Online Privacy Concerns Escalate

As federal and private organizations make more information available on the Internet, concerns about electronic privacy are reaching a critical level. The U.S. government, in particular, has recently come under fire for its lack of a coherent policy for online privacy. That may be changing. With a bevy of announcements in early April from public representatives and private organizations, it appears online privacy issues are moving to the front burner of national affairs.

"There’s a little bit of privacy policy for the U.S. government, and very little for individuals and corporations," says Peter Neumann, a principal scientist with the Computer Science Laboratory of SRI Int’l ( and moderator of the Risks Digest (, an online forum that provides information on risks to the public in computers and information systems.

According to Neumann, many European nations --Scandinavian countries, in particular -- have had privacy controls in place for years. These controls typically deal with the handling and dissemination of information, both public and private, and restrict the flow of data across national borders. "The Scandinavians, for many years, have had very stringent restrictions on what you can do with data, and there are all of these transporter issues that personal data cannot move out of one country and go to another country," Neumann explains. "In this country, [public and private organizations] have more or less free reign to do what they like."

In early 1999, however, it appears that the U.S. electronic privacy landscape is being transformed, albeit slowly, as public representatives and private organizations champion personal privacy and consumer rights.

On the legislative side, U.S. Rep. Ed Markey (D-Mass.) announced in early April his intent to introduce all-inclusive legislation -- dubbed Markey’s Privacy Bill of Rights -- to ensure that private, personal information isn’t sold or reused without the consent of consumers or Web users. Markey’s proposal, which is similar to European privacy statutes, would require informing consumers about the manner in which personal information is handled, as well as disclose to them whether or not such information would be reused or sold. Most importantly, Markey’s Privacy Bill of Rights would give consumers the right to refuse Web sites the permission to reuse or disseminate personal information altogether.

In the marketplace, IBM Corp. fired a shot heard ‘round the Internet advertising world in late March when it indicated that, effective June 1, it would remove its advertising from Web sites in the United States and Canada that didn’t publicly disclose personal privacy policies. IBM is the second largest advertiser on the Internet, trailing only Microsoft Corp.

According to Rob Enderle, a senior analyst at Giga Information Group, Big Blue is probably pursuing this course of action as a means to stave off the specter of government regulation that increasingly haunts the Internet privacy space. "Companies should do whatever they can to keep the federal government from entering and regulating [Internet privacy control] officially," Enderle maintains. "I certainly personally applaud IBM for taking this route. They’ve decided to take the lead here and I hope that more companies decide to follow suit."

Also in early April, Internet advertising leader Microsoft and the Electronic Frontier Foundation (EFF) announced a set of guidelines for the Privacy Preferences Project (P3P) at the Computers, Freedom and Privacy 99 Conference to be held in Washington. Both Microsoft and the EFF hope that the proposed guidelines will accelerate the adoption of P3P, a privacy framework that gives individuals greater control over their personal information. The guidelines are expected to simplify the process by which Web sites can disclose privacy policies.

Bob Herbold, executive vice president and chief operating officer at Microsoft, positioned the jointly developed guidelines as a means to allay related consumer concerns over personal privacy and the viability of e-commerce. "Creating solutions that accelerate the development of a standards-based 'trust' infrastructure will build people's confidence in the Internet as a global medium for communications and commerce," Herbold said in a prepared statement.

Enderle believes attempts such as those spearheaded by IBM and Microsoft to stave off government intervention and regulation in the Internet space should be encouraged. "What typically happens when the government steps into regulate is that it creates an onerous responsibility for documentation and auditing, and the cost of maintaining that documentation and reporting can be a big problem if you’re a smaller company," he comments. "Allowing the industry to regulate itself would be a far more cost effective way to deal with this in the long term."