Big Brother Is Watching . . . What You Buy
By Lisa Dempster
In his nightmarish novel 1984, George Orwell envisioned a future in which the merest hint of privacy would be treason and protagonist Winston Smith would be cowed into embracing truth in his telescreen. The year in question came and went, but could Orwell's bad dream become our reality two decades later? What kind of privacy protection will we be able to expect from the Internet in 2004? Picture this: Retinal scans, fingerprint readers built into your mouse and voice recognition software able to nail your identity down to the roots of your genetic code. Great for keeping your identity a secret from advertising piranhas, but do you really want your bank or online health-care provider to store such intimate information?
Unlike Orwell's dour Smith, who struggled to conceal his thoughts and feelings from Big Brother, privacy advocates predict our biggest concern in four years' time will be camouflaging ourselves from corporate behemoths devoted to discovering our every purchasing peccadillo - and pandering to it.
"Over the next four years we're going to see an exponential increase in the amount of personally identifiable information," says Alex Fowler, an online rights expert who recently became senior director of policy and advocacy at Zero-Knowledge Systems. "We're going to see a lot of the debate about privacy driven by who has access to that information . . . and what kind of consent or rules we're going to have to create to protect those different aspects of our identity."
The commodification of a Web user's personal and shopping habits is becoming a fact of life in this brave new millennium. Fowler says companies in the U.S. are already experimenting with the idea that personal information has value as a currency. In other words, you pay for goods and services with bits of your identity.
The Federal Trade Commission recently endorsed a proposal put forward by the Network Advertising Initiative, a group representing major Internet advertising companies, to allow advertisers to voluntarily self-regulate how they gather information from Web users and set up customer profiles.
Will you trust them?
The plan sets out industry standards, such as allowing consumers to opt out of the collection of anonymous data for profiling. NAI companies, which currently comprise about 90 percent of the industry, also promise to give consumers "reasonable access" to personally identifiable information collected about them and make "reasonable efforts" to protect the data they collect.
The FTC vows to continue pressing Congress for laws to ensure commercial Web sites follow these guidelines. Laws covering children, financial privacy and health information already exist or are pending, but "we may be a long way away from seeing any legislation" concerning online consumer profiling, says Dana Rosenfeld, assistant director at the FTC's Bureau of Consumer Protection.
Jonathan Zittrain, faculty co-director at the Berkman Center for Internet and Society at Harvard Law School (http://cyber.law.harvard.edu), is skeptical of industry self-regulation.
Imagine self-regulation for intellectual property - i.e., people promise not to copy files or download music from Napster. "I don't think the publishers would accept that," Zittrain says, "and I'm not sure why consumers should be much more accepting of a commitment by the commercial world to self-regulation."
Internet seers, including computer futurist Tom Keenan, believe that by 2004 privacy may be routinely bartered for convenience.
You may find yourself trading data about your personal health in exchange for a special fitness club membership. Or as Keenan envisages, you could be walking past a Starbucks coffee outlet that "reads" your location through your cell phone or Palm device and invites you into the store for a discounted brew.
"Some people will regard that as a huge invasion of their privacy. Others will say, 'Great, I'll take the half-price frappaccino,' " says Keenan, dean of continuing education at the University of Calgary. "We have to believe there's a good chance that anonymity is going to fade away, except for people who really want to pursue it," he says. "The average person is going to be identified."
Privacy guru Phil Zimmermann, on a business trip in Russia, is yakking on his mobile phone about the future of online security when he hears something that troubles him. In the middle of the interview, he pauses.
"Do you hear that? Why is there a beeping sound?" he demands. "Oh. It's the call waiting. Just a sec."
You can't blame Zimmermann for having extra-sensitive antennae when it comes to the security of his communications. He was the target of an aborted three-year government investigation for possibly violating export laws after he released his Pretty Good Privacy e-mail encryption program as freeware in 1991.
Now a Senior Fellow at Network Associates Inc., Zimmermann believes Internet privacy concerns will skyrocket over the next four years and beyond.
"I think that the next decade will see privacy as something analogous to the environmental movement," he declares. "In the old days, we used to be mainly concerned with privacy from government - from government wiretapping and surveillance. But in recent years, we've seen a growing threat of privacy invasions from private industry."
Recent high-profile privacy cases, including the affair in which the Federal Bureau of Investigation set up a surveillance mechanism at an Internet service provider (ISP) to scan incoming and outgoing e-mails as part of a felony investigation, could be the harbingers of a new predatory electronic reality.
Zimmermann is rather pleased that the government dubbed its tool "Carnivore."
"It sort of makes it sound sinister, which it is," he says.
Another milestone case is that of DoubleClick, a New York-based company that electronically inserts advertisements on about 1,500 Web sites on behalf of online advertisers.
DoubleClick has been accused of building virtual dossiers on consumers' buying habits and identities by implanting "cookies," electronic files, on users' hard drives. The company belongs to the NAI and has agreed to self-regulation, along with Net advertising giants 24/7 Media, AdForce, AdKnowledge, Engage Technologies, MatchLogic, NetGravity and Real Media.
Amid the blizzard of controversy over compromised cookies, consumer profiling and data tracking, is there any chance the average Web surfer's plaintive cries for privacy will be heard?
"All the polls reveal overwhelming public support for stronger privacy protection on the Internet. That can't be ignored for very much longer," says Sarah Andrews, policy analyst at the Electronic Privacy Information Center, a public interest research center in Washington, D.C.
While many believe privacy is a fundamental human right, the current Internet security debate is being framed as an economic issue, rather than a civil rights issue, Andrews says.
Meanwhile, online privacy program providers are stepping up to bat in the absence of meaningful legislation.
Lance Cottrell, founder and president of Anonymizer.com, a San Diego company that helped pioneer online privacy services, predicts that attempts to build more detailed profiles of consumers' buying patterns will only increase. But we will be better armed in 2004, he believes, because privacy technology will be seamlessly integrated into almost all Internet interfaces, bundled with either the computer or the ISP service.
Technological solutions, not legislation or industry self-regulation, will come to dominate in four years, Cottrell predicts, because "it does not require the cooperation that self-regulation does, nor the enforcement issues that legislative solutions require."
Cottrell feels that the explosion of the Internet as a consumer tool has been accompanied by a certain loss of innocence. He recalls a cartoon depicting a dog surfing the Net, captioned: "No one knows you're a dog."
"That was once a bold new frontier," Cottrell sighs. "You could be private; you could be anything you want. You could reinvent yourself."
But now, Cottrell says: "They know what breed you are. They know your favorite kind of dog food. They know whether you have a problem with fleas this summer."
At the end of Orwell's epic 1984, Smith stops struggling and comes to know that privacy is unattainable, even undesirable. He simply loves Big Brother.
But today's privacy advocates are warning us that the battle must continue - and must be won.
"It's important that people not take a fatalistic attitude and feel that there's no point in trying to stop the erosion of privacy," Zimmermann says. "We can do things to reduce the erosion of privacy. We can do legislative things; we can make good choices in the deployment of our technology. I think we all have to try and, if we do, we can make society better."