Troublesome new examples of the clash of technology and personal privacy are surfacing with alarming frequency. The basic tug-of-war between technology and privacy is, of course, nothing new. Going back at least as far as the development of radio and telephone communication, the threat to personal liberty posed by new electronic media has been a consistent theme. In recent years, the Internet’s ascendant role as an outlet for commerce, journalism, consumerism, and entertainment has elevated the concept of privacy into a mainstream concern of the information age—unquestionably a healthy development. But are we paying sufficient attention to diverse new threats of technological intrusion that go far beyond simply worrying about the security of credit card transactions on the Internet? One need not be labeled paranoid—or worse, a Luddite—to be seriously concerned that we are growing fatally accustomed to the sacrifices of privacy that come packaged with all this wonderful new technology.

As veterans of the Internet know all too well, the information technology establishment’s ever-expanding ability to collect, store, and disseminate data is a signature downside of the networked life. The more we use the Internet for an expanding array of online services and pursuits, the greater the risk that one’s private life becomes just another store of publicly available information to be surfed, surveilled, and commercially exploited.

A large group of presumably already depressed people found this out the hard way last week, when Eli Lilly admitted that it had mistakenly revealed the e-mail addresses of more than 600 patients who use Prozac. These patients had availed themselves of a company-sponsored service that sends automated e-mail reminders to take the anti-depressant drug. When Eli Lilly decided to announce the end of this service with a mass message to subscribers, it committed the common e-mail faux pas of listing all recipients in the message header, which means that each recipient potentially can identify all others. The company quickly spun it as an unfortunate case of human error and apologized. Evan Hendricks of the Privacy Times newsletter called it “gross negligence.”

Interestingly, Eli Lilly’s blunder probably violated no laws—new federal rules about medical privacy don’t take effect for two more years, and in any case may not apply to pharmaceutical companies—although the Federal Trade Commission could take action against the company for violating its own online privacy policies. But the point here is inevitability and responsibility, not intent. (The misstep was plausibly inadvertent, and the company clearly has nothing to gain from making this very publicly condemned error.)

Up and down the Internet, e-profiteers insist that preserving our privacy is their paramount concern. But at the same time, they fervently resist regulatory action that would give consumers real teeth to hold commercial interests accountable for inevitable breaches of personal privacy. The huge variety of business enterprises whose fortunes are constructed on a foundation of consumer information—financial institutions, insurance companies, retailers of all sorts—want us to believe that industry can police itself with privacy policies that protect our personal data.

In practice, however, most of these company-driven policies are little more than warnings coupled with hard-to-use “opt-out” provisions that require consumers to read fine print and act affirmatively to prevent the sale or otherwise unauthorized use of the voluminous information these firms collect and maintain. It’s clear that consumers are appropriately apprehensive about all of this. In a Gallup poll completed just a few weeks ago, more than three-quarters of Internet users described themselves as either “somewhat concerned” or “very concerned” about the privacy of personal information on the Internet, with almost the same proportion worried about companies using information on Internet usage for marketing purposes. And no wonder they’re worried: A data privacy expert told U.S. News and World Report last month that customer data profiles typically have an error rate of 85 percent.

But if tracking our data in cyberspace is one thing, tracking our movements in the material world is entirely another. An unsettling trend in real—as opposed to virtual—life is the increased use of recording and computer technology to monitor our physical actions in public spaces. We learned last week that if you amble your way through Tampa, Fla.’s, popular Ybor City nightlife district, you can expect to be the target of dozens of security cameras hooked into a computer system designed to identify criminal suspects. Known in the industry as “facial recognition biometrics,” this is technology that digitally compares your facial features with a database of faces of individuals with outstanding warrants. (Some casinos use biometric systems to single out card-counters and other gambling miscreants.) If the system used in Tampa identifies a possible match on the streets of Ybor City, a police officer is dispatched to stop and check the individual for possible arrest.

To be sure, we have become accustomed to video surveillance as a security measure in various public and quasi-public places, and even the most ardent of civil libertarians probably draws a measure of comfort from the presence of a monitoring camera during a late-night convenience store visit, or from the inevitable X-ray baggage scans at airports worldwide. Video monitoring has become especially popular in parts of Europe—the U.K. in particular seems fond of ceiling-mounted electronic eyes, which are now ubiquitous in London’s underground subways.

One could view Tampa’s experiment with biometric facial recognition analysis as just a harmless extension of the use of video surveillance in other places where security concerns exist. A Tampa detective described facial recognition technology as “a powerful tool to assist in maximizing public safety,” showing that the police are “committed to enhancing the quality of life in our neighborhoods.” Those who buy this logic might argue that law-abiding citizens with nothing to hide have nothing to fear, and enhanced personal security to gain, from the expanding gaze of strategically positioned monitoring devices.

But you don’t have to have something to hide to see cameras and other kinds of tracking devices in public spaces as something other than quality-of-life enhancement. You don’t have to be a conspiracy theorist to worry about the inevitable tendency of powerful institutions—governments, police departments, and corporations—to use this stuff we so clinically label “data” for purposes beyond those intended. (Remember Kenneth Starr’s subpoena of Monica Lewinsky’s bookstore purchase records?)

To cite one example offered by Beth Givens of the California-based Privacy Rights Clearinghouse, it’s not that much of a stretch to imagine that law enforcement agencies might yield to the temptation to use biometric technology to develop a database of known participants in dissident activity as a mechanism for social control that would chill public protest. (And we haven’t even gotten to cell phones with global positioning technology, interactive television, and any number of other technologies that turn the networked life into the databased life.)

The point is not to be exhaustively paranoid, nor to sacrifice every possible public safety tool to a plenary allegiance to civil libertarian absolutism. The point is to realize that every time we passively acquiesce in another small and seemingly harmless abrogation of our right to be left alone, we chip away at the very idea of a society where being left alone is a foundational principle. In simpler terms, we become destructively accustomed to the idea that our preferences, our purchases, our health, our recreations, and our very movements are part of our public rather than our private selves.

The solution is pretty simple, and free-market conservatives won’t like it: regulation. There is a clear role for government as a source of rule-making here that places clear and enforceable limits on the ability of public entities to monitor our movements and the ability of private enterprise to traffic in our personal data. In the Gallup poll mentioned earlier, two-thirds of respondents favored more government action to protect online privacy, with clear majority support for regulation among both Democrats and Republicans surveyed. That’s a perspicuous mandate for action. Is Washington listening?