone with an Internet connection. Many companies, Whitepages included, afford their users at least some degree of control over both privacy settings and data collection. Whitepages claims to allow users to make portions or all of their data private, but only after the user creates an account and then verifies the phone number attached to his or her name. Stopping data collection from Whitepages.com is a similarly protracted process. 

Data collection

The Digital Advertising Alliance (DAA), a non-profit organization led by various marketing and advertising associations, provides an opt-out for individuals unwilling to participate in interest-based advertising. The DAA also suggests reasons why interest-based advertising might be valuable. “The most important benefit of interest-based advertising is the free Internet itself," According to its website. "Many non-subscription websites and online services rely on this type of advertising for revenue, so they do not have to charge users.” And if you’re going to see ads regardless, the DAA argues, isn’t it better to see ones that are more relevant to you.

A perhaps unexpected advocate for privacy on the Internet is Apple CEO Tim Cook. He made a speech to the Electronic Privacy Information Center on June 1 in which he said, according to the New York Times, “We don’t want your data. We don’t think you should ever have to trade it for a service that you think is free but actually comes at a very high cost.” 

However, tech reporter Farhad Manjoo of the Times pointed out that, even though Apple has taken more steps to keep data private than many other tech companies, to denigrate the ad-based business model is to devalue the tremendous influence of the free websites and apps that exist because of it. Data collection in the tech industry isn’t as much of a free-for-all as critics may fear, Manjoo wrote, noting that the Federal Trade Commission has signed deals with Snapchat, Twitter, Google and Facebook, among others, for privacy audits lasting up to 20 years. 

In addition to government oversight, many tech companies provide their own instructions for limiting publicly available data and curbing data collection. Here’s a breakdown for three of the biggest players on the Internet: Facebook, Google, and Twitter. 

Data collection and privacy on Facebook

When Facebook announced plans to mine browser history to enable more targeted advertising in 2014, the news was met with significant backlash (here’s a guide to opting out through the DAA from Business Insider). And as Jefferson Graham of USA Today reported on June 11, Facebook often uses names of a user’s friends, and even their profile pictures, in ads called suggested posts, which users can opt out of by unchecking a box in Facebook privacy settings that pairs social actions with ads. 

Aside from the debate over its data collection, Facebook is no stranger to privacy controversies. Earlier in its evolution, Facebook faced criticism for tweaking privacy settings frequently, and often failing to clearly communicate these changes. In April of this year, Facebook was sued in a class action lawsuit over privacy violations in Austria, specifically over Facebook’s reported cooperation with the NSA. Facebook privacy settings afford a number of options both on the basis of individual posts, and overall searchability, that allow users to maintain privacy. 

Data collection and privacy on Google 

According to the American Civil Liberties Union (ACLU), the primary law regulating email privacy is the Electronic Communications Privacy Act (ECPA), written in 1986. Google, given its primary function as search engine, may be the most omniscient of all of these companies (I was slightly taken aback the first time it wished me happy birthday a few years ago). After the Wall Street Journal reported that Google was installing tracking software on iPhone users' browsers (even though the iPhone's default settings prevented that kind of tracking), Google paid a fine of $22.5 million in 2012. Google was also sued by 38 states for using its mapping cars to collect personal data from house computers, and settled for $7 million in 2013. Google Glass, Google’s spectacle-shaped personal computer, also raised concerns about privacy upon its release in 2012, which dissipated somewhat once it became clear that this device wouldn’t become as ubiquitous as many first thought. 

When I typed "Who does Google sell data to?" into Google, I half expected the first handful of results to be along the lines of “Why Google is the greatest company on Earth” (I suspect Google is not only omniscient but also omnipotent, and can do things like that). I discovered that Google does not, in fact, actually sell data, but does share it with advertisers. Google provides a list of tips for keeping information private on the web, although it seems as though these tips are primarily intended to protect users from malware and hacking. 

Data collection and privacy on Twitter 

Twitter provides an option that enables users to keep all of their Tweets private through protected accounts, which means that Tweets are visible only to pre-approved users. In the frequently asked questions on its website, Twitter states that tailored suggestions of accounts to follow are based on users' recent web history. This feature can be turned off, as can tailored advertisements based on personal data (though as with other websites that offer this opt-out, users will still be served ads).  

Many websites have settings that automatically default to less privacy and more data collection. While oversight at the government level does exist, the government hasn’t been immune from criticism about its own intrusive data-collection policies. It’s in the best interests of a cautious Internet user to maintain a working knowledge of the basic workings of privacy settings and opt-outs.