|
E-business Watch
Tracking the
online media to bring you the key e-business trends
August
23, 2000
Battleground:
Information Gathering versus User Privacy
“On
the Internet, nobody knows you’re a dog.” How things have changed since
that quote first accompanied what eventually became one of the defining
cartoons of the Internet age, first published by The New Yorker in
1993.
Sophisticated
user identification technologies have since been developed that should remove
the presumption of online anonymity. With the Internet’s ubiquity, the
gathering of information on individuals has become widespread and automatic.
How the balance between information gathering and privacy is struck will have
significant business implications in the next few years.
Information Requirement
Consumers
have to contend with privacy invasion from a number of different sources:
online marketers, employers and governments.
Online
marketers claim that without the revenues from targeted online advertising,
most of the content on the Internet would not be free, and e-commerce would not
have grown as impressively.
The
collection of personal profiling information further refines the targeting of
messages and promotional materials. It also makes life easier for users by
facilitating the one-time entry of password and registration and shipping
information used commonly by e-commerce sites such as Amazon.com.
One
of the most popular methods used by online marketers to capture private
information is to place “cookies” on the hard drives of individuals to
track their surfing and purchase habits. Cookies are not always bad. Benign
ones make Web sites run efficiently and help operate features such as online
shopping carts. Other cookies are embedded in banner ads and surreptitiously
track the user without his or her knowledge and sometimes without the Web site
operator’s knowledge.
Employers
too feel they have good reasons for electronically monitoring workers’
behavior. Employers are being held legally responsible for harassing emails
sent within their companies, and some companies such as banks and securities
firms are legally bound to keep email records to protect against charges of
financial impropriety and insider trading.
Most
corporate spyware monitors email messages by searching for dirty words,
harassing letters or leaks of trade secret without a priori reading the
content of the mail. The market for this software is exploding: IDC predicts
that it will grow
by 14 times over the next four years, to $1 billion. The
New York Times, Xerox, and Dow Chemical are three of the more prominent
companies that have fired workers on grounds of sending potentially offensive
email on company computers.
Governments
also claim they have a legitimate right to spy on the activities of their
residents to protect national security and fight crime. Government officials
maintain that the invasion of privacy is essential if enforcement agencies are
to combat the many forms of modern crime that are in fact enhanced by access
to the Internet, including pedophilia, drug smuggling, money laundering and
terrorism.
The
U.S., for example, has Carnivore,
the secret cyber snooping technology of the FBI. Carnivore uses
sophisticated Internet surveillance technologies to monitor all forms of
digital communications, including file transfers and Internet-based telephone
calls. The British government is about to enact a
law that would give authorities sweeping powers to intercept and decode
all email messages and other electronic forms of communications.
Perhaps
the most insidious
of the spy software comes from a company called SpectorSoft.
The programs are marketed directly to consumers as well as businesses and are
secretly installed on the computers of unsuspecting individuals. In the
stealth mode, the programs are undetectable, and record screen shots every 30
seconds. These programs capture even passwords, and the results can be
monitored remotely. Currently, the programs have to be installed physically on
the targeted machines, but there is fear that a skilled hacker would be able
to send the program to anyone else’s computer, perhaps as an executable
email attachment.
Backlash
Internet
users are understandably concerned about the potential abuse of their private
information, undoubtedly exacerbated by a recent confluence of activities.
Earlier
in the year, DoubleClick Inc., the largest online advertising company, drew a
barrage of criticism from state attorney generals, privacy advocates and Wall
Street when it decided to link
personal information to anonymous data it collects about consumers on the
Internet. Consumers were also miffed when they found out that Real
Networks had been secretly tracking the musical tastes of people who use
the RealJukebox software to play CDs on their computers. And just a few weeks
ago, four e-tailers,
including Toysrus.com, forwarded personally identifiable information to
San Francisco-based marketer Coremetrics,
despite stated privacy policies.
There
are also allegations that Echelon,
the secret electronic spy consortium comprising the US and Britain, was used
to spy on ordinary
American citizens instead of monitoring foreign communications, its
supposed raison d’etre.
Implications
As
consumers become more aware of privacy and security issues, there is a growing
push to bolster online privacy, specifically users’ ability to control who
has access to their personal information and how it is used. While Congress
will soon begin debating the need for legislation to protect consumer privacy
on the Internet, the chances of such legislation passing quickly are slim. In
the meantime, strong user concerns for privacy will drive business solutions.
Some
companies can be expected to try to competitively differentiate themselves by
taking and showcasing extra steps to protect consumer data and honour privacy
policies. For example, Marriott, the hotel giant, has drafted a data
privacy policy that all workers must sign as a condition of employment,
and AutoNation has moved
all customer data off the corporate network -- which is accessible from
the public Internet -- onto a separate network.
Other
companies are creating tools that directly enable individuals to manage their
own privacy. These companies include:
- Microsoft
– the recently released Internet Explorer 5.5 browser has a new
cookie-screening feature that lets surfers know who’s tracking them.
They can then decide whether to accept or to refuse the cookies.
- Infomediaries
– remailers like Anonymizer.com
remove revealing information, such as name and email address, from email
messages before sending them on to their destinations. Other infomediaries,
such as Enonymous and PrivaSeek,
act on behalf of consumers by collecting from Web sites and providing to Web
sites only what the users allow.
- Zero-Knowledge
– their Freedom program encrypts data so that a person or another company
cannot read it; the information is also routed through the company’s network
of servers so that it cannot be traced to a user’s computer. The information
is invisible even to Zero-Knowledge.
Policy
and technology developments in the next 24 months should determine where the
balance between online privacy and personal profiling is drawn. Until then,
the technology for both gathering and protecting user information will become
evermore sophisticated and widespread, with developments mutually feeding on
the innovations in both camps.
|
