I Know Who You Are and I Saw What You Did is a non-fiction book by Chicago-Kent College of Law professor Lori Andrews that explores in meticulous detail the differences between privacy approaches “in real life” (IRL) versus online. Her subhead, “Social Networks and the Death of Privacy” is somewhat misleading (or perhaps incorrectly limiting) as Andrews covers privacy concerns affecting online behaviors including internet searches, emails, and even simply owning a device with a camera. At the end of her book, but referenced throughout, is a proposed Constitution for Web Privacy that would define and guarantee online rights for users. It’s not a perfect read, but it’s a timely and worthwhile one.
While much of the information Andrews shares is not necessarily going to be new to the savvy web user, Andrews’ approach of comparing privacy expectations between online behaviors and IRL brought home some concerns I hadn’t considered before. For example, we all know—or should—that anything you write online lives forever, right? But compare your right to privacy using email with those of a letter. It’s a federal offense to take a letter out of a mailbox, but companies are allowed to routinely scan emails for data that is used to better target advertising. Your online behavior is tracked and compiled, forming a sort of “second self” –the online reflection of who you are. Andrews compares how companies are free to use this information to choose what to offer to you: credit rates, housing offers, even job offers could be affected by this second self and how it reflects on you. And you don’t have access to the information or any rights to correct or change errors. In a contrasting “real” world example, you have a right to see your credit report and to have errors corrected. Your second self information? It’s virtually inaccessible and un-editable. Worst of all, you have no way to know what opportunities that second self information might have cost you.
Andrews also points out the ways that social networks and online technology can be used by individuals for cruelty or revenge, while the legal framework for consequences lags. Many of these stories may be familiar: Lori Drew, the mom who faked a MySpace page to goad her middle school-aged daughter’s rival into suicide, the Lower Merion school district scandal (in which web cams on school-issued laptops were activated and recorded images without users’ knowledge, capturing photos of pictures of teens in their rooms and other supposedly private situations), and many others. Andrews discusses the sadly minimal recourse available to victims and prosecutors.
I have only two quibbles with the book. The first would be that its tone was very, very dry. Of course, it is a non-fiction book so I wasn’t expecting a breathless barn-burner, but the many footnoted examples and references to legal decisions, coupled with its academic tone definitely slowed down my reading. Luckily, the topic was fascinating enough (and Andrews’ concerns alarming enough) to keep me hooked. My second issue is that the very speed of change that makes it so hard for legal channels to keep up also means that this book will probably be totally outdated in another year or two. Several of Andrews’ “revelations” – that Google is compiling demographic information about users, for example, or the risks of cookies, are already very well-known at this point. That said, her overall point about the need for users’ rights to be defined and legally guaranteed is likely to be a valid concern for some time to come. Unfortunately.