As General David Petraeus Can Attest, There are No Secrets on the Internet

Linda Musthaler
By | December 27, 2012

Posted in: Network Security Trends

In his famous book 1984, George Orwell wrote, “If you want to keep a secret, you must also keep it from yourself.” With apologies to Orwell, I’m going to rewrite the quote: “If you want to keep a secret, you must also keep it from the Internet.” There’s an interesting story about online privacy – or really the lack thereof – on the CNN Radio network that explains why I’ve taken the liberty to change Orwell’s reference.

CNN Radio host Jonathan Binder and Buzzfeed deputy tech editor John Herman talk about how there are no secrets on the Internet. Herman points out that many people have social profiles that they’ve chosen to put online. But in addition to the personal narrative that individuals provide about themselves, there are “Internet profiles” that are created and maintained by default whenever we do any activity online.

We’re all familiar with social profiles. They consist of the information and photos we share on Facebook, LinkedIn and countless other websites. In general, the person creating a profile gets to choose what content to include as well as who it can be shared with. Yeah, occasionally someone posts a photo of you on their Facebook page without your knowledge, but hopefully it’s a flattering one. (If not, you can ask them to take it down and hope they honor your request.)

An Internet profile is far less selective in its content gathering process. This kind of profile consists of logs, cookies, URLs and IP addresses that document everywhere you have gone on the Web and everything you have done. It includes telephony logs and SMS routing information for people you have called or texted. It has information about every purchase you have made with a mobile wallet, including what you bought, where you bought it and how much you paid. And, when GPS information is collected, these profiles know precisely where you were when you did such actions. In short, these profiles contain the digital DNA of your life in cyberspace.

As Buzzfeed’s Herman points out in the radio broadcast, search engines like Google, Yahoo and Bing absorb everything that you research. Every search request you make – no matter how personal or sordid – is captured and stored. (For example, we now know that acquitted murder suspect Casey Anthony did searches on “suffocation methods.”) By your very use of the search engines and other online tools, you give tacit approval of this data collection. It’s all spelled out in each application’s privacy statement, which is required to outline what data is collected (i.e., your Internet profile for that application) and how it may be used.

Because this data is collected and stored by numerous software companies and service providers, each of us has numerous Internet profiles. It’s not like Google, Microsoft, Apple, Yahoo, et. al. have gotten together to consolidate all the data points into one giant log on each and every person.

Despite the privacy concerns, there are legitimate reasons why companies would want to collect and store your Internet profile. As Google points out in its privacy policy, the company collects data on you in order “to serve you better,” such as with more targeted and relevant advertisements, or to present you with localized content in your native language.

Advertisers aren’t the only ones who want to know more about you. It turns out that government agencies have a strong interest in what some people do online. Google and other companies have started tracking requests from these agencies to provide a range of information about specific individuals. Twice a year, Google publishes a Transparency Report that summarizes which countries have requested activity information for certain people; how many requests are made in a given time period, and how many times Google complied with the requests. As the chart below shows, the number of requests is increasing as time goes by.

Online person data security

Source: Google blog

U.S. government agencies top the list of requestors. Google doesn’t specify in its Transparency Reports who the requestors are, but we can presume that law enforcement agencies would be very interested in checking the search and browser history, contents of gmail accounts and similar information for suspected criminals. (It’s entirely possible that the FBI made such a request when it was looking into the harassing emails sent by Paula Broadwell to Jill Kelly that ultimately led to the revelation of David Petraeus’s extra-marital affair.)

It should be noted that these requests can be made and fulfilled without a search warrant. The U.S. law governing requests for online information, the Electronic Communications Privacy Act, was written in 1986—long before the Internet age. For its part, Google says it doesn’t automatically respond to every request for information, but at least 90% of recent U.S. agency requests were fulfilled.

I have another concern when it comes to the privacy of these Internet profiles. What if one of the companies storing such profiles suffers a data breach? It’s not unprecedented. Herman says that in 2006, AOL suffered a breach of search logs of more than 600,000 users. Part of the logs revealed some very personal search information which Herman calls “peeks into the depths of people’s souls.”

Most people think that interactions with computers are impersonal and private. After all, computers are just machines. But computers log everything, no matter how personal or how mundane, and these logs can be accessed by humans who have an interest in the data.

Short of staying off the Internet entirely, there’s little that we can do to protect ourselves from having our deepest, darkest secrets logged when we conduct personal matters via the Internet. Thankfully many of the logs are anonymized and not publicly searchable, but still it’s good to remember, if you want to keep a secret, you must also keep it from the Internet.

You May Also Be Interested In: