Online Privacy at Odds with Security

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The concern over online privacy is nothing new. Even the staunchest critics were silenced after people figured out what cookies could really be used for and that hitting the “delete” key did not mean a file was gone for good.

It’s just that last year’s attacks heightened our fear of the role that computers play. E-mail suddenly became an agent of terrorism and detailed information about American trade centers and monuments could be accessed easily through the Web.

The problem is that what some consider a loss of freedom is also a balancing act for companies doing business on the Internet.

The U.S.A. Patriot Act, drafted after last year’s attacks, allows the FBI to monitor e-mail of people it suspects have contacts with a foreign power. A report issued this week by Paris-based Reporters without Borders said messages from innocent private citizens have been intercepted. The group also said intelligence services in the United States, Britain, France, Germany, Spain, Italy, Denmark, the European Parliament, the Council of Europe and the G8 nations have made ISPs and telecommunications companies into “a potential arm of the police.”

Earlier this month, Sarah Andrews, an author of a report issued by privacy groups Electronic Privacy Information Center (EPIC) and Privacy International was quoted as saying, “When you’re outside in public or when you’re online, you can be identified.”

Think she’s kidding? Consider this:

This story was drafted on a computer; sent through an Internet service provider (ISP) to a database computer; where it was downloaded through perhaps a second ISP through your company’s firewall; finally to rest on your desktop or workstation computer.

That makes at least six separate places where this information can be retrieved via the Internet, not to mention, anywhere along the way that the packet transmission was picked up by some hacker. Six separate places where the government could also identify both yours and my location while online.

Government Takes Both Sides

Even before the attacks, the Federal Communications Commission passed the CALEA — Communications Assistance Law Enforcement Act — in 1994. CALEA, which recently gained momentum with the passage of the Patriot Act, orders telecom service providers to support law enforcement agencies in conducting lawfully authorized electronic surveillance of call content and call data. Now that a June 2002 compliance deadline has passed, carriers can now face a $10,000 per day fine for each law enforcement agency intercept request that is not fulfilled.

Some lawmakers have been quick to protect Internet users’ confidentiality such as the Online Privacy and Disclosure Act of 2002, being debated in California. The bill would require that companies with a Web site disclose whether or not they collect personal information for business usage, and if so, include a description of that process. The personal information covered by the bill includes a company’s usage of your first and last name, address, telephone number, e-mail address and your social security number.

Tuesday, a Congressional panel approved Federal Agency Protection of Privacy Act. The measure would require the U.S. government to consider how new laws would affect the privacy rights of its citizens.

Rep. Bob Barr, R-Ga, who wrote the legislation, said the bill would, “not only make the federal government more accountable to the American people, but it will also serve to slow the growing erosion of citizens’ privacy rights.”

Someone who feels that we definitely do not need additional privacy legislation is Doug Wood, an executive partner with the major advertising/new media law firm Hall Dickler Kent Goldstein & Wood. Wood says concerns over privacy intrusions by marketers and others are based on “limited anecdotal evidence,” which should not dictate public policy.

“Industry self-regulation is advancing and addressing consumers’ concerns in innovative ways, some beyond the current limits in the offline marketing community,” Wood said. “Legislation or new regulations will only slow the process down. Right now, the business community is developing software that gives consumers control over what personal information is or is not used by marketers. Such software will empower the consumer with more choice than any regulation can accomplish.”

Caught in the Crossfire

Some companies have worked with the system. VeriSign recently unveiled NetDiscovery Services, an offering aimed at carriers facing CALEA.

However, the headlines are riddled with stories of how data collection is carried out without a consumer’s knowledge as in the case of two Internet companies, which were recently trounced for compromising their customer’s privacy.

Technology publisher Ziff Davis Media Wednesday said it would pay $25,000 and implement new online privacy controls as part of a settlement with the Attorneys General in New York, California and Vermont after it was discovered that about 12,000 subscription orders were easily accessible on the site, which exposed subscribers’ personal data as well as credit card information. As a result, some subscribers became victims of identity theft.

That same week, DoubleClick agreed to pay $450,000 to the 10 states that had been investigating the New York-based Web ad server since 2000. The company was accused of violating its stated privacy policies in the process of tracking online consumers and targeting ads using cookies .

DoubleClick also agreed to not use consumer data gleaned from clients to build its own profiles, and agreed to not merge data from multiple clients’ visitors. Consumers also will be able to register for updates on the company’s privacy policy.

The bottom line, say experts, is that most Internet users seem to be willing to give up some of their online freedoms if it means terrorism is crippled.

“The environment was ripe for these things to go through without the necessary debate,” Andrews said. “People weren’t asking the same questions anymore.”

Still, a survey on internetnews.com found a third of those queried about government’s role in safeguarding online privacy responded by saying “Privacy outweighs all other online threats.”