Privacy vs. profits

It doesn't have to be a trade-off. New technologies let you earn customers' trust—and their business.
Written by Bob Tedeschi, Contributor

Say one thing, do another.

Since the birth of the Web, there's been a chasm separating consumers' stated feelings about online privacy and how they act with a mouse in their hand. Eighty-six percent of Internet users worry about online privacy, according to the Pew Internet & American Life Project. Meanwhile, nearly 50 percent say they'll give out personal information in exchange for the chance to win a sweepstakes, reports Jupiter Media Metrix.

Says Paul Saffo, director of the Institute for the Future, a Silicon Valley–based research firm, "Americans talk about privacy, but they'll spill their guts for a package of trinkets."

Or will they? While there is a disparity between what many online users say and do when their privacy is at stake, another subset of consumers is more steeled: Of those who are connected but do not transact online—which is over half of all Internet users—58 percent say it's because they fear their information will be stolen or misused, according to Jupiter.

Billions of dollars in e-commerce revenue is being left on the table because businesses have not done enough to quell consumers' fears about privacy. Bandwidth, the wireless Web, and convergence aside: Build the Net with more privacy options and the dollars will come.

That effort is under way. Technologies are emerging that will serve consumers, either through tighter privacy controls on the corporate front or innovative tools that will live on consumers' desktops. In the short term, there may still be some major privacy meltdowns. But in the long, dark tunnel separating consumers from a more private Internet environment, there is finally some light.

Privacy Push

The first incarnation of the Internet was built with virtually no thought to privacy. Web sites weren't crafted with confidentiality in mind, and corporations had little concern for the issue when setting up their internal databases. Only after high-profile privacy flame-outs involving Microsoft, RealNetworks, and DoubleClick in 1999 and 2000 did companies realize that they had to retrofit their operations to reach privacy-conscious customers.

The retrofit is proceeding at a snail's pace in most industries, simply because in an era of economic uncertainty, executives are loath to invest in technologies that have, at best, a tenuous connection to profits. But thanks in part to Congress, things are picking up.

Some industries have been forced to address privacy concerns—first through the privacy standards within the Health Insurance Portability and Accountability Act of 1996, implemented earlier this year by President Bush, and also through the privacy provisions in the Graham-Leach-Bliley Act (GLBA) of 1999, enforced in earnest starting this year. Those regulations have forced banks, health care providers, and investment firms to keep a much tighter lock on personal information.

The key is privacy rights management technology, a life raft for companies like Zero-Knowledge Systems that slogged their way through the Internet's early years trying to sell privacy-related software directly to consumers.

Not that the consumer category is standing still. In fact, among the technologies most often cited by privacy advocates and analysts as the most important, a consumer-focused piece of software called P3P, created by Microsoft, ranks highest.

Shorthand for Platform for Privacy Preferences, P3P was built into version 6 of Internet Explorer, allowing consumers to match their privacy preferences with the sites they visit. If the browser arrives at a Web site with a privacy policy that is lacking or nonexistent, a warning appears and the consumer can hightail it somewhere else. Richard Smith, CTO of the nonprofit Privacy Foundation, and others complain that the default privacy settings are too lax, and that consumers can't set strict enough preferences. Microsoft officials say they are working on improvements.

For now, though, "Microsoft is at least putting the plumbing in the browser to let you do good cookie control," Smith says. "That's a step in the right direction."

Smith's organization is also innovating on this front. Earlier this year, the group created Bugnosis Web Bug Detector, a free download that allows surfers to see who's tracking them with so-called Web bugs, tiny graphics or HTML strings that can be used to monitor site visitors or transfer information about them to third parties.

Meanwhile, so-called anonymizing products and services, like those offered by Zero-Knowledge and Safe Web (see "Privacy Secret Weapons," page 59), continue to win fans.

Shake Hands with Microsoft

Still, the fact remains that most Internet users "don't want to lift a finger to protect their privacy," says Christopher Kelley, an analyst with Forrester Research. The alternative, then, is to trust Web sites to comply with their own privacy policies. But companies have a steep hill to climb. Only about half of online Americans "trust valuable personal information to Web companies that require it," according to the Pew Internet & American Life Project. And Statistical Research found that 67 percent of active Internet users tend to abandon sites that request personal information.

These statistics vex Internet companies enough. But for companies like Microsoft, which have much more comprehensive plans involving the Web and personal information, such sentiments loom like storm clouds.

Through a service code-named HailStorm within its .Net initiative, Microsoft hopes to become the trusted repository of a laundry list of personal information, which could conceivably include bank account and credit card numbers, cell phone numbers, and, via calendar software, a person's physical whereabouts. The service should roll out sometime next spring, according to Ruthann Lorentzen, general manager of .Net services marketing and business development.

The idea is to streamline everyday transactions by linking together information about consumers. For example, Lorentzen says, the service could make receiving goods bought online or via mail order much more convenient. If shippers like UPS and FedEx HailStorm-enable their sites, customers can keep much closer tabs on deliveries—and even decide when and where to receive packages.

"It could be a Tuesday, and I get on my cell phone, and I get an alert that says the package to be delivered on Friday requires a signature, OK or not?" says Lorentzen. "I say, 'Not OK.' They say, 'It looks like you'll be home on Saturday. Would you like us to deliver between 9 and 4?' They've gotten my permission to get to my information that will tell them how I want to get notified. They can look at my free time on my calendar, but that's all they can look at. They can also see my payment preferences, by virtue of my wallet."

For some privacy advocates, the idea of trusting Microsoft with such information is suspect. "This is not a company that anybody in their right mind would trust with their home telephone number," says Jason Catlett, president of Junkbusters, an online-privacy advocacy firm. (For its part, Microsoft says it's working to earn consumers' trust.)

Safe from Prying Eyes

Even the less strident members of the online populace have reservations about any company holding such details. Jupiter Media Metrix asked Internet users how they would feel about having a Web site keep their personal information in one place, to send to companies at their request. A mere 4 percent say they'd be in favor of such an arrangement.

But new technology could help mitigate the suspicion consumers feel when asked to provide a Social Security number, bank account info, or household income online.

Some of the more aggressive trust-seekers, like E-Loan and Microsoft's Expedia.com, have exposed themselves to ongoing privacy audits by PricewaterhouseCoopers, which then confers a seal to the site, certifying that the site's systems—and, perhaps more importantly, its employees—comply with stated privacy policies. In the case of E-Loan, this effort cost $250,000 in initial fees and staff time, plus an additional $30,000 for each quarterly audit.

But even those audits are coming under scrutiny. "Right now, you might blissfully assume the auditors know what they're doing, yet in the end there isn't technology to be certain of it," says Stuart I. Feldman, director of the IBM Institute for Advanced Commerce, part of IBM's research division. "A company could have 100 million lines of legacy code in its systems, and who knows where the privacy violations might be buried in it?"

Feldman says IBM is developing technologies that would allow companies to certify other software as privacy friendly, so companies and consumers would have greater confidence that an auditor's seal is worth the pixels it's written in.

Chris Larsen, E-Loan's chairman and CEO, says that Feldman's assessment of privacy audits is "right in some regards. But what we're really doing is combing through the organization, which in some ways is more important. Most privacy breaches happen because there's a disconnect between business development, operations, and engineering. For any company with over 20 people, there's a high likelihood those people don't know what the others are doing in every instance."

But given that even professional audits provide only a snapshot of a company's performance, and are themselves subject to human error, technology companies have been scrambling to automate the process.

Among the newest tricks of the trade is to let loose a software watchdog on the site itself—to ensure, for instance, that every page that asks for personal information is encrypted, with links to the site's privacy policy, and that it asks only for information that conforms to that policy.

One such solution, called WebCPO, comes courtesy of a partnership between PricewaterhouseCoopers and Watchfire, an e-commerce optimization software developer. Double Click is one of a handful of companies that were at press time considering using WebCPO, launched this spring.

Earning Customers' Trust

Yet this approach, while innovative, addresses only a small part of the problem, says Nuala O'Connor, DoubleClick's former chief privacy officer for e-mail and emerging technologies. Which is why DoubleClick, E-Loan, and a long list of financial and health-care organizations are looking to companies like Privacy Right, Zero-Knowledge, and Acxiom to put a cap on privacy leaks within the company before they happen, using privacy rights management, or PRM, software.

According to Larry Ponemon, former president of Guardent, a Massachusetts-based privacy consulting firm, and a former partner and founder of PricewaterhouseCoopers' privacy practice, PRM "is where a lot of the most important privacy work is happening right now."

Ponemon, who sits on PrivacyRight's board, might be considered biased except that many executives and privacy experts echo his opinion. PrivacyRight is one of the few PRM providers with an actual product on the market, and, its executives say, companies that are actually using the technology (although none agreed to be named in this story).

PrivacyRight TrustFilter, with prices starting at $100,000 plus the standard 20 percent annual maintenance fee, allows businesses to write rules for how personal information can flow inside and outside the firm. For example, a big financial company looking to comply with the Graham-Leach-Bliley Act must keep track of tens of millions of customer accounts, often held in various databases depending on customers' physical location or which financial products they use.

Because GLBA requires financial firms to respect clients' wishes regarding the sharing of personal information, a single employee slip-up that sends a customer's data to the wrong place—say, an unscrupulous marketer of second mortgages who spams customers, resells their information, and allows identity thieves to surf its servers—can lead to severe punishment. The resulting lawsuits, most likely brought by state attorneys general or plaintiffs' class-action attorneys, could sap months or years of work from a corporation's legal department, tarnish a company's brand, and potentially expose it to millions of dollars in fines or damages.

Further complicating matters is the fact that under GLBA, individual states can overwrite a company's privacy policy with their own set of more stringent rules. With TrustFilter and similar programs, the software sits between the company's databases and whatever applications request information from them; it then screens each request to make sure it complies with the company's privacy policy, the customer's preferences, and state and federal laws.

"Technologies like this could be a key answer here," says Larsen of E-Loan, who says he is looking for a solution to put in place at his company.

Microsoft executives say they, too, are watching these technologies closely—and developing their own solutions. Richard Purcell, Microsoft's director of corporate privacy, knows the success of .Net hinges on earning consumers' trust, which in turn hinges on demonstrating "the same kind of assurances that you get when you're in a bank, with the vault, the concrete walls.

"We understand the need for the machines to be monitoring other machines, so computers have audit processes—constant, vigilant procedures to detect a breach, that they invoke against their machine brothers," Purcell says. "We call it robo-audit."

How long will it take? "We really don't know right now," he says. "Our hair's on fire around all these issues."

Bob Tedeschi writes the weekly e-commerce column for The New York Times.

What's Next?

U.S. research labs are trying to make online privacy bulletproof.

Privacy is high on everyone's agenda—including the nation's leading technology research labs. At Xerox's Palo Alto Research Center, researchers are devising technology to power services like a fee-based medical Web site where you could stealthily search for information on a rare (or embarrassing) disease. The service would encrypt that query and hide it among hundreds of thousands of others. Since only your PC holds the key to decrypting your query and the reply the service spits back, your request is never linked to you by name.

The barrier to offering such a service today, says Xerox PARC principal scientist Teresa Lunt, is the cost and speed of cryptographic technology. The software is too slow to handle the massive amounts of data-scrambling necessary. Hardware is much faster, but a single cryptographic accelerator board still costs $2,500. Given the increasing demand for privacy technologies, though, Lunt predicts those costs will plummet in the next five years.

Researchers at R&D outfit SRI International, Princeton University, and elsewhere are creating products that let consumers select various levels of anonymity, as well as developing tools that help companies detect security holes before hackers—or eager marketers—can find them.

Privacy Secret Weapons


Acxiom AbiliTec
Includes controls for complying with the privacy rules in the Graham-Leach-Bliley Act. Pricing starts at $50,000 and can run into the millions.

Watchfire WebCPO
Prices start at $15,000. Monitors how you handle data internally and issues alerts when it's not done right.

PrivacyRight TrustFilter
Keeps close tabs on who sees all customer information within your company, even on multiple databases. Pricing starts at $100,000.


Microsoft P3P
Technology embedded in Internet Explorer 6 that lets Internet users control what sites they view based on how good the sites are at complying with their own privacy policies.

Bugnosis Web Bug Detector
Free downloadable applet from the Privacy Foundation blocks so-called Web bugs, which many sites use to track Internet activity.

Zero-Knowledge Systems Freedom
This $39.95 privacy suite hides your activities on the Web, protects against hackers, and filters online ads.

Free service lets you browse the Web undetected. When a cookie crumbles onscreen, you can click it to see which company's tracking you.

Defend Your Brand

More than half of the companies in a recent Zona Research survey say protecting their brand is a key reason to handle customers' personal information with care. Most eyebrow-raising, though, is that medium to large outfits comprise the group of companies least concerned about how lax privacy protection might adversely affect their brands.

Editorial standards