Policies Needed To Protect Privacy In Electronic Age

If you’re worried about threats to privacy in the emerging electronic age, you’re not alone. I’m worried, too.

“Information at your fingertips,” a Microsoft motto, is the promise of the electronic age. But we need to be careful about what information and at whose fingertips.

Don’t get me wrong. No one is more optimistic than I am about information technology making life better and more interesting for the average person. Millions of people, for example, are discovering the joys of electronic mail, an extremely easy and fast way to keep in touch with friends, family and colleagues anywhere.

But my well-founded optimism doesn’t blind me to potential problems, including threats to privacy. The same digital technology that makes it so easy to communicate around the world also makes it easy to snoop. Steaming open an envelop has never been so simple and untraceable as it is, in effect, on the Internet.

Fortunately problems that are rooted in technology often can be solved. Electronic mail, for example, will become much more private. A lot of companies, including mine, are working to make sure that communications can’t be intercepted and deciphered.

Of course, interception isn’t the only threat to the privacy of communications. One lesson of electronic mail is that you never know for sure who may eventually read it or how long it will be kept by its recipients. E-mail can be forwarded to people you never imagined would see it. It can be stored easily for years and recalled at a moment’s notice.

This makes e-mail fundamentally less private than unrecorded conversation. The lack of privacy has a chilling effect on the use of e-mail for certain kinds of confidential messages - the comments people would say but not commit to paper.

Technology can help overcome this privacy problem. Expect to see e-mail that, at the option of the sender, cannot be forwarded or printed on paper. Also expect to see e-mail that allows a message to be written in the digital equivalent of fading ink so that it can be read or viewed only once.

Communications is only part of what a person may want to keep private. You probably don’t want too much information about your personal preferences - where you went, what you bought and so forth - being passed around and pooled on electronic networks.

A great deal of this kind of information is collected already in the normal course of business. When you call a bank or mail-order company, whomever you are talking to may be looking at a computer screen that has information about you and your recent transactions. Your phone company, credit-card company, video-rental store and doctor all know certain things about you.

There’s usually nothing wrong with companies compiling information about you. On the contrary, having appropriate information easily available is becoming essential for companies that want to provide competitive levels of customer service. But privacy is in peril if the information spreads too far or is pooled too widely or is collected and distributed without your consent.

Today, the scattered nature of information protects your privacy in an informal but real way. Much personal information tends to be kept for only a while, and data from various sources isn’t correlated to create a larger portrait. Presumably your banker knows only about your banking habits.

But the days are nearly gone when you can count on the inefficiency of information technology to preserve your privacy. Networks and other new tools will make it simple for information to be gathered, correlated and called up.

Technology alone can’t protect us. Public policy is needed. I expect privacy to be heavily debated and thoughtful policies to emerge. These new policies will extend the privacy laws that are already on the books in many countries.

The need for explicit policies and appropriate laws stems from the efficiency of information technology. As long as it was impractical for large amount of personal information to be collected and distributed, only modest regulation of privacy was needed. But once gathering and sharing information become extremely easy, the need for explicit guidelines will be evident.

One issue, which I’ll address in a future column, revolves around the extent to which governments should be able to lawfully intercept communications or monitor their citizens.

A more subtle issue, still on the horizon, involves who owns commercial information about your personal preferences. Does your electronic profile belong to you or to the company that gathered it?

Imagine that by the turn of the century you have come to rely on an automated “travel agent” - not a human travel agent, but a software program accessed across a computer network.

Over the course of months or years the agent would get to “know” your travel needs and preferences, by carefully tracking your experiences and choices. With this profile, it could provide great service.

If the travel service owned the profile outright, it could sell it to companies wanting to market to people like you. That’s a privacy issue.

Ownership would also affect who is entitled to profit from the profile in other ways. If you owned it, you could have it transferred electronically to another travel service, so that you could continue to benefit from it. But if you couldn’t take the profile to a competitor, you would have an incentive to keep your business with the company that owned it.

The marketplace may be able to resolve some of these issues. For example, customers may learn to avoid travel agencies that don’t share personal profiles - or that share them too freely.

But the marketplace won’t resolve every privacy issue. Neither will technology. What’s needed is a great deal of unrushed debate, leading to intelligent public policies.<

xxxx