Web/E-business /

Preserving our privacy

By Linda Musthaler
Network World, 11/26/01

They started coming in the mail in the spring, first a trickle and then several per day. Privacy statements. From credit card companies, insurance companies, banks, financial planners. It seemed that anyone who had information about my personal health or wealth was telling me their policy on how it would safeguard my private information.

Or at least I thought it was private. I had to read the fine print to learn that, unless I took some specific action - usually returning some postcard or letter - my personal data could be shared with other companies "to provide better service" to me.

Web sites, too, can collect a lot of information about an individual. Sometimes the collection of information is very obvious, such as when you complete a purchase transaction or register to enter a portal for "members only." Sometimes the data collection takes place in the background, and you aren't even aware of it, such as with "click-through" ads that trace what other Web sites you've visited.

However, privacy is more than just a daunting issue for the computer user; it can be a real economic drag for companies wanting to conduct business over the Internet. In the recent report "CommerceNet 2000 Survey: Barriers to Electronic Commerce," computer users' concerns over "security and encryption" and "trust and risk" were cited as the top impediments to e-commerce growth.

If the IT industry could do more to gain users' confidence and trust in online privacy and security, ordinary people might feel better about the Internet for business and personal use.

That's the impetus for the Platform for Privacy Preferences Project (P3P), which the World Wide Web Consortium (W3C) is spearheading. P3P "is emerging as an industry standard providing a simple, automated way for users to gain more control over the use of personal information on Web sites they visit," the W3C says.

By answering a few standardized, multiple-choice questions, users develop their own policies on how they would accept online companies using their personal data. Each Web site deploying the P3P specification also has a policy of how it uses personal data. The P3P specification makes it easy to compare the user's policy with the Web site's policy, giving the user the choice of whether or not to enter the Web site and conduct business there. It puts control into the user's hands in a simple-to-execute, simple-to-understand fashion.

Of course, P3P has its critics, most of whom say the specification doesn't do enough to safeguard privacy. Perhaps not, but at least it's a start on a consistent approach to the problem. Learn more about P3P on the W3C's Web site at www.w3c.org/p3p/.

One thing is almost certain: If the IT industry doesn't figure out how to solve this issue itself, the federal government will step in to strengthen current privacy legislation. Congress has acknowledged being impatient about the industry's lack of progress toward protecting online privacy. At the very least, the Federal Trade Commission has said it will more strictly enforce existing privacy policies. That means we'll start seeing a crackdown on online companies that don't do enough to safeguard your personal information.

The strange thing is, since Sept. 11, "privacy" has a different definition as far as the government is concerned. On Oct. 26, President Bush signed the Patriot Act of 2001 into law. This new law gives federal authorities more leeway in monitoring Internet usage and expands the way data is shared among different agencies. Of course, the law is designed to target shadowy figures that are suspected of terrorist activities. But like the poor dolphins in tuna nets, law-abiding citizens may get caught up in such investigations and find their personal data compromised. However, this is the price we'll pay for homeland security.

I'd like to see more companies get behind the industry's attempt at self-regulation. P3P may not be perfect, but it's better than having some government agency's view of privacy policy forced upon us. Like all technology solutions, it may take a few version of the P3P specifications to meet everyone's needs. Now is the time to offer your input to this specification. As the saying goes: Speak now or forever hold your peace.