Over spring break, I Googled how much a certain pair of shoes would cost. Just once. I began to notice those sneakers popping up in ads across Facebook, Amazon and YouTube. Pretty soon these shoes were appearing on almost every website I was visiting. It was reminiscent of a desperate street peddler chasing after passerby for a sale.
But aside from being annoying, my sole-searching experience has also highlighted the currently vague and outdated guidelines for online data and privacy protection.
On March 12, Google settled a lawsuit with 38 states and the District of Columbia over a controversy involving Google Street View, a mapping program that displays photos of homes, buildings and streets. Vehicles equipped with antennae and surveillance software scoured roads worldwide from 2008 to 2010, but also engaged in the unauthorized collection of personal information, including network identification tags, browsing data and emails transmitted across unsecured wireless networks.
Google ended up paying $7 million as part of the settlement, but that’s pocket change for the $200 billion tech giant. In reality, the company could have been charged much more—but current federal law is very murky or nonexistent regarding digital offenses, and attorneys couldn’t prosecute Google on actions like the collection of personal wireless network information. That’s because the last major law Congress passed on the subject, the Electronic Communications Privacy Act (ECPA), was in 1986. That’s four years before the World Wide Web was invented. Mark Zuckerberg was only two years old. Google itself would be founded more than a decade later.
In its current state, the ECPA nominally restricts some of the government’s ability to intercept electronic data transmitted through computers. However, technology has accelerated at such a pace that cell phone companies, search engines and social networking sites can and do intercept information on peoples’ identities, locations, tastes and preferences. Federal and state governments could do the same, as we saw with the PATRIOT Act.
Thus, the only logical path is to amend the ECPA to fit the times. The law needs to drop all its ancient loopholes to provide full privacy protections to all online transmissions. Location information should be guarded from governmental and commercial entities. The same stringent requirements to obtain a wiretap should be applied to digital surveillance requests. The exclusionary rule must apply to both electronic and non-electronic information; if evidence was illegally obtained, it cannot be used in court.
Given the widespread resistance against SOPA and PIPA, I think I can say that many Americans oppose outside meddling in our personal online communications. If we put up a similarly fierce campaign to update the ECPA, it’s likely Congress would relook at the antiquated regulation.
I urge you to contact your elected officials about this matter. You don’t even need to come up with the wording for a letter yourself—the American Civil Liberties Union provides a pre-written message that will be sent to our representatives in Congress if you simply visit the group’s website. The ECPA is in desperate need of reform, and fiascos like Google’s monitoring of network IDs and personal information only emphasize that fact. It’s inconceivable that a decrepit, decades-old law could effectively govern modern communications, much less stop shoe websites from distributing my footwear preferences to every ad agency in cyberspace.
Victor Xu is the editor in chief for the HiLite. The views in this column do not necessarily reflect the views of the HiLite staff. Reach him at [email protected].