All Things Considered

Digital Data Make For A Really Permanent Record

By Martin Kaste

Published October 29, 2009 9:26 AM

E-MAIL
|

Last in this four-part series

There was a time when defense lawyer Robert Perez did a brisk business expunging criminal records. People who'd been acquitted of criminal charges could clear the record and start over with their lives.

But no more.

"They find out everything," the suburban Seattle lawyer says. "There's no such thing as privacy of criminal records anymore."

Perez says prospective employers and landlords will find out about the criminal record anyway because they use private database services that are unaffected by a court's expungement order.

"It's a big problem because these people are being confronted by the situation where they've told an employer — as they're entitled to — that this never happened," Perez says. "And the employer has conflicting information. They don't get the job, and they never learn why."

Information doesn't fade the way it used to. Documents that once upon a time could be counted on to be filed and forgotten are now finding an afterlife in digital, searchable form.

'Pulling Your Docs'

Two years ago, Kevin Vanginderen, a California lawyer, Googled his own name and came up with a 25-year-old article from Cornell's newspaper about his being charged with burglary as a student there. He sued Cornell, saying the college hurt his reputation when it put the archives online. Earlier this year, that suit was thrown out, and now when you search his name you can read all about that.

"Everything you've done is now preserved forever in the world of Google," says veteran computer hacker Jeff Moss.

Moss has lived this reality a lot longer than the rest of us. His personal information has been floating around since the 1980s when he and rival hackers would post each other's information online.

"That's called 'pulling your docs,' " he says. "Somebody pulled my docs and posted them — just other hackers, screwing with me."

Since then, data like Moss's Social Security number and old phone records have been part of our searchable universe. "Once they're out, they're out," Moss says. "Maybe that's why I care more about it."

Moss now runs conferences for hackers, which focus primarily on computer security. He says his extra years of online exposure have made him more cautious and self-censoring. "It's changed the way I talk to people, for sure," Moss says. "You have to practice a defensive mode of communication."

Moss doesn't see a fix for the new era of undying data. Information lives on, and we have to get used to it.

But not everybody is so resigned.

This E-Mail Will Self-Destruct

Roxana Geambasu is a computer science graduate student at the University of Washington in Seattle, where she's been working on self-destructing data. The simplest application is a form of e-mail that comes with a finite life span.

"After the time out, you will never be able to read the message again," she says.

The system is called Vanish, and it works by encrypting your data — e-mails, photos, Facebook posts — then placing the decryption "keys" in several places around the Internet. The keys are readily available to anyone for a few hours. But as the keys disappear, the message rots away. All copies become unreadable; even the copies made along the way — at the Internet service provider, at the National Security Agency, wherever.

It all turns to gobbledygook, beyond the reach of search engines and even court orders.

Tadayoshi Kohno, a professor working on Vanish, says the idea is to counteract the digital world's tendency toward excessive recall. "As more and more of our conversations and transactions go online, we actually lose our ability to forget," Kohno says.

He sees Vanish as an attempt to restore a little forgetfulness to our lives.

Age Of Coming Clean

Privacy through forgetfulness — the idea is appealing in its simplicity.

But in practice, the Vanish system is not so simple. It's still primarily an experiment and a prototype, and it's probably most useful to lawyers, perhaps to conduct online negotiations without leaving a record.

In the meantime, it's the culture that will have to adapt to the age of deathless data. Moss predicts future generations will simply have a higher tolerance for embarrassing information.

And maybe we'll all just feel more compelled to be honest.

"That's one of the effects of living in a post-privacy world," says lawyer Perez.

He says he's heard too many horror stories about people who've been caught in a lie by something dredged up on the Internet. Nowadays, instead of an expungement, Perez offers to write the client a detailed letter explaining all the circumstances of the arrest, trial and acquittal, so the prospective employer has the whole story.

For the time being, at least, we live in the age of full disclosure.

Related Links

View Transcript

ROBERT SIEGEL, host:

This is ALL THINGS CONSIDERED from NPR News. I'm Robert Siegel.

MELISSA BLOCK, host:

And I'm Melissa Block.

Today, we wrap up a series of stories looking at how hard it's become to keep your privacy in this digital age. Privacy laws really haven't changed much since the 1980s. What has changed is the nature of information.

As NPR's Martin Kaste reports, information doesn't really die anymore and that is becoming a problem.

MARTIN KASTE: There was a time when defense lawyer Robert Perez did a brisk business in expunging criminal records. People who'd been acquitted would get expungements to wipe the slate clean and start over with their lives. It used to work pretty well, he says, but not anymore.

Mr. ROBERT PEREZ (Lawyer): They find out everything. There is no such thing as privacy of criminal records anymore.

KASTE: These days, prospective employers and landlords do background checks with private databases. Databases that could contain old criminal records, regardless of the expungement.

Mr. PEREZ: It's a big problem because these people are being confronted by the situation where they've told an employer — as they're entitled to — that this never happened. And the employer has conflicting information. They don't get the job, and they never learn why.

KASTE: And it's not just court records. Two years ago, a California lawyer Googled his own name and it came up with a 25-year-old campus newspaper article about him getting charged with theft. He sued, saying the college hurt his reputation when it put the newspaper archives online. The suit was thrown out and now when you Google his name, you can read all about that.

Mr. JEFF MOSS: Everything you've done is now preserved forever in the world of Google.

KASTE: Jeff Moss has lived this reality a lot longer than the rest of us. His personal information has been floating around since before most people ever heard of the Internet, since the 1980s, when he was one of those teenage hackers.

Mr. MOSS: That's called pulling your docs. Somebody pulled my docs and posted them — just other hackers screwing around with me.

KASTE: Since then, his personal data, like his Social Security number, have just been part of the searchable universe.

Mr. MOSS: Once they're out, they're out. Maybe that's why I care more about it.

KASTE: Moss is now a prominent name in the world of computer security. And he says his extra years of online exposure have made him more cautious and self-censoring.

Mr. MOSS: It's changed the way I talk to people. It's like I'm talking to you, but at the same time I'm talking to this wider audience of radio listeners and I have to be aware of that. Same thing, you have to practice a defensive form of communication.

KASTE: Moss doesn't see a fix for this. Information lives forever now. End of story - or maybe not.

Ms. ROXANA GEAMBASU: I'd like to send you some sensitive emails. I'm just going to write some sensitive…

KASTE: Roxana Geambasu, a Romanian computer science grad student at the University of Washington, sends me a note from her Gmail account, but this is an email with a difference.

Ms. GEAMBASU: This message will self-destruct after eight hours.

KASTE: It won't blow up a la "Mission Impossible," but it will become useless.

Ms. GEAMBASU: After the time out, you will not be able to ever read the message again.

KASTE: It's a part of system she's developed called Vanish, which lets you determine the life span of data you put online: email, Facebook messages, whatever. When the time is up, all copies turn to gobbledygook, beyond the reach of Googlers, marketers and court orders.

Tadayoshi Kohno, a professor working on the project, says what they're trying to do is to give people a relief from too much memory.

Professor TADAYOSHI KOHNO (Vanish, University of Washington): Culturally, forgetting is very powerful. And as more and more of our conversations and our transactions go online, we actually lose the ability to forget, and Vanish empowers users to be able to forget.

KASTE: The key to privacy is forgetting. The idea is appealing in its simplicity. But the system itself isn't that simple to use, at least not yet. Right now Vanish is most useful to professionals, say, lawyers who want online negotiations to evaporate with time. And there's also reason to believe that no technology can really solve this problem. That it's the culture that's going to have to adapt. Jeff Moss, the grown up hacker, predicts that future generations will simply have a higher tolerance for embarrassing information. And maybe we'll just be compelled to be more honest. Lawyer Robert Perez, for instance, now councils his clients to come clean about their arrest record, even if it has been expunged.

Mr. PEREZ: I've heard too many horror stories about people who had been caught in the lie. That is the effect. That's one of the principal effects of living in the post-privacy world.

KASTE: Nowadays, instead of an expungement, Perez writes the client a detailed letter explaining all the circumstances of the arrest, trial and acquittal. For the time being at least, we now live in an age of full disclosure.

BLOCK: That's NPR's Martin Kaste. And Martin, let's talk a little bit about some of the issues raised here. Part of the problem, it seems to me, is that all of this information is propagated so many times as it's transmitted over the Internet.

KASTE: That's right. I mean, you take the example of an email. An email doesn't just exist in your inbox. It's copied multiple times along the way. It lives on different servers, on third party servers. And that's the problem is when information ends up in third parties' hands, what happens?

BLOCK: Legally, Martin, is it still your own private email?

KASTE: Well, not really. It's not really your private email, or your private photo or your document, whatever it is that's been sent along if it's not in your control. And tech companies that host a lot of this information, the Google documents or the Flickr accounts, for them this is a big, unresolved problem. I talked about this with Alan Davidson, who's Google's main guy in Washington, D.C.

Mr. ALAN DAVIDSON (U.S. Public Policy, Google): Today, if we keep a calendar or a checkbook in our desk drawers, it receives high protections from the Constitution in the 4th Amendment. When you take that same information and put it on somebody else's servers, you lose many of those protections. And that is something that most people are not expecting. We need to make sure that people understand it. But what we really need to do is update the law.

KASTE: And the thing is, the laws in the U.S. that apply to these kind of privacy issues, they date back to the '70s and '80s. And that was a time when people really couldn't even picture what we do with data now. For example, you've probably heard of Google Docs. It's basically a document. It's like a Word document, except it's a Google document that sits on another server somewhere. You have access to it. You write it, you edit it, but other people can also collaborate and write and edit that.

Now, if that's a stored document, the law gives it a lower standard of privacy. But if it's a form of communication, then it gets a higher standard of privacy. The law is completely befuddled. It doesn't really understand. It doesn't have the definition or the terms for what we do with our data today and it's really fallen decades behind.

BLOCK: Which is odd, because we've been on the Internet for so long, why is that that the laws are lagging so far behind?

KASTE: Some people I've talked to say that we were out in the verge of getting some of this stuff redefined when 9/11 happened. And then Congress lost its will to start restricting or changing the way law enforcement goes about gathering information. Since then, technology has just made leaps and bounds. And we're almost three generations of new forms of communication past where the laws were at that point. There are some people I talked to, especially, you know, even liberal-minded civil libertarian types who say maybe government can't even do this anymore. And in some ways, people should simply be allowed to see how their privacy is being handled and vote with their dollars, so to speak.

BLOCK: NPR's Martin Kaste, thank you very much.

KASTE: My pleasure.

BLOCK: And you can hear the previous stories in our series and see a timeline of key moments that have shaped privacy in the digital age - that's at npr.org. Transcript provided by NPR, Copyright National Public Radio.

Source: NPR

WBUR Topics

SUPPORT