Analysis & Commentary:

ONLINE PRIVACY IS DEAD - NOW WHAT?

As reported by Lisa Gill, your name, address, phone number and Social Security number are items found on your driver's license -- and on the Web.

Rapid commercialization of the Internet has fed a demand for more and more personal information about Internet users.

With personal privacy already in jeopardy, the terrorist attacks of September 11th opened the door wide to government snooping as well. In effect, maintaining personal privacy on the Internet now seems almost impossible.

However, analysts said that while personal privacy may seem more threatened on the Internet than in the offline world, the level of safety is actually much the same.

Privacy Always Dead

Steve Hunt, vice president of security research at Giga Information Group, said that the Internet is no different from other channels via which consumers already have divulged private information.

"We have willingly surrendered privacy for years, so why do we care now?" Hunt said.

Hunt said he believes media headlines about hack attacks on high-profile Web sites, combined with the consumer perception that the Internet makes privacy violations even easier, are the reason why many consumers view the Internet with suspicion.

"They don't want bad guys to do bad things with their personal information. But that's been the case. That information has been available all along, and bad people could have done it all along," Hunt explained.

Consumers Concerned

But consumers do not appear to see a difference between the perception and reality of privacy on the Internet, and they strongly prefer to protect their information online.

According to a Harris Interactive survey released last week, online privacy remains a top concern among consumers, with three-quarters of respondents saying one of their "major concerns" regarding privacy is that companies they patronize will provide their information to third parties without their permission.

Seventy percent of surveyed consumers said they are concerned their transactions might not be secure, while nearly the same percentage were worried that hackers could steal their personal data.

And consumer privacy concerns affect e-business, too. A recent Forrester study estimated that nearly US$15 billion, or 27 percent of projected e-commerce revenue, was lost last year due to consumer privacy concerns.

Real-World Privacy Questioned

IDC senior analyst Allan Carey questioned how much privacy is offered to consumers overall, even in the offline world.

"Is [using the Web] any worse than calling up a customer service person and telling them our credit card number? Because that's just the front-end part of the transaction, and the Web is just another interface for that transaction," Carey said.

Carey also noted that even when a consumer contacts a customer service representative, personal information is entered into a computer. From that point, he said, companies will do what they want with the information.

Excepting financial firms and those companies collecting minors' information online, according to Privacy Foundation fellow Philip L. Gordon, there is no law requiring companies to have privacy policies in place.

"Whether or not there is online privacy depends on the company you deal with and how seriously they take privacy concerns," Gordon said. He noted that online companies often post privacy policies to make customers feel more at ease when making purchases online.

Privacy an Emotional Issue

Gordon acknowledged that consumers often feel less nervous about providing information in the offline world.

"You go into Macy's, you fill out this form, and you get a bottle of free cologne," he said. "You give them your name, address, telephone number, and the reason they're doing it is because they want to put you on a mailing list that they can use in the future to solicit your business. But people don't think twice about this."

According to Gordon, the psychology of the transaction -- the piece of paper, the person holding a pen -- is what appears to make the transaction safer.

Giga's Hunt also was adamant in stating there has been no fundamental change in privacy since the advent of the Internet. Rather, he said, emotional issues muddy the waters when consumers consider online privacy.

"No, privacy is not dead any more than it ever has been," Hunt said. "It just seems worse because the Internet seems to make previously semiprivate information a little more available."

9-11 Forces Tradeoffs

And consumers' fears are not likely to be put to rest soon.

Since September 11th, nearly a dozen Internet security bills have been introduced into Congress. Much of the proposed legislation would make more information about consumers available to government officials.

One high-profile bill debated earlier this month, the Cyber Security Enhancement Act of 2001 introduced by Representative Lamar Smith (R-Texas), would give government more leeway in requesting subscriber information and communications from Internet service providers.

"Before 9-11, ISPs would generally resist efforts by government to obtain access to information about the ISP's customers. After September 11th, the ISPs were much more willing to cooperate," Gordon said.

Alan Davidson, associate director of the Center for Democracy and Technology, told House representatives in his committee testimony that under the Cyber Security Enhancement Act, ISP subscribers' information and personal communications could be made available to thousands of government agencies with a single request.

But Gordon predicted that as more time passes and the country moves away from September 11th, the pendulum will swing back toward dealing with consumer concerns about privacy rather than security, revealing that the underlying circumstances have not changed.

"You still have a tremendous need on the part of individuals to give up part of their information in their day-to-day lives to get the products they want," Gordon noted.