That old riddle captures the paradox of Internet privacy. People view personal information as “theirs,” yet they realize others must know that information to deal with them. With the Internet, the problem is who should know what and when.
Today, a legislative push for federal privacy regulation is mounting. Much of the business community, including Hewlett-Packard, Intel and eBay, endorses legislation to require prominent notice of a Web site’s privacy policy and a check box to opt out of information collection. President Bush has embraced such “notice and consent” policies.
But special policies for the Internet and not the off-line world (like supermarket discount card programs) are discriminatory and unfair. Moreover, any federal bill pre-empting states from setting their own policies will be contested. Most important, Congress’ exploitation of fears of an Internet “eye in the sky” to gain new regulatory powers hurts consumers and e‑commerce. Businesses don’t seek information because they want to harm people. While sometimes irritating, they just want to sell stuff. Many people enjoy and are amazed that Amazon.com can anticipate the next book they may want to buy.
The notice and choice allegedly sought in privacy legislation exists now. Most Web sites feature privacy policies — and those that don’t should be avoided. Users can set their Web browser to reject information gathering (by turning off so-called “cookies”). Barring that, free software tools that warn when information is being collected can further empower consumers. For anonymous surfing, the market provides tools from Anonymizer to Zero Knowledge. The notion of “privacy” encompasses varying relationships between consumers and businesses. There is no one level of privacy appropriate for all that can be configured in legislation. And an individual may want to present different faces in the online world.
Government’s role is not to dictate the terms of privacy contracts, but to enforce privacy contracts — as when it halted Toysmart’s sale of consumer data in violation of its stated privacy policy. Where sites post privacy policies, the data consumers make available will have been granted conditionally. As lawyer-author Jonathan Bick told GigaLaw, “[B]ad privacy agreements are deceptive trade practices.”
The forgotten good side of the Internet’s information customization is the improved relevance of offers and advertisements — fewer pitches are “junk.” However annoying, advertisements are welcome when offering something you need.
Information customization benefits individuals and society as a whole by lowering the costs of services like credit and insurance, and boosting their availability. The family that had to settle for a secured credit card may benefit from probability tables that find them a good credit risk because of job history or other facts. Information sharing expands options and gives people second chances. A reputation that could exclude an individual from service in one setting may be irrelevant in another, or when viewed in context with other Internet-gleaned facts.
Information also expands Internet access itself. While some pay monthly access fees, others who don’t mind supplying information and suffering through a few banner ads can have free Internet access.
As businesses respond to consumer preferences, more stringent privacy protections will emerge when desired. Sites will develop policies knowing that ever-more-efficient browser cops will report to surfers on the level of security. Mistakes will be made. But restrictive policies can hinder evolving privacy technologies before they mature, weakening consumers against malicious spies and hackers who take advantage of a false sense of security.
And let’s not forget that those same governments allegedly eager to protect privacy can be the leading offenders. It was they who mandated the creation and distribution of the most sensitive information in the first place, such as driver’s license and Social Security numbers. Nothing can rival the Internal Revenue Service and a proposed Internet tax collection scheme in terms of invasion of privacy.
The distinction between information disclosure forced by governments and Web commerce is critical, so any law limiting information collection should target government first.
In the final analysis, restrictions on information collection have overwhelming free speech ramifications. As UCLA law professor Eugene Volokh has noted, we know things about any individual we run across. We may write down what we know or tell others. There are no rights to stop people from talking about you, he says, just as we talk about others — and about the companies we deal with.
Policymakers should “opt out” of privacy legislation and avoid damage to e‑commerce, consumers and the First Amendment.