Surfing Secrets: The Multiple Meanings of Online Privacy http://reason.com/0104/cr.jd.surfing.html By Jennifer DePalma The Hundredth Window: Protecting Your Privacy and Security in the Age of the Internet, by Charles Jennings and Lori Fena, New York: The Free Press, 278 pages, $26 Internet privacy isn't just one debate, it's several. One involves how much information an e-business should be allowed to require of its customers, and what it should be allowed to do with the data it collects. (Does a Web site, say, have the right to pass data along to third parties?) Another debate centers around when the government should have access to information shared online. Then there's online anonymity: Should people be allowed to post e-mails or Web pages under false names? What should be the legal repercussions of giving a site false information? And don't forget things like firewalls that protect sites from unwanted visitors and encryption tools that keep data and information top secret. The police want to be able to search networks for illegal activity (gambling, child pornography, hacking, etc.). They therefore dislike the idea of strong encryption -- or would at least like a guaranteed means of breaking that encryption should the need arise. But weaker encryption increases the chances that your privacy will be violated -- that someone else will get access to the information you transmit online. It's an important set of arguments. Many people understandably dislike the thought of corporations or the government amassing detailed profiles of them: Even if the profile keepers have the best of intentions, there's still the possibility of stolen identity or wrongful accusation. How receptive consumers are to e-commerce depends on how secure they feel using it. On the other hand, such information is valuable to companies: It helps them learn what their consumers want and improve their products. It sounds like a tangle, but there's a straightforward thread that runs through all of these questions: how best to balance economic and technological improvement with freedom and personal space. Yet the debates often cloud this basic concern by spinning worst-case scenarios as though they were commonplace. Hyperbole, wild generalizations, and outlandish predictions about the possible uses and likely abuses of information are common. Few authors present the facts and lay out the issues in a way that lets laypeople develop an informed opinion, deciding for themselves what potential dangers are lurking. The Hundredth Window is, for the most part, an exception. Authors Charles Jennings and Lori Fena give their readers the tools to make competent, independent decisions -- if readers are willing to endure some slanted editorializing and ignore some grandiose theorizing. Jennings and Fena, founders of TRUSTe, an Internet privacy assurance organization, have put together a nuts-and-bolts text that summarizes the current debate and highlights the major events that have influenced it. There are some splashes of hyperbole and fear mongering, too, but that seems to come with the territory. The book includes some useful hints on protecting your privacy while you surf the Web and engage in e-commerce. Interspersed among chapters on the development of data and the author's relevant theories are "Tips and Tricks" -- practical, easy-to-follow instructions on erasing cookies, securing passwords, keeping e-mail private, and other ounces of prevention, as well as advice on what to look for in a Web site's privacy policies. Like most commentators, Jennings and Fena view privacy concerns from the perspective of the frightened consumer looking for an impractical degree of control over the information he volunteers on the Web. One of the principles endorsed, borrowed from the Online Privacy Alliance, is this: "No data should be collected from you and used without your permission." Requiring consent above and beyond that implied in volunteering the information has led to efforts as ridiculous as demanding a parent's written assent -- via the U.S. mail! -- before a child could interact with a Web site. But the authors also detail the benefits of releasing information -- cheaper prices, personalized service, quicker transactions -- more honestly than most privacy advocates do. The authors realize that many users find the Internet relatively safe and are willing to trade privacy for convenience. The authors do not think such confidence will continue, however, and predict that abuses of personal information will increase to an extent likely to drive e-consumers from the ease of ordering groceries and books online back to old-fashioned shopping in person at local stores. In their words: "Unless [personal data] collection and use become both measured and monitored, our great new electronic commons of the Internet may itself be put at risk, as people recoil in disgust or fear when learning how vulnerable they are to online surveillance, behavioral profiling, and other data-consuming activities." Jennings and Fena acknowledge that simple answers to privacy questions do not exist for anyone -- consumers, technologists, or businesses. Oddly, they then assert that the country needs to reach a consensus on the issue as soon as possible; without one, they assert, "privacy issues will become a major obstacle to continued growth in the electronic marketplace." For proof, they cite international tensions, such as those between the United States and the European Union. The E.U. had threatened to stop information flows to the U.S. unless the latter instituted certain laws and bureaucracies, such as a national agency dedicated to monitoring the corporate use of personal information. The Clinton administration managed to calm E.U. fears without making any serious proposals for national privacy police or overarching laws; it remains to be seen whether that delicate balance will continue in the new administration. This dispute is a preview of the future, as countries push treaties governing trans-border information flows. Whatever those regimes end up looking like, there is no reason to think that even that sort of "common consensus" would solve micro-level conflicts between companies and consumers. Customers, after all, desire varying levels of control over their personal information, and "consensus," which would never be unanimous, would readily lead to mandatory procedures. Since no one could guarantee a consensus with the right answer, if one right answer even exists, those procedures would dissatisfy many users -- and stultify the creative energies that could create better solutions. The best solutions, of course, are those that let consumers choose among diverse alternatives. It's one thing to call for certain ground rules, such as transparency in the market, that might help ensure true consumer choice. But Jennings and Fena seem to be looking for more-specific standards. For instance, they are comfortable requiring companies to handle personal information in one consistent way, or to report their possession of such information to the government at certain times. They would require all Web pages to advertise their privacy policies the same way, relying on one agency -- maybe public, maybe private -- to classify the level of privacy protection, much like the movie industry's single ratings system. In short, they don't mind mandated uniformity. In all fairness, Jennings and Fena also recognize the benefits of experimentation and choice. The best approach, they argue, is to "allow technology developers a relatively free rein, so that innovation and expansion can proceed apace -- but then to use the Net to learn quickly from the inevitable mistakes, and respond with the forces of public opinion, marketplace behavior, and, when clearly necessary and only as a last resort, government regulation." The authors believe privacy is a higher priority than technological growth, but they aren't blind to the pitfalls of government intervention. They also understand the power the media have in punishing companies that break agreements with consumers and unfairly release information to third parties. For instance, after The Washington Post released a story in 1998 naming supermarkets and drug stores that legally sold prescription drug records to database marketers, the stores ended the transfers. Speaking of the media, Jennings and Fena never confront the free speech arguments embedded in the privacy debates. Telling a data collector that he cannot distribute as he desires the information he has collected is a lot like telling a student that she cannot share what she learns in class with people outside her college. Some view personal information as more akin to ideas and thus protected by the First Amendment, while others see such data as property subject to certain government controls. Where does The Hundredth Window come down in this debate? It ignores it. Jennings and Fena make a bit too much of the new medium. The book is laced with such portentous statements as, "What's really at issue [with privacy and the Internet] is our core identity, and perhaps our humanity." Really? We might have "instinctual needs for privacy," but societies have found radically different ways to obtain or even define that privacy, given changing external circumstances. In some tribal cultures, where living in a room with 10, 15, or more family members was common, when a person sat close to a wall, facing it, he was left alone. No matter what the Internet brings, human beings will find enclaves of space and time for themselves. We will also, through our choices as consumers, help shape the Internet in a manner that respects our privacy while still allowing the development of conveniences that increase the time we have for ourselves. Rapid change instigates new apprehensions, leading to calls for quick fixes. But as the novelty of the Net wears off, the exaggerations and hoopla surrounding Internet privacy will dissipate. We will then have a greater objectivity -- and a history of market behavior -- with which to approach the problems that persist. Jennifer DePalma (jdepalma@alumni.princeton.edu) is a third-year student at the University of Chicago Law School. ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if it remains intact. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ ------------------------------------------------------------------------- ========== HURIDOCS-Tech listserv ========== Send mail intended for the list to <huridocs-tech@hrea.org>. Archives of the list can be found at: http://www.hrea.org/lists/huridocs-tech/ To subscribe to the list, send a message to <majordomo@hrea.org>, with the following text in the message: subscribe huridocs-tech To unsubscribe from the list, send a message to <majordomo@hrea.org>, with the following text in the message: unsubscribe huridocs-tech If you have problems (un)subscribing, contact <owner-huridocs-tech@hrea.org>.
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]