"Take the single example of a cancer survivor who uses a social network to connect with other cancer survivors and share her story," said Kerry in a statement. "That story is not meant for her employer or everyone she e-mails, or marketers of medical products promising herbal cures. Misapplied and poorly distributed, this information could lead to a lost job opportunity or higher insurance rates. Even distributed without malice this information could pigeonhole her identity as a cancer survivor — which may not be how she wants to face the world."
Deciding who gets that information "should be her right," Kerry continues. "Whether or not she acts to protect its distribution, private firms should start with the premise that they should treat her and her information with respect. The fact that no law limits the collection of this information or its distribution is a problem that threatens an individual's sense of self."
That very month, however, the Obama administration tried to make it easier for the FBI to obtain records of "online transactions" — including a list of who you've e-mailed and what Web sites you've visited — without a warrant. Around the same time, the Electronic Frontier Foundation reported that the White House has circulated a draft of its plan for securing identity online — which calls for individuals to "voluntarily request a smart identity card from her home state" to "authenticate herself for a variety of online services" including "securely accessing her personal laptop computer, anonymously posting blog entries, and logging onto Internet e-mail services using a pseudonym."
The proposal, called the National Strategy for Trusted Identities in Cyberspace, sounded alarming to some critics.
"If I'm posting on a blog, reading, browsing, who needs to know who I am? Why is it so important that my identity be verified and authenticated?" says Tien. "We have a tendency to say, 'Well, gee, there are all these problems so we need to know people's identity.' But identity isn't security. You don't automatically know what to do about someone just because you know who they are."
At any rate, even a raft of new laws and legal precedents can't be the only answer. Beyond legal remedies, there has to be a cultural component.
"Much of our sense of privacy in the world isn't guaranteed by law," says Tien. "It's guaranteed by people acting within traditional bounds." Unfortunately, "technology screws this up. It accelerates social change in ways where people aren't sure what the norms are."
Justin Silverman, a law student at Suffolk University who blogs for Suffolk Media Law and the Citizen Media Law Project, says he suspects that ultimately people's sensibilities will adapt as folks get "more comfortable with information online" and a lot these issues will "solve themselves." In the meantime, he says, "market will take care of some things."
Indeed, even as they've helped create some of these issues, technology and the private sector have huge roles to play. People are starting to demand it. The Wall Street Journal reported recently that "companies with ideas on how to protect personal information" — firms such as Abine and TRUSTe — "are a new favorite of venture capitalists."