Full-frontal identity

California legislators race to play catch-up with Internet-privacy concerns—and consumers' evolving online habits

Greg Lucas' state-politics column Capitol Lowdown appears every-other week in SN&R. He also blogs at www.californiascapitol.com.

Big Brother has been watching since 1949 when George Orwell’s book 1984 was published. He keeps getting better at it.

Orwell’s dystopia is bereft of privacy. “Newspeak” is the language perverted to mirror the policies of the totalitarian government overseen by Big Brother, who peers relentlessly into every aspect of every citizen’s life.

While always more reactive than prescient, the California Legislature can’t help but recognize the threats to businesses and consumers posed by hacking and identity theft. There are more than two dozen bills this year related to privacy. They touch on everything from protecting digitized medical records to blocking minors from seeing ads for stuff they’re not supposed to have—like booze and cigarettes.

Still, 1984’s “telescreens” suggest computers don’t come close to the potential reach of the Internet. How much of ourselves do we reveal every day to anyone out there who cares to look? Is it just a bit of the thigh or the full Monty when we buy something through PayPal or create an online account at Macy’s or Zappos.com or win an eBay auction or just ping-pong around Facebook? Apparently, it’s closer to full-frontal identity than we might believe.

Alessandro Acquisti, a behavioral economist at Carnegie Mellon University in Pittsburgh, was profiled by The New York Times a few weeks ago in a story titled “Letting Down Our Guard With Web Privacy.” In a 2011 facial-recognition study, Acquisti showed it’s possible to figure out portions of someone’s Social Security number just by viewing a photograph of that person online.

Despite past privacy legislation including 2003’s grandly named California Online Privacy Protection Act, the Golden State—and the rest of the United States—is playing catch-up. Big-time.

The number of apps is closing in on 1 million. Apps create privacy challenges all their own. Like being able to secretly record calls made to other persons. Shooting clandestine photos or video. Allowing the owner’s physical location to be tracked or do the same to someone else.

At the moment, the only protection California has on mobile privacy is an agreement inked last year with app makers in which they pledge to abide by the rules of the 2003 privacy protection act, which says they must have a privacy policy and disclose it to consumers. Just a policy, not necessarily a consumer friendly one.

Compounding the situation, in February, the California Supreme Court ruled that a key part of the state’s privacy protection applies only to face-to-face credit-card transactions at, say, a local Mervyn’s or Weinstock’s department store. In other words, the law regulates a commercial model that no longer really exists.

Scary. Yet despite poll after poll showing Californians cherish their privacy and don’t want their personal stuff appropriated and used indiscriminately, we still leave a fairly easy-to-follow trail of personal information in our wake after even the most benign trip to the Internet.

So why aren’t state lawmakers protecting our identities? They are, but they can’t protect us from ourselves. As already mentioned, for nearly 10 years California has required every website to post its privacy policy. In light of the Supreme Court ruling, a bill will likely go to the governor to clarify what kind of information can be required in online transactions. Some protections might be placed on the sharing of digitized medical records.

But here’s what it all comes down to:

Let’s say the choice is between buying what prompted us to jump on the Internet in the first place or reading densely worded small print and discovering as a result that if we buy what we want from this company it can then sell our info to direct marketers eager to target our particular demographic sweet spot.

Do we log off in a huff over this outrageous exploitation of our personal information? Or do we just click on that “down with it” box and go immediately to “checkout”?

Exactly. Proving, ultimately, it’s our privacy to protect.