JUDY WOODRUFF: Internet hackers dumped troves of personal information this week stolen from an adultery Web site, raising new questions about online privacy and the ability of Web sites to protect it.
Hari Sreenivasan has our look.
HARI SREENIVASAN: The hackers said the attack on Ashley Madison was motivated by the failure of its parent company to deliver on a service that promised to erase users’ information for a fee. Millions of names, e-mail addresses and partial credit card numbers were released, a public outing that has raised questions about how much privacy any of us enjoy online.
Joining me to discuss this are Neil Richards, a professor of law at Washington University in Saint Louis, where he studies privacy and the Internet. His recent book is “Intellectual Privacy: Rethinking Civil Liberties in the Digital Age.” And Julia Angwin, who covers privacy for ProPublica, her most recent book is called “Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance.”
All right, so, Neil, I want to start with you first.
We have had the Sony Pictures hack, where thousands of employees of a corporation had their communication and their information released. We have had the Office of Personnel Management hacked, 22 million employees of the federal government, right?
We have also had celebrity hacks before, where unsuspecting celebrities had their photos from iPhones or iClouds released. What makes this different?
NEIL RICHARDS, Washington University: Well, it’s certainly different because it’s more salacious. Right? It involves sex and betrayal.
I think the magnitude of the hack and the sensitivity of the information that is being exposed. I think it’s important that we think about these questions, because this is a little more juicy in terms of — maybe like tabloid news, than some of the other hacks, but it’s important to draw attention to what is an increasingly enormous problem.
HARI SREENIVASAN: So, Julia, I want to ask. There is this notion that your information, especially on a sensitive site like this, sits in a lockbox. And to credit this site, this digital set of locks that they had was actually better than average.
But is there such a thing as true security? As soon as you type something, is it out there forever?
JULIA ANGWIN, ProPublica: Sadly, what we’re learning is that there doesn’t seem to be a lot of true security out there in the real world.
There might well be some theoretically really secure stuff. But we have seen OPM hacked, which is the government, very sensitive files. To be — you could consider what Snowden did at the NSA to be something akin — taking files that should have been secured.
So, it seems as though nothing is impenetrable. But it doesn’t have to be that way, I think. I mean, there is another world you can imagine where the data would be secure, and we have to build that, I think.
HARI SREENIVASAN: So, Julia, staying with you for a second, is this the reason that some of these ephemeral platforms, like Snapchat, where you’re writing with the equivalent of digital disappearing ink, or Periscope, where your live-stream disappears in 24 hours, is that the reason that people are going on to this, because they think that they don’t want to leave a digital trail? And I guess the follow-up is, is it truly temporary?
JULIA ANGWIN: Right.
Well, I think you’re right that the reason people are going to ephemeral is exactly this. Right? You don’t want to have a permanent record of everything that you do in life. And in the world we live in with digital data has led to that kind of world, where there is kind of a permanent record for everything.
The problem with the ephemeral services is that some of them have proved to not to be that ephemeral. So, the Snapchat, for instance, just settled with the FTC because their data wasn’t as ephemeral as they had promised it to be, so I think we’re still awaiting the true promise of ephemeral data.
HARI SREENIVASAN: Neil, there’s this transparency camp out there that says, you know what, if you weren’t planning on having an affair, you have got nothing to hide. There seems to be a distinction between privacy and secrecy. Privacy, to me, implies a level of control, almost a freedom that I have to choose whom to share this information with.
NEIL RICHARDS: Yes, I think it makes for a good sound bite, but it doesn’t make for very good policy to say that we should just make everything transparent and people with nothing to hide have nothing to fear.
We all wear clothes, we all lock our houses, we all like passwords on our accounts. And I think the issue here is not one of whether some people who cheated on their marriages got their comeuppance. I think it’s a much more important question, which is, are we going to be able to trust the information relationship which increasingly characterize our lives?
And, yes, dating sites are among them, but more important then are things like social network sites, and search engines, and data brokers, and our credit card companies and our retirement accounts. All of these are information relationships. They’re all safeguarded by some levels of security.
And I think the Ashley Madison story is a salacious one, but it’s an important reminder we need to do a better job safeguarding our sensitive data as a society. And that means we need better technical practices, we need better laws, better incentives for companies to do this.
We have a lot to do. And I think this is — and it’s important that we’re focusing on this, because ultimately what’s at stake is whether we can continue to trust our digital society.
HARI SREENIVASAN: Neil, is the notion of privacy an antiquated idea or perhaps is it different from generation to generation?
NEIL RICHARDS: Well, people have been bemoaning the death of privacy in American life for about 130 years, since the late 19th century.
Privacy is about what kind of information we have control over, about how we get embarrassed, what information restrictions can do for us. Privacy depends upon social norms. It’s always changing. But in an information society — and that’s what we’re living in — if we have no privacy, if we have no privacy rules, if we have no information rules, which means we have no rules.
And so rules governing passwords, personal data, search engines, consumer credit reports, they are essential. And I think we are struggling — as in other areas of the Internet, we are struggling and stumbling into the future half-blind, because we have never built this before. But it’s important. As Julia said, we can do a better job than we’re doing and we need to build it right.
HARI SREENIVASAN: Julia, one of the things you looked at in your book or for your book was trying to find all the information about you that exists.
And obviously there’s public records out there. We can try to guess what’s available, but what surprised you?
JULIA ANGWIN: So, I went and tried to find as much as I could about myself.
And I wasn’t that successful. It’s worth pointing out that there are not good laws accessing you access to your data. But of the data that I found, I found the obvious things, the property records, the car ownership. But what surprised me was the fact that they knew I bought underwear online the last week, and that that was a file that is sold to marketers.
I also found, by the way, the government, through some confusing slip-up with my employer, had access to my travel plans as a reporter and who I was planning to see. Because of the way we used our system, the database was being sent in entirety of my future travel plans to a government database. So there was actually really surprising and disturbing stuff in there.
HARI SREENIVASAN: So, Julia, you took some elaborate measures that most of us can’t take. You have essentially got an alternate identity, credit cards, et cetera, et cetera.
But let’s say we’re not going to go that far. Are there safe information-sharing practices, things that we can do on a daily basis to safeguard against this?
JULIA ANGWIN: I mean, I wish I could give you a better set of guidelines, but it’s — the fact is that it’s really hard to avoid these kinds of things.
However, that said, some basic precautions are better passwords, really long passwords, so as long as you can make it, 30 to 40 characters. And, actually, you know, I — you talk about fake identities like it’s a crazy thing, but it makes sense to have a couple of different e-mail addresses maybe not with your right name for which you register for sites like Ashley Madison, for instance.
HARI SREENIVASAN: Sure.
All right, Julia Angwin, Neil Richards, thank you both for your time.
JULIA ANGWIN: Thank you.
NEIL RICHARDS: Thank you.