Copyright 2000 The Christian Science Publishing Society
The Christian Science Monitor
February 22, 2000, Tuesday
SECTION: FEATURES; WORK & MONEY; Pg. 17
LENGTH: 1329 words
HEADLINE:
When the web surfs you
BYLINE: Eric C. Evarts , Staff
writer of The Christian Science Monitor
BODY:
The Internet.
Consumers love it because they
can quickly access the same information used by experts, stockbrokers, and
lobbyists - stock prices, government reports, academic studies.
The problem is, that very openness gives others -government, crooks,
marketers of legitimate and illegitimate products and services -access to a
consumer's personal information.
Perhaps too much access.
To make purchases on the Web, consumers have to provide various
personal information -name, phone number, credit-card number, product
preferences, sometimes financial and health records. Companies compile this
information, and the Internet makes it all too easy to share.
Kirk Bailey, security-policy manager at the Regence Group in Seattle,
discovered just how easy when he dared a group of fellow information-security
experts last October to unearth as much information about him as they could.
For less than $ 100, the group came up with his birth
certificate, Social Security number, a complete picture of his personal
finances, copies of his home phone bills, his college transcripts, an electronic
copy of his signature - even his cat's diet.
"They owned me,"
says Mr. Bailey. "[And] I'm a professional in information security."
"I burn all my credit-card offers and bank statements. I was prepared to be
uncomfortable. And still, I was floored what they could have done to me," he
says.
The security experts had more than enough information to
refinance Bailey's house, shut off his electricity, or buy a car in his name. In
some cases, people who had the information "bent over backward to share it,"
says Bailey. (People-search sites - essentially online private investigators
that sell information to anyone for a few dollars - are among the most visited
on the Internet.)
Last month, 300,000 online customers of CD
Universe also lost a sense of their privacy when an extortionist, allegedly
operating in Eastern Europe, stole their credit-card numbers and posted them on
the Web.
Last year in the US there were more than 300,000 cases
of identity theft, where criminals gathered enough information to steal money
from bank accounts or open credit cards in other people's names and ring up
thousands of dollars in purchases.
An ABC News poll taken last
month said 40 percent of consumers worry that computers are being used to invade
their privacy.
Collecting personal
information isn't new, of course. Government agencies such as the
Census Bureau, the IRS, and state motor-vehicle registries have maintained such
databases for decades. And companies often ask for customers' phone numbers "in
case there is a problem."
But as computer networks allow more
businesses to share databases, the information has become valuable, says Stephen
Altobelli, spokesman for the Direct Marketing Association (DMA). "The name
Stephen Altobelli is worthless [by itself]," he says. "What gives it value is
being on a list with 20 other similar names."
Marketers buy and
sell customer lists so they can target their advertising via direct mail,
e-mail, and Internet banners.
Last year consumers received 71
billion pieces of direct mail.
The problem is getting worse
online, in part because consumers have been reluctant to pay for information on
the Web. "Consumers like free access, but that means sites have to make money on
ads," says Laura Mazzarella, an attorney in the Bureau of Consumer Protection at
the Federal Trade Commission. The more information the sites can collect about
people, the more they can charge for ads, she says.
So companies
entice consumers to share personal information with offers of discounted
services, cash, or prizes. The value of such incentive programs on and off the
Web totals $ 3,000 per year for every American says Marian Salzman, head of ad
agency Young and Rubicam's Brand Futures Group.
A few Web sites,
such as moneyformail.com, run by longtime consumer activist Gerri Det-weiler,
now pay people to read junk mail targeted to their demographic group. "One
reason we're seeing so much public debate is that consumers are feeling
helpless," says Ms. Detweiler.
But others say putting a price on
personal information cheapens it. "It denigrates the value of privacy to put a
price on it," says Simson Garfinkel, a computer-security expert and author of
"Database Nation: The Death of Privacy in the 21st Century."
And
the value varies. The names of people with more than $ 1 million to invest would
be a gold mine to financial companies. But grouping the names of consumers by
demographic only increases ad revenue from 0.6 cents per click to perhaps as
much as 1.5 cents, he says.
"The problem" Mr. Garfinkel says, is
that "the people running American business are so uneducated about privacy. They
devise new systems all the time to collect and sell personal data without any
consideration of a person's right to privacy."
"E-commerce
companies will often say, 'You must register, because that's how we make money,'
" says Tony Jenkens, who builds clients' e-commerce sites at consulting company
Breakaway Solutions in Boston.
"If you're engaging in e-commerce,
at a certain point it's impossible to keep your own information private," says
Marc Rotenberg, president of the Electronic Privacy Information Center in
Washington.
So far, the Federal Trade Commission has taken a
hands-off approach, recommending to Congress last summer that the industry
regulate itself. To keep that friendly government relationship, the FTC says
companies that collect data must: tell consumers that they're collecting it and
what they intend to use it for; let consumers see files collected about them to
verify their accuracy; and let consumers opt out of having their information
sold to others.
"We think it's possible to create a marketplace
where individual consumers can protect personal information [that way]," says
Mr. Altobelli of the DMA.
But critics say information is often
collected without consent. With appropriate regulation, it would be possible to
track data so the government or individuals could see where it was collected
says Mr. Garfinkel. Legal penalties could be established for those who use
information for the wrong reasons.
For now, keeping private
information private is a never-ending job of keeping one step ahead of marketers
and impersonators.
While laws limit what information federal
agencies can sell, business records are increasingly being sold to aggregators
such as Polk, Acxiom, and big credit-reporting agencies. For a price, state
agencies, municipal governments, and federal public records will also provide
data about individuals.
In the future, warns Mr. Garfinkel, this
information could be combined with a person's picture (from a driver's license,
for instance), a digital copy of a signature, a genetic map, and exact location
(through public-security cameras and computer chips in cars and clothing).
Internet companies already are developing new technologies to
collect details about people who use their sites.
DoubleClick,
for example, has been widely criticized this year for its merger with
personal-information aggregator Abacus, because the deal will combine online
behavior with people's names.
iClick bills itself as a
customer-service tool that can interact with Web shoppers as they browse a site.
If they linger on a page without buying, an iContact agent can appear on their
browser and offer to help them shop. In some cases the agent can even take over
a person's browser, say, to fill in an order form.
In 50 years,
predicts Watts Wacker, a Westport, Conn.-based futurist with SRI Consulting,
"privacy will be an artifact. It won't be relevant to the way we live our
lives."
(c) Copyright 2000. The Christian Science Publishing Society
LOAD-DATE: February 21, 2000
