Was 2013 the year online privacy died? Or was it the year that people paying attention realized that their online lives—and all their data and communications—was low-hanging fruit that was being picked and parsed by big government and big business.
Edward Snowden’s theft of what’s now said to be 1.7 million files showed the world that America’s spymasters were grabbing everything that passed between smart phones, Wi-Fi signals, laptops, and those devices’ contents: account log-ins, passwords, etc. As 2014 began, The Washington Post reported that the National Security Agency was building “a computer that could break nearly every kind of encryption used to protect banking, medical, business and government records around the world.”
But Big Brother is hardly the only bad actor in a world of vanishing privacy. Hackers stole 40 million credit card files from Target, including PIN numbers, between last November and December. (On Friday, Target said the theft was more extensive, possibly three times as large and included phone numbers and e-mails). Target’s CEO offered free credit monitoring to put his customers at ease, but technology writers mocked that effort, called cyber security the latest oxymoron—or self-contradictory phrase—and counseled people to “cancel your card, monitor your statements, create a fraud alert and move on.”
Another high-profile privacy-destroying breach involved Snapchat, the smartphone ap that allows users—mostly teens and young adults—to send photos that quickly disappear. Except they don’t. In mid-2013, Snapchat started getting reports from experts that its code was sloppy and recipients could save the photos and other user data. Snapchat executives ignored the warning—just as they thumbed their noses at a multi-billion dollar buyout offer from FaceBook. Last month, hackers decided to teach Snapchat a lesson, and posted an online database with 4.6 million user IDs and phone numbers.
There’s all kinds of bad things that can happen when your digital information is grabbed behind your back. When the government does it, it literally means that there is nowhere to hide if you are judged to be an enemy of the state. This is a dimension that is beyond the already thuggish behavior by local police who have targeted serious protests in recent years by spying upon groups, arresting suspected leaders before major events, and then throwning them out on the sidewalk days later—and pretending nothing happened.
But most Americans’ lives arguably are touched more deeply by the privacy-destroying actions of hackers, online data thieves and for-profit information brokers, all of whom are more intrusive and aggressive in dealing in personal information and data.
The hackers that stole millions of credit card files from Target late last year are reselling individual account data to other online criminals for “$26.60 to $44.80 apiece,” according to KrebsOnSecurity.com, which also reports that the payment in bitcoins or other virtual currencies. That website, run by a former Washington Post reporter, said the Target theft was now flooding underground markets. Like thieves who target e-mail information, they aren’t looking to start shopping using your i-Tunes or FedEx account, but instead want to sell account numbers, log-ins and passwords to others who will then go on buying binges, KrebsOnSecurity.com explained.
What’s creepy about this business model is that it’s very close to what legal information brokers do—such as credit rating agencies—as they sell data on everybody and anybody to whoever is willing to pay their price. These legal data brokers also are targets of thefts, KrebsOnSecurity.com reported, noting its “biggest scoops this year  were stories about breaches at Adobe, Bit9, Experian, LexisNexis, Target and The Washington Post.”
In Experian’s case, it sold “Social Security and drivers license numbers—as well as bank account and credit card data on millions of Americans” to an underground identity theft operation called Superget.info, the blog reported.
What’s even more unnerving is that the latest trend, according to the Wall Street Journal, involves social media companies—Facebook, Twitter, etc.— selling users’ account data to banks and other lenders because these profiles are seen as alternative ways to judge a would-be borrower’s creditworthiness. It’s one thing for Facebook executives to pepper user’s pages with obnoxious ads, as that’s essentiqlly what television has done forever. It’s another thing, however, for it to be collecting and analyzing people’s posts, friends, likes and content, and assessing it and selling that dossier to other businesses.
“Companies are tapping into other sources of data, including PayPal and eBay accounts, to determine not just whether a borrower should get a loan but whether their credit line should be increased,” the Journal said. Consumer advocates are worried that unlike with credit bureaus, the average social media user has almost no way to challenge or correct mistakes made by these information brokers, the paper reported.
Just because almost everyone is tracking or stealing everyone’s data does not make it feel any better. The big picture is unnerving. Government knows your patterns and where to find you. Cyber-criminals have gigantic new black markets for millions of digital data. Social media companies are aggressively packaging and selling user profiles behind people’s backs. And no digital footprint or activity disappears.
Privacy is vanishing before our very eyes, keystroke by keystroke.
Steven Rosenfeld covers democracy issues for AlterNet and is the author of “Count My Vote: A Citizen’s Guide to Voting” (AlterNet Books, 2008).