Privacy Low Priority For Silicon Execs
     When asked to name their top policy concerns, privacy is hardly ever volunteered. On-line executives attending a recent San Francisco fund-raiser for Sen. Bob Kerry, D-NE, for example, weren't impressed by the efforts of Rep. Ed Markey, D-MA, to include mandatory consumer privacy protections in the Financial Services Act, H.R. 10. Several said that Markey didn't understand the value that businesses can offer consumers when they have their personal information.
     "Privacy turns out to be a very private matter," said Floyd Kvamme, a prominent Republican fund-raiser and venture capitalist with Kleiner, Perkins, Caufield & Byers in Palo Alto. Kvamme, who chaired a California-based commission into the study of the impact of e-commerce, said, "some people consider information about purchase to be private, while others would like to hear" from direct marketers.
     The few executives who do address the subject, like EBay CEO Meg Whitman, speak of it more as a competitive advantage than something that could be used for political gain. Others hope to profit from becoming "infomediaries" or from developing the technology products that can help consumer safeguard their private information.
     Indeed, the industry's highest profile on a privacy issue — encryption reform — isn't really about keeping data out of the hands of direct marketers or governments agencies, but about safeguarding the security and authenticity of electronic communication. This confusion is encouraged by the use of the names such as "Americans for Computer Privacy," one of the principal lobbying groups for more liberal encryption exports.
     Most executives queried about privacy issues uniformly cite TRUSTe and BBB Online, two industry-supported initiatives that permit companies to post seals indicating that the participating companies agree to abide by certain minimal standards of customer notice.
     And officials at TRUSTe — like those of associations including the Online Privacy Alliance, the Software and Information Industry Association, the Software Business Alliance, and the Direct Marketing Association — steadfastly support self-regulation and oppose legislation.
     "My personal belief is that self-regulation has worked and can continue to work" said Bob Lewin, executive director of TRUSTe. Not only would regulation "destroy the momentum of electronic commerce," Lewin argued that "it is fundamentally wrong to have a law you just can't enforce," speaking of legislative proposals to mandate privacy standards for everyone.

Lawmakers Weigh In With Privacy Proposals
     Among those initiatives include the Online Privacy Protection Act, S. 809, by Sen. Conrad Burns, R-MT, and Sen. Ron Wyden, D-OR, and the Internet Consumer Information Protection Act, H.R. 2882, by Rep. Bruce Vento, D-MN, and a slew of proposals dealing specifically with financial and medical privacy.
     Both the Burns-Wyden and the Vento bills would require customer permission before businesses sell personally-identifiable information to third parties — standards not dissimilar to those that members of the Online Privacy Alliance agree to abide by a condition of membership. And with the FTC's July decision to vouchsafe the industry's good-faith effort at self-regulation, on-line privacy protections are not going anywhere soon.
     But the combination of suspicious government surveillance proposals, and the increasing recognition by Web-based business that the personal data they collect is their greatest asset, is beginning to lead to a siege mentality among privacy advocates, many of whom argue that a radical fringe may be in the works.
     "One of the inadequacies of the privacy movement is that we are too nice and not personalizing this," said Evan Hendricks, editor of Privacy Times. "When there is not justice, it does breed radicalism."
     If privacy advocates ever do decide to publicize sensitive personal information as a means of calling attention to the need for stronger data privacy laws — as the Privacy International founder Simon Davies called for in April — the widespread availability of public record databases would prove more adequate for the task at hand.
     At a recent conference panel discussing the uses of a recently-formed database mandating the collecting of wage information, Carnegie Mellon University professor of computer science Latanya Sweeney discussed how she was able to obtain medical information about former Massachusetts governor William Weld by linking supposedly anonymous hospital data with voter record information.
     Sweeney, who said she wanted to demonstrate how increasing data-matching capabilities makes it easy to compile electronic dossiers of individuals, declined to state the reason for Weld's hospital visit.

Privacy Advocates, Businesses Could Be At Odds
     But while the industry would rather talk about encryption — and deploy civil libertarian arguments in defense of it — than data privacy, the friendly alliance between business and privacy groups could become much more difficult to sustain if industry gets what the administration has promised it on encryption reform. That's because even though business groups are mostly pleased with the announcement, privacy groups are still aghast at several proposed elements of the proposed Cyberspace Electronic Security Act.
     But privacy advocates aren't without hope. Some even argue that it can only go downhill for those business that profit from the sale of personal information. They believe that once pressure is exerted for greater financial and medical privacy protections, it will help leverage broader Web privacy legislation in the not-to-distant future.
     If banks and brokerages face increasing restrictions on their ability to share data with outside companies, for example, they could band together with privacy advocates to argue for similar restrictions being applied to companies like Intuit, the financial planning software company that has attempted to become a Web-based intermediary. Emerging privacy-enabling technologies could also create different interests within the technology industry, just as difference emerged in 1996 between Netscape, which pioneered the use of "cookies," and businesses that developed software "cookie-cutter" that allowed users to keep them off their computers.
     But it would also be hard to under-rate the task of assembling an alliance for data privacy, where privacy advocates on the left and the right come from dramatically different starting points. Many of the former focusing their anger at abuses by telemarketers; the latter hone in on government snooping like the ill-fated "Know-Your-Customer" requirements.
     At the same time that Markey was laboring to toughen the privacy protections on the financial modernization bill, Rep. Ron Paul, R-TX, was working to water down the Bank Secrecy Act's mandatory disclosures about "suspicious" customers to the Treasury Department. Both were unsuccessful. Neither voted for the others' view of vital privacy protections.

- by Drew Clark