Government Is Wary of Tackling Online Privacy

by Marc Hedlund

Related link:

The New York Times has been running a good series of articles this week by John Schwartz about online privacy and cookies particularly. As the secretary of the 1995/96 IETF cookies standardization effort referred to in the first article, I'm happy to see these issues get such prominent coverage. It certainly isn't true, as one of the article's subjects claims, that the privacy concerns we see today are something of a surprise -- in fact all of the scenarios that are of the greatest concern now were raised and considered before we had ever heard of DoubleClick or its ilk. Instead, the group's Netscape representative (Microsoft was not participating at that point) was very clear that the company did not believe it could provide the privacy protections the group wanted, because its customers (that is, the companies buying Netscape's server products) would not accept these limitations. It's interesting to see privacy become one of the most-touted features of the just-released Microsoft Internet Explorer 6.0. I wonder what market forces have changed over the past five years. Have Internet companies recognized that without sufficient privacy guarantees, the average consumer won't even consider an online transaction? I hope so.

This issue certainly isn't restricted to today's definition of "online" privacy. A couple of years ago I signed up for digital cable in San Francisco (then provided by TCI, now provided by AT&T Broadband). During the install, the service rep told me I needed a phone line plugged into the back of the cable box. Why, I asked? So that Pay-per-View will work, he said. I let him install the phone line and then immediately unplugged it from the box. No problem, worked fine -- for about two years, until one day my whole cable system went dark. I called AT&T Broadband, and they told me they didn't know why my cable was off, but they would send out a service rep. When the rep arrived he told me I needed the phone line plugged into the box. Why, I asked? So that Pay-per-View will work, he said. I don't use Pay-per-View, I said. Well, you need it so the box can send usage data back up to the central office, he finally admitted. Aha.... Looking at his work-order later on, I saw a note to the technician: "Disable non-responding [cable box]. Do not enable until responding." So AT&T Broadband was deliberately forcing users to give up privacy in order to get digital cable, and cutting off service if they did not comply. I downgraded to regular cable, which does not require a phone line. (Amusingly, the "Service call reasons" for the downgrade were listed as "Price/Value." Nope -- I would pay more for a cable service that did not insist on monitoring my usage! Too bad cable is a local monopoly.)

AT&T Broadband lost business by violating my privacy, and they ignored my complaints in their own records. I assume from this that they don't even track privacy complaints from users. How many would-be Web users look at an article in the Times and write off the Internet as a whole? That's not tracked, either -- but online businesses would do well to weigh the data they gain versus the business they inevitably lose by letting privacy concerns go unheard.