Privacy on the Internet.Editors' Note: Imagine a world without privacy--where everything you did or said was public knowledge. Imagine what it would be like if anyone who wanted to could review your financial records or your medical history. Sounds pretty scary, doesn't it? You bet. But here's the really scary part: Privacy experts warn that if we're not careful, that world may soon exist--if it doesn't already --on the Internet. One of these experts is Janlori Goldman, deputy director and cofounder co·found tr.v. co·found·ed, co·found·ing, co·founds To establish or found in concert with another or others. co·found of the Center for Democracy and Technology (CDT CDT abbr. Central Daylight Time CDT Central Daylight Time CDT n abbr (US) (= Central Daylight Time) → hora de verano del centro; (BRIT ), a Washington, D.C.-based public interest and advocacy organization dedicated to protecting civil liberties and advancing democratic values for online technologies. Before cofounding the CDT in 1994, Goldman was staff counsel and director of the American Civil Liberty Union's Privacy and Technology Project. In recent years, she has led efforts to strengthen privacy policies related to medical, credit, and financial records. She has frequently testified before Congress on these issues and has served on several advisory boards, including as staff to President Clintons National Information Infrastructure Advisory Council. TRIAL Senior Editor Jean Hellwege recently spoke with Goldman about the threats to privacy posed by new computer technology. In a firm and steady voice, Goldman talked about the lack of privacy protections in online communications; the need to educate the public about how personal information can be gathered and used; and the efforts of the CDT to encourage businesses, legislators, policymakers, and Internet users Internet user n → internauta m/f Internet user Internet n → internaute m/f to work together to resolve the complicated issue of protecting privacy in the online environment. I recently visited the privacy demonstration page on the CDT's Web site [http://www.cdt.org]. I was surprised to see how much information could be learned about me just by my visiting the site--for example, my e-mail address See Internet address. e-mail address - electronic mail address and where I was located. How was your Web site able to get this information? What most people don't know Don't know (DK, DKed) "Don't know the trade." A Street expression used whenever one party lacks knowledge of a trade or receives conflicting instructions from the other party. , and what we're trying to educate the public about, is that the capacity for invading privacy on the Internet is built into the technology. The browser you use, for instance, can automatically disclose to a Web site your e-mail address and the Web site you were visiting previously. Some of this information is gathered for security and systems maintenance purposes, but it's also being used for other reasons, like marketing. And this is being done without people's knowledge and consent. It's this invisible information gathering that is particularly disturbing. People have an illusion of anonymity on the Web, but sometimes the whole purpose for a Web site's existence is to make a profit off information gathered from people who visit. It's a little bit like what some people do with 800 numbers, where phone numbers are automatically disclosed at the receiving end of a call. For example, a person might see an ad that says, "If you have diabetes or know someone who does and you want to learn more, call this 800 number." So, the person calls the number, thinking that it's for a public service organization when what really may be happening is that some pharmaceutical company is collecting information for marketing purposes so it can send mailings or make phone calls to people who have diabetes. The real issue here is education--the public has got to understand how Internet technology can be used to gather private information. And the only way this can happen is if Web sites tell people how much information is being captured, how much is being disclosed, and how it is being used. Then, the public will begin to have some control. For example, an individual might decide not to visit a particular Web site unless it promises not to collect any personal information. I spend a lot of time on the Web, and I don't see many sites doing this. Before we begin to see privacy protections built into the Internet, users have to agree that privacy is an important value and that you shouldn't lose it as a condition of using the Internet. Once people agree on that principle, we can start talking about how to build it into the architecture of the Internet. It is absolutely possible to do it. Remember when there were threats of censorship with the recently enacted Communications Decency Act See CDA. (legal) Communications Decency Act - (CDA) An amendment to the U.S. 1996 Telecommunications Bill that went into effect on 08 February 1996, outraging thousands of Internet users who turned their web pages black in protest. ? The Internet community banded together to develop what is called PICS--the Platform for Internet Content Selection (World-Wide Web) Platform for Internet Content Selection - (PICS) A standard for meta-data associated with World-Wide Web content, originally designed to help parents and teachers control what children access on the Internet, but also used for code signing and privacy. . This allows Internet users to filter out electronic information coming into their homes that they consider undesirable or inappropriate. We want to develop technology that allows people who access the Internet to filter out personal information that goes out onto the Web. So we're building on the PICS (1) (Pantone Internet Color System) The Pantone implementation of the Netscape color palette. See Netscape color palette. (2) (Platform for Internet Content S model, which is to bring together Internet users, the nonprofit sector, content providers, online services, and financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. . We hope to get them to work together to develop technology that will allow computer users to make privacy decisions up front. A lot of people access the Internet through commercial online services like America Online See AOL. rather than directly through an Internet service provider Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. . Is personally identifiable information In information security and privacy, personally identifiable information or personally identifying information (PII) is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person. revealed to Web sites visited via commercial online services? Many online services have developed tools that strip members of personally identifiable information before they go out onto the Web. So, if I am a subscriber to America Online or Microsoft Network See MSN. Microsoft Network - The Microsoft Network and I visit a Web site, personal information about me is stripped before I leave that protected proprietary environment. Does that mean commercial online services are safer to use? Yes. What a Web site would know is that you are a subscriber of a commercial online service. But this is not necessarily the best answer to the privacy dilemma because more and more people are accessing the Web directly through Internet service providers. People use commercial online services for specific reasons, but they also want to have the option of accessing the Web directly. Other than using commercial services, is there anything consumers can do now to protect their privacy when online? There is a wonderful service called "The Anonymizer," available from Community ConneXion, Inc., that works a little like an anonymous remailer An organization that forwards e-mail anonymously stripping out the sender's name and e-mail address. Remailers are used by people that wish to express an opinion to newsgroups or to individuals without fear of excessive responses or retaliation. . To use it, you can go directly to the Anonymizer site [http://www.anonymizer.com] or access it through CDT's privacy demonstration page [http://www.cdt.org]. The site will give you an anonymous identity--a pseudonym--and from there you can then browse the Web anonymously. What concerns you most about the lack of privacy protection on the Internet? There are serious First Amendment consequences to not protecting privacy. People are worried that if they visit certain sites or express themselves in certain ways, judgments will be made about them that could result in negative consequences. For example, somebody who is interested in learning more about HIV HIV (Human Immunodeficiency Virus), either of two closely related retroviruses that invade T-helper lymphocytes and are responsible for AIDS. There are two types of HIV: HIV-1 and HIV-2. HIV-1 is responsible for the vast majority of AIDS in the United States. or AIDS or abortion might want to visit a Web site or engage in an online discussion devoted to those topics. But if that person suspects that personal information about visitors or participants is going to be revealed to others, he or she might be very reluctant to go online. A chilling effect  This article or section may deal primarily with the U.S. and may not present a worldwide view. .
Yes, that's what That's What is one of the more idiosyncratic releases by solo steel-string guitar artist Leo Kottke. It is distinctive in it's jazzy nature and "talking" songs ("Buzzby" and "Husbandry"). we call it. Privacy is a significant value in and of itself, and failure to protect it can erode Erode (ĕrōd`), city (1991 urban agglomeration pop. 361,755), Tamil Nadu state, S India, on the Kaveri River. The city is located in a cotton-growing region, and its industries include cotton ginning and the manufacture of transport equipment. very critical values, such as free expression and free association. Which is what the Internet is supposed to be all about to begin with. Right. Last year, news that LEXIS-NEXIS developed a public record information database called P-TRAK angered thousands of people who then flooded the company with requests that their names be removed from the list. Are these databases common? When most people think about privacy, they think about an individual who is trying to withhold or hide highly sensitive Adj. 1. highly sensitive - readily affected by various agents; "a highly sensitive explosive is easily exploded by a shock"; "a sensitive colloid is readily coagulated" private information--something that is salacious sa·la·cious adj. 1. Appealing to or stimulating sexual desire; lascivious. 2. Lustful; bawdy. [From Latin sal or something the person wants to keep behind closed doors. But P-TRAK didn't reveal information like that. The database contained peoples' names, addresses, phone numbers, and mothers' maiden names maiden name n. A woman's family name before she is married. Used of a surname that is replaced by a woman when she marries. Also called birth name. . I wouldn't say this is public information, but it is easily available. You can find some of that information in the phone book, and many people give out this information freely when they fill out forms. Yet, people on the Internet reacted so strongly when it was revealed that LEXIS-NEXIS was making this information readily available that LEXIS-NEXIS had to change the service and allow people to opt out. So, what is it about this issue that makes people so wild? I think it's a lack of control. People were outraged; they felt violated. I think it's a very powerful example of how deeply privacy concerns run in the public. And P-TRAK is not unique. There are many look-up and directory services available on the Internet that contain the same types of information. A group of U.S. senators recently asked the Federal Trade Commission (FTC FTC See Federal Trade Commission (FTC). ) and the Federal Reserve Board to investigate the risk of fraud posed by databases like P-TRAK and to issue findings and recommendations. Have the agencies issued their recommendations yet? No, but the FTC is involved in an ongoing privacy initiative that will be culminating in a meeting in June. As part of that initiative, the FTC issued a report in January that found that online privacy is a very critical issue, that there are both challenges to and opportunities for privacy on the Internet, and that what we should be focusing on is a user-empowerment model that requires that privacy be built into the policies and technologies of the Internet. How secure are credit card numbers used to purchase items online? Aren't communications like these encrypted en·crypt tr.v. en·crypt·ed, en·crypt·ing, en·crypts 1. To put into code or cipher. 2. Computer Science ? Some communications are encrypted, and some are not. I think there is a lot of naivete na·ive·té or na·ïve·té n. 1. The state or quality of being inexperienced or unsophisticated, especially in being artless, credulous, or uncritical. 2. An artless, credulous, or uncritical statement or act. right now about what communications are secure. More and more fraud is occurring because there is a lack of security with the use of Social Security numbers and credit card numbers online--what they call identity theft. Yet there is a temptation to use the Internet to transfer highly sensitive personal information, such as financial and health data, because tremendous amounts of information can be transferred over it. It is fast, cheap, and easy to use. As a result, people are tempted "Tempted" was the second single released from Squeeze's fourth album, East Side Story. Though it failed to crack the Top 40 in the UK or the U.S., over the years "Tempted" has become one of Squeeze's most well known songs, especially in North America. to use it even though there are no real enforceable privacy protections. A prime example is a law that passed last year as part of the Kennedy-Kassebaum Health Insurance Portability & Accountability Act There are a number of piece of legislation known as the Accountability Act:
Congress was resistant to building in privacy protections at the front end. Instead, the act directs Congress to enact privacy legislation at some later date. But this is not a requirement. If Congress fails to pass privacy legislation, the act directs the secretary of Health and Human Services Noun 1. Secretary of Health and Human Services - the person who holds the secretaryship of the Department of Health and Human Services; "the first Secretary of Health and Human Services was Patricia Roberts Harris who was appointed by Carter" to come up with some regulations to protect medical privacy. Is there currently no federal law protecting medical records on the Internet? There is no federal law protecting medical records on the Internet or in paper form. Many people find this shocking given that we have a very strong law protecting video rental lists. How easy would it be for someone to find out about my health records on the Net? At this point it would be irresponsible for the Internet to be used for the transfer of medical information; however, it is being done. It is not highly publicized pub·li·cize tr.v. pub·li·cized, pub·li·ciz·ing, pub·li·ciz·es To give publicity to. Adj. 1. publicized - made known; especially made widely known publicised because your doctor or hospital or managed care organization or insurance company would not want you to know about it. As I said, the temptation to use the Internet as a way of sharing information is so great that there is a real risk of a security breach. And we're looking at the potential for a real horror story--the disclosure and misuse of thousands and thousands of personal medical records. What about children's privacy? Are special protections needed for children? Protecting children's privacy online is difficult. What we want to avoid is passing legislation that so stringently protects children that adults are denied access to materials or services appropriate for them. The main principles of privacy are notice and consent. But these principles presuppose pre·sup·pose tr.v. pre·sup·posed, pre·sup·pos·ing, pre·sup·pos·es 1. To believe or suppose in advance. 2. To require or involve necessarily as an antecedent condition. See Synonyms at presume. that the person faced with a choice of giving up or protecting their privacy has the capacity to make this decision. Adults have a greater capacity to give up their privacy or to trade it. For example, if you're six or seven years old, it's going to be pretty difficult for you to make an informed decision about whether you want to disclose information in order to be entered into a sweepstakes. Ultimately, parents have to make privacy decisions for their children. But, right now, parents don't know when their children's private information is being captured, reused, and sold. So, once again, we need to figure out a way to inform people about how information is collected and allow them to make privacy decisions at the front end, which can both protect their children and also protect themselves. Has Congress passed any laws designed to protect privacy on the Internet? There have been a number of bills introduced that deal specifically with privacy on the Internet, but they have not moved forward yet. Legislation was introduced last year by Representative Ed Markey Edward John "Ed" Markey (born July 11 1946) has been a Democratic member of the United States House of Representatives since 1976, representing the 7th District of Massachusetts. [D-Mass.], and there is consideration in Senator [Dianne] Feinstein's [D-Cal.] office to introduce legislation to protect Social Security numbers. Senator Patrick Leahy [D-Vt.] and Senator [Robert] Bennett [R-Utah] introduced legislation last year to protect medical records. So, there's been a lot of talk and some action in the privacy area, but we haven't really seen anything move forward with a head of steam. Can we expect Congress to pass protective legislation in the near future? I don't think you can rely on Congress to act quickly to address privacy issues. The CDT has been focused on the FTC's privacy initiative and working with the National Telecommunication and Information Agency, which is part of the Department of Commerce, on privacy issues. We also have been working directly with the public interest community and with industry to develop policies and technologies that will give people real control over their online privacy. If we can get that now, that would be a huge victory. A lot of people argue that the Net can't be regulated and that businesses should be self-regulating with regard to consumer privacy. Do you agree? It will be very difficult to regulate the Internet because it is global and decentralized de·cen·tral·ize v. de·cen·tral·ized, de·cen·tral·iz·ing, de·cen·tral·iz·es v.tr. 1. To distribute the administrative functions or powers of (a central authority) among several local authorities. , and it is very hard to identify Internet users. What is possible is to have some hand in the development of the Internet and make sure that there is a structure built in at the front end that will give people who access the Net the ability to make privacy-related decisions. The key is developing something that is enforceable. Good intentions are one thing, but in the self-regulatory environment, if somebody is hurt by the misuse of personal information, who pays? Who provides a remedy to that harmed individual? Nobody does. Of course, the Internet community may come up with some kind of enforcement mechanism or some way to make privacy protections real, but we have yet to see that happen. Also, it's not clear at this point whether that will be enough, but it is certainly the very best shot we have at getting something immediately. So you see businesses working in tandem Adv. 1. in tandem - one behind the other; "ride tandem on a bicycle built for two"; "riding horses down the path in tandem" tandem with regulators? I think at this stage there is a real role for the executive branch and Congress in the privacy area, but legislating leg·is·late v. leg·is·lat·ed, leg·is·lat·ing, leg·is·lates v.intr. To create or pass laws. v.tr. To create or bring about by or as if by legislation. and regulating are slow, laborious la·bo·ri·ous adj. 1. Marked by or requiring long, hard work: spent many laborious hours on the project. 2. Hard-working; industrious. , and contentious processes. We are working on a whole range of possibilities at this point involving the legislative and executive branches as well as industry. There's litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. as well in the privacy area as it relates to the Internet. We are involved in the lawsuit before the Supreme Court challenging the constitutionality of the Communications Decency Act. It would seem that any law limiting communication on the Net would run into a First Amendment problem. That's right For The Lyle Lovett song, see . This article contains information about a scheduled or expected . It may contain information of a speculative nature and the content could change dramatically as the single release approaches and more information becomes available. . In fact, in the Communications Decency Act case, the U.S. District Court for the Eastern District of Pennsylvania said that the Internet deserves the highest degree of First Amendment protection because it is such a vibrant, decentralized medium. [American Civil Liberties Union American Civil Liberties Union (ACLU), nonpartisan organization devoted to the preservation and extension of the basic rights set forth in the U.S. Constitution. v. Reno, 929 F. Supp. 824 (D. Pa. 1996).] Can consumers derive any benefit from giving up some of their privacy on the Internet? Of course. Privacy is not just about withholding information from others. It is also about making choices to participate in society and give over personal information, knowledgeably and without coercion. It's about being able to say, "I don't want you to know something about me" and also being able to say, "I want to share this information with you." Ideally, people should be able to make that choice without it being tied to a service or benefit. I should be able to get medical care or an insurance benefit or go to a Web site on diabetes or AIDS and not have to give up personal information without my consent. Is there anything that personal injury lawyers can do to help protect their individual and their clients' privacy rights? Privacy is a tough area for personal injury lawyers because it is difficult under our tort law A body of rights, obligations, and remedies that is applied by courts in civil proceedings to provide relief for persons who have suffered harm from the wrongful acts of others. to prove that somebody has been harmed. It's very hard to prove damage to reputation or intentional infliction of emotional distress The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. in cases involving disclosure of personal information. There have been cases brought where somebody's Social Security number or name was used without their permission, but, for the most part, these lawsuits have not been successful. This doesn't mean that lawyers should not keep trying to seek positive developments in the privacy tort area, but I am much more optimistic op·ti·mist n. 1. One who usually expects a favorable outcome. 2. A believer in philosophical optimism. op that we will be able to achieve a better result through federal laws and policies. RELATED ARTICLE: Security problems plague Financial, medical record keepers The guardians of consumers' most private financial and medical records have come under fire in light of recent reports that the online storage and transmission of these records have made it easier for computer-savvy snoops SNOOPS - Craske, 1988. An extension of SCOOPS with meta-objects that can redirect messages to other objects. "SNOOPS: An Object-Oriented language Enhancement Supporting Dynamic Program Reeconfiguration", N. Craske, SIGPLAN Notices 26(10): 53-62 (Oct 1991). to access them. In April, the Social Security Administration pulled a new online service off the Internet after a group of U.S. senators wrote to the agency criticizing it for failing to provide "sufficient protections against violations of individual privacy." The service allowed consumers to access records relating to relating to relate prep → concernant relating to relate prep → bezüglich +gen, mit Bezug auf +acc their earnings and benefits estimates. To get the information, users had to provide identifying information, including their names, Social Security numbers, addresses and mothers' maiden names. Thousands of people called the agency, complaining that this information much of which is available from public sources, could be used by interlopers INTERLOPERS. Persons who interrupt the trade of a company of merchants, by pursuing the same business with them in the same place, without lawful authority. to access the earnings and benefits records of anyone with a Social Security number. In the same month, the Internal Revenue Service fired 23 employees and disciplined hundreds more for using computers to browse through the tax records of acquaintances and celebrities. The disciplinary actions came in the wake of an agency audit that revealed 1,515 cases during fiscal years 1994 and 1995 in which agency staffers peeked into other people's online tax records. ,an earlier review of the agency's records for fiscal 1993 and 1994 revealed more than 1,300 cases of cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. snooping. And in March, a committee of the National Research Council (NRC NRC abbr. 1. National Research Council 2. Nuclear Regulatory Commission Noun 1. NRC - an independent federal agency created in 1974 to license and regulate nuclear power plants ). the principal operating agency of the National Academy of Sciences and the National Academy, of Engineering, released a report decrying the lack of security of electronic medical records. The report warned that the increasing use of computers to store, monitor, and disseminate medical information poses a serious threat to the security of millions of patients' medical records. "Solutions are available to make electronic records even more secure than paper records, including electronic audit trails that can track every access to a medical record, backed by tough penalties for violators of privacy," said committee chairman Paul D. Clayton, a medical information expert at New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of City's Columbia Presbyterian Medical Center. "But today there are no strong incentives to safeguard patient information because patients, industry groups. and government regulators aren't demanding protection." To address these concerns, the committee Recommended: * a government-industry push to develop and update industry standards for protecting health records; * the establishment of an organization to share information about computer threats and best practices in the health care community; * a government-industry effort to promote national debate on privacy, issues raise consumer awareness, and designate a federal "privacy ombudsman ombudsman (äm`bədzmən) [Swed.,=agent or representative], public official appointed to deal with individual complaints against government acts. " for consumers; and * the adoption of fair information practices similar to those in the federal Privacy Act of 1974. Revelations like the lack of security in electronic transmission may prompt legislators to impose tougher regulations and penalties. But such action is likely to require intense pressure from consumers. And, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the NRC report, the general public still seems fairly oblivious to the threat. Copies of the NRC report. "For the Record: Protecting Electronic Health Information." are available from the National Academy Press, 2101 Constitution Ave., N.W., Washington. DC 20418; (202) 334-3313: (800) 624-6242. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion