by Mike Tanier
None of the scenarios listed below have happened yet, as far as we know:
NFL prospects have no privacy.
Hundreds of them spent last week at the Scouting Combine, working out in front of NFL Network cameras. Their heights and weights became matters of immediate public record. Sudden weight changes fueled speculation -- good for Sam Bradford, bad for many prospects in years past -- about their work habits and character. Rumors about supposedly private matters, like Wonderlic scores and interview results, quickly reached the interested public.
Every detail of a prospect's background is researched by teams and publicized by the media. The scrutiny goes beyond touchdowns and dropped passes, it continues to arrests, scandals, and brief, long-ago suspensions for "undisclosed team violations." If a player was involved in some non-noteworthy taproom scuffle, we know about it. Type "Jimmy Clausen" into your search engine, and Google helpfully suggests "punch" to steer you toward controversy.
The NFL draft is a uniquely Internet-fueled phenomenon, with thousands of bloggers devoting millions of words to an event with no intrinsic entertainment value. Internet coverage subjects the athletes to another level of privacy invasion. If you don't believe it, ask yourself if you know what any quarterback prospect's girlfriend looks like, how you got that information, and why it's any of your business. The NFL itself is still learning to cope with the advance of technology. For every positive story (Dennis Dixon used a Web site to attract NFL attention), there are many more negative ones (Brian Cushing and David Clowney [2] had their Twitter accounts hacked, revealing photos of Matt Leinart [3], Kyle Orton, etc., made the rounds in years past).
Players like Cushing, Clowney, Leinart, and Orton may have been embarrassed by Internet violations or indiscretions, but at least they were already employed. Prospects like Clausen are in a netherworld. They are celebrities without the resources to combat privacy violations or cyber-smear campaigns. They are job applicants for whom a change of perception could cost millions of dollars -- the cost of three or four draft slots, plus a lost endorsement or two. And they are college students or recent graduates, immersed in a world of post-adolescent drama preserved by instant, permanent telecommunications. Most of us are lucky that stage of our lives wasn't indelibly preserved.
The days of walking into a job interview with a new suit and a spell-checked resume are long gone. Today's college graduate cannot expect his or her past to disappear once he or she enters the job market.
Parry Aftab is executive director of WiredSafety.org [4]. Her organization is devoted to improving Internet safety and providing information and education about online privacy and security. Everything from hacking and identity theft to copyright infringement to cyber-stalking falls under the WiredSafery.org umbrella. Browse the topics on their site, and you come away with one conclusion: We give away far too much personal data on the Internet.
"We used to be able to reinvent ourselves," Aftab said in an interview. "So much of our lives are now wide open. If we aren't sharing it, our friends are."
That shared information is finding its way into the hands of employers. Jules Polonetsky is the co-chair and director of the Future of Privacy Forum, a Washington think tank focused on advancing responsible data practices. Polonetsky cited research revealing that 79 percent of hiring managers perform some kind of Internet background check during the employment interview process. Seventy percent of those managers used the results to take adverse action at some point or another. The message is simple: That kegs-and-bikinis picture on MySpace or the angry rant on Twitter can cost you a job.
College students are adapting to the new reality, and high-profile college athletes typically know better than to self-publicize something that could hurt their image. Problems arise as technology makes information more ubiquitous and easier to get.
Take something as simple as a Facebook page. With the proper settings, we can make sure only "friends" see our updates and wall postings (forget for a moment that many of you are among my hundreds of friends, and I probably have never met you). But depending on which networks you belong to -- a college alumni network for instance -- your posts on Twitter or Facebook may now be linked to search engines like Google. Information meant only for friends (acquaintances, readers, fellow writers, former students) could now belong to everyone who performs a simple search. Since most of us are rarely searched for by strangers, that may not seem like a big deal. For someone famous, it's a major problem.
If you are my age or older, what you've read so far may have led you to a simple conclusion: NFL prospects shouldn't use Facebook or Twitter, or at least should never share anything remotely personal on those networks. According to Polonetsky, that's not realistic. "Telling the current generation to stop using this technology is like telling teenagers to stop goofing off with their buddies. They literally have to disconnect. How can we ask anybody to live like that?"
As means of communication have changed, so have a generation's attitudes toward privacy. Public policy hasn't caught up. "The law hasn't developed enough, and the technology isn't nuanced enough," Polonetsky said, to keep pace with the way email, text messaging, and social networking usage have accelerated. It's one thing to keep your own Web site free of scandalous pictures and avoid controversial remarks. It's another never to text a silly joke to a friend, fearing that it may be forwarded along a chain that leads from a small group of acquaintances to Deadspin [5]. Ray Rice [6] learned that lesson in 2008, when what he thought was a private text to Rashard Mendenhall [7] became Steelers bulletin-board fodder.
The Rice-Mendenhall incident is a reminder that the social norms of Internet communication are still being worked out. Telling a younger generation to "be careful" (as those of us in education often do) is becoming meaningless. Polonetsky makes it clear that the line between "private" and "public" is moving. An individual who finds that a private correspondence among 20 friends has circulated nationally does have a legitimate beef.
"It's a huge shock to someone who feels, 'I didn't expect you to read my diary just because it's not locked in a safe,'" Polonetsky said.
Public policy can evolve, but the technology must also adapt. For example, an expiration date on data could keep it from becoming eternally available to anyone with an agenda. After all, a Facebook posting to friends is more like a statement made at cocktail hour, or in front of a classroom, than a published document; many of us are relieved when our cocktail or classroom tirades are forgotten.
"Wouldn't it be good if the tech let us forget the way humankind did for most of our history?" Polonetsky asked.
Even with forgetful software and legal protections, celebrities like NFL players must be prudent. "The more public you are, the more people will attack you, harass you, and provoke you," Aftab said. A rock star or teen princess can absorb or even benefit from scandal. An NFL player or draftee cannot. "Players need to understand that their brand is on the line," Aftab said.
That brand can be worth tens of millions of dollars in contract and endorsement money. Teams and sponsors also have brands to protect, which is why they collect as much data as possible about potential players and endorsers. And gathering huge streams of data, from the vital to the irrelevant to the personal, has never been so easy.
There are a lot of people who want access to your Internet search history, and you aren't even famous.
Most of us have some familiarity with Web security. We know we leave "cookies" (whatever they are) when we visit Web sites and that advertisers and others could follow those cookie trails to determine our purchase preferences (and more). We know that our Internet caches are repositories for every site we've searched for months, no matter how puerile or potentially embarrassing. We know the delete button doesn't delete very much.
Even the most tech-savvy of us know only a fraction of the story. On his site, Polonetsky provides a handy diagram [8] displaying where your data goes before you even click a link. The available data on an individual grows with each new gadget. I was unaware, for example, that my iPod Touch knew where I was until I fiddled with its "Maps" application. Sure enough, it dropped a locater pin on tiny Mount Ephraim.
Polonetsky reassured me that Apple only plans to share my location data if it suits some "beneficial purpose." That means Apple won't inform marketers when I travel to New York, which would allow them to bombard me with New York-specific advertisements. According to Polonetsky, Apple's policy is relatively forward-thinking. Other companies might share location data with any number of marketers or "re-targeters" down the line, allowing them to custom-tailor advertising while creating a spooky profile of my travel and purchase habits.
Of course, Apple's policy is stated in the terms of use agreement I clicked when setting up my iTouch, and Facebook and other providers have similar agreements. Even if I had read the agreement, I wouldn't have thought much about location data, as I had no idea the item I purchased even contained a GPS. "Nobody in their sane minds spends time reading those agreements," Polonetsky said, noting that the language of the agreements is confusing even for privacy lawyers.
These Orwellian marketing agencies seem less frightening when we realize that they're only trying to sell us products. Unfortunately, there's more. A company called RapLeaf advertises that it "provides social data about a company's audience." Companies like these allow businesses to collate their databases with social networking data, allowing not just marketers but employers and financial institutions to learn not just about a buyer or applicant, but his friends as well. "The reasoning is that if your friends are deadbeats, you're probably not a good prospect," Polonetsky said. The data is used to tailor credit promotions: Country club members see better offers than those with shadier profiles.
Combine the power of location-specific information with the data collection power of a company like RapLeaf, and you have a tool that an NFL team would covet when assessing a potential free agent or draft pick. Remember Andre Smith's disappearance from the Combine last year? Imagine tracking him via his iPhone. If Michael Vick had a social networking account in 2005, an aggregator company might have found out about his extracurricular interests just by cross-referencing some of his MySpace friends with their credit reports and purchase habits. The Falcons might have saved tens of millions on Vick's contract extension, all for the cost of some privacy invasion.
Companies like RapLeaf get their data by aggregating public information. They don’t use "clickstream" data, like the kind Internet marketers enjoy. That data is only supposed to be collected for marketing and advertising purposes, so future employers won't know how many times you logged on to Football Outsiders (unless you use a workplace computer!). But law enforcement agencies can access the data, and it's conceivable that someone else with power and connections -- an NFL owner, for example -- could pull strings to get a marketer to violate its privacy policy.
Aftab is skeptical that anyone would go that far to get data on a player or draftee, unless they suspected he was involved in some serious illegal activity.
"Some of this stuff is interesting to talk about around the dinner table," she said, "but it isn't really practical."
Legal issues aside, there are hundreds of players leaving millions of bits of information around the Internet, so a would-be cyber-spy would be forced to sift through hundreds of irrelevant emails, tweets, and browsing sessions. A team with the time and workforce available to perform such an investigation wouldn't find it cost-effective. Hours of manpower would yield little more than a half-hour Google session typically reveals.
"It's not the information they are paying for most people should worry about," Aftab said. "It's the information they are getting for free."
Polonetsky is less skeptical.
"It's one thing when casting a wide net, searching millions of records looking for a bad guy," he said. "But if it's a small target, if there's just one player or 10 players, there's a treasure trove, a long file to pull on them."
That said, Polonetsky agrees that players (or anyone else) should be more concerned about readily available data than leaked "clickstream" data, and that a legion of draftniks can be more damaging to a player with something to hide than a Bill Belichick-hired operative. "There's an army of curious detectives out there," he said, with a habit of ferreting out the truth.
Clickstream skullduggery aside, teams can -- and no doubt do -- infiltrate a player's "friends" list on a social network, and they retain the right to perform background and credit checks on players. "Teams would be out of their minds if they didn't find out everything they could," Aftab said. "The background check is more important with an athlete than an executive. There's a question of physical integrity."
Private investigators have been part of sports for decades. Now, they are capable of finding out much more, much more easily -- and that's before they do something extreme and illegal, like searching through our browsing habits for clues.
The cat gets out of the bag. In the case of someone like Lienart, a damaging picture circulates on the Internet. In the cases of Cushing or Clowney, a hacker steals the player's identity and leaves a trail of confusing, embarrassing tweets. Some accuser pleads his or her case to the Internet first and the police a distant second. Whether real, fabricated, or somewhere in between, the allegations or evidence is damaging. For an incoming prospect, it could be crippling. Imagine what a Tila Tequila-Shawne Merriman scandal could do to a medium-range prospect four days before the draft.
What's the player supposed to do about it?
NFL teams have a variety of resources to support players in event of scandal. This year's draftees have agents who can help douse the flames. A collegian with remaining eligibility (and therefore no agent) must turn to his school or his family. Most of these support networks are still a step behind the technology: police reports are their specialty, not Twitter battles.
The NFL's current Twitter policy reflects the league's lagging understanding of the technology. Rules to prevent pregame tweets are reactionary and arbitrary, and while the Texans and Jets reacted quickly to protect Cushing and Clowney, teams have proven to be technologically naïve before the fact (the fake Cushing's Twitter account was allegedly listed on the team's official site).
"The athlete needs to have a professional who knows how to get out in front of it," Aftab said.
Prospects can start by taking the precautions many of us take when we achieve a small measure of public notoriety. They can search for themselves frequently, set up RSS fields for themselves, and establish an official, secure Web site as their primary contact and communication source. By monitoring what's said about him on ine, the prospect can quickly address impersonators, stalkers, or slanderers. If a particular Web site or blog is churning out false or misleading information, an expert like Aftab has the knowledge and connections to stop it.
There are also new technologies that allow individuals to fight fire with fire on the Internet. A product called Reputation Defender helps users to seek and destroy damaging information. When destruction is impossible, Reputation Defender hides the data by increasing the amount of positive or neutral data that reaches the top of a typical search. In other words, by mirroring dozens of benign Mike Tanier sites and perching them atop the Google list, it's possible to bury that embarrassing incident with me and the zebra on page 43 of the search, where only the most zealous investigators will likely find it.
Professor Helen Nissenbaum of New York University created another program called "Track Me Not [9]." The program is perfect for anyone who doesn't want his or her search history tracked and analyzed. It creates thousands of dummy searches, making it impossible to differentiate real searches from fake.
"We are disturbed by the idea that search inquiries are systematically monitored and stored by corporations like AOL, Yahoo!, Google, etc. and may even be available to third parties," reads the Track Me Not Web site. "Because the Web has grown into such a crucial repository of information and our search behaviors profoundly reflect who we are, what we care about, and how we live our lives, there is reason to feel they should be off-limits to arbitrary surveillance."
All of the precautions sound like espionage after a while, and the online landscape changes every few months. The technology is so amazing and invasive, the players and teams so naïve, and the potential misuses of information so numerous, that I am shocked we haven't already witnessed a disaster: A player whose opportunity to play in the NFL is ruined by an out-of-control Internet hoax or a cyber-spying scandal on par with the one currently gripping the Lower Merion School District [10].
Last Wednesday, I updated my Facebook status, stating that I was editing a Walkthrough about Internet privacy. An hour later, someone commented on my status by relating a story about a (non-noteworthy) photo of an NFL player which found its way from someone’s "private" image list onto a fan blog.
I'll bet one or two of you saw that comment, because we are Facebook friends. That means you now know about the incident.
It was a second-hand tale of a minor event, nothing newsworthy at all. But what if the story were slightly sexier? My Friends list contains many sports writers and bloggers. They could pick the story up and pass it along. A step or two later, it could get distorted or embellished, become a full-scale privacy leak or part of a cyber-smear campaign.
I would then be a link in the chain that led to a breech of privacy, of journalistic integrity, or of trust. An unwitting link, but a weak one.
NFL teams, which have professional scouting departments and investigative resources, should be able to differentiate fact from cyber-smear, a stray remark or photo from a character flaw. But those resources only go so far. Information is eventually generalized and summarized, and when it comes time to sort through sixth round prospects, not every loose strand gets picked up. A little made-up scandal won't hurt Jimmy Clausen. Teams will uncover the real truth, and his game tape is too good to be overshadowed by some micro-scandal. But a minor prospect, a guy who is just as good as 50 others, could see his career derailed by a simple Internet mistake. And he doesn't have to be the one who makes it.
It's chilling. And it affects all of us as much as it affects the players.
Time for me to go delete that comment on Facebook now. Hope it is not too late.
Want to keep track of me on Facebook? Join the Walkthrough Readers group. I won't share any of your personal information, because I am honest, respect your privacy, and barely understand how to use a computer.
Links:
[1] http://ad.doubleclick.net/jump/footballoutsiders.fsv/ros;sect=ros;fantasy=yes;game=no;tile=3;sz=300x250;ord=' random_number '?
[2] http://www.footballoutsiders.com/player/15615/david-clowney
[3] http://www.footballoutsiders.com/player/16366/matt-leinart
[4] http://www.wiredsafety.org
[5] http://www.deadspin.com
[6] http://www.footballoutsiders.com/player/16762/ray-rice
[7] http://www.footballoutsiders.com/player/16511/rashard-mendenhall
[8] http://www.futureofprivacy.org/wp-content/uploads/2009/11/data.gif
[9] http://www.trackmenot.com
[10] http://news.cnet.com/8301-19518_3-10465117-238.html