Viewed out of context, recent Washington revelations paint a disturbing portrait of the vast amount of electronic data the nation's spy agencies are collecting. But the blockbuster news stories belie a simple truth: Personal privacy rights have been under sustained assault since well before the Sept. 11 terrorist attacks. And it's not just government that's vacuuming up information.
Dating to the early 1990s, growth in electronic commerce has been facilitated and driven by advances in data collection and storage. What we read, where we live, what we buy, whom we call, what music we listen to, what movies we watch in our homes, the names of childhood pets and mothers' maiden names — all of it, and much more, now lives on a server farm somewhere
For the most part, Americans haven't loudly objected to this slow erosion of privacy: Much of our personal information has been surrendered willingly as a result of our eagerness to connect through social media and our ravenous consumption habits.
What many consumers don't know, however, is how aggressively Big Tech has moved to track and combine the data to build user profiles. As for the growth of the national security state and its snooping habits, even as its tentacles have expanded there have been few signs of political backlash.
Here are some notable milestones over the past two decades that help explain how we got to this point:
1994: The birth of the cookie
Netscape is credited with inventing the browser "cookie," the innocently named little computer file that enables firms to build a profile of a user by recognizing and tracking his or her Web surfing behavior.
1995: The European Union sounds an alarm
Against the backdrop of long-standing, pre-Internet concerns about privacy and the protection of personal data, the EU issues its first data protection directive regarding the processing of personal data and its free movement.
The Electronic Privacy Information Center reviews 100 of the most frequently visited Internet sites and reports in June 1997 that only 17 have explicit privacy policies. None meet basic standards for privacy protection, according to the public interest research center.
"We were not able to determine whether web sites are linking data collected on-line with other databases," wrote EPIC. "This classic computer matching technique is oftentimes one of the first indicators of a privacy problem. It is also likely to emerge as a significant issue in the near future."
1999: Big Brother zeroes in
The first commercially available GPS phone is launched by mobile phone manufacturer Benefon and sold mainly in Europe. Even before such GPS-enabled mobile phones are widely available in the U.S., in August 2001 PCWorld magazine asks, "Will Big Brother Track You by Cell Phone?"
President Bush signs the Patriot Act Bill during a ceremony in the White House East Room on Oct. 26, 2001.
President Bush signs the Patriot Act Bill during a ceremony in the White House East Room on Oct. 26, 2001. Doug Mills/AP
2001: The Sept. 11 era begins
Six weeks after the Sept. 11 terrorist attacks, President George W. Bush signs the Patriot Act into law. The bill, which grants broad new surveillance powers to law enforcement and intelligence agencies, is designed "to identify, to dismantle, to disrupt and to punish terrorists before they strike."
After passing both the House and Senate by wide margins, the Patriot Act widens the scope of the Foreign Intelligence Surveillance Act, or FISA, and includes a variety of provisions that allow for expanded data collection and surveillance by government, as well as disclosure of electronic communications.
2002: "Total Information Awareness"
The Pentagon is revealed to be building "a computer system that could create a vast electronic dragnet, searching for personal information as part of the hunt for terrorists around the globe — including the United States."
The system, known as "Total Information Awareness," is designed to use data mining techniques to find hidden patterns of activity from vast troves of Internet mail information, credit card and banking transactions, and government documents.
Aside from concerns over its scope, the Orwellian ring to the program's name proves problematic. Within months of the initial headlines revealing its existence, it's changed to a less threatening moniker: "Terrorism Information Awareness."
2005: Warrantless surveillance
The New York Times reports in December 2005: "Months after the Sept. 11 attacks, President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity without the court-approved warrants ordinarily required for domestic spying, according to government officials.
"Under a presidential order signed in 2002, the intelligence agency has monitored the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years in an effort to track possible 'dirty numbers' linked to Al Qaeda, the officials said. The agency, they said, still seeks warrants to monitor entirely domestic communications."
Facebook.com's mastermind, Mark Zuckerberg, at his office in Palo Alto, Calif., in 2007.
2006: Facebook launches News Feed
In September 2006, Facebook, the popular social networking service, launches its new News Feed feature, which broadcasts changes members make to their Web profiles to the pages of others in their Facebook social networks. After an uproar, fueled by complaints about the invasiveness of the feature, Facebook quickly apologizes and lets users disable or modify it.
A year later, Facebook again angers users with the introduction of Beacon, a program that sends news alerts to users' friends about which goods and services they purchased online. After widespread criticism and a class-action lawsuit, Beacon is shut down in late 2009.
2007: Google launches Street View
A new feature of Google Maps, Street View enables users to view and navigate within 360-degree panoramic street-level imagery of various U.S. cities.
"With Street View users can virtually walk the streets of a city, check out a restaurant before arriving, and even zoom in on bus stops and street signs to make travel plans," says Google in a May 29 announcement.
The remarkably detailed imagery immediately sparks a privacy debate, but it takes a back seat to a later revelation that Google's Street View cars — the ones taking the photos — had also collected sensitive personal information from wireless home networks.
The company tells Federal Trade Commission investigators that it had mistakenly collected the data. "We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users," the company explains. Google outlines the problem and the plans to fix it in a blog post.
2008: FISA amended
Congress passes the FISA Amendments Act in July 2008, expanding the federal government's surveillance powers and giving immunity to telecom companies that assist in a warrantless surveillance program.
2009: Facebook changes the rules
Tens of thousands of Facebook users protest against terms of service changes that allow Facebook to use anything uploaded to the site at any time, even after users have deleted their profiles and left Facebook.
After the backlash, the company reverts to its original policy and issues a statement of rights and responsibilities surrounding its relationship with users.
2011: Bad Buzz
Google agrees to settle Federal Trade Commission charges that it used deceptive tactics and violated its own privacy promises to consumers when it launched its social network Google Buzz in 2010.
Google had received thousands of complaints from users who were concerned about public disclosure of their email contacts which included, in some cases, ex-spouses, patients, students, employers or competitors.
The settlement calls for implementation of a comprehensive privacy program, and for regular, independent privacy audits for the next 20 years, marking the first time an FTC settlement order requires a company to implement a comprehensive privacy program to protect the privacy of consumers' information.
Karen Bleier/AFP/Getty Images
A journalist takes an online tour of the inner workings of Internet search giant Google's Washington, D.C., data centers in 2012.
A journalist takes an online tour of the inner workings of Internet search giant Google's Washington, D.C., data centers in 2012. Karen Bleier/AFP/Getty Images
2012: A more "intuitive" experience
In January, Google announces it will integrate user data across its email, video, social-networking and other services. In a blog post, the company explains the plan will lead to "a beautifully simple, intuitive user experience across Google."
2012: FTC vs. Google, again
Google agrees to pay a $22.5 million fine to settle allegations that it violated terms of the settlement order it signed in 2011 surrounding Buzz. The Federal Trade Commission levied the penalty on Google — the largest ever imposed for violating a commission order — for misleading millions of users of Apple's Safari Web browser about tracking their online activities.
Sources: Google; Federal Trade Commission; Electronic Privacy Information Center; New York Times; PCWorld; Facts on File