How Do You Police Cyberspace?

The FTC's Varney wants Net folk to help write the rulebook

To the dismay of seasoned net surfers, government arrived in free-wheeling cyberspace last year with a heavy hand. Congress proposed to jail anyone sending smut online. A federal judge ruled against Prodigy Services Inc. for libel. And abroad, German authorities barred CompuServe Inc. from offering sites containing pornography. Internet pioneers were outraged at the intrusions.

But as cyberspace increasingly becomes a medium of social transaction and commerce, government efforts to regulate it are sure to increase. Enter Christine A. Varney, 40, the youngest member of the Federal Trade Commission. Her mission: To become the first U.S. Cyber-Marshall, protecting consumers buying products and services online against fraud, deceptive ads, and privacy violations. "The laws on the books should exist in cyberspace, too," she says.

Varney, a Clinton appointee who joined the FTC in October, 1994, insists she isn't about to strangle the burgeoning technology with rules. "As a New Democrat, I believe we don't know nearly enough to regulate now," she says. That's why she endorses industry self-policing as a first step. In September, she inaugurated the FTC's Privacy Initiative, inviting consumers, online service companies, advertisers, and others to propose voluntary industry guidelines to protect the privacy of Internet users by spring. To get the dialogue going, the FTC has established a Web site, which has logged almost 200 comments so far.

Cyber-snooping is not big business yet. But with electronic marketing expected to take off this year, Varney is heeding predictions that consumers will clamor for more safeguards against marketers culling personal data from their virtual communications. In the meantime, the former partner at the Washington law firm of Hogan & Hartson has spurred FTC probes into alleged fraud and misleading advertising in cyberspace. Several cases--including actions against advertising in the guise of anonymous online testimonials--will be unveiled this spring.

Varney is no stranger to the Brave Net World. As former Cabinet Secretary for the Clinton White House, her job was to monitor and coordinate communications among the Administration's agency chiefs. But the longtime cybersurfer was shocked that her wards didn't have E-mail and pushed to get them wired.

UNLIKELY ALLIES. Now her go-slow attitude on regulation worries privacy rights advocates. The FTC has "adopted a see-no-evil, hear-no-evil strategy," complains Mark Rotenberg, director of the Electronic Privacy Information Center. "Because the FTC is not prepared to protect privacy, there will be tremendous waffling" in the industry.

But Varney has support from some unlikely allies, who share her fear that tight regulation of the Net may be premature. "You don't want to regulate this new frontier to death before giving it a chance to live and flourish," says Richard F. O'Donnell, spokesman for the Progress & Freedom Foundation, a conservative think tank allied with House Speaker Newt Gingrich. And many in the Net avant garde agree. "We're in the age of the Stanley Steamer trying to figure out how I-95 is going to work in 50 years," says D.C. attorney Ronald Plesser.

While Varney believes the FTC can police online fraud and deceptive ads through traditional enforcement, she thinks protecting privacy will create the greatest challenge for regulators because fast-changing technology presents totally new ways for business to observe consumers' habits. For example, marketers may soon be able to track someone's "clickstream"--the areas in cyberspace that a consumer clicks on to with a mouse, including all Web sites visited, pages accessed, and time spent per page. That could provide a starkly revealing glimpse of an Internet user. Given such possibilities, "we do need to exercise some self-control," says Roland J. Sharette, vice-president at J. Walter Thompson USA in Detroit, which represents online advertisers including Ford Motor, Motorola, and Kodak.

For now, electronic privacy concerns center on the sale of E-mail addresses to marketers interested in sending solicitations via the Net. A handful of mailing-list brokers have recently launched E-mail businesses. Altoona (Pa.)-based advertising inc., for example, is about to rent a list of 1 million E-mail addresses collected from the Net to four large corporations, including Shell Oil Co. is clipping the list into 100 interest categories--including sports, arts, and investments. But the company claims to protect privacy by allowing consumers to opt out of the mailing list--similar to a database maintained by the Direct Marketing Assn. that allows consumers to avoid receiving snail-mail solicitations.

PRIVACY EDGE. Cyber-marketers recognize that such protections might lure more consumers into electronic transactions--from shopping to banking. "If you don't respect privacy, the industry is not going to grow," says William J. Tobin, president of Oakton (Va.)-based PC Flowers & Gifts Inc., a pioneering online marketer. And guaranteeing privacy may give one online service provider an edge over others. "Consumers are starting to shop around," notes Bill Burrington, assistant general counsel at America Online Inc. in Vienna, Va.

Still, online service companies are unlikely to give up the revenues they're getting from selling information about their subscribers to marketers. AOL and CompuServe sell such data, and Prodigy will send messages to targeted subscribers on behalf of advertisers.

But the industry realizes it has to come up with its own rules of the road--at least to stave off burgeoning attempts by the states to regulate online privacy. The online service companies successfully scuttled a proposal introduced in Maryland last fall requiring them to give subscribers the opportunity at least every year to opt out of receiving unsolicited E-mail. Now, a Minnesota lawmaker is contemplating introducing a measure prohibiting online service providers from giving out personal information about their users without their consent.

The industry has just begun to devise minimum privacy standards under the auspices of the Interactive Services Assn.--which may offer on-screen options for consumers to click on to bar the use of personal data. But some businesses balk at rules they say would put them at a disadvantage to other industries. For example, if E-mailing your personal shopper at Nordstrom's entails lots of time-consuming questions aimed at securing consumer consent on private information, you might simply use the telephone. "Erecting huge numbers of roadblocks becomes burdensome for E-mail-based transactions," says William R. Moroney, president of Multimedia Telecommunications Assn., which represents phone and computer technology companies.

An even greater challenge is the global nature of the technology. "We could run our company off a sailboat in the middle of the ocean," says Philip E. Devorris,'s president. "I don't know how you could police it."

Even Varney admits that her initial moves at cyber-regulation are just the beginning of a long process. "I don't think self-regulation ultimately will provide all the answers," she says, envisioning a time when the government may have to adopt more aggressive rules. "But it's a good start." Varney only hopes that in the end, both technology and consumers win.

Before it's here, it's on the Bloomberg Terminal. LEARN MORE