Every election year needs a few no-brainer issues, and this year we can include privacy on the list of things that no candidate in his/her

"/>

The privacy shell game

What one branch of government giveth, another taketh away.

Every election year needs a few no-brainer issues, and this year we can include privacy on the list of things that no candidate in his/her right mind would stump against. Your privacy, that is. Privacy is one of those things that we all believe we personally need but aren't so sure the other guy can handle, which is why almost every entity promising to protect online, medical, or financial privacy is also whittling away at it on some other front:

The States

The good news: At least 25 states are currently scrutinizing their own privacy-protection statutes. In Olympia, the Senate Human Services & Corrections Committee is considering a raft of bills relating to the use of individuals' DNA information in research and law enforcement. Elsewhere, New York State's Task Force On Privacy Invasion is expected to release substantial statutory and policy recommendations within the next week or so; those regulations are likely to affect how financial institutions do business nationwide. Among the other states with projects on the front burner: Massachusetts, whose lieutenant governor has proposed a sweeping bill addressing Internet privacy, medical-record protections, biometrics (the use of physical characteristics such as fingerprints or retinal scans for identification), and the security of financial information.

The November '99 Supreme Court ruling that state governments could be prohibited by federal law from selling driver's-license data may aid those trying to keep out of the clutches of marketers. But that's no thanks to the states. South Carolina challenged the federal law, which coalesced after the 1989 murder of actress Rebecca Shaeffer by a stalker who got her personal information from the California DMV.

On the other hand: Even states currently examining commercial and medical privacy have much to order in their own houses: At the same time the New York Senate task force was working through its hearings process, there was a highly public flap in which allegedly secure and nonpublic transit records involving private individuals were released to a private investigator working for a newspaper. Earlier in 1999, a sharp-eyed observer noticed that the state budget included a projected $2 million revenue from marketing the state's database of digitized license photos. (Here in Washington, the specter of that kind of easy money has to prey on a few folks' minds in the wake of I-695.)

Keep an eye on: The money, as bills wend their way through hearings and into committees "advised" by special interests. Banks, credit-card firms, and retail companies are fighting opt-in permissions; law enforcement, research firms, universities, and clinicians are putting their thumbs in the DNA pie. At least one lobbyist during the hearings in Olympia had to be pointedly reminded by committee members to at least pay lip service to the concept of personal privacy—and that was while the camera was on them.

The Feds

The good news: A recent study funded by the National Science Foundation and conducted by the American Association for the Advancement of Science indicates that the benefits of anonymous online communications outweigh the potential dangers. Calling the protection of anonymity a "moral requirement," the report recommended allowing online communities to set their own policies on anonymity, keeping users informed as they go along.

On the other hand: At least someone likes us. Even as a swelling tide of declassified documents seems to confirm (again) the existence of superspy project ECHELON, the Department of Defense is currently testing a software program called "Semantic Forests," based on a National Security Agency patent (#5,937,422, for those keeping score at home) designed to very efficiently parse the results of speech-to-text programs—machine-generated transcriptions of phone conversations, for instance.

On more prosaic and pervasive fronts, privacy groups are currently asking the courts to toss FCC regulations that let police track Web and e-mail activity without a warrant; this one's likely to go clear to the Supreme Court, as search-and-seizure issues come into play. And a low-profile yet pervasive committee led by the Department of Justice is working on a national push for a grand unified criminal-justice database, standardizing and putting on the Web all information currently harvested by local, state, and federal law enforcement. Attorney General Janet Reno has claimed that this initiative is a keystone to 21st-century criminal justice; she's also flogging a new law enforcement network called LawNet.

Keep an eye on: Janet Reno has a whole year left to slime the Department of Justice (and the various state attorneys general). Expect sleight-of-hand maneuvers redirecting your curious eyes away from your humble public servants and toward those nasty, naughty techies; recent high-profile hack attacks don't help the cause.

The Congress

The good news: Bipartisan support of privacy is strong—in theory. The left sees it as a First Amendment issue, while the right treats it as more fodder for the free market. Senator Robert Torricelli (D-NJ) is preparing to introduce an Internet privacy bill designed in part to shore up the disastrous Gramm-Leach-Bliley Act, otherwise known as the financial services modernization bill; it's believed the bill would require that Web sites get opt-in permission before using personal data and visitors be alerted to such tracking devices as cookies.

On the other hand: The great state of Nebraska, home back in the day to Communications Decency Act perpetrator J. James Exon, seems to find its national representatives in a particularly shallow part of the gene pool. Representative Bill Barrett has floated HR 3429, the Legal Employment Authentication Program (LEAP) Act of 1999—a proposal for a national identity card, a concept unpopular on both sides of the aisle but apparently not in a state that sells booklets listing license-plate numbers and registrations to the general public at county fairs. A previous iteration of LEAP was shot down in October.

Keep an eye on: The Barnett proposal is a bomb, but bits of shrapnel could work its way into other legislation. Medical privacy promises to heat up as the specter of Clinton-era health care reform is raised during this election year. The interesting clash may well be on the financial-data front, as state regulations collide with the frankly anticonsumer Federal stance.

The industry

The good news: Privacy's got the attention of a number of ISPs, many of whom dropped the ball last year when the government inflicted new disclosure laws that protected ISPs from legal action at the expense of the consumer—even when the "legal action" was merely a threat. A few services have sprung up that promise to increase user privacy. Certifiedmail.com promises to protect medical correspondence between doctors and patients; more sweepingly, Canada-based Zero Knowledge promises to hide your ID so well even they can't tell who you are, protecting both themselves and their users from legal beagles. And here's something refreshing: Keystroke-monitoring software Investigator is slated to add an optional banner telling employees that they're being watched. WinWhatWhere, the company behind the software, had taken much fire from privacy advocates for being, well, sneaky about it.

On the other hand: Though the clock is ticking—loudly—on the industry's window of opportunity to self-regulate, some of the established players seem to think they've got all the time in the world. So-called industry watchdog TRUSTe proved itself to be dangerously toothless, for example, during the recent real.com flap over that service's tracking of user data. Back in November, you'll remember, Real got busted for scanning users' hard drives for data and lying about it. TRUSTe, which purports to certify that companies bearing its service mark maintain high privacy standards, refused to give service-mark-bearing Real so much as a slap on the wrist. Other TRUSTe licensees in highly-publicized-yet TRUSTe-sanction-free privacy snafus include Microsoft and eBay.

And then there are those who just don't care. Banner ads purveyor DoubleClick just got nailed in the national press for "personalization," which in DoubleClick's dictionary means correlating your online travels with your name, address, and purchasing habits and making that info available to their clients. This contradicts DoubleClick's stated privacy policy, which claims that the firm doesn't tie your surfing to your identity. Best of all, the company not only denies the original story but has taken to threatening news outlets that cover it—including geek-news-haven Slashdot.

Keep an eye on: Efforts to strengthen the likes of TRUSTe—quite possibly too little too late, as legislators see a convenient target to take attention away from more lobbyist-unfriendly issues such as medical and financial privacy. Also, many open-source proponents are keeping a watchful eye on government pressure engendered by the entertainment-industry lobby on behalf of DVD encoding; the strong international push to criminalize the hacking of DVD encryption bodes ill for privacy-related encryption and data-security issues.

 
comments powered by Disqus