Is it eavesdropping when your ISP sells your web surfing habits to advertisers? Lawyers and legislators are debating whether such practices violate the 1986 Electronic Communications Privacy Act, designed to keep phone companies for listening in on their customer's phone calls. We would all probably find it creepy if AT&T were listening in on our phone calls, but I'll venture that fewer people care about someone watching our web-surfing habits. Technology tends to produce ethical gray areas. Maybe you don't care that AT&T keeps a record of the web sites you visited, but you probably would object if AT&T were reading your email or text-messages. Wait though - how many of us use Gmail, which scans the contents of your email to give you targeted ads? Are these gray areas eroding our past notions of privacy? This applies to personal genetics as well: publicly, there has been a lot of support for laws limiting an insurance company's access to personal genetic information. The Genetic Information Nondiscrimination Act recently became law. Your insurance company can't force you to take genetic tests, or provide them with genotyping results from tests you have taken. But could they entice you to provide this information? What if they start providing extra services for people with certain risk alleles - you give them your genetic information in exchange for (possibly bogus) specialized care or coverage for people at risk for heart disease, diabetes, Huntington's, or whatever. Once we've willingly provided private information - whether it's about genetics or email, it will be that much more difficult to stop abuses. And the financial incentives to commit abuses are strong. What's the solution? Stricter laws? That may help, but new gray areas always tend to get ahead of legislation. Whether we have legal protection or not, what we need is a stronger privacy culture - free email is great, but maybe we shouldn't be so quick to sign away our privacy.