The Decade We Learned There’s No Such Thing as Privacy Online

In the past ten years, we lost hope in American politics, realized we were being watched on the internet, and finally broke the gender binary (kind of). So many of the beliefs we held to be true at the beginning of the decade have since been proved to be false—or at least, much more complicated than they once seemed. The Decade of Disillusion is a series that tracks how the hell we got here.

The last decade has seen no limit of scandals highlighting how personal privacy in the internet era doesn’t actually exist. Whether we’re talking about wireless carriers selling your daily location data to any nitwit with a nickel, or incompetent executives leaving consumer data openly exposed on the Amazon cloud, calling the last decade ugly would be an understatement.

What’s more the government, utterly captured by the industries it’s supposed to hold accountable, has proven feckless in the face of the threat. The United States still lacks any meaningful law governing behavior in the internet era, and the glaring lack of accountability couldn’t have been made any more obvious over the last ten years.

2010: The Rise of the Internet of Very Broken Things

During the late 90s and early aughts, “internet of things” evangelists routinely heralded a hyper-connected future, where everything from your refrigerator to your tea kettle would be connected to the internet. The end result, they promised, would be unprecedented convenience and a Jetsons-esque future, contributing to a simpler, more efficient existence. The end result wasn’t quite what was advertised. A lack of any meaningful privacy or security safeguards quickly ruined the party, turning the IoT revolution into the butt of endless jokes. Throughout the decade, evidence emerged that everything from your “smart” television to your kid’s WiFi-enabled Barbie doll was easily hackable, showcasing that the smarter choice is often dumber, older tech.

May 2013: Edward Snowden reveals the NSA's surveillance dragnet

Snowden, the most famous whistleblower of a generation, gave thousands of classified NSA documents to journalists Glenn Greenwald and Laura Poitras. The documents showed in great detail how the post 9/11 intelligence apparatus was collecting data in bulk on American citizens and people around the world through programs like PRISM, XKeyscore, LoveINT, and a host of others. The revelations showed that the NSA had backdoors into the databases of many of Silicon Valley's largest companies, that it was surveilling world leaders and American allies, and that the U.S. government's surveillance state had become ever present in American life.

Snowden's revelations were published over the course of years—this slow drip of information kept Snowden, NSA surveillance, and privacy in the news, making it an ongoing national conversation over the entire decade.

August 2013: Hackers steal the data of 3 billion Yahoo users

In September 2016, as the company attempted to sell itself to Verizon, Yahoo belatedly revealed it had been the victim of a series of major hacks in 2013 and 2014. After initially claiming that 500 million users were impacted, it would later acknowledge that the hack impacted roughly 3 billion users, the biggest data breach in U.S. history. Yahoo would ultimately have to pay a $35 million penalty to the Securities and Exchange Commission for pretending the hacks never happened, and another $80 million as part of a class action settlement. But as with most “punishment,” much of the money went to lawyers, and the penalties paled in comparison to the money made from monetizing user data.

2017: Congress helps big telecom kill FCC privacy rules

Big telecom has always had a flippant relationship when it comes to respecting your private data. For years ISPs quietly monetized your every online click, and have even charged customers significantly more if they wanted their privacy respected. In 2014, Verizon was busted modifying user data packets to covertly track users around the internet without telling them. In 2016 the FCC under Tom Wheeler tried to do something about it, passing some modest broadband privacy rules that would have forced ISPs to be transparent about what data was collected and sold, and to whom. The rules would have also required that consumers opt in before ISPs and mobile carriers could share and sell more sensitive financial data. But in 2017 the House and Senate voted to eliminate those rules at the behest of industry, opening the door to years of additional abuse by the sector.

March 2017: The Equifax hack heard around the world The last decade saw no shortage of breaches that exposed mountains of personal data, be it the hack of Marriott (500 million customers), Adult Friend Finder (412.2 million users) or EBay (145 million). But none highlighted corporate incompetence or government fecklessness quite like the 2017 hack of Equifax, which exposed the financial data of 145 million Americans. In part because data would later reveal that Equifax knew about the vulnerability and did nothing about it. But also because the punishment doled out by the FTC—which included a $125 cash payout that disappeared when consumers went to collect it—showcased a feckless government incapable and unwilling to seriously rein in corporate America’s incompetence and greed.

2018: Facebook lets Cambridge Analytica abuse your private data While Cambridge’s abuse of Facebook data was first reported in 2015, it wasn’t until 2018 that people realized the full scope of the problem. For years Facebook casually allowed third-party app-makers unfettered access to consumer datasets, allowing outfits like Cambridge to weaponize your personal information in the lead up to the 2016 election.

Privacy experts like Gaurav Laroia tell Motherboard that pound for pound, no event in the last decade had as much of an impact on public perception as Facebook’s epic face plant.

“The Cambridge Analytical scandal had the right combination of scale, malfeasance, and consequence to sear into everyday Americans how companies like Facebook sell access to our personal information and how dangerous that can be,” Laroia said. “That a researcher was able to take the profile information of tens of millions of Americans and sell it to an unscrupulous company with little consequence, in violation of an agreement with Facebook, showed how industry self-regulation has failed and why the government must act to protect our privacy,” he added.

2019: Wireless carriers busted selling your cell phone location data Thanks in no small part to Congress’ decision to kill FCC broadband privacy rules in 2017, there’s been little penalty for telecom giants that abuse your private information. Case in point: Motherboard’s blockbuster January, 2019 investigation showing that wireless carriers routinely sell your every waking movement to a wide variety of often dubious middlemen. The investigation resulted in numerous calls for action by politicians like Senator Ron Wyden, though to date nobody—be it the FCC or Congress—has actually lifted a finger to stop the practice or forced the deletion of decades’ worth of your daily location data. The decade’s theme couldn’t be more obvious: either via corruption, incompetence, or apathy, giant corporations routinely pay empty lip service to consumer privacy, before engaging in face plant after face plant. Just as often, the government’s response to a chorus line of piracy scandals has ranged from underwhelming to nonexistent.

Part of the problem is US regulators enjoy a tiny fraction of the resources given to privacy regulators overseas, and thanks to industry lobbying, the U.S. still lacks any kind of meaningful privacy law for the internet era. While efforts are afoot to change that, a cross-industry coalition of lobbyists is working hard to ensure this dysfunctional status quo never changes.