They're Watching You Online

As privacy concerns grow, so do chances of restrictions imposed by the government

While reading my E-mail the other day, I found a disturbing item. The anonymous sender offered to sell me child pornography because my E-mail address--not the one on this page--had "appeared on a list that fit this category." This unwelcome message pushed junk E-mail beyond annoyance. And it brought home forcefully just why many people are growing concerned about the impact of the Internet on privacy.

Privacy worries vary from the collection and distribution of personal information on the World Wide Web to employers snooping on workers. And the chances of government curbing some practices is growing. At the recent annual meeting of the Information Industry Assn., Federal Trade Commissioner Christine A. Varney warned online businesses that if they don't restrict the collection of data, especially from children, the government will.

This year, Representative Edward J. Markey (D-Mass.), who would become chairman of a key telecommunications subcommittee if the Demo-crats win the House, introduced legislation encouraging the FTC and Federal Communications Commission to impose regulations to protect privacy. Representative Bruce F. Vento (D-Minn.) went further with a bill that would have imposed restrictions on the collection of personal data on computer networks.

Information about current and potential customers is gold to marketers. Most magazines, including BUSINESS WEEK, use questionnaires to learn as much as they can about subscribers, including such things as family income. Some may even rent data for use in tightly targeted campaigns. But the World Wide Web is different. Site operators can link questionnaire answers to observed behavior, compiling the names of, say, high-income 50-year-olds with an interest in fly-fishing. And E-mail provides an instant path back to the potential customer.

This happens because when you visit a Web site, the log files can record what site you came from and everything you do while you're visiting, gathering a lot of data about your interests. If you've ever given your name or E-mail address at the site--say to take advantage of a special offer--the Web site deposits a special file called a "cookie" on your computer. This file can connect your name to any future visits. There's no requirement that you be notified that this information is being gathered, and almost no restrictions on its use or sale.

Any U.S. limits on such "tracking" are likely to focus first on children. Some sites award points that can be redeemed for prizes by playing mostly educational games. But first the child must supply personal information such as an E-mail address and favorite activities. But in Europe, where the European Union is working on a privacy policy for the Web, even efforts to collect information from adults may be restricted. Given the Internet's global nature, restrictions in one region will have worldwide impact.

By not registering or giving your name out, you can reduce the distribution of personal information. But if you send E-mail, your address will get out and generate junk mail. I get a lot, and most of it is annoying but harmless efforts to sell me get-rich-quick schemes.

Unlike junk postal mail, the recipient pays part of the cost of throwaway E-mail. On that basis, Congress imposed strict but hard-to-enforce curbs unsolicited faxes and banned anonymous faxes.

E-mail, which isn't covered by that law, is more contentious. When America Online Inc. banned mass mailings, a mailer got a court to block the action. An appeals court upheld AOL, but the law is unsettled.

DESKTOP THREAT. If you're a corporate computer user, the biggest threat to privacy may be right on your desktop. Software such as WinWhatWhere from WinWhatWhere Corp. lets network managers record every keystroke and mouse click, every program run, or every Web site visited from a corporate computer.

The legal status of employees' electronic privacy is unclear. Employers can't secretly eavesdrop on your office phone conversations, hide video cameras in rest rooms, or require lie detector tests. But in most states, they have the right to read your E-mail. Few people are aware of these monitoring programs yet, but they could generate a backlash like the one that led to a ban on most employee polygraphs in the 1980s.

Industry self-regulation is preferable to the heavy hand of government, which tends to produce such overreaching legislation as the Communications Decency Act of 1996. A U.S. appeals court ruled that law unconstitutional, and it's on appeal to the Supreme Court. If business fails to adopt reasonable policies respecting online privacy, government intervention, and probably regulatory overkill, will surely follow.

What do you think?Send me your thoughts and join me for a live conference in the Globe on America Online at 9 p.m. EST, Sunday, Nov. 3.

Before it's here, it's on the Bloomberg Terminal.