PRIVACY Forum Archive Document
|
PRIVACY Forum Digest Sunday, 20 July 1997 Volume 06 : Issue 10 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), and Cisco Systems, Inc. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Privacy Discussion on KPFK-FM via PRIVACY Forum Radio (Lauren Weinstein; PRIVACY Forum Moderator) Directory Services and The Roach Motel (Lauren Weinstein; PRIVACY Forum Moderator) Supermarket Banks (Keith Parkins) Bermuda (Rick Morbey) Draft minutes, June Meeting of CSSPAB (Michael Ravnitzky) [FYI] ALA Statement on library use of filtering software (Terry Kuny) Direct Line Insurance (Keith Parkins) Smart Cards at Surrey University (Keith Parkins) "Privacy is not a right" according to CEI/NCC submission at FTC (Lauren Weinstein; PRIVACY Forum Moderator) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com/". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 06, ISSUE 10 Quote for the day: "Can you prove it didn't happen?" -- Criswell (Charles Jeron Criswell King) "Plan 9 From Outer Space" (Reynolds Pictures; 1959) ---------------------------------------------------------------------- Date: Sat, 19 Jul 97 17:16 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Privacy Discussion on KPFK-FM via PRIVACY Forum Radio Greetings. Now available via PRIVACY Forum Radio is a 25 minute audio segment from Pacifica's KPFK-FM (Los Angeles) "Digital Village" program. The show is hosted by Doran Barons and Ric Allan. The in-studio guest for this segment devoted to privacy issues was your loyal moderator and host, yours truly. The discussion covered a range of privacy topics, from specific controversies to some more general philosophical musings. This segment is available for playback via: http://www.vortex.com ... then follow the links to PRIVACY Forum and PRIVACY Forum Radio. I hope you find it interesting--or at least amusing. --Lauren-- Moderator, PRIVACY Forum www.vortex.com ------------------------------ Date: Sat, 19 Jul 97 18:30 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Directory Services and The Roach Motel Greetings. Even the most casual of web surfers is by now aware of the plethora of "directory services" proliferating around the net. It seems that nearly every major search service has allied itself with one or another of these "white" or "yellow" page search systems, which promise the thrill of finding old "friends" (whether or not they have any interest in ever hearing from you again), and simplifying all manner of business transactions. We've discussed in the past some problems with these services, including stale or otherwise inaccurate data, or use of third-party data sources which could allow unlisted telephone numbers and other "sensitive" information to become publicly available. We've also pointed out that at least some of these services ostensibly provide mechanisms for a user to correct entries and/or remove themselves from the databases, though the mechanisms for doing this may be rather convoluted. Reports are now arriving that in at least some cases, even persons who have followed all the rules are finding it difficult or impossible to alter or remove erroneous data in these systems. Like the "Roach Motel," it appears that it can be quite a challenge to ever "check-out" once your feet have been implanted in the glue. (Or, the more musically inclined might prefer the "Hotel California" analogy: "You can check out any time you like, but you can never leave...") One of our regular PRIVACY Forum contributers, Phil Agre, has recently reported difficulties being removed from a list at Four11.com (one of the major web-based directory services) which can only be described as a classic "bad idea." It's a list of supposed "celebrities" (he has no idea how he got on this list, since he considers his celebrity status to be nonexistent). He's been inundated with e-mail requests for his autograph, many of which appear to be form letters without any hint that the sender has any idea why they'd possibly want to contact him. Getting removed from this list has been decidedly non-trivial. Correspondence was unanswered, or he was told he was not in the database, even though he could still clearly see his entry was present. Finally, after more time and effort spent than most persons would probably be willing to exert, he was seemingly removed from the graphically-oriented database pages, but (at least at last report) was still present in the text-based pages, which apparently operate in an out-of-sync universe of their own. Phil suggests that persons concerned about these kinds of issues contact humans@four11.com and request to be removed from the database. This could well be a good idea, and I might add that at the very least you might end up with a new hobby. Concerned individuals might consider taking the same actions at the other databases that have "remove" policies, though it's a certainty you'll never get them all, and again the overall utility may be limited. Unfortunately, even if you have successfully managed to remove your entry from a database at a given point in time, there is a high likelihood that it can reappear at some future time when the database refreshes its info from its raw data sources. This is especially likely if you've moved, changed your phone number, or done anything else that results in alterations from your previous raw data information. This creates one of the true ironies of database intrusion--in order to stay removed from a database you may need to be uniquely identified in some manner which can survive data updates and changes, otherwise you can keep popping in again. Some databases have used Social Security Numbers for this purpose, with predictable and quite valid concerns and outcry, especially since the SSN rarely ends up being truly restricted only to that internal purpose. Use of SSN in these commercial databases is just not a good concept, period. As the quantity of these databases continues to expand, these sorts of problems seem likely only to increase. It seems patently unreasonable that persons should have to jump through hoops to maintain even modest controls over their basic personal information. Even where policies exist to allow some measure of after-the-fact input, they are useless if they are ignored or don't work properly in the real world. --Lauren-- Moderator, PRIVACY Forum www.vortex.com ------------------------------ Date: Mon, 16 Jun 1997 10:45:20 -0500 (CDT) From: keithpp@hotmail.com (Keith Parkins) Subject: Supermarket Banks The recent two issues of Privacy Digest (Vol 06 # 08) have concentrated on supermarket banking, that is banks relocating to supermarkets and the loss that entails of privacy and the general inconvenience it causes to lose a neighborhood bank - to which I would add the extra environmental cost. I though wish to discuss this from a different angle - supermarkets becoming banks. In the UK major supermarket chains are becoming banks, but first I'd like to go back a few steps. A couple of major chains in the UK (Sainsbury's and Tesco's are two that spring to mind) offer Loyalty Cards. High-tech versions of the old stamps. The more you spend the more you earn in fairly worthless bonus points. Each time you shop, the card is inserted and points are added (actually I'd check on that as one supermarket was deducting!). Ostensibly this is to encourage you to shop at that particular store, but I believe this is to enable the supermarket to build a profile of your shopping habits. Unless specified otherwise the supermarket is free to sell this data. A second trend is to install cameras to monitor the shoppers. Yes, these are to stop thieving, but how many people are aware that this film footage is subjected to psychoanalysis to determine how and why you buy? About the only argument that I have heard in favor of this technique is that it is anonymous, but is it? All it needs is a camera at the check-out to link you to your loyalty card. This is now being extended one stage further. Supermarkets are moving into banking. In the UK, banking is extremely competitive, and one reason why so many branches are closing. Main competition to the traditional bank is telephone banking. I believe the main reason these supermarkets are now moving into banking, is that it extends their data collecting capability. Now they are able to form profiles not only on the buying habits within their own stores, but also outside. Keith Parkins <keith@redkbs.com> ------------------------------ Date: Wed, 25 Jun 1997 16:28:35 -0300 (ADT) From: Rick Morbey <rmorbey@morbey.com> Subject: Bermuda [ Original message edited for length and format by MODERATOR ] The Editor The Royal Gazette Hamilton Bermuda June 8, 1997 Dear Sir, The right to privacy and individual freedom is the essential core of our democratic system of government, but technology has raced far ahead and safeguards to privacy have failed to keep up. This is true of the most developed countries in the world, and it is particularly true of Bermuda. In his remarks at the recent Conference on Privacy in the Information Age, Alan Greenspan said that in recent generations there have been, as we know, two major forms of government (1) a system based on individual rights with the role of the state largely directed at protecting those rights, and (2) communist collectivization represented by the now defunct Soviet Union, and its eastern European satellites. In the latter, the individual was theoretically subject to the will of the collective but, in reality, subjugated by an elite autocratic hierarchy. Collective rights, enforced by the KGB or the Stasi, immediately dismissed by definition any right to privacy. He goes on to say that the human need for privacy was a major factor in undermining those collectivist states. IBM's FastGate electronic immigration clearance system at the Bermuda airport, and CCTV video surveillance cameras on the streets of Hamilton, are technologies which promise to save us time and protect us from crime. They are also public examples of a slew of technologies which threaten our fundamental right to privacy. A recent article in Business Travel News says that IBM's plan for FastGate is to fund placement of the ATM-type machines in airports and sell the service to credit card issuers such as American Express and Visa. FastGate users would provide the credit card company with their passport information which will be recorded on the credit card. This digital data is combined with digital biometric data gathered as the travelers hand is inserted and 'read' by the system. All of this data is then married with "information contained in the IBM-managed database." The publicized purpose of the FastGate system is to facilitate rapid immigration procedures, but the data could be combined with a variety of global computer databases about every person who takes a flight. The combined individual dossiers containing gobs of juicy, personal information, would be highly valued by numerous International businesses, organizations and government agencies. When U.S. Senator Dianne Feinstein introduced the Personal Information Privacy Act last month, she said, "Our private lives are becoming commodities with tremendous value in the marketplace." Should business travelers, who regularly express concerns about privacy in their financial and commercial transactions, now expose personal data to IBM, the credit card companies, and any number of local Government departments? Not until they know that the information will be used solely for specific purposes in the public interest. Not until they know that the personal data contained in these computers will never be sold to the highest bidder without any concern for their privacy. Privacy International says that in Britain, there are an estimated 300,000 CCTV surveillance cameras in public areas, housing estates, car parks, public facilities, phone booths, vending machines, buses, trains, taxis, alongside motorways and inside Automatic Teller (ATM) Machines. Originally installed to deter burglary, assault and car theft, in practice most camera systems have been used to combat 'anti-social behavior'. including many such minor offenses as littering, urinating in public, traffic violations, obstruction, drunkenness, and evading meters in town parking lots. They have also been widely used to intervene in other 'undesirable' behavior such as underage smoking and a variety of public order transgressions. Other innovative uses are constantly being discovered. These 'military-style' cameras are often installed in high-rent commercial areas. Crime statistics rarely reflect that crime may merely be pushed from these high value commercial areas into low rent residential areas. Richard Thomas, Acting Deputy Chief Constable for Gwent, in his interview with 20/20, said "Certainly the crime goes somewhere. I don't believe that just because you've got cameras in a city center that everyone says 'Oh well, we're going to give up crime and get a job". In one survey commissioned by the UK Home Office a large proportion of respondents expressed concern about several key aspects of visual surveillance, says Privacy International. More than fifty per cent of people felt neither government nor private security firms should be allowed to make decisions to allow the installation of CCTV in public places. Seventy-two per cent agreed "these cameras could easily be abused and used by the wrong people". Thirty-nine per cent felt that people who are in control of these systems could not be "completely trusted to use them only for the public good". Thirty-seven per cent felt that "in the future, cameras will be used by the government to control people". They already have. British CCTV surveillance systems were used by the Chinese government at Tienamen Square to suppress the student Democracy movement. The fact is that FastGate and CCTV surveillance systems represent the tip of the technological iceberg. It is already far too late to prevent the invasion of surveillance and database systems which are getting faster, smarter, and cheaper every year. Innovation and miniaturization have created systems which can take pictures through the walls of your building and record every sound you make with satellites and blast the information to the other side of the world in a millisecond. Computers may already hold the financial, educational, medical and DNA records of each and every one of us. If not, they soon will. Strangers may already be collecting information on our whereabouts and cruising through our most personal information with impunity. We may have already created a world in which nothing is private. Do we try to protect Democratic freedoms by legislating safeguards against the abuse of private data? Must we accept that the mightiest individuals and institutions cannot be held accountable, and there is no use in trying? Or do we simply acquiesce, and accept that privacy is an outdated concept when cheap technology makes everyone vulnerable, wolves and lambs alike? The choices are not easy, but in the words of David Brin, "asking questions can be a good first step". Rick Morbey June 8, 1997 ------------------------------ Date: Tue, 08 Jul 1997 22:48:12 +0000 From: Michael Ravnitzky <MikeRav@ix.netcom.com> Subject: Draft minutes, June Meeting of CSSPAB I just received via FOIA from NIST a copy of the meeting minutes of the Computer system Security and Privacy Advisory Board's most recent meeting in June 1997 (CSSPAB). They will go onto the internet at http://csrc/nist.gov/csspab/ but only after October 1997. To get a copy, just send a note to Karl E. Bell, Deputy Director of Administration, FOIA Officer, NIST, Gaithersburg, MD 20899-0001. Interesting stuff. Sorry I don't have time to type it all out, but that's not my responsibility. Michael Ravnitzky ------------------------------ Date: Fri, 11 Jul 1997 10:47:18 -0400 From: Terry Kuny <Terry.Kuny@xist.com> Subject: [FYI] ALA Statement on library use of filtering software This statement was developed by the Intellectual Freedom Committee at the ALA annual conference. STATEMENT ON LIBRARY USE OF FILTERING SOFTWARE AMERICAN LIBRARY ASSOCIATION/INTELLECTUAL FREEDOM COMMITTEE July 1, 1997 On June 26, 1997, the United States Supreme Court issued a sweeping re-affirmation of core First Amendment principles and held that communications over the Internet deserve the highest level of Constitutional protection. The Court's most fundamental holding is that communications on the Internet deserve the same level of Constitutional protection as books, magazines, newspapers, and speakers on a street corner soapbox. The Court found that the Internet *constitutes a vast platform from which to address and hear from a world-wide audience of millions of readers, viewers, researchers, and buyers,* and that *any person with a phone line can become a town crier with a voice that resonates farther than it could from any soapbox.* For libraries, the most critical holding of the Supreme Court is that libraries that make content available on the Internet can continue to do so with the same Constitutional protections that apply to the books on libraries' shelves. The Court's conclusion that *the vast democratic fora of the Internet* merit full constitutional protection will also serve to protect libraries that provide their patrons with access to the Internet. The Court recognized the importance of enabling individuals to receive speech from the entire world and to speak to the entire world. Libraries provide those opportunities to many who would not otherwise have them. The Supreme Court's decision will protect that access. The use in libraries of software filters which block Constitutionally protected speech is inconsistent with the United States Constitution and federal law and may lead to legal exposure for the library and its governing authorities. The American Library Association affirms that the use of filtering software abridges the Library Bill of Rights. WHAT IS BLOCKING/ FILTERING SOFTWARE? Blocking/filtering software is a mechanism used to: *restrict access to Internet content, based on an internal database of the product, or; *restrict access to Internet content through a database maintained external to the product itself, or; *restrict access to Internet content to certain ratings assigned to those sites by a third party, or; *restrict access to Internet content by scanning content, based on a keyword, phrase or text string or; *restrict access to Internet content based on the source of the information. PROBLEMS WITH THE USE OF BLOCKING/FILTERING SOFTWARE IN LIBRARIES *Publicly supported libraries are governmental institutions subject to the First Amendment, which forbids them from restricting information based on viewpoint or content discrimination. *Libraries are places of inclusion rather than exclusion. Current blocking/filtering software prevents not only access to what some may consider objectionable material, but also blocks information protected by the First Amendment. The result is that legal and useful material will inevitably be blocked. Examples of sites that have been blocked by popular commercial blocking/filtering products include those on breast cancer, AIDS, women's rights, and animal rights. *Filters can impose the producer's viewpoint on the community. *Producers do not generally reveal what is being blocked, or provide methods for users to reach sites that were inadvertently blocked. *Criteria used to block content are vaguely defined and subjectively applied. *The vast majority of Internet sites are informative and useful. Blocking/filtering software often blocks access to materials it is not designed to block. *Most blocking/filtering software is designed for the home market. Filters are intended to respond to the preferences of parents making decisions for their own children. Libraries are responsible for serving a broad and diverse community with different preferences and views. Blocking Internet sites is antithetical to library missions because it requires the library to limit information access. *In a library setting, filtering today is a one-size-fits-all *solution,* which cannot adapt to the varying ages and maturity levels of individual users. *A role of librarians is to advise and assist users in selecting information resources. Parents and only parents have the right and responsibility to restrict their own children's access * and only their own children's access * to library resources, including the Internet. Librarians do not serve in loco parentis. *Library use of blocking/filtering software creates an implied contract with parents that their children will not be able to access material on the Internet that they do not wish their children read or view. Libraries will be unable to fulfill this implied contract, due to the technological limitations of the software, thus exposing themselves to possible legal liability and litigation. *Laws prohibiting the production or distribution of child pornography and obscenity apply to the Internet. These laws provide protection for libraries and their users. WHAT CAN YOUR LIBRARY DO TO PROMOTE ACCESS TO THE INTERNET? *Educate yourself, your staff, library board, governing bodies, community leaders, parents, elected officials etc., about the Internet and how best to take advantage of the wealth of information available. For examples of what other libraries have done, contact the ALA Public Information Office at 800-545-2433, ext. 5044 or pio@ala.org. *Uphold the First Amendment by establishing and implementing written guidelines and policies on Internet use in your library in keeping with your library's overall policies on access to library materials. For information on and copies of the Library Bill of Rights and its Interpretation on Electronic Information, Services and Networks, contact the ALA Office for Intellectual Freedom at 800/545-2433, ext. 4223. *Promote Internet use by facilitating user access to Web sites that satisfy user interest and needs. *Create and promote library Web pages designed both for general use and for use by children. These pages should point to sites that have been reviewed by library staff. *Consider using privacy screens or arranging terminals away from public view to protect a user's confidentiality. *Provide information and training for parents and minors that remind users of time, place and manner restrictions on Internet use. *Establish and implement user behavior policies. FOR FURTHER INFORMATION ON THIS TOPIC, CONTACT THE OFFICE FOR INTELLECTUAL FREEDOM AT 800/545-2433, EXT. 4223, BY FAX AT (312) 280-4227, OR BY E-MAIL AT OIF@ALA.ORG. ------------------------------ Date: Fri, 18 Jul 1997 09:00:02 PDT From: "Keith Parkins" <keithpp@hotmail.com> Subject: Direct Line Insurance Direct Line Insurance were one of the first in what has become a very lucrative telephone banking and insurance market in the UK. A potential client, wishing to take out insurance was asked a large number of detailed questions, right down to the type of locks on the doors. The client declined the insurance, then realized how dangerous the information could be if it fell into the wrong hands. She called back the insurance company and asked that they removed all her personal data from their files. This they refused, unless she made the request in writing. Direct Line is a pioneer in telephone insurance, all its business is conducted by phone! The client did then make her request in writing, but although Direct Line agreed to remove the data she had supplied, they refused to remove her name and address from their records. This, they claimed, was required for 'marketing purposes'. Source: 'You and Yours' (consumer affairs programme), BBC Radio 4, Tues 1 July 1997. Keith Parkins <keith@redkbs.com> ------------------------------ Date: Fri, 18 Jul 1997 09:04:26 PDT From: "Keith Parkins" <keithpp@hotmail.com> Subject: Smart Cards at Surrey University Many people are used to carrying some form of ID card, often with a magnetic strip that enables access to restricted areas. Students are used to carrying a Student Card, it is used to gain access to students bars, often can be used to gain discounts in local stores. In addition they may also carry a library card, possibly other cards too. At Surrey University, it has been decided to combine all these cards into one - the Surrey University Campus Card. It will serve as a student card, library card, and enable access to restricted areas. The 'open access' computer suites, will now only be open to those students carrying a Campus Card. Overlooked is the fact that the same card will enable computerised monitoring of peoples behavior. Already the computer suite, and the entire campus is under video surveillance. The Campus Card, in its present form, in only an interim step. The is due to be replaced with a smart card. Possible uses of the smart card will include vending machines, access control. It is at present an open question as to what information will be stored on the card, or whether students have the option to opt out. More information on the Surrey University Campus Card, can be found in Broadcast #16 (University Computer Services Newsletter), May 1997 - 'A Campus Card for Surrey', 'CAST - Campus Based Applications for Smart Card Technology'. http://www.surrey.ac.uk/UCS A National ID card is due to be introduced in the UK. It is to be 'voluntary'. My fear is that it is not voluntary, if those who opt out, discover that they no longer have access to goods and services. The experiment at Surrey appears to be a foretaste of what to expect, and needs very close monitoring. Surrey University already has a bad record on privacy and data protection. Many students are concerned at the monitoring of their e-mail. One student I spoke with knows of at least two occasions when his e-mail mail was intercepted and read. http://www.i-way.co.uk/~reality/sunrise/privacy.htm Keith Parkins <keith@redkbs.com> ------------------------------ Date: Sun, 20 Jul 97 10:14 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: "Privacy is not a right" according to CEI/NCC submission at FTC Greetings. In discussions regarding the myriad of privacy topics, a frequent assumption is that there is, on a philosophical level at least, a basic "right to privacy," (whether or not such a right exists in law in any given case is another matter). However, it's worth noting that there are organizations who apparently would disagree with the existence of such a right on any level when it comes to the collection of consumer data. The Competitive Enterprise Institute and the National Consumer Coalition recently filed the following comments with the U.S. Federal Trade Commission. Though they are comparatively lengthy, I'm including them in their entirety for the insight they provide into the (specifically stated) "privacy is not a right, it is a preference" perspective. I think you'll find it interesting reading. Comments both pro or con their views are of course welcome for the digest. --Lauren-- Moderator, PRIVACY Forum www.vortex.com ----------------------------------------------------------- July 14, 1997 Secretary Federal Trade Commission Room H-159 Sixth St. and Pennsylvania Avenue, NW Washington, D.C. 20580 Consumer Privacy 1997 Additional Comments P954807 To the Secretary: The Competitive Enterprise Institute and the National Consumer Coalition hereby file additional comments on the Commission's June 10-13 hearings on "Consumer Privacy Issues Posed by the Online Marketplace." CEI is a non-profit, non-partisan free-market research and advocacy group. The NCC is a coalition of nine organizations dedicated to the proposition that consumers are best served by a free market in goods and services. We thank the Commission for including us in the four Roundtable discussions during the hearings, and appreciate the opportunity to elaborate upon some of the issues raised during the course of the hearings. What is Privacy? - Part II In our opening comments, we wrote that when it comes to collection of consumer data, "privacy is not a right, it is a preference." The evidence presented during the hearings regarding ways to "protect" privacy, as well as the surveys showing consumer views, have convinced us that this remains true. The Harris/Westin survey was an interesting contribution to the discussion of privacy on the Internet. We are not convinced, however, that everyone interviewed understood "privacy" in the same way. Privacy is an abstraction, like "freedom" or "justice," so it is likely that the people surveyed imposed their own concerns upon the term "privacy." One point on which the survey is clear is that people who are concerned about their privacy have done something about it. In this case, it is more illuminating to look at what people do than at what they say. Nevertheless, some have used this survey to support their arguments for federal regulation and congressional privacy legislation. Neither of these would be appropriate responses to consumers' hesitance towards Internet commerce. It is the job of companies operating on the Internet to gain consumer confidence, not the duty of the government. Indeed, the proper role for the government is to guard against force, theft, and fraud. Property Rights on the Internet Professor Alan Westin said that web users "are worried that their e-mail communications may be intercepted, their visits to web sites can be covertly tracked, their participation in chat rooms and forums can be monitored without their consent." One possible solution was to give individuals a "property right" in the information they have released onto the Internet. From this follows a call for federal protection of this "property right" via limits on the collection and sale of personal data. The argument that people have a "property right" in their personal data is ironic, as it comes from those who would have the government infringe upon the property rights of both ISPs and companies on the Web. We believe that this upside-down conception of "property" will work against consumers' interests in freedom of contract and association. Traditionally, private property rights have been understood to be the means by which we secure our privacy, as expressed in the old adage, "A man's home is his castle." Our system of property rights enables us to enjoy privacy (i.e. from government intrusion). In recent years, however, the basis for legal claims has become the idea of an inviolate personhood. A "legal right" to information about oneself on the Internet, as some have advocated, is the next step. >From this comes the "right" to control information about oneself after one has already released it. This is a step in the wrong direction. If an individual has released information about himself in a contractual agreement with certain limits on it, then he has a right to see that that information is treated in a certain way. For example, if a company web page says that it will not collect information, and it does, then that is a broken contract. On the other hand, if a company says it will collect all kinds of information, then privacy-sensitive individuals have been warned and should avoid that site. From the examples discussed at the hearing, it seems that many companies are still getting used to the way the Internet works, and they are only beginning to understand the utility of publishing privacy policies. For example, the New York Times discovered during the course of the hearings that it had no published privacy policies on its web site, a situation it addressed immediately. Time-Warner's Pathfinder site recently added prominent links to its privacy policy as well. Sometimes information has been released to anybody and everybody, via chat rooms or other forums. Since this information becomes part of the knowledge of others, our "property right" to control this information is actually a "right" to control the actions of other people who now have this information. This is an infringement upon our basic freedoms of association, contract, and speech. There is nothing wrong with collecting information freely placed in public, as much of this information is. Nor is there anything wrong with one party selling information to another party as long as it was not under fraudulent circumstances. If a person objects to this information being sold, then it is up to the individual to make alternative arrangements with which he is more comfortable. . In other words, protecting your privacy is your responsibility. That is the value inherent in the freedom to contract. Bringing back the original conception of property rights, as well as freedom of contract, is the best way of protecting an individual's privacy preferences on the Internet. Rather than implementing a system of government regulation of data collection practices, people should be able to choose whether or not to contract with a company or otherwise. Restricting the downstream actions of others based upon a made-up right will undercut our other valued freedoms. On Self-Regulation We laud the Federal Trade Commission for its cautious response toward calls to regulate the Internet. We are also pleased with the Clinton Administration's stated intention to refrain from regulating most parts of the Internet. We agree in principle that data-gatherers ought to inform consumers what kinds of data they are collecting and how that data will be used. If it really is true that consumers are highly concerned about this, then companies scrambling to sell goods and services over the Internet will accommodate them. (We also note that there are already strong incentives for information brokers to ensure the accuracy of information they collect, since there is no market for inaccurate information.) What troubles us is the concept of "self-regulation." Although the term implies a lack of government regulation, many of these codes are being developed in response to a threat of regulation. As the Clinton Administration's recently released report on Internet commerce stated, "We believe that private efforts of industry working in cooperation with consumer groups are preferable to government regulation, but if effective privacy protection cannot be provided in this way, we will reevaluate this policy." We believe that the Commission should not use "self-regulation" as a way to steer the development of policies on the Internet without going through the standard process for proposing regulations. The Commission must still defend whatever goals it proposes. One component of this "self-regulation" was the Platform for Privacy Preferences. This template would allow consumers to fine-tune their preferences and allow them to know what sort of policies a web site has. This may be a fine idea, and we hope that if consumers find it acceptable, it will be adopted by many organizations. However, we do not believe that a single privacy standard is necessarily desirable. There are many real-world examples of competing standards co-existing peacefully. There are different monetary systems, there are different systems of measurement (English and metric, Celsius and Fahrenheit), there are different languages. The Commission should be wary of backing a single standard for the Internet. The threat of regulation is nearly as serious as actual regulation. It may well be that the solutions supported by the Commission and the Administration are the best ones. It also may be that there is an alternate solution around the corner, one which we cannot predict now but one which might be stifled because it does not match the goals supported by current government officials. This could have very serious ramifications for the future development of the Internet. After all, companies already entrenched in a particular market that ask for regulation often do so in order to constrain the actions of future competitors and to derive windfall benefits, a practice known as "rent-seeking." If regulation stymies the growth of the Internet, we will have no way of knowing what we have given up as a result. The idea that federal regulation of the Internet is somehow better than a market solution to privacy questions is completely unfounded. Indeed, the evidence is that federal regulation in every other sector of American life has had adverse and unforeseen consequences which end up hurting consumers. There is no reason to believe that federal regulation of privacy practices will be any better than the current situation, and it may well be worse. Children and The Internet The fear over children seeing sexually explicit materials online led to hasty calls for Internet censorship in the Communications Decency Act. Yet the Supreme Court recently struck down the law, ruling that the Federal government should not be in the business of trying to protect children with such a blunt - and patently unconstitutional - instrument. Similarly, the rhetoric surrounding the issue of children's privacy on the Internet has led to hasty calls for regulation. Indeed, the Administration has taken a strong, even ominous position: "This problem warrants prompt attention. Otherwise, government action may be required." We believe that before the Commission begins to regulate in the name of children, it should recognize from the start that today's children are tomorrow's adults, and that these regulations may restrict their rights when they are grown up. The Commission should be wary of proposals which would effectively treat adults like children. The Center for Media Education's report on the privacy practices of some web sites seemed to shock the Commission. Yet we are not sure why the fact that a toothpaste company which sends a solicited e-mail to a child in the name of the Tooth Fairy - an e-mail which contains neither the name of the product being sold nor the name of the company -is so disturbing, especially since for many years people have been able to have letters from Santa Claus sent to children. We are in fact puzzled as to why similar "information collection practices" which have gone on for decades (e.g. children sending box tops away for magic decoder rings) are suddenly sinister when performed over the Internet. We note that CME's primary objection is advertising itself, and "privacy" is just a means to criticize it. For example, one target of CME's outrage is "animated product spokescharacters," e.g. Tony the Tiger, which "interact with your children...fostering intimate relationships that compel your children to buy specific products and services." That these "spokescharacters" also ask children for e-mail addresses appears to be a slightly less urgent concern. CME's recommendations to the Commission include restrictions on the use of these cartoons: "Product and other fictional figures should not be used to solicit personally identifiable information from children." Indeed, elsewhere CME states explicitly that "there should be no direct interaction between children and product spokescharacters" on web pages. This is tantamount to a ban on selected content simply because of its advertising nature. This is not the proper forum for a discussion of the great value of advertising to consumers, and why advertising is not, and never was, a sinister seducer of consumers. We will, however, say that children are far more skeptical of advertising than CME gives them credit for. No matter how much advertising, or how little, there is, children will still want things and their parents can still tell them, "No." In short, it appears that this issue has very little to do with privacy on the Internet, and far more to do with CME's anti-advertising agenda. Nonetheless, CME did introduce some interesting issues. CME looked at the existence and content of privacy practices on children's web sites, and publicized them. There is nothing wrong with this; indeed, if children's privacy is such a high concern for individuals, then companies will respond (many of the web sites in question addressed the issue as soon as it was brought to their attention). As more and more people become comfortable with the Internet, and become aware of its capabilities, we expect to see all kinds of practices - from content, to advertising, to data collection - to become more refined in response to consumer demand. CME also raised the question of how and when to obtain verifiable parental consent to collect information from children. One suggestion was to have parents mail in a signed form indicating that their child may use the web page and may divulge certain information. Not only would this curtail what is an essentially benign practice - not even CME can explain what actual harm might result from this collection - but anyone who has ever known a child to forge his parent's signature to play hooky knows that this is not a good solution. It is an irony of the Internet that the technology which enables data-gatherers to collect information on what people look at can easily be thwarted by Anonymizers and other disguising technologies. It still holds true that sometimes on the Internet, as the famous New Yorker animal cartoon showed, "nobody knows you're a dog." Nobody has to know that you are or are not a child, either. Obviously, forcing children to identify themselves as minors, especially in such a public area as the Internet, would be unwise. Consequently, regulations aimed at "protecting children's privacy" are going to hit adults as well. For this reason, we urge the Commission to refrain from drawing up regulations specifically targeted towards children. Nor should the role of parents be underestimated or tossed aside in favor of federal regulation. Though the Harris/Westin survey showed a nearly unanimous belief that children's privacy ought to be protected on the Internet, the survey also said that not even a plurality of parents have done much to protect it. There are a plethora of technologies available to enable parents to monitor and adjust what their children see, and more are on the way. We urge parents to keep in mind that just as they would think twice before allowing a child wander around New York City alone, they should supervise their children on the Internet. Conclusion The Commission is under a great deal of pressure, from within the government and without, to regulate at least some parts of the Internet. As more and more people become Internet users, it is even more important for the government to refrain from regulating. The Commission should confine itself to policing fraud and investigating any actual injury. Julie DeFalco on behalf of the Competitive Enterprise Institute and for the National Consumer Coalition Endnotes ------------------------------ End of PRIVACY Forum Digest 06.10 ************************
Copyright © 2005 Vortex Technology. All Rights Reserved.