What’s new is old again

I find it incredible that after a whole generation, we are still facing the exact same personal privacy concerns on the internet.  With the recent Facebook blow-up regarding Cambridge Analytica, one would be lead to believe that there is now some concern about what these companies do with our data… but this comes crashing down as now, many weeks later, reports are showing that everyone is just “meh”, and usage on FB actually went up!  At least now with GDPR Day tomorrow (May 25, 2018), many companies are reviewing their policies and making privacy settings a little easier to understand.

So, what’s the new ‘old’?  A nice article from 1996 that surfaced recently.  Here’s the live link, but also a copy of the article text.  (I do remember very well the issue back then with PGP and encryption and government export controls, because I’m old, lol)

https://www.wsj.com/public/current/articles/SB848585925823144000.htm

On-Line Privacy Fears Draw Upon Fantasy As Well As Fact
By DAVID A. HARVEY
Special to THE WALL STREET JOURNAL INTERACTIVE

How important is privacy to the on-line community? Just ask Lexis-Nexis Corp.

In June, the Dayton, Ohio, company, a unit of Reed-Elsevier PLC, found itself the target of Net users’ fury as e-mails flew across cyberspace charging that the company was offering on-line access to people’s Social Security numbers, credit and medical histories, and mother’s maiden names through P-TRAK, a personal locator service marketed to the legal community for use in tracking down litigants.

“Word about P-TRAK spread quickly across the Net,” says Sara Fitzgerald, spokeswoman for Interactive Services Association, a Silver Spring, Md., trade association that serves the on-line industry. “I think there is a concern about large databases posted where people can have access, and that provide data to a wide number of people.”

The anger flooded into Lexis in the form of phone calls, letters, faxes, and e-mails late this summer. But largely lost amid the fury in cyberspace was the fact that most of the anger was based on misinformation. Lexis had removed Social Security numbers from the database in June, just 11 days after the system was set up, and P-TRAK contained no information that wasn’t publicly available. The information it did offer was nothing unusual — it amounted to what’s known in the industry as a credit-header report and contains, according to Lexis spokesperson John Hourigan, names, current and two previous addresses, sometimes the months and years of birth, and telephone numbers. The system does allow users to enter a Social Security number and find out whom it belongs to, however.

Those facts didn’t prevent Lexis from having to fend off on-line users’ fury, however, or from trying to control the damage by setting up mechanisms allowing people to have themselves delisted.

P-TRAK may have served as a rallying cry for on-line users worried about their privacy in a wired age, but it was far from the only event to arouse such concerns in 1996. Arguments continued over the use of technologies such as “cookies” that collect marketing information as people browse the Web. Junk e-mail drew users’ wrath and on-line services’ legal action as both fought to keep mailboxes clear of unwanted solicitations. The White House continued to fight the spread of strong encryption technologies for the Internet, backing a built-in “key” for law enforcement and other authorized bodies. And on the international front, on-line users’ concerns led to the passage of Internet-privacy legislation in several countries.

But as the P-TRAK incident demonstrated all too clearly, many on-line users remain ill-informed about exactly what personal information is available on the Internet, and attach greater significance to the fact that such data is available on-line than they do to the fact that it resides on the mainframes of numerous data-collection entities — from publishers to credit-card companies.

Marc Rotenberg of Washington, D.C.’s Electronic Privacy Information Clearinghouse notes that concerns about Internet privacy are “near the top of the list” of consumers’ privacy hot spots. But such concerns aren’t always based on facts.

A 1996 study of Internet users conducted by Atlanta-based Georgia Institute of Technology’s Graphics, Visualization and Usability Workshop found respondents strongly agreed they should be able to visit sites on the Internet anonymously and that they should have complete control over the dispersal of their personal information.

But the GVU respondents held erroneous beliefs about what information could be collected when they visited a Web page. While the majority of respondents believed — correctly — that the name of a page, the time of viewing, the name of the machine, browser and operating system were loggable, a slightly smaller majority believed, wrongly, that the user’s e-mail address was also loggable.

Bulk E-Mail Battles

As more users take to cyberspace, it seems like more bulk e-mail is generated, leaving on-line service providers struggling with consumer complaints about full in-boxes. Many users equate junk e-mail with an invasion of privacy — even though many of those same users don’t raise an eyebrow when they find their snail-mail boxes jammed with paper every day.

The junk-mail battles came to a head in September, when America Online Inc., citing consumer complaints, began blocking unsolicited e-mail from five major bulk-mail operators on the Internet. That prompted a nasty court fight; AOL won a key battle last month when a federal judge ruled that Philadelphia’s Cyber Promotions Inc. had no First Amendment right to ply AOL customers with unsolicited e-mail. CompuServe Inc. and Concentric Inc. have also won injunctions against the company.

[Go]Is the rise of the on-line world undermining our privacy? What makes you say so? What could the effects of such a development be on our society — and what should we do about it?

Mass e-mailings, known as “spam” in Net parlance, are by no means unique to AOL. Anyone with a bit of savvy can scan Usenet Newsgroups, download e-mail addresses and send out marketing ploys to the world. But on-line service providers haven’t turned only to the courts to stop such techniques.

“I think one of the things that has been interesting is that the market is working by itself to respond,” Ms. Fitzgerald says. “I know that many of the on-line service providers are moving to take action against the worst of the spammers, as are the independent-service providers when they get complaints against large-scale marketers.”

Such responses have typically taken the form of e-mail filters or features that allow a service’s subscribers to block e-mail messages from specific Internet addresses.

The Clipper Controversy

The battle over encryption technology also continued in 1996, as the White House pressed its efforts to limit the dissemination of strong encryption tools.

The Clinton administration has largely ignored individual users. Federal prosecutors in January ended a 28-month investigation of cryptographer Philip Zimmerman for using the Internet to distribute sophisticated encryption software called Pretty Good Privacy — perhaps recognizing that any user who can download a file can obtain a copy of PGP or a similar program as shareware.

Instead, the government has worked to maintain export controls on encryption software, a move that has infuriated the computer industry, which charges that such rules prevent it from competing with foreign companies that needn’t contend with such rules.

In October, Vice President Al Gore announced the administration would permit the export of 56-bit key encryption software if companies agreed to provide law-enforcement agencies with a built-in key to monitor suspicious e-mail, if given court approval to do so. That announcement appeared to mark an compromise brokered by the federal government and a handful of powerful computer companies, but in recent weeks the deal has shown signs of unraveling amid charges by the industry that the government is trying to change the agreement’s terms.

“The White house is trying to exploit public fears to move forward with an anti-civil liberties agenda,” says Mr. Rotenberg, adding that “this is a terrible situation, where draconian government proposals are put forward without evidence that they work. We don’t dispute that the government has a solemn responsibility to protect public safety or that there are a lot of dangers to public safety. But these proposals are driven more by fear than by reason.”

A Growing Call for Laws

Ironically, as the federal government has pressed for restrictions on encryption technology that would leave it out of step with other nations’ policies, it has also fallen behind international efforts to write electronic privacy into law.

Many European Economic Community nations have electronic-privacy laws, notes Mr. Rotenberg, adding that 1996 saw Australia, Japan and Canada announce they would pass such measures.

“There is growing recognition in other countries of the need to establish privacy law for record systems,” he says, adding that the growing number of such foreign laws “means that the US is going to find itself, at least in some trade relations, without an adequate privacy standard as viewed by these other countries.”

It wasn’t for lack of trying in Congress, however. Rep. Edward Markey (D., Mass.,) introduced H.R. 3685, an act to enable the Federal Trade Commission to develop and enforce uniform standards for privacy of consumer information on the Net. A new version of the bill is likely come to the House floor in the 1997 session.

And in the wake of the controversy over P-TRAK, the Federal Trade Commission recommended that laws be adopted forbidding credit-reporting agencies from providing Social Security numbers and other such information to database operators like Lexis.

Instead, Social Security numbers, previous addresses and mothers’ maiden names would gain the same privacy protection as a consumer’s full credit report, which may only be supplied for a few specified uses, such as credit applications and employment applications.

Taming the Information Beast

While databases like P-TRAK are obvious targets for those who worry about privacy, huge volumes of information are collected, ostensibly for marketing purposes, on a daily basis about Web users.

On-line users’ ire has focused on such methods of collecting marketing information as cookies and site-tracking, which attempt to harness the Web’s power to tailor information to a specific user. Such techniques are intended, in part, to help Web sites and on-line services create user profiles for customizing the look and layout of a site based on one’s interests, background and habits.

Privacy advocates remain wary of such techniques, generally agreeing that information should not be surreptitiously collected and that users should be allowed to deactivate such programs. But a great deal of personal information is given freely by users — most commonly at the point of entry for a Web site, where many sites request users’ ages, addresses, phone numbers, income brackets and occupations.

Legislation like Rep. Markey’s would mandate a degree of consumer control over the collection and dissemination of such information. But to what degree the government should be involved in protecting consumers’ privacy is the source of considerable argument.

Both privacy advocates and their opponents agree that at minimum, consumers should be able to opt out of having their personal information resold, or passed on to marketers. Further, virtually everyone involved believes that full and complete disclosure of what information is being collected and how it will be used must become standard.

Perhaps such a step would help diffuse the privacy battles: The GVU study found that 78% of users would be willing to give out information if told what it would be used for.

For their part, on-line companies — as well as those that are moving into the on-line world — argue that they need marketing data in order to build markets, justify advertising, and to customize services. They also argue that being able to collect such information from users is a fair trade for offering other information — whether it’s company profiles or Hollywood gossip — to those same users.

[Go]Will our society eventually accept some loss of privacy in exchange for being fully wired? Is that choice likely to be a conscious one — or simply a development that takes hold slowly in our daily lives?

“I feel that there’s a difference between someone who gathers information versus someone who acts on information,” says ISA’s Ms. Fitzgerald. “Most of the marketers I’ve talked to in our membership are collecting information through a formal registration process.”

And most of them, she notes, offer users the ability to opt out of having their marketing information shared. Those that don’t, she adds, point out that “the relationship is quid pro quo for getting valuable and free information on the Internet.”

The GVU study offers some evidence that on-line users understand such a relationship and are willing to accept it. The study found that 44% of the respondents were willing to give information for a value-added service, while 46% would offer such data in return for free access to a Web page.

If the GVU study is correct, the outlines of an eventual understanding between on-line users and marketers may be already emerging.

“I do think that standards and new privacy laws are needed — not only to protect [the] privacy interests of consumers, but also to give industry some clear guidelines of what’s up for grabs and what isn’t,” says Mr. Rotenberg.

But, he adds, “I feel very strongly that these issues can be resolved through politics or technology. There are enough people saying that the Clipper chip and P-TRAK are bad. The sky is not falling.”