Much of the debate has centered on this question: What constitutes fair notice of what companies are actually doing with individuals' private data? Consumer advocates have generally argued for an "opt in" method, which would require specific consent before companies could do anything with a consumer's personal information, such as sell it to marketers. More recently, some have advocated applying an opt-in approach to any software that takes over components of a PC, regardless of whether it collects data. Businesses, on the other hand, have argued for an "opt out" method, which would automatically allow companies access to hard drives and use of personal information unless consumers were to take explicit steps to block them. As a practical matter, such a "default" mechanism would have enormous influence on behavior because most people typically keep the computer settings they've been given at the outset simply because it is the easiest thing to do. Although the opt-in alternative adds an important layer of security, it has proven a political deal-breaker in Congress. Last year, for instance, Sen. Ernest "Fritz" Hollings proposed opt-in privacy requirements for collecting personal information that were immediately opposed by Sens. Conrad Burns and Bob Kerrey, who had drafted competing legislation. The two sides compromised on the current bill, S. 2201, requiring opt-in approval only for sensitive information defined as financial status, medical history, Social Security numbers, ethnicity, religious affiliation, sexual orientation and political party affiliation. Other information is considered non-sensitive data that can be used for marketing research and therefore subject to the opt-out approach. "Hollings got crushed last year because of opt-in," said Chris Hoofnagle, legislative counsel with the Electronic Privacy Information Center (EPIC). Politics aside, the technology exists to make opt-in proposals a reality. Industry standards groups have approved tools that allow Web surfers to automatically compare preset preferences to privacy policies and act on them by agreeing in advance to accept or reject certain actions. Terms of service?
To see the need for reform on this front, one need only consult any number of "terms of service" agreements or privacy policies attached to downloads available on the Web, impenetrably worded documents that are typically ignored by consumers. Only government regulation can ensure the prominence and readability of these crucial documents, which could include the use of desktop icons or other high-profile devices flagging people to their existence. "Consumers need to have more confidence in the Internet," said Andy Davis, a spokesman for Hollings, who has been pushing vigorously for privacy legislation for the past three years and wrote the recently approved Commerce Committee bill. "You're not going to get deep adoption of broadband and e-commerce until consumers have greater trust doing business online." Despite its shortcomings, the Hollings legislation is one of the strongest bills of its kind to date. It carries some powerful weapons for consumers, including the right to see information that companies keep about them and the ability to bring private lawsuits over leaks of sensitive data -- two provisions bitterly opposed by business interests. The provisions will bring a flood of litigation, companies argue. Joe Rubin, a lobbyist for the US Chamber of Commerce, says the law would become "a trial lawyer's right-to-sue act." Nevertheless, as powerhouses such as Microsoft and AOL begin offering technological and entertainment services that are increasingly intertwined with consumers' lives, property and finances, measures designed to strengthen trust are more important than ever. In many ways, technology companies have only themselves to blame for any consumer anger. For years, many of the best-known names in the industry have built business plans that exploit consumers' lack of technical knowledge and their tendencies to glaze over fine print. Who do you trust?
According to an April report from Consumer WebWatch, a Web-ranking group backed by the nonprofit Consumers Union, just 29 percent of people in the United States who use the Internet trust Web sites that sell products or services. Of 1,500 telephone respondents, only one-third said they trust Web sites that provide advice about such purchases or services. That compares with 58 percent who said they trust newspapers and television news and 47 percent who said they trust the federal government. Even if the Senate bill becomes law in its current form, lawmakers will have only begun to address the Internet's problem with public trust, which has become a dwindling commodity for any business sector in the post-Enron corporate world. "It's an age-old question," lawyer Rothken said. "Is notice good enough to do what they're doing?" Rather than broad legal parameters, consumers need regulations that would have an immediate impact on their computers. For example, consumers would benefit if software makers were required to offer tools that could remove technologies as easily as they were installed. Also helpful would be a required desktop icon or some other conspicuous label linked to a central place where consumers could review tasks tied to each application on their machines and manage preferences for them through a master menu. Whether by design or oversight, applications used to collect consumer data, borrow PC resources or perform other functions through downloaded software are often built to run surreptitiously. Standard applications such as word-processing software display splash screens and icons indicating that the software is running, but adware, spyware and distributed-computing programs are far more difficult to find and manage -- if the consumer is aware of their existence at all. Oram, like many Internet pioneers, is wary of government intrusion on the medium. But he acknowledges that anyone who downloads software on the Internet today is vulnerable to the whims of piggybacked technologies and can even find themselves perpetuating offenses they have no control over, creating "the problem of cascading responsibility." "The real-life equivalent to this is something experienced by many of us when we are young and have roommates," he said. "You may trust your roommate, but he or she may invite a friend over, and that friend may make a long-distance call for a couple hours that you find on your phone bill a month later after everybody has moved out." Mike Yamamoto contributed to this report.
Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Privacy News Section.
Have your say instantly, and see what others have said. Go to the ZDNet news forum.
Let the editors know what you think in the Mailroom.
