It's not news that the digital privacy boat sailed from the dock years ago. Nearly all privacy actions now are remedial, attempting to correct lost freedom.

Just as music and movie companies cannot easily lock down the digital security of their intellectual properties in the great moving tide of bits, we as individuals have lost the lockdown control of our identities that people took for granted 20 years ago. The most aware digital citizens maintain a curious but understandable double standard: media should be liberated, but identity locks should be protected. Information wants to be free ... but not my information.

The government surveillance issue that was inflamed last week is complicated, controversial, partially concealed and stretches over the 11-year "war on terror" since the 9/11 attacks. The core piece of controversial legislation is the Foreign Intelligence Surveillance Act (FISA), which became law in 1978.

As implied, the bill prescribes allowable methods and boundaries for acquiring foreign intelligence. It is espionage law. Two amendments complicate FISA's story and potentially bring its actions to American shores. First, in 2001 after 9/11, FISA was amended to accommodate the existence of terrorist groups not affiliated with a nation. That version of FISA served as an umbrella sanction for various digital surveillance activities carried out by the National Security Agency (NSA), mostly beyond the awareness of the general population. The central mandate of FISA, and of the NSA, had not changed in theory: foreign intelligence gathering.

Effective or not, an American spy operation directed at its own citizens infects the country's central nervous system

But in December of 2005 the New York Times broke news that a 2002 presidential order allowed the NSA collection of phone calls and emails from American citizens -- without legal warrant. Search warrants were obtained for conversations that originated and ended within the US, but that legal step could be eliminated if just one end of the communication was offshore. The government claimed that surveillance programs, supercharged by that 2002 presidential order, had thwarted specific plots hatched by Americans assisting al-Qaida attack plans.

Effective or not, an American spy operation directed at its own citizens infects the country's central nervous system, even granting arguable gray areas. A second FISA amendment in 2008 provided what might be termed a reverse corrective, by legitimizing NSA powers. There were Senatorial objections to the bill's passage. The 2008 revision remains focused on foreign targets, but with language that some legislators believe opens up ambiguities through which American civil liberties can be lost. One obvious loophole, even to a naive layperson, is that an email address cannot be pinned to a location. As a Slate article noted, nobody knows the extent to which Americans are under an NSA lens.

This came to a head last week because the 2008 version of FISA is set to expire at year's end, and the US House passed a five-year extension with strong bipartisan support. The law now sits in Senate hands, where more cautious minds might slow this hurtling piece of controversy.

Unlike government spying, which is highly personalized, website tracking is anonymous on the back end

(At the same time, the tenaciously litigious Electronic Frontier Foundation (EFF) has been suing the NSA since 2008 on behalf of several AT&T customers, based on a raft of evidence implicating the telecom company for collaborating with the NSA in what the EFF calls "dragnet surveillance.")

While many Americans might object in principle to FISA and the NSA's alleged implementation of the law, not many individuals are likely to be affected. The values are reversed in the case of online website tracking, which is applied to nearly everyone who uses a browser, but most people don't get worked up about it.

Unlike government spying, which is highly personalized, website tracking is anonymous on the back end. The tracking cookies that publishers and ad networks drop onto your computer as you move around the web treat the browser as a surrogate individual. They lose effectiveness as more people use a browser session because they are targeted to the concept that one browser represents an interest profile of one person. If your browsers are unshared, and you don't purge your cookies, you get the purest illustration of tracking acumen, expressed through the most targeted ads.

Phones and email accounts are bugged for the sake of national security, but browsers are bugged for the sake of commerce. The forces of commerce are sly and smart, but much less powerful. Users can take control by using ad blockers cosmetically, and aggressive cookie deletion to cut off spying closer to the ground.

The do-not-track button featured in most browsers, and soon to be a stable feature in Chrome, so far a laggard, encourages internet citizens to make a choice. It is opt-out, of course, because an opt-in to browser tracking would require universal cooperation from all industry players to stay out of our computers unless invited. Such universal agreement is quixotic, but a surprisingly substantial affiliation of industry players has signed off on the Obama administration's data privacy framework -- it is a codification of conduct around consumer protection principles related to web privacy. Many commenters insist that this theoretical piece of work is toothless.

The clear lesson that derives from all forms of contemporary spying is that digitally connected citizens need personal DRM. The Constitution is supposed to opt out Americans from government intrusions. The Obama document is meant to be a sort of privacy constitution for the internet. Time will tell how much muscle each one has.

Brad Hill is the VP, Audience Development at AOL. He is the former Director and General Manager of Weblogs, Inc.