Timeline of Online Privacy (1969-2021)

We have come to an era, where our online privacy is on the brink of extinction. Battered and bruised by the decades of abuse, it’s only hanging by a thread.

I’m not being melodramatic, just look around and ask yourself, is my life really private? If you belong to the delusional half of the world’s population, let me tell you, other than a tiny sliver of privacy, there’s not much to cling on to.

And we are to be blamed for our vanishing online privacy. Let’s face the reality for a second, if a stranger walks up to you, would you give him your name, Social Security number or e-mail address?

No right? Yet we dole out all sorts of personal information on the Internet without even batting an eye.

Instead of rebelling against the invasion of personal privacy, we‘ve become docile. Despite having some sense of alluded online surveillance, our social, financial, and even sexual interactions still take place over the internet.

But there is still hope out there. With the avalanche of news that Edward Snowden brought to light, things are looking better for the future.

On that note, in this article, I’m going to take you on a trip down memory lane. From 1969 to the current day, let’s see how far our online privacy has come since then.

The Desperate Need for a Privacy Policy – 1969

In 1968, the European Council began to realize the threat posed by computing technology due to inadequate handling of personal information.

A year later in 1969, the Organization for Economic Co-operation and Development or (OECD), raised concerns of personal information leaving the country and demanded the council to develop a policy to protect personal information held by both the private and public sectors.

This led to the creation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, or more commonly known as Convention 108 in 1981.

But according to research conducted by The Electronic Privacy Information Center (EPIC) in 1997, out of 100 most frequently visited websites, only 17 had published their privacy policies. Even worse, none of the reviewed websites met basic standards for privacy protection.

Identity Theft – 1990

The term “identity theft” might be relatively new but in reality, it is a century’s old problem. For hundreds of years, identity theft has been a truly gruesome crime, to say the least.

Criminals looking to escape or people who desire to start fresh would steal names, social security numbers, and family history of people whose identities closely matched their own.

By the 1990s, the term identity theft got much more sinister, thanks to the introduction of the Internet in homes and businesses.

According to the FTC, within a decade, 62% of identity theft cases were committed over the Internet. And those statistics drastically increased over the years.

The reason was simple enough, instead of murdering someone or stealing confidential documents by breaking into someone’s house, criminals could simply steal it over the internet.

Stealing personal information over the internet also meant that they weren’t leaving any physical evidence behind. Hence, hacking using viruses, malware, and other methods became widespread.

Just to give you a perspective of the severity of identity theft cases, in 2010, 7.0% of households in the United States reported identity fraud.

People like Phillip Cummings and Abraham Abdallah have stolen millions of dollars for unsuspecting victims. Even America’s richest people, Warren Buffet and Steven Spielberg were victims of identity theft.

The inception of the dreaded cookie – 1994

Cookies are great, but only the kind that you can eat. As far as browser cookies are concerned, they are nasty.

Created by Lou Montulli in 1994 for Netscape, they are small text files that reside on your computer and collect information about the sites you visit.

Cookies are used to remember whether you’ve visited certain websites, autocomplete forms, and even remember what you had in your shopping cart, the last time you visited the site.

Although its intended purpose is to manage browsing sessions, in a sense that it stores your preferences, cookies can also be used for tracking and for delivering targeted ads that many people don’t like.

Even though cookies were widely commercialized soon after its inception back in 1994, the general public was only made aware of it in 1996 when the media highlighted it as a threat to privacy.

The concerns were simple; cookies were storing information on user’s computers without their knowledge or their prior consent.

The appalling revelation generated enough uproar, that the U.S. Department of Energy Computer Incident Advisory Capability released an official statement rectifying that snooping by using Web browser cookies is essentially nonexistent.

Although it might be true, however, according to Cookie Central:

“The original intent of the cookie has been subverted by some unscrupulous entities who have found a way to use this process to actually track your movements across the Web. They do this by surreptitiously planting their cookies and then retrieving them in such a way that allows them to build detailed profiles of your interests, spending habits, and lifestyle”.

Data Retention & the European Data Protection Directive -1995

Data retention and the internet have always had a complicated relationship. Even in the early days to the internet and overall general telecommunication, law enforcement agencies around the world have demanded some sort of “data retention” requirement.

More specifically, to mandate telecommunication providers to intercept and collect Metadata of telephone calls, e-mail messages, and other communications of their users.

The 1979 Telecommunications (Interception and Access) Act of the Australian law is one such example.

Based on those concerns, in 1995, the Data Protection Directive was established to provide a proper framework for secure and free movement of personal data throughout EU member countries.

Ironically, the directive did not prevent telecom companies from collecting Metadata in the first place. Hence to this day, data retention is a widely concerning and debatable topic.

The 1995 directive has undergone multiple changes over the year and transformed into what we now know as GDPR, however, data retention has still stayed the same.

Data Retention & the European Data Protection Directive 1995

General Data Protection Regulation (GDPR)

GPS Cell Phone Surveillance – 1998

Phone surveillance is nothing new, in fact, even before the era of mobile phones, surveillance agencies used wiretapping to find the source of the call. However, with the advent of GPS enabled cellphones, phone surveillance got astronomically precise.

By 1998, cellphones were slowly tensioning into becoming tracking devices. With the launch of Benefon in 1999, GPS enabled phones were mostly marketed as safety phones.

Even the FCC reassured that the cell-locating would primarily assist emergency services to quickly reach the location of the 911 caller.

However, privacy advocates were more concerned about what such advance location tracking could be used for if it lands in the hands of law enforcement agencies (FBI).

Those against cellphone tracking emphasized that unlike the wired landlines; cell phones were more specifically associated with an individual and could accurately identify their minute-by-minute location.

According to James Dempsey, senior staff counsel of the Center for Democracy and Technology at the time, with GPS phone tracking, “your phone has become an ankle bracelet.” [Source]

George W. Bush Passes the Patriot Act – 2001

The September 11 terror attack was the beginning of the new age of global surveillance. Just six weeks after the 9/11 terrorist attacks, President George W. Bush signed the Patriot Act into law.

The law granted unimaginable powers to the law enforcement and intelligence agencies to aid them in their war against terror. However, in retrospect, the law that was supposed to safeguard citizens was actually infringing on their rights.

For instance, Section 215 of the Patriot Act grants law enforcement legal power to obtain secret court orders for business records and other personally identifiable documents such as driver’s license, credit card records, Internet history, and much more.

Another frightening provision of the Patriot Act is called the National Security Letters (NSLs). By issuing NSLs, The FBI was able to demand various records such as phone records, bank account information, and even Internet activities, all without requiring a court order.

Lastly, Section 213 of the Patriot Act, infamously known as the “sneak and peek” warrant, allowed law enforcement to raid a suspect’s house and lawfully peak through any personal belongings for investigation. [Source]

Pentagon Total Information Awareness Program – 2002

Soon after the Patriot Act widened the scope of the Foreign Intelligence Surveillance Act (FISA), in 2002, it was revealed that the Pentagon was developing a highly sophisticated computer system for searching personal information of Americans to fight terrorism.

The powerful system was dubbed the “Total Information Awareness” and enabled intelligence agents to find out hidden patterns of activity with powerful computers using advanced data mining techniques.

As Vice Adm. John M. Poindexter stated, the Total Information Awareness system would grant intelligence agencies instant access to information from Internet emails, call records, travel documents, and even credit cards and banking transactions without a search warrant.

The Cato.org warned about the surveillance program and raised Fourth Amendment concerns. The American Civil Liberties Union (ACLU) called the program a virtual dragnet that requires governments to “to collect as much information as it can about everyone”.

Even The US Senate led by senators Ron Wyden and Byron Dorgan anonymously voted to end the program soon after it was announced. [Source]

Within months of the shocking revelation, the program’s name was changed from “Total Information Awareness” to “Terrorism Information Awareness” to deceive the public, however, the program’s agenda remained the same. [Source]

Bush Allows NSA Eavesdropping on US Citizens- 2005

According to the New York Times, few months after the 9/11 attacks, President Bush secretly granted NSA permission to eavesdrop on American citizens as well as others residing in the country to gather evidence of terrorist activities without requiring court warrants.

After the presidential order was signed in 2002, the intelligence agency actively monitored hundreds, perhaps thousands of international phone calls and e-mail without warrants in an attempt to track “dirty numbers” linked to Al Qaeda.

According to several officials, since 2002, law enforcement agencies conducted warrantless eavesdropping on people in the United States who were even remotely linked to suspected terrorists through chain of phone numbers and email addresses.

Even though many aspects of the surveillance program remained a secret, officials familiar with NSA speculated that around 500 individuals in the United States eavesdropped at any given time. [Source]

Facebook Angers Users with News Feed – 2006

Back in 2006, Facebook had only been out for 2 years when it faced major backlash from its massive user base due to its overly intrusive Newsfeed feature.

The Newsfeed feature chronicled the daily life of Facebook users and allowed friends to view it right from their home page rather than visiting individual profiles. What’s was even worse, everything got documented with time stamps. [Source]

Although the Newsfeed feature is still being used by Facebook today, back in the day, it angered a huge chunk of its 8 million user base. Not everyone was comfortable with their personal life being on display for their friends.

Within 24 hours of the launch, an estimated 1 million Facebook users organized a protest against the new feature. Ironically it all happened on Facebook itself through a group called, “Facebook News Feed protest groups“.

However, even after the massive outcry, Facebook still didn’t discontinue the feature, and the protest eventually died down after a while. [Source]

Facebook’s Beacon Invades Users Privacy Again- 2007

Only a year after the Newsfeed controversy, Facebook introduced another new feature called Beacon which disappointed Facebook users all over again.

The Beacon feature allowed companies to track purchases made by Facebook users and then broadcast those products to their friends without user consent. [Source]

This obviously sparked widespread criticism and even a lawsuit against the company. Although Facebook never admitted any wrongdoing, as part of a court settlement, the company ultimately took down Beacon and agreed to pay $9.5 million to fund a nonprofit foundation that will promote the cause of online privacy, safety, and security. [Source]

Google’s Intrusive Street View – 2007

Back in 2007, Google introduced a new feature in its maps application called the “Street View”, which offered a full panoramic walk around different cities around the world.

With the help of powerful cameras mounted on top of cars, Google Street View feature captured highly detailed 3D images of various cities and offered a highly intuitive navigation experience.

However, due to the intrusive nature of high-quality images captured by Google, it soon sparked widespread privacy concerns. But high-quality images were not the only thing Google’s Street View cars were gathering.

In fact, after a data audit was demanded by the German data protection authority, it was revealed that Google’s Street View cars were fitted with antennas that scanned local Wi-Fi networks for its location services. [Sources]

More specifically, Google was also secretly siphoning vast amount of Wi-Fi data with the help of Wi-Fi receivers mounted in the Street View vehicles.

Further independent investigations revealed that Google was collecting Mac addresses, Network SSIDs, and even stored Wi-Fi transmission data, which not only included email passwords but also email content. [Source]

Google initially denied that it collected Wi-Fi data and blamed the whole mishap on a legacy code; however, the giant later admitted that it had in fact collected entire emails, URLs as well as passwords in some instances.

Bush Makes Amendments to FISA – 2008

Back in July of 2008, President Bush signed the (FISA) Amendments Act of 2008, officially known as the (H.R. 6304), which authorized courts to grant immunity to telecom companies that participated in the morally illegal warrantless surveillance programs during the post-September 11 eras.

The bill was put forward to end the number of pending lawsuits against the major US telecom providers that were accused of giving the Bush administration illegal access to communications records of millions of Americans and establish even more powerful new rules for government surveillance through electronic communications in the United States.

Facebook’s Flawed Privacy Policy – 2009

Already dealing with quite the controversies, Facebook again stole the limelight in 2009 with its flawed revamped privacy policy.

Civil liberties campaigners were outraged over the new privacy settings that dramatically increased the number of personal information people unintentionally expose online.

American Civil Liberties Union and a bunch of other Privacy groups were appalled by the new change and called it “flawed” and “worrisome“.

According to EFF (Electronic Frontier Foundation), with the new privacy settings implemented, “Information That You Used to Control Is Now Treated as “Publicly Available,” and You Can’t Opt Out of the “Sharing” of Your Information with Facebook Apps” [Source]

Nicole Ozer, the civil liberties policy and technology director of ACLU said in a statement:

“Before the recent changes, you had the option of exposing only a “limited” profile, consisting of as little as your name and networks, to other Facebook users—and nothing at all to internet users at large,”

“Now your profile picture, current city, friends list, gender, and fan pages are ‘publicly available information’, which means you have no way to prevent any other Facebook user from viewing this information on your profile”.

Google Buzz Privacy Implications – 2011

Combining a public broadcasting product, (Buzz), with a product that was meant to keep things private (Gmail), was bound to create serious implications right from the start.

Back in 2011, Google had a bright idea to merge their public podcasting product called Buzz with their private and secure email client – Gmail.

According to the New York Times, many Gmail users were shocked and outraged over the fact that their private Gmail address books were publically viewable to everyone in their address books thanks to Buzz.

Other than straight-up shattering the fine line between privacy, the fact that Google Buzz was an opt-out rather than an opt-in feature, caused quite an outcry from privacy groups.

Without proper disclosure or an option to not sign up for Buzz, Google automatically signed up all existing Gmail users for Buzz.

Although Buzz had countless privacy implications, one of the most prominent cases was put forward by the New York Times in which a woman’s Gmail address book was exposed to her abusive ex-boyfriend.

Due to serious privacy implications, privacy groups like the EFF filed legal complaints to the Federal Trade Commission to investigate Google Buzz.

Based on serious outcry, Google eventually settled the lawsuit for settled for $8.5 million and agreed with FTC to be independently audited for over the next 20 years.

Google Gets Sued for $22.5 Million by the FTC – 2011

Just a year after the company settled a massive lawsuit of $8.5 million in 2010, Google was yet again facing one of the largest ever FTC Penalty for misrepresenting their privacy assurances regarding Apple’s Safari internet browser and web tracking.

According to the complaint put forward by the FTC, Google lied about the Safari browser being able to block third-party cookies by default, when in reality Google itself actually placed tracking cookies on consumers’ computers by circumventing the Safari browser’s so-called cookie-blocking setting.

Due to misleading and exploiting Safari users, the FTC charged a record $22.5 million civil penalty to Google, which the company later agreed to pay after major backlash. [Source]

Edward Snowden’s Shocking Revelations – 2013

Edward Snowden, An American whistle-blower, and a former Central Intelligence Agency (CIA) employee secretly copied and leaked highly classified documents of the National Security Agency (NSA) in 2013.

As reported by the Guardian, under a top-secret court order issued in April, the NSA was collecting phone records of millions of US customers with the help of America’s largest telecom provider, Verizon. [Source]

Cambridge Analytica Scandal – 2018

Back in 2018, an undercover sting operation revealed that Cambridge Analytica, a political consulting firm, worked for the Trump campaign and harvested raw data of up to 87 million Facebook users. [Source]

The unethical data mining of personal data was speculated to influence the outcome of the 2016 U.S. presidential election and the Brexit vote.

With the help of an app called “thisisyourdigitallife”, users were paid to take part in the psychological test and the app collected all their data. Not only that, but the app also gathered data on a person’s Facebook friends as well. [Source]

According to whistleblower Christopher Wylie, data sold to Cambridge Analytica was used for “psychographic” profile generation and for delivering pro-Trump material to online users.

Based on strong evidence, Cambridge Analytica got shut down for mishandling Facebook user data and Facebook faced major scrutiny from regulatory authorities.

Facial Recognition Exploitation – 2019

Arguably, facial recognition is not something that just recently emerged. In fact, it has been around since 1964. However, what’s concerning is the fact that 2019 was the year when facial recognition began being widely adopted for surveillance purposes.

At first, facial recognition technology was advertised as a means of smart biometrics. But just as we became familiar with the technology and started using it on our phones, it quickly turned out to be something much more sinister. Not only is this technology powered by biased data that can discriminate against certain groups but it is also susceptible to breaches with grave consequences.

Back in 2017, a proposal was passed to deploy facial recognition technology at major airports across the US. By 2021, international travelers residing inside US borders will be mandated to have their faces scanned before traveling.

But despite government efforts to label unjust facial recognition surveillance as a need for “public safety”, there are a lot of privacy implications associated with it. For instance, in June of 2019, the U.S. Customs and Border Protection disclosed that hackers managed to steal traveler photos from their facial recognition database.

More recently, in Feb 2020, another major breach occurred this time targeting Clearview AI. Clearview AI is a facial-recognition startup with more than 3 billion images in its database. The breach got international attention when it was discovered that an intruder not only managed to steal the list of Clearview AI’s customers but also the number of searches its customers have conducted.

COVID-19 Surveillance

Without a doubt, technology should play an important role in saving lives. However, in the name of combating diseases, governments around the world are using surveillance technologies to track the masses.

For instance, ever since the COVID-19 pandemic became mainstream news, countries around the world started unjustly using surveillance techniques and justifying it as a means of combating the spread of the virus. 

According to reports, Germany, Austria, Belgium, Italy, and the UK are all gathering anonymized or aggregated location data from telecom companies to track people’s movements amid COVID-19.

Even more shockingly, South Korea is circulating health advisory texts with personal information of infected patients and their movement among its citizens which is highly unethical. Not only does this violate all norms of medical confidentiality but it also creates a stigma around infected people. [Source]

Artificial Intelligence & Private Surveillance Companies – 2021

Aside from just tracking, some countries are using facial recognition and location data to ensure that people are not violating quarantine orders. China is using AI and big data technologies to track people in real-time. Facial recognition and smart thermal scanners and uniquely identify a potentially infected person from a crowd of hundreds.

In Poland, the government has pushed out an app that requires people to send in geotagged selfies which is then processed by facial recognition software to ensure that a person has not violated quarantine protocols. [Source]

But you know what the worst part is? Governments are collaborating with private surveillance companies that don’t necessarily have clean track records. For instance, Clearview AI, Palantir, NSO among others are all in the race to collect and sell data analysis tools that can track the movement of people to prevent the spread of the virus.

Final thoughts!

Ever since the early days of the internet, the term “privacy” is slowly eroding away.

Since our data is what fuels giant corporations like Facebook, Google, and others alike, it is speculated that privacy issues will only deteriorate more.

What’s even worse?

Our governments and regulatory authorities aren’t doing much to protect our rights.

But as I said earlier, I’m still optimistic. I genuinely feel like there is still hope out there.

Since people are comparatively much more concerned about their privacy than before, privacy groups like the EFF and EPIC are actually standing up for the oppressed.

Not only that, by utilizing tools like ad-blockers, VPNs, secure search engines like DuckDuckGo and educate ourselves by reading cybersecurity guides, but we can also still stay anonymous and secure if we choose to.

It might seem like an unfair battle, but I believe it’s winnable.

There will come a time when it isn’t ‘They’re spying on me through my phone’ anymore. Eventually, it will be ‘My phone is spying on me’.
― Philip K. Dick

About Sebastian Riley

Sebastian Riley is a cyberlibertarian activist and an internet freedom fighter who strongly believes in an unsegregated and uncensored internet. With a cybersecurity degree, Sebastian is a professional bug hunter and a freelance opensource penetration tester.