The Greatest Threat to Privacy Part II: Why I Worry More About ISPs Than Google
In a prior post, I began to explain why ISPs pose the greatest threat to privacy in modern life. I argued that many ISPs are likely to begin to experiment with new, more invasive forms of surveillance relying, in part, on so-called Deep-Packet Inspection technology. I am grateful for the vigorous debate which followed in the comments, and I know my article will be much stronger once I incorporate what I have learned reading and responding to these comments.
The last post led only to the conclusion that ISPs pose a great threat to privacy, but to call this the greatest threat in society, I need to answer the question, “compared to what?” In particular, the most common response to my article I have heard is, “Doesn’t Google threaten privacy more?” In this post, let me explain why I worry more about the threat to privacy from ISPs than from Google.
You can hide from Google but it is very hard to hide from your ISP. Even though Google collects a lot of information about what its users do when they use its services, it cannot track what it cannot see. Whenever you leave a Google-owned or affiliated website, Google loses track of you. As you surf the New York Times, Yahoo!, Facebook, Amazon, Craigslist, or eBay, Google has no way of knowing what are you doing. When you communicate via VoIP or download files over BitTorrent, Google has no way of monitoring you.
Your ISP, in contrast, never loses sight of you (unless you encrypt your communications or switch to another provider). In a recent radio interview, I called this a “Godlike” view of the network. As a commenter to a New York Times blog post about my article put it, “Deep Packet Inspection is Adware or Spyware ON YOUR NETWORK.”
More directly to the comparative point, your ISP can see nearly everything you do through Google. Virtually no Google service uses encryption by default. Your ISP, if it chooses to watch, can see and record every Google search query, Google Calendar entry, YouTube video stream, and Google Reader request. For this reason, the threat to privacy from Google is merely a subset of the threat from your ISP, assuming of course that your ISP is watching.
This last caveat is the one that frustrates some readers. Sure, the potential threat to an ISP-gone-bad is dire, they might concede, but no ISP is actually collecting this much information. Most ISPs are respectful of user privacy, they would argue, and possess the self-control to refuse to watch most of what their users are doing.
But as I said in the last post, even if no ISPs are collecting this much information today, I predict that they will in the near future thanks to the means, motive, and opportunity at their disposal. A few commenters have rightly pushed me on ISP motive: what proof do I have that ISPs are feeling pressure to collect more information? First, Charter, AT&T, several British ISPs, and others have proposed or implemented new monitoring schemes in the past year. Second, for many years, ISPs have persistently complained about their dire financial prospects, arguing that they cannot afford to upgrade their infrastructure without new strategies for better return on investment (ROI). I know of few other plausible ways for ISPs to improve ROI, except by monetizing user secrets.
I plan to write at least one more post on this topic, but for now, let me turn it back over to the commenters. Please remember that this is a very brief synopsis of a 77 page, 34,000+ word draft, and I urge you to at least skim the article before you respond…