LEXIS-NEXIS® Academic Universe-Document

Search Terms: personal information privacy

Document 9 of 26.

May 30, 2000, Tuesday

SECTION: COMPUTER LINK;Pg. 6

LENGTH: 2095 words

HEADLINE: Keeping it confidential; Taking charge of Internet privacy

BYLINE: Jim Nesbitt; NEWHOUSE NEWS SERVICE | The New York Times News Service contributed to this report.

BODY:
The Rev. William Morton, an Anglican priest in the Canadian province of New Brunswick, has been a computer geek since adolescence, selling Apple II computers in high school, posting notes on electronic bulletin boards long before e-mail became common, jumping on the Internet back when it wasn't such an easy leap.

So it isn't surprising that he uses the Internet to counsel and comfort his far-flung flock at Christ's Church of Campbellton.

Morton's parishioners may tell him their deepest, darkest secrets in cyber-messages that are confessions in all but a church-sanctioned sense.

But while the faceless nature of e-mail engenders the most revealing communication, Morton knows there is accompanying danger: Computer messages can last forever and, once sent over the Internet, are easily intercepted.

For that reason, he offers to encode electronic communications and teaches how to download and use readily available encryption software. "They tell me things they have not had the courage to tell anyone else face to face," said Morton, 42.

"Sometimes, just that simple act of telling someone else is enough to lift that burden."

For Morton, encoding soul-sensitive messages is a high-tech way to keep priestly vows of trust and confidence.

For the rest of the computer-using world, encryption is just one of several ways to fend off what Morton calls the "snoopy gray people" of cyberspace.

Experts say individuals should also get familiar with remailers, Web proxies and anonymizers, along with programs that cloak the cyber-traveler by taking advantage of how information moves across the Internet.

All are tools that reclaim a measure of protection against the very technology that puts the world at one's fingertips.

"People know there's a privacy issue, but they don't know there's something they can really do about it," said Tim Kane, founder and chief executive officer of enonymous.com, a San Diego privacy software company that rates more than 25,000 Web sites.

"They're over it. They say, 'I know that if I go on the Web, I don't have any privacy.' That's not true."

Another San Diego County-based business, Anonymizer, of La Mesa, is a remailing service, which disguises e-mail identities.

'Mouse droppings'

Every online action leaves an electronic trail - dubbed "mouse droppings" or a "click stream" - that can be used to compile a marketing profile or a surveillance dossier.

Every e-mail message gets chopped up into digital "packets" that, handled and often archived by third-party servers, can be intercepted.

Even more worrisome is sophisticated and automated data-gathering technology that mines, compiles and reshuffles widely dispersed information without consumers' knowledge.

Under American law, this information is largely a corporate commodity, generally exempted from the strictest Fourth Amendment privacy protections, even when it deals with the most personal financial and medical matters.

It is data that gets sold or traded, usually without an individual's input or consent.

And as more and more people use the Internet - to shop as well as surf - privacy becomes a prime consumer-relations problem for e-business.

A survey earlier this year by the U.S. Department of Commerce found that 86 percent of those who contemplate online shopping worry about giving up too much personal information.

"Privacy will be to the next century what civil rights were to this century," said Austin Hill, co-founder and president of Zero-Knowledge Systems, a Canadian developer of privacy software.

Hill acknowledges the double-edged nature of the Internet's power. The trick is to protect privacy without sacrificing the consumer comforts of technology.

"We all don't want to become Amish, do we?" he asks.

Earlier this month, the Federal Trade Commission recommended that Congress pass legislation to protect consumers' privacy on the Internet, saying online companies have not moved fast enough to police themselves.

"Consumers should not have to forfeit their privacy online in exchange for the rich benefits of e-commerce," said Robert Pitofsky, FTC chairman.

But while legislation has been introduced by Democrats in both the House and the Senate, there is no expectation that Congress will act any time soon.

And, Clinton administration officials were decidedly lukewarm about the commission's proposal. They said that the government should continue to rely on the industry to police itself, and that the White House had a deeper interest in promoting privacy laws in other areas, including health care and financial services.

Plugging the data flow

To plug the flow of personal information, the savvy cyber-traveler has three main categories of tools: encryption software, remailers and anonymizers, also known as Web proxies.

[] Encryption software encodes messages and offers a set of "public" and "private" electronic keys to unlock the masked message.

One of the best-known and most utilitarian encryption program available is PGP (Pretty Good Privacy), developed by Phillip Zimmermann of Palo Alto.

American law enforcement figures were so worried about terrorists using PGP that, for a time, it could not be exported. That ban has now been relaxed.

[] Remailers are a series of electronic blinds between sender and recipient that make it more difficult to track who is sending what to whom.

Think of a set of nested Russian dolls: Each stop in the remailing string is one of those dolls and knows where the message came from and where it is being sent, but no more.

When combined with coded text, remailing makes snooping difficult for all but the most sophisticated hacker or government agency. Cypherpunk and Mixmaster are the best-known remailer technologies.

[] Web proxies, or anonymizers, establish an electronic screen between individual computer users and the Web sites they visit.

Routing requests through a service like Anonymizer.com masks an individual's identity - all the Web site gets is the Web proxy address, not the individual's.

Some services will even "lie," filling a Web site's automated customer information forms with bogus names and addresses so that the user can surf the site leaving no personal information behind.

No geek required

In the not-so-distant past, you had to be a bit of a geek to use these tools.

Even the relatively simple task of programming a Web browser to reject "cookies" - the silent data-gathering devices that a Web site deposits directly onto hard drives to track Internet wanderings - was overwhelming.

But new products are more user-friendly, offering a combination of automated privacy features.

Zero-Knowledge's Freedom software, for instance, offers coding and automated remailing through a network of Freedom-associated servers that hide even the geographic origin of the user.

It also allows users to block e-mail from unwanted sources, a weapon against unwanted "spam" advertising.

The Freedom user can also monitor or kill "cookies." And, unlike earlier generations of privacy software, Freedom works in almost any news group, chat room or e-mail system.

But the feature that earns the company its name is its package of anonymous identities. The company makes a point of not knowing which customer has which anonymity package, known in Internet circles as "nyms."

"Don't have to know, don't want to know - it's none of our business," said Hill, the Zero-Knowlege president.

"The Internet was never designed with privacy in mind ... In real life, there's a difference in how I act and what I might say in private and how I am in the workplace. On the Internet, there is none of this context and no compartmentalization. We're giving people the chance to resegment their online lives and restore some privacy to their activities."

Future woes

Why go to all this trouble? Hill and PGP creator Zimmermann point to the not-too-distant future, a place with even greater permutations of the law of unintended consequences.

Consider the development of home appliances that would order up food items in short supply.

Such appliances would require some form of online monitoring - an automatic flow of information that could be used for other purposes.

Refrigerator data that notes the number of beers consumed in a single night could be combined with information from a home lighting and climate control system indicating those beers were consumed by one person, drinking alone.

This amalgamated information could be tapped by an individual's HMO or employer, earning the person a tag as a problem drinker. Or, it could be used by a snoopy prosecutor.

"I don't tend to think of the privacy problem in terms of hackers as much as I do Ken Starr," Zimmermann said.

"There are ways to make it difficult for Ken Starr to find out you bought a book at Amazon.com on flirting and he thinks that's wrong because you're a married man."

Some academics argue that the computer engines gathering all this information are so powerful, and the corporate interests employing them so integrated and all-encompassing, that the privacy protections available to individuals are popguns going up against battleships.

"These measures mislead people into thinking they're protections when, in the macro sense, they are not. They are placebos," said Timothy Engstrom, a philosophy professor at the Rochester Institute of Technology who has written extensively about the impact of technology on privacy.

"They present the myth of protection against a system that is considerably more powerful than the tools available to the individual."

'A moving target'

There are three avenues of solutions to the Internet privacy problem: technological fixes, the route favored by the true believers of the wired world; self-regulation by companies conducting e-commerce, including rating systems and standardized privacy codes for consumers' Web browsers; and, finally, government regulation.

A growing body of state and federal law would extend traditional privacy protections into cyberspace, even amid worries that government regulation will stifle e-commerce without fixing the problem at hand.

Last year, Congress passed two bills aimed at protecting the privacy of children and shielding them from adult-oriented material, and threatened to pass similar protections for all citizens if self-regulation failed to work.

This year, legislatures in more than 30 states have proposed some form of Internet privacy protection, from prohibitions against banks sharing financial information to bans on the sale of personal information gleaned from monitoring consumers' electronic travels.

But many observers believe the Internet, by its very nature, defies control.

"If the Internet's broke, it's too big for Congress or any state legislature to fix it," said John Paul Moore, a Web designer and rural Internet access activist based in Austin, Texas.

"The technology is a moving target and moves far faster than any legislative session. And there's no one jurisdiction that's going to be able to pass legislation that can govern the whole Net."

Code confessions

Back in New Brunswick, Morton, the priest, answers to a higher authority.

Encryption isn't just a technological tool; it's a matter of faith.

He uses a simple syllogism to illustrate his logic: Communication that leads to healing and wholeness requires trust; trust requires confidentiality; therefore, communication that leads to healing and wholeness requires confidentialit

In other words, a cyberconfession needs to be in code, for reasons of theology as well as security.

About 40 of 150 church families, many of them living in the dense woodlands beyond the Restigouche River and its world-famous salmon run, regularly use e-mail to communicate with him. At any given moment, he is sending and receiving encrypted messages with four or five parishioners.

Morton is quick to tell them that e-mail leaves "a bright, shiny trail across the Internet" and, even when sent in code, is no substitute for face-to-face counsel.

He is a believer in the arming against the Internet's danger while taking advantage of its power,

"The last thing we have control over is ourselves and personal space," Morton said. "If you're going to participate in technology, you have to open large portions of yourself to everyone.

"One of the things encryption allows is the creation of a virtual room where only two people are taking part in the conversation. Encryption can be used to regain that sense of privacy and the sense of control over the information."

GRAPHIC: 2 DRAWINGS

LOAD-DATE: June 1, 2000

Document 9 of 26.


Search Terms: personal information privacy
To narrow your search, please enter a word or phrase: