Privacy is for Everyone, Not Just the Rich

“We need to try and secure our personal information now.”

This is Intersections, a column by Kashana Cauley. Every other month, Cauley will explore the intersection of class and culture in her life.

A couple of years ago, while planning a family trip to DC, I booked the sort of mildly sketchy-looking hotel room that I thought was priced well enough to overlook its warning signs. But when I gained access to the room’s full terms and conditions, I learned I had to pay an extra three hundred dollar fee upon check-in or check out. What this means is that I clicked “reserve” on the bottom of a webpage that presented me with one room cost, and landed on a reservation confirmation page that presented me with a brand new total room cost that was three hundred dollars more expensive. I called the hotel, where the person who answered the phone called the extra three hundred dollars a “cleaning fee” and confirmed that yes, the first place the fee appeared in the process of making the reservation was on the confirmation screen. The reservation was listed as non-refundable, but I’d had some luck getting past refunds from the booking website that had handled the reservation in previous cases if I could present compelling enough extenuating circumstances for their taste.

I called the booking site, where an operator told me to call the hotel. The person I spoke to at the hotel promised to consider my refund request over the next week, during which the hotel’s Armenian owners emailed me three times, ordering me to cancel my request and pay them the cost of the room in Armenian currency, even though they still had my original payment in dollars. If I didn’t drop my dispute, their emails said, they were prepared to send what they called my “debt” to a collections agency and ruin my credit. I was terrified. I’d given them my credit card number and home address for the room booking, so they could theoretically do anything from make other charges on my card to show up at my apartment.

I called the booking agency, who said they couldn’t do anything about the threats, and the hotel itself, which said the same thing. I went to Expedia.com, the booking site’s parent company, to search for the email addresses of their head of customer service and CEO, figuring that one of them might care that they did business with hotels that engaged in extortion. The customer service head never emailed me back; the CEO had no publicly available contact information. In my previous life as a lawyer I’d been paid, in part, to locate people who didn’t wish to be reached; I had never before encountered a person whose contact information couldn’t be found. I’d successfully written plenty of CEOs about contract disputes arising out of goods or services I’d purchased, and so I was shocked to see that one of them remained unreachable. The Armenians sent me three more threatening emails before the hotel let me know they’d declined my refund request. I spent a week shaking and afraid. Fresh waves of fear rose up with every threatening email, especially since they always arrived shortly before seven a.m., a great hour for even normal information to appear unsettling.

I filed complaints with the Federal Trade Commission and the Department of Justice; though I knew they received thousands of complaints a year and were therefore unlikely to answer mine, many of the reviews of the hotel that I dug up around the internet vaguely described issues regarding payments and logistics that sounded similar, and figured maybe if the agencies had received a ton of complaints perhaps they’d be willing to look into why Expedia, which remains a very popular travel booking site, allowed this sort of extortion. Neither agency responded. All the while I thought of the unreachable Expedia CEO, especially since I’d recently learned of the existence of indexing databases that put copious amounts of everyday Americans’ personal information online, including individual’s home addresses. So CEOs were starting to hide their contact information from the public while the general public’s private information was on the internet for all to find.

*

“Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual . . . the right ‘to be let alone’ . . . Numerous mechanical devices threaten to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the house-tops[,]” wrote Louis Brandeis in his seminal 1890 Harvard Law Review article “The Right to Privacy,” a passionate warning about the potential privacy-destroying means of the portable camera and celebrity journalism, twenty-six years before he joined the Supreme Court, though his words perfectly suit our era of smartphones and laptops. “The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual, but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury[,]” he said. In 1928, thanks to wiretapping and the popularity of the telephone, Brandeis argued for a constitutional right to privacy in his dissenting opinion in Olmstead v. U.S.

Over one hundred years later—since Brandeis first warned that ordinary citizens should have a right to privacy—we’ve done nothing but lose ground on what privacy we can claim, thanks in no small part to the Patriot Act, passed in 2001 but renewed until 2019, a piece of legislation that turned a fear of Muslim terrorism into a sweeping federal government ability to monitor phone and email communications, collect bank records and credit reports, and track ordinary citizens’ internet activity in the name of national security.

A federal court ruled in 2015 that section 215 of the Act, which allows the feds to collect “any tangible things” that the government proves are “relevant to” a terror investigation, was illegal because, in its failure to set limits on the material collected, the government was likely to gather personal material far beyond the bounds of terror investigations, including the times and places of all phone calls Americans made—information that could reveal “civil, political or religious affiliations,” personal behavior and “intimate relationships.” The judge who found section 215 illegal stated that the provision, as written, “would be an unprecedented contraction of the privacy expectations of all Americans.”

While a court order is now required to obtain the phone records previously collected by the National Security Agency under Section 215, Executive Order 12333, according to privacy and security bloggers, allows the government to collect more of the types of records that Section 215 authorized so long as the collection is done from overseas. Section 215 wouldn’t have been challenged if Edward Snowden hadn’t leaked documents that explained what was in it. No one’s blown the whistle hard enough on Executive Order 12333 for us to be certain what powers it grants the government, but we do know that it’s used solely by the executive branch with no congressional oversight, and that the NSA gets much more of Americans’ data from it than Section 215.

In addition to the federal government’s surveillance activities, the use of social media has meant that more people are voluntarily posting personal information on the internet. It would be a mistake to assume that this increased public activity means that users have no personal limits on how much of their information should be available to the general public, like their real names if they post under aliases, or their home addresses. But in January 2010, Mark Zuckerberg, Facebook’s founder, said that privacy was no longer a “social norm”—thanks to people’s willing participation in social networking—just after Facebook changed all users’ status updates to “public” as a default setting and civil liberties groups revolted at the service’s sudden privacy threat. While the rise of social media does mean we’re all putting more information online, Zuckerberg’s blithe declaration sounds more like a cynical move to get more data out of Facebook users than an accurate description of a world where Americans would like every single aspect of their on or offline lives revealed to the public, given the subsequent controversy that arose in 2012 when Facebook instituted a real name policy.

Zuckerberg himself provides a great example of why it isn’t true that we’d like our whole selves thrown into the public square: In May of this year, the San Francisco Gate reported that he bought four houses surrounding his Palo Alto home as a “buffer zone” to protect his privacy after learning that a developer planned to build a house next door that would have a view into his master bedroom. He doesn’t want us to be able to protect our privacy, but he’s ok with spending thirty million dollars to buy four buffer houses to guard his.

Research and ad firms, trade associations, and other internet companies are also gathering data about us and selling it to each other, advertisers, and the government. While these brokers have collected consumer information for decades, they’re able to collect a larger volume of data about us than they could in the past, and their data contains information such as our races, ethnicities, religions, political affiliations, medical history, income, home addresses and day-to-day internet usage.

As data brokers, social media programs, and governments dig deeper into our data, expensive privacy-protecting products are flooding into the market. The rich can pay hundreds or thousands of dollars for an encrypted phone or purchase privacy protection services that remove their information from marketing databases. Even free methods to protect your privacy, such as turning off cookies, disabling Bluetooth on your phone, and using cash tend to be employed by the highly educated and/or rich.

Still, it would be a mistake to avoid doing what you can to protect your privacy, especially given the oncoming Trump administration, which will soon have access to all the federal government’s surveillance and incarceration tools, and is headed by a man who enjoys threatening his opponents with consequences such as deportation, incarceration, and increased police presence. Trump has focused on Muslims, Mexicans, Jews, people of color generally, immigrants, and journalists, but became known over the course of the election campaign as a man unafraid to change his mind regarding who, exactly, his enemies were.

The rich are better able to protect themselves from the judicial and other consequences of privacy breaches, which makes it more important for the rest of us to buffer ourselves against the possible consequences of our personal information falling into the wrong hands, since we’re less able to get ourselves out of jail or other trouble if that happens. We are going to have to try and create the privacy we want for ourselves in the world. Though rich people have more access to expensive privacy-preserving tools, there are many free techniques the rest of us can utilize to try and protect our information.

In addition to turning off cookies, switching off Bluetooth on your phone, taping over your laptop’s camera and microphone jack, and using cash, you can switch to Firefox or Opera as safer browser alternatives to Google Chrome, contact friends and family using the app Signal, which encrypts communications, and go to StopDataMining.me and click on the blue “take control of your data” button, which pulls up a list of fifty data brokers and provides steps for how to opt out of having your information collected on their services. You can also use a virtual private network like Hotspot Shield VPN, which covers up your IP address and protects you from hackers. Turning on two-factor authentication for services that support it, like Twitter and Amazon, forces you to approve every login with a mobile device, but protects you from hackers. Password managers create a different randomized password for every site you visit and remember them for you.

Since the DC hotel booking fiasco I’ve taken steps to protect my personal information. I suggest you do the same. We need to have a national conversation about just how much of everyone’s personal information the government truly needs for national security purposes, given the court order that found Section 215 of the Patriot Act illegal, and the government’s subsequent decision to march on anyway in its collection of enormous swaths of the same sort of information under Executive Order 12333. While there are numerous privacy and security advocates who have initiated a discussion about what sort of privacy measures ordinary Americans need, this is a good time to note that many of us can’t afford to wait for its conclusion. We need to try and secure our personal information now.