Back to National Journal
2 of 41 results     Previous Story | Next Story | Back to Results List

09-02-2000

TECHNOLOGY: Privacy's Price

You're driving down the freeway, listening to your car radio and singing
along to some silly song from the 1970s such as "Mellow Yellow."
Most likely, you would never suspect that a device mounted on a billboard
might be monitoring car radios as they speed by, tallying the number that
are tuned in to oldies, rock, classic, or country stations, and forwarding
the results to a market research corporation.

Should you be concerned about your privacy in this situation? The devices-which are actually being used in several American cities-can't tell who is listening to what station. They can only count the number of radios tuned to each channel. If you like `70s music, you might not mind having the advertisers know that lots of people listen to that music. On the other hand, you have unwittingly become a survey participant.

Everyone wants privacy, but these days there is little consensus on what the concept means. Nor is it clear how much can be done to ensure privacy without undermining free speech rights, consumer convenience, or economic growth. Yes, people want rules that make it difficult for credit card thieves to ruin a person's financial record, and they want tough restrictions on the distribution of health data; but they don't seem to care very much if their local supermarket knows whether they eat broccoli or lima beans, and often they want to customize their favorite Web sites with the aid of interactive calling cards known as "cookies."

Privacy issues are complex because they touch on so many areas of life and involve such a wide range of activities: corporate data collection, the use of credit card numbers, computer hacking, telemarketing, e-mailed "spam" advertising, advertising on cell phone displays, and medical data collection, to name just a few.

The hottest privacy debates center on personal information, mainly because this information is increasingly collected and shared in the Internet economy. Last year, for example, a dispute over the privacy of financial information nearly derailed a long-fought rewrite of the landmark 1933 Glass-Stegall regulations, which shaped the nation's financial sector.

Washington has already tackled many aspects of privacy. Congress has passed the 1970 Fair Credit Reporting Act, the post-Watergate 1974 Privacy Act, the 1984 Cable Act, the 1986 Electronic Communications Privacy Act, and the 1999 Gramm-Leach-Bliley Act, which toughened privacy rules for the financial sector. For several years in the late 1990s, Congress considered, but never approved, bills that would have safeguarded the privacy of personal health information. Now a slew of new bills is being offered in Congress, and privacy is becoming Washington's favorite new mom-and-apple-pie issue.

Alan F. Westin, a law professor at Columbia University in New York City and a privacy consultant, conducts regular surveys of people's attitudes toward privacy. He said the percentage of citizens who are very concerned about privacy-and unwilling to compromise on it-has grown to about 30 percent, up from 20 percent in the early 1990s. He attributes that rise in "privacy fundamentalists" to the growing number of Internet users who react negatively to stories of companies that monitor transactions and gather data on individuals' tastes and buying habits. But polls also show that roughly 20 percent of the population simply don't care about the issue, while roughly 50 percent are willing to trade some personal privacy for some benefits-if they trust the data collector. The polls also show that women, by 10 to 20 percentage points, are more concerned about information privacy than men. "In political terms, you don't want to be against strong privacy when this resonates so strongly with women," said Westin.

The public's particular worries over privacy have not yet coalesced into a wedge issue, and neither major political party has yet seized an advantage in the privacy debate. For now, enterprising politicians of all stripes can safely back laws that curb identity theft, say, or bar discrimination against employees or patients based on a person's genetic data. But privacy worries will soon collide with other priorities. Thus, when Sen. John McCain, R-Ariz., announced a new online privacy bill on July 26, he said his first priority was not to hinder the current economic boom with new regulations. Moreover, free speech rules limit politicians' ability to curb companies' use of data. Over the past few years, the Supreme Court has shown increased concern for the commercial speech rights of corporations. According to Eugene Volokh, a law professor at the University of California (Los Angeles), a company and its shareholders can fairly argue that tough privacy-protection laws hurt their ability to speak about, and thus use, the data they gather in voluntary transactions.

Industry's Dilemma

Industry is split over whether to back privacy-enhancing measures that bolster the public's trust or to eschew compromise in defense of the free market. In the online industry, many executives and lobbyists hope to see by next year a new privacy law that would require data swapped in ordinary commercial Internet transactions for goods such as cars, stereos, and software-but not health care or financial services-to be governed by contracts between buyers and sellers. These contracts would explain to consumers how their personal data might be used and would allow them to make sure the data is correct. Consumers could then choose to buy the product-and let the companies do what they will with the data-or do business elsewhere. These provisions form the heart of the bill, which was unveiled on July 26 by Sens. McCain, Spencer Abraham, R-Mich., Barbara Boxer, D-Calif., and John F. Kerry, D-Mass. The measure preempts state laws-a major goal of the global high-tech sector, which worries about the patchwork of state regulations.

The advertising industry is also feeling the pressure to create tougher privacy protections. On July 27, a coalition of online advertisers won the Federal Trade Commission's approval for its voluntary rules that would curb advertisers' collection of personal data from Internet users. But the agreement did not prompt the commission to drop its call for legislation that would force many online companies to adhere to the same rules.

Other industry sectors should also make concessions to privacy concerns in order to avoid a consumer backlash and further regulations, argues Mary-Claire Fitzgerald, executive director of the Washington-based Electronic Commerce Forum. "The smart move is for industry to step up and take this issue away" by accepting third-party verification that each company is complying with the privacy promises it has made to its customers, she said.

But industry has traditionally opposed privacy regulations, saying these rules could restrict economic growth. Industry leaders argue that the Internet spurs business competition and prompts companies to continuously improve service. That can only happen, they say, if companies have vast amounts of customer data. For example, companies want customers' addresses and credit card numbers recorded in databases so customers don't have to type in that information every time they buy an item. Companies also want to know consumers' tastes to avoid wasting time and money advertising skimpy bathing suits to 40-ish office workers with presumably expanding waistlines. Moreover, there are many established corporations that are betting their futures on data-driven corporate reorganization. With information about their customers, companies can make smarter decisions to divide into smaller business units, merge with other firms, or expand or outsource their workforce. The central role of data in the new economy was made obvious in July by Toysmart.com after it had gone belly-up. The only asset it offered in its bankruptcy sale was a hoard of personal data. Once this fact was publicized, the FTC stepped in and said any buyer of this data would have to comply with the privacy promises Toysmart had made to its customers.

No matter what their position on additional regulations, companies have a powerful incentive to protect their valuable and sensitive data from misuse and hackers, and to make sure their customers know their personal information is protected. Many companies, such as America Online, send electronic advertisements to their customers who match a profile set by the advertisers-without turning over their customer data to those advertisers. For example, a chain of health clubs might pay America Online to e-mail ads to all single, middle-income adults who visit AOL's health care and fitness sites. That way, AOL gets ad revenue, the health club may get new customers, consumers get information that may be useful, and everybody's private activities are kept secret within AOL's computers. Indeed, the failure to address consumers' privacy concerns can cause a company's stock to crash overnight, partly because investors worry that privacy scandals may prompt Washington to impose rules that would destroy a company's business prospects. For example, the value of DoubleClick stock has dropped from $120 per share to $25 per share since it ran into a hail of criticism-and the threat of new privacy laws-for its now-abandoned plan to track online activities of individual Internet users by name, not merely as part of a homogenous demographic cohort.

Long Road to Compromise

The pro-privacy community, which includes legislators such as Reps. Edward J. Markey, D-Mass., and Joe Barton, R-Texas, wants tougher rules, but it is split over the extent to which government should protect privacy and whether the main threat comes from government or industry. Privacy advocates agree on this much: Government and law-enforcement agencies' data collection activities should be curbed; customer data should be used only for the original purpose for which it was collected; consumers should have a measure of control over the sale of their personal data; government agencies should keep a sharp eye on companies that violate privacy agreements with customers; and discrimination based on health and genetic data should be outlawed.

Others would go further: "We believe that the individual should have control of [company-held] information about himself or herself, and that the government has a role to play in securing that right," said David Sobel, a lawyer at the Electronic Privacy Information Center in Washington. He says he believes that companies should have to get customers' explicit permission-their "opt-in"-before storing their personal data. Other privacy advocates say people should be protected from being mischaracterized by a partial release of personal data. Jeffrey Rosen, a George Washington University Law School professor and author of The Unwanted Gaze: The Destruction of Privacy in America, makes this argument, but warns that the interest in not being mischaracterized should not become a legal right, because it would clash with others' free speech rights.

Genetic discrimination-for example, being denied a job because one's genetic makeup makes a future disability more likely-is such a worry for these privacy proponents that The New Republic urged in a June 29 editorial that the nation should adopt a constitutional amendment to protect medical privacy. "We need to do it very quickly, before someone can invent something that creates an interest group to block such an amendment," said Gregg Easterbrook, a New Republic editor. Congress appears set to pass a law barring genetic discrimination, but Republicans and Democrats disagree on whether to include a provision facilitating lawsuits for such discrimination.

One possible route to compromise is greater use of privacy-protection technologies: data encryption, anonymous financial transactions, and untraceable e-mail. While such innovations can shield personal data from hackers-and even from some merchants-and could ease the negotiation of privacy contracts by Internet buyers and sellers, they could also obstruct the rights of other citizens and of the courts to gather information in criminal and civil lawsuits. For example, could one party in a divorce case ask the courts for the right to view e-mail on the computer of a spouse's suspected lover? Could the court order the decryption of the alleged lover's e-mail messages?

There are simply too many new technologies and business opportunities, and too many ideological viewpoints and pressure groups, for peace to come to this expanding political battlefield anytime soon.

Neil Munro National Journal
Need A Reprint Of This Article?
National Journal Group offers both print and electronic reprint services, as well as permissions for academic use, photocopying and republication. Click here to order, or call us at 202-266-7230.

2 of 41 results     Previous Story | Next Story | Back to Results List