News

Developers to face Internet privacy issues

• By Jack Vaughan
• May 29, 2001

"There is in this country a growing sense among people that privacy is being loss," said U.S. Sen. John Kerry, D-Mass., at a recent meeting of the Massachusetts Software & Internet Council. Kerry and Senate colleague John McCain, R-Ariz., have been at work fashioning a Consumer Internet Privacy Enhancement Act that will allow site visitors to elect not to have their personally identifiable information collected by a Web site and sold to a third party.

U.S. Congressional leaders may soon consider this, as well as other bills focusing on Internet privacy.

Kerry noted that consumers may be unaware of the extent to which they are already tracked in the offline world. "We have to make certain the off-line world and the online world are [considered] in the same context," Kerry told the Massachusetts technology leaders.

Kerry said that the McCain-Kerry bill takes a 'middle ground' between more extreme measures that on the one hand give free rein to cookie gathering and, on the other, completely ban such activity. But he noted that his bill distinguishes medical and financial information from other commercial online transactional data.

Perhaps the most pointed Web privacy controversy to date involved DoubleClick. Last year, this New York City-based online advertising house intended to integrate cookie-based Web activity data with direct marketing databases. DoubleClick management retreated from that plan in the face of pressure from the FTC and several state's attorney generals.

The McCain–Kerry bill "is pretty much a 'notice' bill," said Richard M. Smith, CTO for the Denver-based Privacy Foundation, and former president of embedded systems house Phar Lap Software Inc. That is: It requires that Web sites post a notice of their privacy policy, with some mechanism made available for users to opt out. Smith positioned the bill as along lines promoted by software and Internet industry vendors. He noted a bill backed by Sen. Ernest Hollings (D-S.C.) was more harsh in its remedies for Internet privacy.

"The big problem with most opt-out systems is that they are done so dishonestly," said Smith. "You have to be like a detective to find them. It's easy to sign up, but hard to get out."

Smith indicated development managers are often unwitting participants in systems that threaten privacy.

"Today, a lot of industry folks have been pushing ideas of self-regulation. The people who make a lot of the decisions are business people and technology people are unaware of the problem," said Smith.

"It's the business people who design the system, and the technology people who build it IT needs to be involved in this stuff, he said.

Technology workers want to make Web systems easy to use and readily accessible. They want to be helpful," said Smith. But, he suggested, these goals can be in opposition to privacy goals.