White House's Consumer Privacy Bill of Rights is misleading, doesn't solve the real problem

White House's Consumer Privacy Bill of Rights is misleading, doesn't solve the real problem

Summary: We're still subject to unreasonable and unsafe demands by those we need to do business with, study with, or get care from.


Any time the government of the United States does anything with the intent of protecting privacy, it's worth applauding. Unfortunately, sometimes those moves seem more like public relations ploys than actual solutions.

This may be the case with the newly announced Consumer Privacy Bill of Rights.

In spirit, the idea is to give consumers the right to decide whether or not browsing activity should be tracked, how data is retained from advertising networks, and other basic Internet privacy activities. The actual guidelines for the Consumer Privacy Bill or Rights are quite broad, as CNET's Elinor Mills reports.

The problem is this approach completely misses the privacy violations perpetrated against Americans by the authorities they trust.

Back in 2009, I wrote an article for FrontLine Security Magazine entitled, "Is Your Doctor, School or Government Putting You At Risk for ID Theft?" In it, I described how schools would often demand an identity-theft kit worth of information from their students, how doctors offices required an excessive supply of personally identifying information, and even how government agencies would publish personal information online.

None of these privacy transgressions (and the dozens of others we all encounter as part of our functioning in modern society) are addressed in the Consumer Privacy Bill of Rights. We're still subject to unreasonable and unsafe demands by those we need to do business with, study with, or get care from.

I'm glad to see a small step taken by this government to address privacy issues, but I have to be honest. I'm far less concerned if Google knows I went to yet another muscle car web site than I am that my doctor's office insists on keeping copies of my drivers' license in a manila folder along with an image of my credit card, my social security number, my home address, my various phone numbers, and my health records.

I call on the government and, specifically, the White House to expand this so-called "bill of rights" to protections that really matter. After all, the FTC tells us (PDF) that there are millions of identity theft and fraud complaints each year. This is where we need to be putting our attention.

Topics: Government US, Government, Security


David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • What rights? There all rapidly being voted away.

    Just a facade. I didn't know labeling its citizens terrorist if we pay with cash and buy peroxide was being called "Protecting" us. That's as comforting as it feels when you get pulled over for speeding and 8 cops have to show up for the 1 to write you a ticket. Like you just robbed a bank and killed 20 people.
    I guess I could sleep better at night knowing my government is allowed to warrantlessly tap my phone, internet, place tracking devices on my car and categorize me as a terrorist if I pay with cash or need some peroxide for something. Does this mean that my country can hold me in a cell for the rest of my life because I pay with everything in cash? Right now it does.
  • A government of the people, by the people ...

    would, by default, have an opt-in policy for privacy-related matters. People should have to opt-in for on-line activities such as tracking and personal data collection.

    The fact that an opt-out policy is used almost universally clearly shows that this is a government of the corporations, by the corporations. Individual Americans are consumers, not citizens.
    Rabid Howler Monkey
    • We're all bozos

      The reason you're a "consumer" and not a "citizen" is that you act like one. Here you are expecting Big Mommy to protect you from the big bad corporations instead of saying "no" when your doctor's office wants your Social Security number. Once you start that, Big Mommy gets to watch to see if you pay cash for peroxide, or buy Sudifed, or declare you an Enemy Combatant and lock you up for life without a trial. All your fellow consumers voted for that stuff, so that Big Mommy would protect them, too.
      Robert Hahn
      • RE: We're all bozos

        There's some truth to what you say, but it's not the whole story by a long shot.

        Case-in-point, the U.S. National Do Not Call Registry exists to protect consumers from telemarketers. Consumers must explicitly request that their phone numbers be placed into the Registry. It's opt-out and has been from the very beginning. The federal legislation underpinning the Registry includes:

        o Telephone Consumer Protection Act of 1991
        o Do-Not-Call Implementation Act of 2003
        o Do-Not-Call Improvement Act of 2007

        Why isn't the Registry a list of consumers that [i]want[/i] to receive telemarketing calls? [i]This[/i] is what opt-in looks like. Big Mommy? I don't think so.
        Rabid Howler Monkey
  • Really, Sometimes?

    You wrote
    "Any time the government of the United States does anything with the intent of protecting privacy, it???s worth applauding. Unfortunately, sometimes those moves seem more like public relations ploys than actual solutions."
  • The bill is nothing but feeding hot air to the ignorant and uneducated

    It is an election year .... they need to blow some hot air to capture the votes from the lowest denominator.
  • doctors electronic medical records

    A recent AAFP related publication suggested that patients credit card information be on their chart, and that patients who refuse to give a credit card for an unknown amount of co pay for their bill be told they won't be seen.

  • Sorry, you miss the point

    No question that an effective way to protect ID and personal data, limit their gathering, regulate their propagation and holds the gatherer liable for correctness as well as adequate handling and protection is a sorry deficiancy in US and should have been corrected for long. But that doesn't make the objectives of this consumer bill of rights less important anyway. Especially when you have no written contract with someone which is the regular case in onlime business you have a real hard way to protect your privacy even when you suffer material damage in addition to the regular annoyances.
    But there also is a real problem with this bill of rights that you didn't mention: It is the number of occurences of the word 'should' in the text: 19 times in 7 paragraphs! That's what you get when influential groups have taken care that you don't really want to change anything really and this will not change anything in reality. Or does anyone think it will cause someone to put some multibillion dollars worth opportunities at risk because someone wrote he should not do it?
  • Privacy

    It's hard to take the government seriously when it comes to protecting your privacy. Because of government prodding, we periodically receive privacy statements from our doctors and financial institutions. In the meantime, our government has no problem wiretapping our telephone conversations, requesting our online records as they demand them, searching our homes with or without warrants, stopping us at vehicle checkpoints, feeling us up at airport terminals, and empowering our employers to make us pee on demand. Government is the greatest violator of our privacy, so why would I ever entrust the government to preserve it?
    sissy sue
  • Impossible goal

    The internet virtually lives on advertising. Web visitors are commodities. There are so many ad agencies tracking us, Collusion (the Firefox add-on) gives only a hint: big business. I can't imagine how legislators would define in technical (much less, "legal") terms what would constitute a specific violation of a citizen's right privacy. And I can't imagine how they'd punish a violation: would it be a fine payable to the government? Jail time (and for whom: executives, programmers, office secretaries who abet...)? How would there be a discouragement strong enough to prevent violation?