Back to News & Commentary

Monitoring Internet Usage Patterns Has Privacy Implications Too

Catherine Crump,
Staff Attorney,
ACLU Speech, Privacy and Technology Project
Share This Page
June 18, 2012

The New York Times Sunday Review included a striking suggesting that universities could one day deploy software to analyze students’ internet usage for the purpose of assessing their mental health. The writers, Sriram Chellappan and Raghavendra Kotikalapudi, support their argument by explaining that they conducted a study on university students that demonstrated a correlation between depression and certain patterns of internet usage (for example, “very high e-mail usage”). The study involved screening 216 students at Missouri University of Science and Technology for depression and then having “the university’s information technology department provide us with campus Internet usage data for our participants . . . . This didn’t mean snooping on what the students were looking at or whom they were e-mailing; it merely meant monitoring how they were using the Internet” (so, for example, if they were surfing the web, checking email, using p2p programs, etc.).

A few points in response:

• The writers defend their study as privacy friendly because it did not involve “snooping on what the students were looking at” and focused only on what protocols the students were using. But, while the writers report that these students participated in this study voluntarily, nobody should think that such monitoring would be acceptable if done without permission. After all, if this type of data is sufficient to reveal facts about mental health—and is there anything as sensitive as one’s mental health status?— this study itself suggests one way that collecting and analyzing such data can be a serious privacy invasion.
• While the students in this study participated voluntarily, the writers’ proposal nonetheless illustrates one risk of having our Internet usage patterns logged: there is a cache of deeply sensitive information about us that we don’t have access to, but that others can potentially store, analyze and share. U.S. law has never required Internet Service Providers to retain detailed logs of our online activities, but the FBI and other law enforcement agencies have for just such a law.
• The proposal also illustrates why the collection and analysis of Internet usage data—by private parties and more significantly by the government—could well have a corrosive effect on free speech. Imagine a future in which you could only use the Internet knowing that what you do online will be analyzed to gauge your mental health, or perhaps the risk of your having committed a crime (or likelihood of committing one in the future). Would you continue to use the Internet in a free and unrestrained manner? Or would there be some small part of you chilled at the possibility that if your usage patterns do not conform to what is considered normal, you might be flagged for further scrutiny?
• The writers are undoubtedly motivated by a concern for students’ mental health and safety—and that is understandable. Nonetheless, any proposal that a computer algorithm be used to flag people for further scrutiny by a large bureaucracy raises red flags. First, how good is the computer algorithm? Will it be highly accurate, or will it yield large numbers of false positives? There is good reason to fear the latter, particularly where the target of the algorithm is as complex and multifaceted as mental health status. Second, how much do we trust the bureaucracy into which someone is being funneled? Will it make wise decisions and treat those who encounter it decently? I am not an expert on university mental health services, but when I think over my own experiences and those of other ACLU lawyers representing those wrongly placed on government watch lists, I am leery of any such uses by the government.

Learn More About the Issues on This Page