What Stays in Vegas: The Road to Zero

Privacy

DAVID ABRAMS*

INTRODUCTION

s an adolescent, I was a voracious reader of science fiction. One

common theme in much of the science fiction of the time was an
electronic personal assistant. 1 The computer in these stories knew
your schedule, updated your calendar, and told you when to leave for an
appointment. It could make travel and restaurant reservations. It reminded
you of your anniversary or the birthday of a friend. In short, it gave the
common man the same experience that a person rich enough to employ a
human personal assistant had. It sounded pretty wonderful to me at the
time. I longed for a computer that would organize my life with the same
fervor that I wanted the flying cars and huge, flat-screen TVs described in
these stories.
Well, here it is almost a half-century later and, while I am still waiting
for my flying car, a five-foot television a few inches thick hangs on my wall
and a five-ounce computer in my pocket tells me that the weather today is
fifty-one degrees and overcast, warns me that my wifes return flight from
Dubai is running twenty minutes late, informs me that the replacement
Cuisinart food processor bowl I ordered is expected to arrive on
Wednesday, offers me recipes for Crockpot pinto beans, and lets me
know that it is only 15 mins to Work because there is Light traffic on
Storrow Dr and Soldiers Field Rd. You would think I should be pretty

Lecturer on Engineering Sciences, Harvard University and Adjunct Faculty, Suffolk

University Law School. He received degrees in electrical engineering from MIT before
attending law school. Professor Abrams interest lies in the relationship between the law and
technology.
1 See, e.g., ISSAC ASIMOV, THE BICENTENNIAL MAN 137 (1976) ([The robot] Andrew had
been intended to perform the duties of a valet, a butler, a ladys maid.).

611

612

New England Law Review

v. 49 | 611

happy; as Meatloaf said, two out of three aint bad. 2 So why does my
phone knowing all this information about me make me feel uneasy?
Perhaps it is because I have not told my phone that my wife is in
Dubai, that I ordered a replacement food processor bowl on eBay, that I am
cooking chili tonight, or that I live in Boston and work at Harvard. My
phone figured this all out on its own by reading my email (including the
travel itinerary my wife forwarded to me and the notice eBay sent to let me
know the tracking number of my order), keeping track of my Internet
searches, even those done on a different computer (to know that I am
cooking dried beans), and watching where I go with it each day (to figure
out where I live and work). My phone also constantly keeps track of my
current location to let me know how long it will take me to get home or
what restaurants are nearby. If all this information were being collected
locally in my phone I might not be feeling so uncomfortable, but I know it
is being accumulated and stored in servers at Google, eBay, Amazon, and
elsewhere in the cloud. So information about what websites I look at, what
information I search for, what goods and services I purchase, what I read,
where I go, when I go there, how long I stay there, who I associate with (by
looking at collocation information), and what I take pictures of (my phone
automatically uploads photos to cloud storage) is being continually
collected, archived, and used in ways I have no control over.
On one hand, this plethora of web services means we all have access to
quantities of information and help in organizing our lives that would have
been impossible fifty years ago without an army of human assistants. At
the same time, the most intimate details about our daily lives are being
vacuumed up, collated, analyzed, and stored, perhaps forever, by the
multiple entities that we rely on to supply convenient access to
information. Because so much of the collection and storage of this data is
hidden from us, it is easy to accept the benefits of this brave new world
without giving much thought to what we might be giving up in exchange.
I.

Our Personal Data is Valuable

In his new book, What Stays in Vegas: The World of Personal Data
Lifeblood of Big Businessand the End of Privacy as We Know It (What Stays in
Vegas),3 Harvard Fellow Adam Tanner opens a door into this massive
collection of personal data and how it is used to enrich the data brokers
who collect it. As Tanner explains, personal data allows merchants to target

MEATLOAF, Two Out of Three Aint Bad, on BAT OUT OF HELL (Epic Records 1977).
ADAM TANNER, WHAT STAYS IN VEGAS: THE WORLD OF PERSONAL DATALIFEBLOOD OF BIG
BUSINESSAND THE END OF PRIVACY AS WE KNOW IT (2014).
3

2015

The Road to Zero Privacy

613

their sales efforts much more efficiently, realizing a better return on their
marketing investment. He describes how Caesars Entertainment created a
loyalty program in the late 1990s which enabled it to identify players who
did not spend huge amounts in one visit (which was the method used
previously to identify the best customers), but rather could track players
who only spent moderate amounts per visit, yet returned time and time
again. By using the loyalty card, Caesars knew what games a customer
played, how much they wagered, how much they won and lost, where and
what they liked to eat, and what kind of entertainment they preferred. The
result was a straightforward bargain: customers could choose to identify
themselves by using their Caesars Total Rewards loyalty card and in return
Caesars would offer them special benefits and perks to entice them to
choose its casino rather than others on the Las Vegas strip. With the
information about individual habits provided by the card, Caesars can
offer a player a free buffet if they are having an unlucky day at the slots or
send a desirable customer an offer for a free hotel room and some upfront
cash in free play to entice him or her back to their casino.
II.

Internet Data Collection is Hidden and Pervasive

We are all familiar with this kind of voluntary contractual exchange. In

return for using a stores affinity card, we receive discounts and coupons
knowing that we are allowing the merchant to track our purchases. 4
Another, less explicit, exchange has become the norm on the Internet. In
exchange for free web searching, electronic mail, cloud storage, social
networking, news aggregation, and a host of other services, Internet sites
collect and resell the personal data supplied when we register and inferred
from our use of the service.5 Even more obtuse, many websites rely on
third-party ad serving companies, in effect renting out screen space on
their website for advertising.6 This results in data collection that is not
merely isolated to individual websites but, by using third-party cookies to
identify your browser, can track your actions across many different

See id. at 172.

Id. at 240. This idea is often encapsulated in the aphorism [w]hen something online is
free, youre not the customer, youre the product attributed to user blue_beetle on MetaFilter
in August 2010. Jonathan Zittrain, Meme Patrol: When Something Online Is Free, Youre Not the
Customer, Youre the Product. THE FUTURE OF THE INTERNET & HOW TO STOP IT (Mar. 21, 2012),
http://blogs.law.harvard.edu/futureoftheinternet/2012/03/21/meme-patrol-when-somethingonline-is-free-youre-not-the-customer-youre-the-product/.
5

See TANNER, supra note 3, at 15962.

614

New England Law Review

v. 49 | 611

websites. Figure 1 shows that seventy-nine third-party sites were notified

when I visited four major websites over only a few minutes on January 3,
2015.7 At least one third-party site, doubleclick.net, now owned by Google,
was notified by all four sites I visited. By tracking an individuals web
browsing over weeks, months, or years, these third-party data brokers can
build a detailed picture of the users interests and characteristics, possibly
including personal information such as health status and/or sexual
preferences. This aggregation of browsing activity over time and multiple
websites in exchange for free access is less likely to have been understood
and agreed to by the average Internet user.8

This visualization was created by the Firefox browser add-on Lightbeam. Lightbeam for
Firefox, MOZILLA, https://addons.mozilla.org/en-US/firefox/addon/lightbeam/ (last visited July
23, 2015). The four sites visited were boston.com, msn.com, imdb.com, and ebay.com.
8 TANNER, supra note 3, at 162 (noting that this type of tracking is revealed only in the fine
print of sites privacy policies and is invisible to most users).

2015

The Road to Zero Privacy

615

Figure 1 Real-time map of third-parties notified when visiting four major

Internet websites.
Another source of data about individuals is publicly available
databases. Much of the information collected by the local, state, and federal
government must be made available to the public. This includes voter lists,
property tax assessments and payments, legal filings, arrest records, and
sex registry information. Prior to the Internet, these sources had to be
accessed in person in multiple locations, making them useful mostly to
private investigators.9 As more and more jurisdictions make public data
available online, anonymity through obscurity has become a quaint artifact
of the past.10 Agencies now warn applicants not to put personal
information on government forms if they do not want it publicly
available.11 Tanner describes the wholesale availability of arrest records
including mugshots of the arrestees as an example of how individuals can
be harmed by the bulk availability of public records.12 Web entrepreneurs
create websites of these mug shots then pay search engines to ensure that a
search on the arrestees name links to the image and arrest details. For a
fee, individuals can remove their images. 13 As landlords and employers
turn to the Internet for research on potential tenants and employees,
publicly available records can significantly limit an individuals choices on
where they live and work.

Id. at 42.
In an unfortunate decision involving a sex offender registry, the Supreme Court refused
to recognize a difference between data stored in hard copy at an individual location and the
same data available worldwide over the Internet. See Smith v. Doe, 538 U.S. 84, 99 (2003).
10

An individual seeking the information must take the initial step of going
to the Department of Public Safetys Web site, proceed to the sex offender
registry, and then look up the desired information. The process is more
analogous to a visit to an official archive of criminal records than it is to a
scheme forcing an offender to appear in public with some visible badge of
past criminality.
Id.
11 E.g., N.Y. STATE UNIFIED COURT SYS., UNCONTESTED DIVORCE BOOKLET FOR UNCONTESTED
DIVORCES WITHOUT CHILDREN UNDER 21: INSTRUCTIONS AND PRACTICE FORMS 19, available at
http://www.nycourts.gov/litigants/divorce/UCS_DivorceBklt.pdf (Do not write your address,
telephone number, and social security number on this form or on any other form if you want
this information to be secret (confidential)!).
12
13

TANNER, supra note 3, at 13844.

Id. at 142.

616

New England Law Review

v. 49 | 611

III. De-Identified is Not De-Fused

Even websites that aggregate information about users habits or
interests in order to provide better service have the potential to leak
personal data. I have a smart thermostat in my home that knows when I
am home (using a proximity sensor) and connects to the Internet for
weather information to create an optimal heating and cooling schedule. I
know this data is being aggregated because I receive a monthly report on
my energy usage, comparing it to others in my state and nationwide. 14
Netflix collects information on what movies I watch, Amazon knows what
books I read, and Newegg reminds me that I was recently looking for
laptop memory.15 Even if each of these entities only shares or releases deidentified data, the huge and permanent nature of data on the Internet can
provide clues allowing others to re-identify the information to recover
personal data.
For example, in 2006 Netflix released a small portion of their users
movie rating database to crowdsource the creation of a better prediction
engine.16 Although the Netflix subscribers names were replaced by
random ID numbers, two researchers at the University of Texas in Austin
were able to correlate a sample of anonymous reviews of Netflix movies
with non-anonymous reviews of the same movies on about the same dates
at the public Internet site IMDB.com. As a result, they could identify other
movies that the same individuals, now re-identified, had watched on
Netflix.17 In another instance, a group of volunteer researchers in Sweden
were able to tie pseudonymous posts on forums and websites to a
notorious neo-Nazi by correlating public information on the location of
parking tickets his car had received with the time and GPS metadata on
image files posted to the Internet.18

14 See About the Nest Home Report, NEST, https://nest.com/support/article/About-the-NestHome-Report (last visited July 23, 2015).
15 Indeed, if Amazon is interested, it knows when I read, how long I read for, and how fast
I read since it keeps track of the current page number I am reading to synchronize my place
across my several Kindle reading apps on different platforms. It also knows what pages I
bookmark and what passages I highlight. See Help & Customer Service: Sync Across Fire & Kindle
Devices and Apps, AMAZON, http://www.amazon.com/gp/help/customer/display.html?
nodeId=200911660 (last visited July 23, 2015).
16

See TANNER, supra note 3, at 10912.

Arvind Narayanan & Vitaly Shmatikov, Robust De-anonymization of Large Sparse Datasets,
U. TEX., http://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf (last visited Aug. 25, 2015);
see also TANNER, supra note 3, at 10206 (describing the work of Harvard Professor Latanya
Sweeney in re-identifying anonymized data).
17

18

Adrian Chen, A Group of Journalists and Researchers Wade into the Ugly Corners of the

2015

The Road to Zero Privacy

617

It is also possible that de-identified data which currently cannot be reidentified might become decipherable in the future as more and more
correlatable information is posted to Facebook, Linkedin, or other public
Internet sites. In addition, as the amount of data available increases, so
does the ability of technology to identify that data. As far back as 2001,
facial recognition software was used to match facial images collected by
surveillance cameras at the Florida site of the Super Bowl with images in a
photographic database of known criminals.19 Facebook has perfected this
technology to the point where it can identify two images as being the same
person with nearly the same accuracy as a human. 20 Use of facial
recognition software could allow data brokers to compare pictures from
image sharing sites or public databases with surveillance cameras to track
an individuals movements over time.
IV. They Know Where You Are
Of course, there is no need to wait for the future if present technology
already provides data brokers with the information they are looking for.
Beginning in 1998, FCC rules required wireless providers to provide
precise location information of callers to Public Safety Answering Points,
such as calls to 911 emergency services. 21 Handset manufacturers
responded by incorporating GPS receivers and other location technology in
new cell phones.22 While modern smartphone operating systems allow
location information to be disabled for non-emergency use, users have
become dependent on location-based apps for maps, directions,
ridesharing, traffic information, and locating the nearest stores and

Internet to Expose Racists, Creeps, and Hypocrites: Have They Gone Too Far?,TECH. REV. (Dec. 18,
2014), http://www.technologyreview.com/photoessay/533426/the-troll-hunters/.
19 See, e.g., Use of Facial Recognition at Super Bowl and in Tampa, AM. CIV. LIBERTIES UNION
(Nov. 27, 2001), https://www.aclu.org/technology-and-liberty/use-facial-recognition-superbowl-and-tampa (showing multiple letters discussing facial recognition usage); Vickie
Chachere, Biometrics Used to Detect Criminals at Super Bowl, ABC NEWS (Feb. 13, 2001),
http://abcnews.go.com/Technology/story?id=98871.
20 See YANIV TAIGMAN ET AL., DEEPFACE: CLOSING THE GAP TO HUMAN-LEVEL
PERFORMANCE IN FACE VERIFICATION, available at https://facebook.com//download/
233199633549733/deepface.pdf (last visited Aug. 25, 2015).
21 See 47 C.F.R. 20.18(d)(e); see also FEDERAL COMMUNICATIONS COMMISSION, CONSUMER
GUIDE: 911 WIRELESS SERVICES (Feb. 4, 2015), available at http://transition.fcc.gov/
cgb/consumerfacts/wireless911srvc.pdf.
22 Notice of Proposed Rulemaking, Third Report and Order, and Second Further Notice of
Proposed Rulemaking, FCC 11-107, at 8 (released July 13, 2011), available at
https://apps.fcc.gov/edocs_public/attachmatch/FCC-11-107A1.pdf.

618

New England Law Review

v. 49 | 611

services.23 Location Reporting can be used to infer if the user is currently

driving, walking or biking, while Location History saves a historical record
of location information. Figure 2 shows the authors movements on
January 3, 2015, including a morning walk to the nearest ATM followed by
an evening walk to a nearby restaurant.24 Turning off Location Reporting
does not delete Location History; a user must log into the Google Location
History website and explicitly select Delete history from this day or
Delete all history to remove their location history from Googles
servers.25

23 See Kathryn Zickuhr, Three-Quarters of Smartphone Owners Use Location-Based Services, PEW
RES. CENTER (May 11, 2012), http://pewinternet.org/Reports/2012/Location-based-services.aspx
(noting that 74% of smartphone owners use at least one location-based service and the
proportion of Americans using location-based information increased from 23% in May 2011 to
41% in February 2012); see also SANORITA DEY ET AL., ACCELPRINT: IMPERFECTIONS OF
ACCELEROMETERS
MAKE
SMARTPHONES
TRACKABLE
5
(2014),
available
at
http://www.internetsociety.org/sites/default/files/03_2_1.pdf (suggesting that the individual
characteristics of the accelerometers used in smartphones may make it possible to track user
location even if location services are disabled).
24 One danger of this type of electronic information is the tendency to assume it is infallible.
The right-most-position dot near the Boston Opera House label is incorrect. My actual route
should have placed it on the circled 28 between the Public Garden and the Boston Common.
See Figure 2.
25 See
Location in Google Settings, GOOGLE, https://support.google.com/accounts/
answer/3118687?hl=en (last visited Aug. 25, 2015). When location services are enabled on
iPhones, location information is stored locally in the phone as well as transmitted along with
travel speed and direction to Apple to provide . . . geographically relevant iAds. See
Understanding Privacy and Location Services on iPhone, iPad, and iPad Touch with iOS 8, APPLE,
http://support.apple.com/en-us/HT203033 (last visited Aug. 25, 2015).

2015

The Road to Zero Privacy

619

Figure 2 The authors Google location history for January 3, 2015.

Vehicle location and travel data can be collected from cell phone data
as well as from license plate scanners and toll transponder scanners.
Parking and auto repossession companies are creating databases of license
plate records that are being sold to government and commercial buyers. 26
A recent presentation at the DefCon hacker convention described how E-Z
Pass transponders are being interrogated in locations where no tolls are
required, apparently as part of a New York City traffic management
initiative.27

26

See Steve Orr, Using Police-Style Systems, Company Tracks Autos then Sells the Data, BOS.
GLOBE (Nov. 3, 2014), http://www.bostonglobe.com/business/2014/11/03/license-plate-dataraises-privacy-concerns/FIYslPkMEZgin5hvnp6zvK/story.html.
27 See @pukingmonkey, The Road Less Surreptitiously Traveled, Presentation at the
DefCon 21 Hacking Convention (Aug. 14, 2013), available at https://www.defcon.org/
images/defcon-21/dc-21-presentations/Pukingmonkey/DEFCON-21-Pukingmonkey-TheRoad-Less-Surreptitiously-Traveled-Updated.pdf; Kashmir Hill, E-ZPasses Get Read All over
New York (Not Just at Toll Booths), FORBES (Sept. 12, 2013, 4:44 PM), http://www.forbes.com/
sites/kashmirhill/2013/09/12/e-zpasses-get-read-all-over-new-york-not-just-at-toll-booths/.

620

New England Law Review

v. 49 | 611

V. The Dangers of Ubiquitous Data Collection

In What Stays in Vegas, Adam Tanner anecdotally describes some
dangers of private data collection. One woman discovers her mug shot
prominently displayed on Google search results of her name, even though
charges were dropped shortly after her arrest for failing to pay a disputed
charge of $3.68 on a lunch bill.28 Another worries that re-identified Netflix
rating data could reveal her interest in gay-themed films, making life
difficult for her and her children living in a conservative community. 29 A
man who made a single order of items from a company that sells sex toys
finds himself inundated with graphic catalogs in the mail.30
The Federal Trade Commission (FTC) worries that insurance
companies might use inferred information collected by data brokers to
classify certain consumers as higher risks, resulting in larger premiums or
denied coverage.31 The FTC also cautions that easily available identity
information could be used to facilitate harassment or expose vulnerable
individuals to retaliation or harm. 32 A review of the industry by Senatorial
staff lists multiple concerns, including privacy leaks, fairness in access to
information, differential pricing, predatory business practices, and the risk
of data breaches.33
Between digital trails from searching, browsing the Internet, the use of
affinity cards, data volunteered on social networking websites, warranty
cards, online surveys, commercial data, public data, and data collected by
service companies, data brokers possess a tremendous amount of
knowledge about individuals.34 A United States Senate committee
investigation of the industry found that:
data brokers maintain data as specific as whether consumers

28

See TANNER, supra note 3, at 13840.

Id. at 111.
30 Id. at 22829.
31 FEDERAL TRADE COMMISSION, DATA BROKERS: A CALL FOR TRANSPARENCY AND
ACCOUNTABILITY: A REPORT OF THE FEDERAL TRADE COMMISSION 48 (May 2014), available at
http://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparencyaccountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf
[hereinafter DATA BROKERS].
29

32

Id.
MAJORITY STAFF OF S. COMM. ON COMMERCE, SCI., & TRANSP., OFFICE OF OVERSIGHT &
INVESTIGATIONS, A REVIEW OF THE DATA BROKER INDUSTRY: COLLECTION, USE, AND SALE OF
CONSUMER DATA FOR MARKETING PURPOSES 5-8 (Dec. 18, 2013), available
33

at http://www.commerce.senate.gov/public/?a=Files.Serve&File_id=0d2b3642-6221-4888-a63108f2f255b577 [hereinafter A REVIEW OF THE DATA BROKER INDUSTRY].

34

See TANNER, supra note 3, at 80.

2015

The Road to Zero Privacy

621

view a high volume of YouTube videos, the type of car they

drive, ailments they may have such as depression or diabetes,
whether they are a hunter, what types of pets they have; or
whether they have purchased a particular shampoo product in
the last six months . . . .35

Even sensitive personal characteristics, such as sexual orientation, may be

inferred from seemingly innocent information, in some cases provided by
others that we have no control over.36
VI. It Will Only Get Worse
Doubts about the bounds of private collection of personal data and the
resulting potential for abuse are not new. Tanner describes a speech by
Lester Wunderman in 1967 in which he mused about the ability of
computers to store the marketing details of 200,000,000 consumers.37
However, two trends guarantee that concerns about marketers invading
private spaces will only intensify. First, data storage and processing costs
continue to decrease. A gigabyte of storage cost hundreds of thousands of
dollars in the early 1980s. Today that same gigabyte can be had for three or
four cents.38 Inexpensive storage makes it possible to collect and save more
data and as storage costs drop, there is less pressure to cull or aggregate
old data to free up room for new data. This means that old data can be
retained and combined with newly acquired data over time to create an
increasingly more detailed profile of the individuals in a database.
Unlimited storage also makes it possible to retain de-identified datasets
indefinitely in the hope that new technology and/or information will make
them re-identifiable in the future.39
Second, technology is providing access to new and more granulated

35

A REVIEW OF THE DATA BROKER INDUSTRY, supra note 33, at ii.

See TANNER, supra note 3, at 101 (citing an M.I.T. study concluding that it may be possible
to predict the sexual orientation of male Facebook users with a high probability of success by
analyzing their Friendship associations); DATA BROKERS, supra note 30, at 47 (Data brokers
combine and analyze data about consumers to make inferences about them, including
potentially sensitive inferences.).
37 See TANNER, supra note 3, at 23738.
38 Matthew Komoroswki, A History of Storage Cost, MKOMO.COM, (Mar. 9, 2014),
http://www.mkomo.com/cost-per-gigabyte-update; see also Chip Walter, Kryders Law, SCI.
AM. (July 25, 2005), http://www.scientificamerican.com/article/kryders-law/ (noting that disk
drive density has increased fifty million times since 1956).
39 See EXECUTIVE OFFICE OF THE PRESIDENT, BIG DATA: SEIZING OPPORTUNITIES, PRESERVING
VALUES 8 (May 2014), available at http://www.whitehouse.gov/sites/default/files/docs/
big_data_privacy_report_5.1.14_final_print.pdf.
36

622

New England Law Review

v. 49 | 611

personal data sources. The trend toward biometric monitoring40 and smart
home accessories41 along with individualized access to music, movies,
television, and other entertainment sources from smartphones and smart
TVs provides marketers with an ever-increasing detailed view of our
private activities and our likes and dislikes. The Chairwoman of the FTC
recently warned that in the near future many, if not most, aspects of our
everyday lives will leave a digital trail that will present a deeply
personal and startlingly complete picture of each of usone that includes
details about our financial circumstances, our health, our religious
preferences, and our family and friends.42
VII. Statutory Protections are Spotty
Currently, this accumulation of digital data is covered by a
hodgepodge of federal and state consumer privacy protection laws that
provide significant safeguards for some types of information while leaving
other consumer data fair game for marketers. The Fair Credit Reporting
Act of 1970 (FCRA)43 limits disclosures of consumer credit reports and

40 See, e.g., Aria, FITBIT, https://www.fitbit.com/aria (last visited July 27, 2015) (offering a
scale that tracks weight, fat percentage, and body mass index and syncs with online tools);
Charge HR, FITBIT, https://www.fitbit.com/chargehr (last visited July 27, 2015) (offering a
connected wristband that tracks heart rate, calories burned, floors climbed, and amount of
sleep); iHealth, IHEALTHLABS, http://www.ihealthlabs.com/ (last visited July 27, 20015) (offering
wireless blood pressure and glucose monitors); Muse: The Brain Sensing Headband,
CHOOSEMUSE, http://www.choosemuse.com/ (last visited July 27, 2015) (offering a Bluetooth
connected brain sensing headband); Sensoria, SENSORIAFITNESS, http://www.sensoria
fitness.com/ (last visited July 27, 2015) (offering smartphone connected socks).
41 See, e.g., August Smart Lock, AUGUST, http://www.august.com/ (last visited July 27, 2015)
(offering a remote smartphone-controlled door lock); Nest, NEST, https://nest.com/ (last visited
July 27, 2015) (offering Internet connected thermostats and smoke alarms); Skybell, SKYBELL,
http://www.skybell.com/ (last visited July 27, 2015) (offering a smartphone connected
doorbell); Smart Meter, PGE,
http://www.pge.com/en/myhome/customerservice/
smartmeter/index.page (last visited July 27, 2015) (describing smart electric and natural gas
meters which record usage in fifteen minute increments).
42

Edith Ramirez, Chairwoman, Federal Trade Commission, Opening Remarks at the

International Consumer Electronics Show: Privacy and the IoT: Navigating Policy Issues 3
(Jan. 6, 2015), (transcript available at http://www.ftc.gov/system/files/documents/
public_statements/617191/150106cesspeech.pdf); see also Anna Berlee, Using NYC Taxi Data to
Identify Muslim Taxi Drivers, THE INTERDISC. INTERNET INST. (Jan. 21, 2015),
http://theiii.org/index.php/997/using-nyc-taxi-data-to-identify-muslim-taxi-drivers/
(using
publicly available taxi trip data to identify devout Muslim drivers by looking for parked cabs
at the five daily prayer start times).
43

Fair Credit Reporting Act, Pub. L. No. 91508, 601, 84 Stat. 1128 (1970).

2015

The Road to Zero Privacy

623

provides penalties for unauthorized disclosure.44 The Health Insurance

Portability and Accountability Act of 1996 (HIPAA)45 limits disclosures
of some types of medical information by medical service providers, health
plans, and insurers. The Video Privacy Protection Act of 1988 (VPPA)
limits disclosure of personally identifiable video tape rental and sale
records by a video tape service provider and mandates the destruction of
such information no more than one year after the information is no longer
necessary for the purpose for which it was collected.46 Other federal laws
providing consumer data protection include The Genetic Information
Nondiscrimination Act of 2008,47 The Childrens Online Privacy Protection
Act of 1998 (COPPA),48 The Electronic Communications Privacy Act of
1986 (ECPA),49 and The Cable Communications Policy Act of 1984.50
Most states also have enacted laws to protect data privacy. 51 These laws
are usually of two types; the first requires businesses to take reasonable
measures to protect either specific user data such as Social Security
numbers (SSNs), credit card numbers, or other account numbers or
generally to protect personally identifiable information through technical
safeguards and employee training. 52 However, personally identifiable
information is often defined to include only data that includes both a name
and a SSN, a state-issued identification number such as a drivers license

44

15 U.S.C. 1681b, 1681r (2012).

Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104191, 110
Stat. 1936 (1996).
45

46

The Video Privacy Protection Act of 1988, 18 U.S.C. 2710 (2012).

Genetic Information Nondiscrimination Act of 2008, Pub. L. No. 110233, 205206, 122
Stat. 881 (2008) (making it unlawful to discriminate in employment on the basis of genetic
information and requiring genetic information to be treated as a confidential medical record).
47

48 15 U.S.C. 650106 (2012) (limiting commercial online services ability to collect and
disclose information from children under thirteen years old).
49 Electronic Communications Privacy Act of 1986, Pub. L. No. 99508, 100 Stat. 1848 (1986)
(codified as amended at 18 U.S.C. 251022 (2012)) (prohibiting overall interception of
electronic communications, albeit with many exceptions).
50

Cable Communications Policy Act of 1984, Pub. L. No. 98549, 98 Stat. 2779 (1984)
(codified as amended at 47 U.S.C. 551 (2012)) (limiting disclosure of personally identifiable
information and the viewing habits by cable operators of their subscribers).
51 See generally Joseph J. Lazzarotti, The Emergence of State Data Privacy and Security Laws
Affecting Employers, 25 HOFSTRA LAB. & EMP. L.J. 483, 489 (2009) (States have been aggressive
in their enactments to protect the personal information of their residents.).
52

Compare, e.g., N.Y. GEN. BUS. LAW 399ddd (McKinney 2012) (imposing financial
penalties for misuse or improper disclosure of Social Security numbers), with 201 MASS. CODE
REGS. 17.00 (2015) (establishing minimum standards to be met in connection with the
safeguarding of personal information contained in both paper and electronic records).

624

New England Law Review

v. 49 | 611

number, a financial account number, or a credit card number.53 The second

type of state consumer privacy law establishes disclosure obligations on
holders of data when an unauthorized data breach occurs. 54
It is important to note that these laws target data protection and
notification if those protections fail. They do not prevent either the
collection of personal data or the sharing of it with partners, advertisers, or
customers. In addition, the definition of personally identifiable data targets
financial information; thus, the unauthorized release of Netflixs database
of individuals and their movie preferences would not be subject to many
states mandatory data breach disclosure laws.55
President Obama recently proposed federal legislation to establish a
single national standard for data breach notification. 56 While the proposed
statute defines sensitive personally identifiable information more
broadly than most state privacy laws, it still would not include user
preference information such as Netflixs movie database.57 In addition,
some privacy experts worry that federal legislation will preempt stronger
state legislation which currently incentivizes private data security
practices.58 The President also proposed a number of other steps to protect
consumer privacy including legislation banning the use of student digital
data from being sold for marketing purposes, a voluntary code of conduct
for smart grid electrical usage data, and a Consumer Privacy Bill of Rights
to give the consumer more control over data collected by third-parties.59

53 See, e.g., MASS. GEN. LAWS ch. 93H, 1 (2010); R.I. GEN. LAWS 1149.25(c) (2014);
CONN. GEN. STAT. ANN. 36a701b(a) (West 2015).
54 See, e.g., MASS. GEN. LAWS ch. 93H 3 (2010) (requiring notification of any data breach
which includes a residents name and SSN, drivers license number or a financial account
number and password or an account number alone if it would allow access to the account);
R.I. GEN. LAWS 1149.23 (2014) (limiting disclosure to similar unencrypted personal
information); CONN. GEN. STAT. ANN. 36a701b(a) (West 2015) (same).
55 Netflix, however, might be subject to the constraints of the Video Privacy Protection Act
of 1988. See Complaint at 2, 22, Doe v. Netflix, Inc., No. C0905903JWPVT (N.D. Cali. Dec. 17,
2009) (claiming Netflixs release of de-identified customer rental records was a violation of the
VPPA).
56 Michael D. Shear & Natasha Singer, Obama to Call for Laws Covering Data Hacking and
Student Privacy, N.Y. TIMES, Jan. 12, 2015, at A10.
57 See The Personal Data Notification & Protection Act, Sec. 1(h), WHITEHOUSE.GOV,
http://www.whitehouse.gov/sites/default/files/omb/legislative/letters/updated-data-breachnotification.pdf (last visited July 27, 2015) (citing proposed legislation).
58 See Shear & Singer, supra note 56.
59 See Press Release, Office of the Press Secretary, The White House, Fact Sheet:
Safeguarding American Consumers & Families (Jan. 12, 2015), available at
http://www.whitehouse.gov/the-press-office/2015/01/12/fact-sheet-safeguarding-american-

2015

The Road to Zero Privacy

625

The student data privacy proposal follows previous federal legislation in

applying only to a specific type of data collection. While the Consumer
Privacy Bill of Rights, if passed, may give consumers more notice of how
their data is collected and used, it is unlikely to significantly change the
business of data brokers.60
VIII. The FTC to the Rescue (Sort Of)
Personal data is also protected by the FTCs fair business practice
regulation. In the absence of Congressional privacy legislation, the FTC
urges information brokers to adopt regulatory best-practices including
identifying themselves to consumers, describing how they collect and use
data, and providing consumers with information on their rights and
choices concerning data collection.61 The FTC also warns businesses that it
will consider failure to conform to their own privacy policies or to abide by
self-regulatory programs they join to be an unfair or deceptive business
practice subject to enforcement actions.62 The Commission has brought
several high-profile enforcement actions against businesses, including
Google and Facebook, who violated the terms of their stated privacy
policies.63 Nevertheless, the FTC concludes that companies need not give

consumers-families; see also THE WHITE HOUSE, CONSUMER DATA PRIVACY IN A NETWORKED
WORLD: A FRAMEWORK FOR PROTECTING PRIVACY AND PROMOTING INNOVATION IN THE
GLOBAL DIGITAL ECONOMY iii, 45 (Feb. 23, 2012), available at http://www.whitehouse.gov/
sites/default/files/privacy-final.pdf [hereinafter CONSUMER DATA PRIVACY].
60 The Presidents 2012 framework recommended a multi-stakeholder process to develop
enforceable codes of conduct from the general principles that implement the Consumer
Privacy Bill of Rights. Even assuming that the current Republican Congress is willing to
consider the Presidents proposal, I would not expect the most restrictive provisions of the
proposal to be enacted given the power and access to Congress that business lobbyists hold.
61 See FEDERAL TRADE COMMISSION, FTC REPORT: PROTECTING CONSUMER PRIVACY IN AN
ERA OF RAPID CHANGE, at 72 (Mar. 2012), available at http://www.ftc.gov/sites/
default/files/documents/reports/federal-trade-commission-report-protecting-consumerprivacy-era-rapid-change-recommendations/120326privacyreport.pdf [hereinafter FTC 2012
REPORT].
62 Id. at 73.
63 See, e.g., In re Google Inc., FTC Docket No. C-4336 (Oct. 13, 2011) (Decision and Order)
(settling claim that Google failed to explicitly obtain consumer consent for enrollment in
Google Buzz in violation of its privacy policy), available at http://www.ftc.gov/sites/
default/files/documents/cases/2011/10/111024googlebuzzdo.pdf; In re Facebook, Inc., FTC File
No. 092 3184 (Nov. 29, 2011) (Proposed Consent Order) (settling, inter alia, claim that Facebook
failed to disclose that user set restrictions on profile information did not apply to third
parties),
available
at
http://www.ftc.gov/sites/default/files/documents/cases/2011/11/
111129facebookanal.pdf; In the Matter of Snapchat, Inc., FTC Docket No. C-4501 (Dec. 23,
2014) (Decision and Order) (settling claims that Snapchat misrepresented the extent to which a

626

New England Law Review

v. 49 | 611

consumers a choice before collecting data for practices that are consistent
with the context of the transaction or the companys relationship with the
consumer . . . . 64 The FTC also finds acceptable a take-it-or-leave-it use
of a companys product or service contingent on acceptance of the
companys data practices as long as the terms of the agreement are
transparent and fully disclosed and there are sufficient alternatives in the
marketplace.65
IX.

Torts Have Not Had Much Impact

Finally, the threat of liability can influence data protection practices.

Class action lawsuits, or lawsuits seeking class certification, commonly
follow notifications of data breaches.66 Consumers whose private
information has been shared either accidentally or deliberately, however,
have traditionally faced a difficult time recovering in common law because
of the difficulty of showing actual injury.67 Even where some individuals
suffer actual harm due to identity theft after a data breach, it can be
difficult to obtain class certification.68 Without class status, it is unlikely

message is deleted after being viewed by its recipient and requiring Snapchat to implement a
comprehensive privacy program and obtain twenty years of biennial third-party privacy
assessments),
available
at
http://www.ftc.gov/system/files/documents/cases/
141231snapchatdo.pdf.
64 FTC 2012 REPORT, supra note 60, at 48.
65 Id. at 52.
66 See, e.g., In re Sony Gaming Networks and Customer Data Security Breach Litigation, 903
F. Supp. 2d 942, 942 (S.D. Calif. Oct. 11, 2012) (Settlement Agreement); In re Target Corp.
Customer Data Sec. Breach Litigation, No. 142522, 2014 WL 7192478 (D. Minn. Dec. 18, 2014)
(denying motion to dismiss in breach involving about 110 million Target customers);
Anderson v. Hannaford Bros. Co., 659 F.3d 151, 154 (1st Cir. 2011) (involving theft of 4.2
million customer credit card numbers).
67 See, e.g., Hendricks v. DSW Shoe Warehouse, Inc., 444 F. Supp. 2d 775, 777, 783 (W.D.
Mich. 2006) (cost of identity theft insurance to prevent future unauthorized use of stolen
information constitutes [n]either actual damages or a cognizable loss in a breach of contract
claim); Smith v. Chase Manhattan Bank, USA, 741 N.Y.S. 2d 100, 102 (N.Y. App. Div. 2002)
(even though bank sold private information to telemarketers in violation of written agreement
with customers, being offered products which can be declined is not harm under the state
consumer protection statute nor is emotional distress recoverable in breach of contract claim);
Whitaker v. Health Net, Inc., No. 11-cv-00910-KLM-DAD (E.D. Calif. Jan. 20. 2012) (Order)
(dismissing action against defendants for loss of disk drivers containing health information on
800,000 California residents because plaintiffs failed to allege they suffered any injury in fact
and thus lacked standing to proceed with the lawsuit).
68 See Stollenwerk v. Tri-West Healthcare Alliance, No. 03cv00185PHXSRB (D. Ariz.
June 10, 2008) (Order) (denying class certification because of lack of typicality and
predominance).

2015

The Road to Zero Privacy

627

that the expected recovery will be adequate to maintain the action. 69 In

addition, some states follow the economic loss rule which bars all claims in
tort that fail to allege either personal injury or property damage, limitations
which eliminate tort claims based on identity theft.70
Nevertheless, the costs associated with defending against the inevitable
data breach lawsuits, complying with data breach notification laws,
defending against and paying for FTC actions, and the loss of consumer
and stockholder confidence that results from a data breach, should
incentivize holders and brokers of personal information to minimize the
chance that data will be leaked.71 The reality, however, is that private
information continues to be lost, stolen, or unintentionally disclosed
despite the threat of legal sanctions.72 The increasingly granular and
intimate nature of personal information collected combined with this risk
of disclosure and misuse means that consumers should take control of their
data as much as possible. In What Stays in Vegas, Adam Tanner provides an
appendix discussing the tools available to control personal data.73 Tanner
describes strategies for reducing data leakage when surfing the Internet,

69 Id. at 68 (noting that even though the named plaintiff had suffered identity theft, he
has not alleged that he was held liable for any of the unauthorized charges, that his credit
rating was negatively affected, or that he suffered any compensable damages). The parties in
Stollenwerk dismissed the action with prejudice less than two months after class certification
was denied. Id. at 8.
70 See, e.g., In re TJX Cos, Retail Sec. Breach Litigation, 564 F.3d 489, 49899 (1st Cir. 2009)
(affirming dismissal of negligence claims based on the Massachusetts economic loss rule); In re
Target Corp., 2014 WL 7192478, at *20 (holding that the economic loss rule bars plaintiffs
negligence claims in five states).
71 In an analysis of 230 federal data breach lawsuits over a ten-year period, researchers
determined that the mean value per plaintiffs in twenty-eight cases in which they were able to
obtain settlement data was $2,500 and the mean attorneys fees paid were $1.2m. In addition,
Cy press awards ranged from $50k to $9.5m. See Sasha Romanosky, David Hoffman &
Alessandro Acquisti, Empirical Analysis of Data Breach Litigation, 11 J. EMPIRICAL L. STUD. 74,
100 (Apr. 6, 2013), available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1986461.
72 The nonprofit Privacy Rights Clearinghouse estimates that over 919 million records have
been disclosed in 4270 breaches within all types of organizations since 2005. See, e.g.,
Chronology
of
Data
Breaches,
PRIVACY
RIGHTS
CLEARING
HOUSE,
https://www.privacyrights.org/data-breach/new (last visited July 27, 2015); see also Michael J.
Moore, Morgan Stanley Fires Worker Accused of Stealing Client Data, BLOOMBERG (Jan. 5, 2015),
http://www.bloomberg.com/news/2015-01-05/morgan-stanley-fires-employee-accused-ofstealing-client-data.html (describing the theft of 350,000 client records); Steven Musil, Sony
Hack Leaked 47,000 Social Security Numbers, Celebrity Data, CNET (Dec. 4, 2014),
http://www.cnet.com/news/sony-hack-said-to-leak-47000-social-security-numbers-celebritydata/.
73

TANNER, supra note 3, at 259.

628

New England Law Review

v. 49 | 611

sending email, using search engines, and owning a smartphone.

CONCLUSION
Ultimately, however, the problem of personal data collection is a direct
result of modern technology that makes more and more individual data
available. At the same time that technology makes it cheaper to store that
data indefinitely. Combined with archaic attitudes that do not recognize
the difference between public records stored in file cabinets and the same
records available instantly anywhere in the world, Tanners suggestions
will only reduce the rate at which our intimate selves are revealed to the
world, not stop it. Unless there is a radical shift in public attitudes and
legislative will power, we may finally be forced to accept Scott McNealys
admonition sixteen years ago that You have zero privacy anyway. Get
over it.74

74 Scott McNealy was the chief executive officer of Sun Microsystems and, at the time, his
statement was considered shocking and controversial. See Polly Sprenger, Sun on Privacy: Get
Over It, WIRED (Jan. 26, 1999) http://archive.wired.com/politics/law/news/1999/01/17538.