Online, privacy barely exists. Every page, email, and instant message can be intercepted, manipulated, and/or logged. The millions of Internet users browsing the web at this very moment may be surprised to find that their online information is not secure. The Internet’s greatest strength in accessibility is its greatest weakness in security. Web servers have the ability to store information about every visitor. In order to provide services to their customers, websites must store information on their customer’s machines as well as on their databases. Collecting data is an essential function of web applications; unfortunately, the majority of data collection practices used today is unethical because their users are not informed properly of what, how, and why their information is being gathered.
Digital data is virtual; ironically, the information does not exist anywhere other than through bits and bytes stored electronically. Unlike a letters that exist on a physical sheet of paper, digital media can be transmitted, duplicated, or modified in microseconds. Online data has the same characteristics. One analogy to explain how the web works with data is by a boy and his father playing catch with a baseball. The child, the client, throws a baseball to the father, the web server. The father (web server) catches the baseball. On the baseball there is writing that the client child wrote that the server child can read. The server child then erases the writings on the baseball and responds to the client’s writings with its own and throws the ball back. Unfortunately, the boy is very young and illiterate and must have his mother (the web browser) interpret what the father wrote. For example, the boy plays catch with CNN.com and throws a baseball that says “Give me CNN.com’s homepage file” (which his mother wrote) to CNN.com. CNN.com reads the message and writes the HTML file on the baseball and throws it back to the boy. The boy catches the baseball and asks his mother to read it for him. The mother (web browser) checks the file to make sure it does not have any malicious “writings” (code) and then reads it to the boy. The mother can also remember data (cookies) for the boy that the Dad wants the boy to write down on the next baseball.
This analogy may seem odd; however, it is a way of understanding how the Internet works. The baseball represents the data being passed back and forth. Unfortunately, that baseball can be “intercepted” on its way from one direction to another. If the writings on the baseball are not encrypted then that person reading the baseball will have access to that data. Additionally, there is nothing stopping the father (the web server) from transmitting the boy’s data to some other person.
Currently, solutions are being offered via the use of noteworthy and famous third party vendors such as PayPal; however, many websites choose to store credit card information themselves. Unfortunately, these sites are often unprotected from hackers and criminals seeking to steal the identity of one of their customers. An ethical solution is to have a government regulated list of authorized transaction vendors (like PayPal or Google Checkout) that online transactions must use. The use of any private system should be illegal unless it is on the government’s list of approved transaction middlemen.
While cookies are an important part of online privacy, a report  concerning privacy in the European Union mentions that protecting personal data from intrusion is not the only part of protecting privacy. Legaresi reports that “Personal data protection has absorbed most of regulatory efforts devoted to privacy, on the wrong assumption either that it coincides with privacy protection or that it has the same dignity of privacy protection. The misunderstanding of the concept of privacy has determined a devaluation of its value and a lower level of protections of some of its relevant sides, like solitude, anonymity, intimacy and personality .”
Legaresi is correct in his analysis of data protection versus visibility protection. Social networking websites are an example of where data could be digitally protected yet not private. Many users list their phone numbers and addresses on these websites which, unless privacy options are available and applied the social networking site, could be accessed by anyone on the social network. In the work environment, this fact is especially important. Many employees post pictures on social networking websites that may be seen as inappropriate by their employers. Tiffany Shepherd was fired from her job as a high school biology teacher after pictures of her in a bikini were found  on her social networking site.
I don’t think Tiffany should have been fired from her job as her pictures were not crude or in bad taste; however, I do respect the right of the school to fire a teacher they believe is poorly representing the school. A New England Patriots cheerleader was fired after she posted to Facebook.com a photo of herself at a party next to a passed out man covered in offensive markings . In this example, I think that the Patriots have every right to fire her, as not only is she poorly representing the football organization, but they are a private company and should be able to fire anyone for any reason other than race, gender, religion, disability, or sexual orientation. There are arguments against firing employees without direct cause. Many believe that what they do outside of the work place is their business. Additionally, company rules are not always transparent to employees. However, private companies need this right to determine who can work in their company. For example, if a male employee had an affair with his boss’s wife, would the boss not be able to fire the male employee because the affair happened outside of work? Of course not! The boss, like all company bosses, should have the right to fire people for events happening outside of work. So referring back to the Tiffany Shepherd incident, she along with anyone else can control what their employers see by simply not posting controversial media on their profile pages.
In current practice, Social networking privacy is almost an oxymoron. On the one hand, social networking websites offer services to connect users together by sharing information. On the other hand, users prefer to restrict the sharing of information to certain parties. One solution that some social networking sites such as Facebook have implemented is privacy controls. Users (employees, students) can select which data is viewable to other users (i.e. employers, teachers). But where does the line between personal responsibility and privacy fall? Concessions need to be made on both sides. I need to realize that what I post on a social networking site is no longer private and social networking sites should, but not be obligated to, offer privacy controls. The reason sites social networking sites should not be obligated to provide privacy controls is because regulation is nearly impossible. Many argue the opposite, that social networking sites should be obligated to have visible, explicit, and easy to use privacy controls. However, the only way regulatory agencies would be able to know if users’ information is not being shared with unwanted users is by either approving website code or by monitoring user accounts. Either is made increasingly difficult as new versions of social networking sites are consistently released.
I think this problem is solving itself. Social networking sites compete for users; ones that offer more services such as privacy controls are more attractive to customers. While this capitalistic perspective may seem speculative, the online statistics website Alexa.com backs up this claim by ranking MySpace and Facebook, two social networks that offer privacy controls, as the most popular social networking sites in the United States.
Sharing personal data with third parties is a logistical privacy problem for these social networking websites. In order to show relevant advertisements to a specific user, websites analyze specific user information to show ads corresponding to their data. For example, if a user’s marital status is listed as “single” on Facebook, that user may see a web advertisement for a dating website. Or if one of the user’s favorite bands is Coldplay they might see a banner ad for a Coldplay concert. As long as these websites do not share identifiable information to the companies serving the ads and also notify the users that they are sharing his or her data with other companies, then their practice is ethical. A counter argument is that these sites should ask permission from a user. Some applications do request from the user permission to send information anonymously to a statistics service. However, requesting permission could hinder the experience of using their product. I personally think as long as a service is sending my information anonymously, the service is ethically OK. Whether or not regulation or enforcement of anonymity is possible is a different question.
Another ethical dilemma is where or not companies can sell user or users’ data to marketing companies. For instance, TV networks would love to know trends in what users are listing as their favorite TV shows. Facebook and MySpace can and do provide empirical data to companies. While many dissent this practice as their information is technically being distributed to a third party without their permission, I don’t find it morally wrong as long as the data being sent to companies is sufficiently large to support individual anonymity.
The Internet was built to help share information rather than hide it. Since websites require information to deliver information, they are ethically bound to inform their users in an explicit, non-confusing way exactly how information is being kept. There is no one solution to enforcing websites to uphold this moral standard. Protecting privacy online is a multi-faceted problem that involves both regulation and lasses-faire policies. Nevertheless, the best weapon against privacy threats is the realization of online privacy vulnerability.
1. N. Anderson, “Study: Reading online privacy policies could cost $365 billion a year,” 2008; http://arstechnica.com/news.ars/post/20081008-study-reading-online-privacy-policies-could-cost-365-billion-a-year.html.
2. “Identity Theft Statistics,” http://www.spamlaws.com/id-theft-statistics.html.
3. “Vague online privacy polices are harming e-commerce, new survey reports,” http://www.internetretailer.com/internet/marketing-conference/578566856-vague-online-privacy-policies-are-harming-e-commerce-new-survey-reports.html.
4. N. Lugaresi, “Principles and Regulations About Online Privacy: “Implementation Divide” and Misunderstandings in the European Union ” Book Principles and Regulations About Online Privacy: “Implementation Divide” and Misunderstandings in the European Union Series Principles and Regulations About Online Privacy: “Implementation Divide” and Misunderstandings in the European Union ed., Editor ed.^eds., 2002, pp.
5. “Tiffany Shepherd fired for wearing Bikini?,” 2008; http://www.newspostonline.com/world-news/tiffany-shepherd-fired-for-wearing-bikini-2008103111672.
6. “Patriots Cheerleader Fired over Facebook Swastika Photo,” 2008; http://www.foxnews.com/story/0,2933,448044,00.html.