"You have zero privacy anyway. Get over it."
Scott McNealy, CEO, Sun Microsystems
Most of us give up a little about ourselves every
time we surf the Web. Web sites ask us to fill out
questionnaires and lure us into sweepstakes as a payoff
for content, or covertly drop cookies on our hard
drives that allow ad agencies to trace our movements
and cross-reference our surfing patterns with other
profile lists. All this information may seem basic and
benevolent, but in a different context, our
computer footprints can lead to character inferences of
everything from alcohol abuse, gambling, sexual
orientation political views, or even medical
conditions information that would be of great interest to
potential creditors, insurers, and employers who could
use it to draw damaging conclusions and make
decisions affecting our lives without our knowledge.
Unreasonable Searches and Seizures
While the right to privacy is generally regarded as
a constitutionally accepted doctrine, it is not
explicitly stated in the Constitution; legal precedents only
seem to extend the gray area. Supreme Court Justice
Louis Brandeis argued passionately for individual
privacy, based on the uncertainty of rights laid out in
the Fourth Amendment. Today, privacy groups are divided on how to best ensure proper disclosure
and take measures to protect consumer privacy.
Some groups, like the Electronic Privacy Information
Center (http://www.epic.org), feel the government
should lead the way in establishing baseline legislation.
Others, like the Federal Trade Commission (http://www.ftc.gov), and the Electronic Frontier
Foundation (http://www.eff.org), favor
self-regulation, whereby sites would police themselves. The
happy medium, backed by such groups as the Center
for Democracy and Technology (http://www.cdt.org) and consumer activist Ralph Nader, calls for
extensive privacy policies that should conform to a
government standard, complete with a sound
security infrastructure that includes user controls, which
let consumers opt out of cookie placements and
other passive data collection.
Even if you never buy anything online, your
privacy can be compromised by Web cookies. A cookie is
a small file that a Web site stores on your
computer that contains information it can use to recognize
you if you return to that site. Most cookies pose little
risk to privacy on their own. The problem comes
when others get hold of your cookies.
Here's how it works: The first time you view a page with a banner ad on it, the ad writes a cookie
to your hard disk. Then any time you view another
page containing the same banner ad, the cookie on
your hard drive sends the address of that page back to
the ad agency's server. Thus begins a detailed
clickstreama history of some of the places
you've visited on the Internet. Currently, this
clickstream isn't matched to your individual identity.
Instead, each cookie contains a globally unique
identifier, which lets the ad server track your movements
without identifying you.
In a highly publicized case earlier this year, DoubleClick Inc. planned to cross-reference
consumer cookie data with information from a
marketing database, such as name, address and credit
card-purchase history. Public outrageand a
lawsuitensued. DoubleClick has backed off the plan, for now.
If you want to crumble DoubleClick's cookies,
visit DoubleClick's PrivacyChoices (http://www.privacychoices.org/) site.
Take Control of Your Online Identity
In surfing the Web, simply logging on can
pinpoint your geographic location. Many companies that
send junk e-mail are including ID tags encased within
a message that places a cookie on your hard drive.
This potentially links the cookie with your e-mail
address that follows you to every site on an ad network.
However, in this technology-driven world, your new
best friend may be a different kind of animal: privacy
enhancing technologies, which let you complete
electronic transactions anonymously. The Anonymizer
(http://www.anonymizer.com) lets you browse the Web
using an intermediary to prevent unauthorized
parties from gathering your personal information.
Anonymous payment mechanisms such as electronic
cash (http://www.digicash.com) let you shop online
without a credit card. And you can download, install,
and distribute free software such as the Internet Junkbuster (http://www.junkbusters.com) that
claims to disable 99 percent of cookies and banner ads.
The Children's Online Privacy Act of 1998 (COPA) went into effect in April. It bars sites
from collecting personal information from kids under
13 without a parent's permission. The act is
already forcing some sites to change the way they do
business. As Web companies merge and form
alliances, inadequate privacy policies can make those
alliances difficult, and possibly worthless.
In WWW We Trust?
Even if you trust the intent and integrity of the
people behind the sites you frequent, your information
may still be at risk to security invasion. Internet users
have the collective power to impel change and push
privacy issues to the fore. Seek out sites offering
sound privacy policies that give you the option to
conduct your business incognito, or ask your permission
to share your information. Loyalty to these sites sends
a message that fostering customer relationships
means more than a well-placed banner ad.
According to security expert Richard Smith, "Computers, like elephants, never forget. Be
careful what information you provide Web sites....Be
careful what you say in newsgroups. You can write
something today, and three years later really regret it."
The Internet is still new, and a lot of privacy and
security issues will get worked out in the next few years.