Just as "a man's home is his castle," most business computer users believe they're in control of the information that they store on their desktop and laptop computers.
But a combination of technical "advances," proposed Canadian legislation, and actions by companies such as Google, Sony and IBM is eroding our digital privacy. Whether you should lie awake worrying about this depends on your level of paranoia, but as the old saw goes, just because you're paranoid doesn't mean they're not out to get you.
Consider Google, the tech darling that just keeps popping up with clever new ideas. Their latest brainwave is the Google web accelerator (GWA), which, they claim, will "help webpages show up in a snap.”
It even keeps track of how much time it has saved you on a little meter.
How do they do that? After all, they're not jumping inside your computer and rejigging the connections, or even installing much in the way of software on your machine. They're doing something much bigger.
Google is making its own copy of the Internet and running it off their servers. So instead of taking a long trip to some webserver halfway across the world, commonly used webpages are served up from one of Google's own computers. It's a logical development, since Google's spider programs are already roaming the web building an index.
With billions of bytes of cheap storage stashed away somewhere, Google just saves what it sees and you get a faster surfing experience.
The problem is that now Google knows everything you do. They see every webpage you visit (except encrypted ones like those used for online banking.) They track your surfing, at least temporarily, in your own private cache somewhere in Googleland.
The company has admitted in a website statement that users of GWA are indeed sending Google "personally identifiable information" such as your e-mail and IP (Internet protocol) address, and they are strangely silent about how long they keep the information or what they might do with it.
Google's privacy policy even notes that things that you didn't ask for may appear in your cache as they "pre-fetch" to try and anticipate what you will request next. Early adopters of GWA also reported finding themselves logged into discussion forums under somebody else's name because of bad caching.
Google is calling this version of GWA a "beta," but it's clearly unacceptable for a business user to get their online wires crossed with somebody else.
In fairness, your Internet service provider (ISP) already sees all this information, but to date they have had little inclination or motivation to keep track of it.
In the absence of a very specific police investigation, most ISPs quickly discard your surfing data, if only so they're not bothered by investigators. They may be about to change.
A bill recently introduced in Parliament would allow police and intelligence officials to require Canadian ISPs to provide information about Internet users. Part of the modernization of investigative techniques Act (Bill 74) updates the old law about phone wiretaps.
In the past, with authorization from a judge, police could ask the phone company to clip onto your line, trace your incoming and outgoing calls, and even record them. Technologies such as voice-over-IP telephony and pay-as-you-go cellphones have hampered police investigations, and they want to play catchup.
They'll still need to get permission from a judge and most privacy advocates are comfortable with this part of the bill.
However, another provision of Bill C-74 allows law enforcement and CSIS officials to demand information such as a phone or Internet subscriber's name, address, phone number and IP address.
Although disclosure would be "subject to privacy safeguards," these are nowhere as strong as those required for wiretaps and generally don't involve seeing a judge.
Police forces would designate people who are authorized to do this, but in a pinch, any police officer could request information from a telecom company by providing "his or her name, rank, badge number and the agency in which he or she is employed" and by stating "that the request is being made in exceptional circumstances."
Privacy advocates fear this may lead to fishing expeditions. For example, police might seize a computer used in online fraud, then scan it for IP addresses and track them back to their owners. You might have sent an innocent e-mail to the owner of the computer, but suddenly find yourself under the microscope.
The erosion of digital privacy has become an epidemic.
Sony BMG Music Entertainment was recently caught sneaking "rootkit software" onto the computers of unsuspecting users.
When consumers played certain Sony music CDs, anti-piracy software was invisibly installed on their computer. Affected CDs ranged from Billie Holiday to Frank Sinatra to Flatt & Scruggs, so they weren't targeting any particular genre of music lover.
When this so-called "XCP Protection" was installed, it opened up a back door for hackers to enter your computer, and, sure enough, somebody quickly found a way to exploit it.
According to a Wired News story by expert Bruce Schneier, the company lied about the behaviour of the rootkit since "Sony claimed the rootkit didn't phone home when it did."
The media giant has wound up with egg on its face and had to pull CDs off the shelves.
They even released a fix, which removed the cloaking but not the rootkit.
Schneier accuses Sony BMG's president Thomas Hesse of demonstrating total disdain for customers by saying, "most people don't even know what a rootkit is, so why should they care about it?" There are lots of reasons to care, starting with the fact that it potentially exposes the information on your computer to prying eyes anywhere in the world.
Perhaps the final step in the loss of control of our digital world is a move to "pay-per-use" software that would reside on another company's computer. Many businesses already use remote contact managers such as Plaxo or Linked-In, which effectively move their business-card file to an outside computer.
Soon, a lot of business software may reside on a distant computer and be used on a "pay-per-use" basis.
Microsoft has toyed with the idea, since it would address piracy issues head on and ensure that the user always had the latest and greatest release.
IBM recently announced a pay-per-use model for users of its Rational software in the Asia market.
Businesses will have to wait to see how this unfolds and Bill C-74 is almost certain to die on the order paper.
Right now the best advice is to think carefully about maintaining control of your information.
Keep those Flatt & Scruggs CDs away from the office computer, and maybe take a pass on GWA.
If the Internet is too slow for you, go grab a coffee, secure in the knowledge that nobody is looking over your shoulder. Yet.
Web Watch: webaccelerator.google.com
(Tom Keenan is a professor at the University of Calgary and an expert on technology and its social implications. He can be reached at keenan@businessedge.ca)
