September 14, 2000

High-level wonks speak out about online privacy

Author: JT Smith

By Robin Miller
Editor-in-Chief

On Wednesday, Sept. 13, the Washington, D.C., chapter of the Internet Society held a panel discussion about online privacy policies that featured four heavy-hitting experts in the field. NewsForge was there.The event was hosted by the Library of Congress. The four panelists were:
  • Peter Swire -- President Clinton's policy advisor on privacy;
  • Gerard de Graaf -- European Commission;
  • Andrew Shen -- EPIC (Electronic Privacy Information Center);
  • Rick Lane -- U.S. Chamber of Commerce.

Peter Swire was a fairly typical DC high-level policymaker; a lawyer and law professor with a dark suit and polished public manners. He backed his presentation with a PowerPoint slide display devoid of graphics. He spoke glowingly of current government policy intiatives on the Internet privacy front, and frequently lauded both President Clinton and Vice President Gore.

Swire said that the free flow of information is well and good, and that while the administration supports it as a goal, the administration does not support the free flow of copyrighted information to unauthorized users (which he called "piracy"), to crackers (which he called "hackers") or of private, personal information to anyone who might misuse it.

As an example of the third kind of undesirable information flow, Swire cited bankruptcy court records, which typically include Social Security numbers, bank account numbers, and enough other personal data that a criminal could easily play havoc with it. In the past, Swire said, anyone who wanted this information had to go to the relevant courthouse in person to get it. Now, he said, if we are truly going to have all government records online, this information would be available so easily that the temptation for some to misuse it might be overwhelming.

So, Swire said, the administration is protecting personal financial information and has been working to make it illegal for anyone in government or business to post it online. Ditto medical and genetic records and information of any sort about minor children.

Swire also talked about the increase in the number of Web sites that have declared privacy policies in recent years. He said that virtually all federal government agency Web sites now carry privacy policy disclaimers, and that while in 1988 only 15% of all private (presumably commercial) Web sites had visible privacy policies, today 88% of them do. He noted, however, that a statement saying, "We can do whatever we want with any information you give us" counts as a privacy policy, even if it is one you might not find to your taste.

When asked when the government expected to switch from expensive and inherently insecure, proprietary operating systems and software to Open Source, Swire launched into a circa-1988-style discussion of "security through obscurity" and why it can often be better than peer review. He used the analogy of Open Source, when it comes to security, being the equivalent of giving a burglar a schematic showing where all of a building's alarm sensors are placed.

In Europe

Gerard de Graaf, a trade rep from the European Union, briefly described the EU's privacy policy. He said it was developed 18 years ago to keep personal data safe from disclosure online or off, and was working just fine and needed no revision. He talked deprecatingly about the U.S. concept of self-regulation, and how, what with the U.S. Federal Trade Commission jumping on companies that violate their stated privacy policies, and the general willingness of American attornies to sue companies and government agencies over any perceived wrong, we really might as well just put EU-style privacy regulations in place and be done with it.

In fact, de Graaf said, the US might eventually have to do so in order to comply with the international "Safe Harbor" privacy principles, which prohibit information about citizens of countries with tight privacy regulations being transferred to countries that do not have a similarly high regard for individual privacy.

de Graaf professed amazement at U.S. unwillingness to fall into step with the rest of the world on privacy matters. He said no other major country has has done as little to maintain its citizens' privacy as the United States, and that we were so far away from Europe in our general pattern of thinking on the subject that he had trouble explaining our foot-dragging to his fellow Europeans, both inside and outside of government.

The EPIC view

Next came Andrew Shen, from EPIC [Electronic Privacy Information Center] who immediately pointed out that one major reason the United States had so few legal safeguards in place to protect individual privacy was that corporate interests constantly lobbied against any such regulations, consistently declaring that adhering to them would be too complicated and would create an undue burden. But, he also pointed out, the same companies that claim it would be hard to protect citizens' privacy seem to have no trouble going to great lengths to protect their own, usually citing "security" as the reason they should not be more self-revelatory.

Shen cited statistics showing that more citizens prefer government privacy regulations than prefer industry self-regulation. He mentioned that EPIC, in an act of putting its money and mouth in the same place, had recently stopped dealing with Amazon.com because of Amazon's recent onerous change in its previously-tight privacy policy to one that, in effect, stated that Amazon is no longer safeguarding its customers's privacy in any effective way at all. The change, Shen speculated, may be in anticipation of bankruptcy and an attempt by Amazon to declare its customer list a major asset and sell it in order to satisfy creditors.

Business interests

Last up was Rick Lane from the U.S. Chamber of Commerce. He was charming. His discreet red tie was tied perfectly. He looked like he spent plenty of time in gyms and on golf courses and, from the ruddiness of his face, perhaps a bit of time on the martini lunch circuit as well. He quoted (deceased) IBM CEO Tom Watson. He quoted studies from Jupiter Communications and the Pew Institure. He quoted the syndicated comic strip Cathy.

In general, Lane said what most D.C.-area business apologists and lobbyists say in all their speeches; that government regulations are unnecessary because it is in business's own interest to regulate itself, and that in the fast-moving world of modern commerce government regulations are always too far behind the times to do much good anyway. Besides (and this is a staple of the "business is good" party line), think of all the poor, struggling little entrepreneurs out there who might be put out of business by Evil Government Regulators for failing to "dot an 'i' or cross a 't' somewhere" if government makes any attempt to make any laws that might force businesses to protect customers' privacy.

Lane spoke at length of the wonders of eBay and Priceline, and how an unfettered Internet was "good for consumers" and how "privacy is now a major selling point" for companies ranging from AOL to American Express, and why everything revolved around customer service and "customer confidence" nowadays.

If the discussion had not been about privacy, but had been a contest to see who could use the greatest number of buzzwords per minute, Lane would have won it by at least 10 horselengths.

A service to NewsForge readers
We realize that you may not have time to attend many policy forums, and that even if you did you might find yourself falling asleep as platitudes whizzed by your head. It is often hard to realize that lawyers, lobbyists, and speechifiers may have as much of a role in shaping the future of the Internet, of software both Open Source and closed, and of the IT industry in general, as the people who make and program the computers and make and maintain the Web sites. But they do, because it is through their machinations that laws get made and regulations either get put into effect or shoved aside.

We hope to bring you more policy-type reports from Washington and other capitals around the United States and around the world. Not all of them will make scintillating reading, but no matter how dry they might appear on your monitor, they represent an opportunity to learn what "they" are up to without actually having to numb your mind by sitting through their speeches.

Click Here!