You are not alone

Is your privacy threatened if your cellphone monitors your movements but doesn’t record them? What if a computer listens in on your conversations but doesn’t tell a human what you said?

These are the kinds of questions raised by an emerging group of services that sell the information new technologies collect about the people who use them. For example, some businesses want to tell advertisers the location of participating cellphone users. The theory is that consumers won’t mind having machines track their movements if the stores and restaurants they approach send them coupons. Or consider Pudding Media, a Silicon Valley start-up that provides free calls through the Internet. The company’s computers listen to the calls and, if certain words are uttered, send the caller ads tied to those words.

The service is a twist on Google’s Gmail, which scans the messages sent by or to users and inserts relevant advertisements. Although machines, not humans, do the scanning for both services, they’re capable of processing information in far more intrusive ways than a person could -- for example, by sorting through mountains of data to find patterns that connect you to other users or predict how you will behave.

As unsettling as it may sound, Pudding Media’s virtual eavesdropping may pose less of a threat to privacy than using a browser to search the Internet. That’s because Pudding says it doesn’t keep the information it collects about its users. Google, by contrast, holds on to users’ search records for 18 months, providing a potential gold mine for government investigators or divorce lawyers.

The most disturbing aspect of the situation is how permissive federal law is. Phone companies can’t sell your calling records without your consent, nor can cable operators disclose your video habits. But there’s no clear prohibition against your broadband provider logging the sites you visit online, then selling that information to marketers. Nor is it clear that the safeguards on phone networks and cable systems would apply to similar services delivered through new technologies.

Lawmakers should close these loopholes. No matter what technologies companies are using to provide communications services and Internet access, they should be required to obtain consent before disclosing personally identifiable information about what their customers say or do online. And in the meantime, people should pay close attention to the information that websites collect about them -- and how long they keep it.