Is Your Sex Life Really Private? The Truth About Online Dating Sites
Continued from previous page
But advertisers are not the only interested party that might come across how much booze you drink. Thanks to the lack of precautions like HTTPS protection, the information contained in both active and ghost accounts can surface in surprising ways. How would that Ashley Madison adultery account play during a nasty divorce?
In a piece for Computer World, Robert L. Mitchell points out that users would be wise to get to know the sites' privacy policies. "Ideally, you should have a good idea what will happen if the site is presented with a subpoena or court order."
But even sites that promise not to give it up for a subpoena can't fully protect the data, Mitchell explains in his piece, citing lawyer and privacy expert Jonathan Sablone:
"If there's information within that database that may be relevant to a divorce proceeding, then through a court order, it's possible to obtain that. If the court issues an order, you've got to do it" [says Sablone]. While businesses routinely delete old records to protect themselves from future legal discovery requests, many online dating sites don't. "The danger of retaining information longer [than is necessary] is that it opens the door for legal processes down the road," says Sablone.
There's also a multitude of ways that information from a seemingly private profile can be revealed on the web. EFF points out that photos from Web sites can end up in Google Image search, revealing the identity of a user trying to stay anonymous by using a psuedonym (increasing advances in facial recognition technology will make it easier and easier for a person's identity to be ascertained with just a picture). Sites with public profiles allow a user's info to be indexed by Google.
"So think hard about how you’d feel if a potential employer or acquaintance found personal data about you on a dating site. This might be a particular concern for individuals who use niche dating sites, such as HIV-positive or queer dating sites," warns the EFF.
Meanwhile, existing laws are not even close to adequate. The Electronic Communications Privacy Act, which deals with government intrusions, was enacted in 1986.
Court decisions tend to benefit tech companies and aggregators over users. In the 2001 In Re DoubleClick case, highlighted by Lori Andrews in her book, a judge argued in part that a data aggregator was not liable for accessing private information stored on a computer because their intent was to make a profit, rather than commit a crime.
"If someone broke into my house and put a videocam in my bedroom, would we really let him get away with it if he said, I wasn't intending to invade your privacy, I just run a business where we sell sex tapes?" Andrews says, putting the decision in perspective.
The Computer Fraud and Abuse Act, which makes it illegal to break into a computer to access information cannot apply to data aggregators because the person suing must prove a direct hit of $5,000 as a result, Andrews says. The Stored Communications Act, which prohibits accessing stored electronic information, also doesn't do the trick, even though it seems like a natural guard against cookies and other mechanisms for pulling users' data. Courts have interpreted the law in such a way that if a Web site (Facebook, OkCupid) gives consent for a user's information to be tracked by another site (data aggregation company), users whose information is being shared can't sue, says Andrews.
On February 23, the Obama administration released a proposal for an online privacy "bill of rights," calling for technology companies and consumer groups to come up with regulations that would protect consumers. A few big ones signaled that they'd agree to a Do Not Track option, but critics pointed out that the move was basically a promise for self-regulation (and effective self-policing on privacy issues is not something online companies are well known for).