Witnesses before a U.S. House subcommittee Tuesday offered a range of opinions about what approaches should be taken to ensure online privacy for Web site users. A call for legislative intervention contrasted with arguments for continuing industry self-regulation.
The House Commerce Committee's Telecommunications, Trade and Consumer Protection Subcommittee started Tuesday's online privacy hearing by receiving a report on the subject from the Federal Trade Commission. The FTC subsequently recommended that online privacy legislation isn't called for right now. (See "FTC says 'Net privacy legislation not needed - yet") The FTC report noted that while substantial progress has been made in the last year, much more needs to be done.
After lawmakers heard testimony and asked questions - sometimes testily - of FTC members, the hearing turned to testimony from representatives of various industry trade groups, vendors and nonprofit associations that offer advice related to technology policy. The hours-long session conveyed the sense of frustration that exists about how to push Web sites to self-regulate when it comes to posting and enforcing privacy policies - and what to do if that doesn't happen.
Self-regulation has been the key to the Clinton administration's Internet policy, but some are increasingly wondering if that approach is going to work.
While there's movement in the right direction, the overriding issue now is how to "get to the bad actors," who take no action to post and enforce privacy policies, said Deirdre Mulligan, staff counsel for the Washington, D.C.-based Center for Democracy and Technology (CDT), which tracks and offers advice on technology public policy.
"I think we need the government to play a role," she said, adding that a combined effort of self-regulation and government oversight is necessary.
The CDT and various consumer advocacy groups have been critical of the government's hesitance to adopt legislation forcing Web sites to create and enforce sound privacy policies, arguing that the industry isn't doing an effective job of policing itself.
But not all policy groups are pushing so strongly for legislation.
"I think it's very important that when you look at the enormous experimentation going on out there in the business world you don't put someone in the category of a 'bad actor' simply because he hasn't posted a privacy policy," said Solveig Singleton, director of information studies at the Cato Institute, a public policy group in Washington, D.C.
Indeed, various subcommittee members and others testifying remarked that cyberspace is so fast moving and changeable that hard-and-fast rules can be difficult to establish.
Rep. Edward Markey (D-Mass.) was highly critical of that viewpoint throughout the day, offering the most challenging questions and pointed comments of the hearing.
While the nation waits for privacy policies to catch up with the proliferation of Web sites, "I don't have any privacy rights. I don't have any security rights," Markey said, speaking on behalf of online users. Even in the face of so-called "seal programs" such as Truste, consumers continue to have no real guarantee of privacy online.
Truste is one of several programs established that provides a seal of approval to Web sites that adhere to privacy policy principles recommended by the FTC and various advocacy groups. Such sites prominently post privacy policies and make them easy to understand. The sites further offer consumers choices about the information that they give or is collected about them when they are at the sites.
While Truste was touted in the FTC report and is generally viewed as a positive move in the industry, it has been known to fail. Robert Lewin, its executive director, said there have been seven instances in which the Truste symbol was found misused, mostly because of misunderstandings regarding its use. Truste, which was started by various IT vendors, has a watchdog system in place to monitor use of its seal and also track whether sites actually adhere to privacy policies.
Another approach to safeguarding privacy is the use of technology. Steve Lucas, chief information officer and senior vice president at PrivaSeek, Inc., in Denver, told the subcommittee that his company has technology available that allows consumers to control what information is gathered about them at Web sites, as well as under what circumstances such information is shared.
Lucas' view is that lawmakers should give the industry more time to develop and market such technologies, allowing consumers control over how their personal information is disseminated and used.
At various points during the afternoon testimony, the discussion veered into whether U.S. residents have any anonymity at all. Billy Tauzin, the Louisiana Republican who chairs the subcommittee, said residents are routinely under surveillance when they are in stores, banks and government buildings.
"There are no notices on the bank stores, on the store doors, that we monitor you when you're inside," he said, adding that there are no notices on the doors of Rayburn House Office Building, where the hearing was held. But the government does keep an eye on people inside the building via surveillance cameras and "there might be microphones to pick up conversations," Tauzin said.
Although there are parallels between the brick-and-mortar age and cyberspace when it comes to privacy and anonymity, Tauzin said the Internet has such "enormous power" that it skews the equation.
"The Internet has the power to show what we think about doing, to profile our behavior," Tauzin said. "Not just our preferences, but what we might consider preferring. That's quite a different ball game for consumers to have to walk into."
It's also quite a different ball game with which lawmakers and policy advocates must contend.
"I'm so struck by the fact that this remains a premature baby that isn't gaining weight the way it should," said Representative Anna Ashoo (D-Calif.). She suggested that Congress establish a deadline by which Web sites must post privacy policies that meet the FTC principles, which are widely accepted as sound.
The text of the FTC report can be found online at www.ftc.gov/. The Web site of the House Commerce Committee, whose telecommunications subcommittee conducted today's hearing, is at www.house.gov/commerce. The CDT, in Washington, D.C., can be reached at www.cdt.org/. The Cato Institute, in Washington, D.C., can be reached at www.cato.org/. Truste can be reached at www.truste.org/. PrivaSeek, in Denver, can be reached at www.privaseek.com/.
RELATED LINKS
