June 3, 1996

After many years of heated discussion among the
digerati, the debate over the privacy rights of
individuals using the Internet and the World Wide Web
has finally moved into the mainstream.

On Tuesday the Federal Trade Commission’s Bureau of
Consumer Protection is sponsoring a public workshop in
Washington called “Consumer Privacy on the Global
Information Infrastructure.”

The FTC’s intention is to find out how much consumers
and the industry really know about critical privacy
issues created by what it calls “the emerging on-line
marketplace,” and to look at various ways to protect
personal data.

Such public debate is vital in a society that, often
unwittingly, exposes more and more personal information
to data bases and direct marketers.

Privacy on data networks is a complex issue. It includes
thorny questions about anonymity — who should be
allowed to be anonymous in network interactions, and
under what circumstances — and the red-hot debate over
digital encryption, which can protect private
communication and transactions from all prying eyes,
including the government’s.

It also includes consumer privacy, where people who go
on line are targets for a new breed of direct marketers
eager to use technology to collect and sell every scrap
of personal information they can.

A growing number of people, including children, are
using digital networks for all kinds of personal
transactions, exposing much more of themselves — via
e-mail or on-line chat or even Web sites, by completing
forms filled with personal data — to those who have no
legal restraints against collecting, using or selling
that data for commercial purposes.

The implicit dangers of such unfettered data-gathering
were demonstrated last month by a Los Angeles television
reporter.

As an experiment, she used the name of a convicted child
killer, Richard Allen Davis, and sent off a money order
for $277 to Metromail Corp., which is owned by
publishing giant R.R. Donnelley & Sons and is the
nation’s largest compiler and seller of consumer data.

With no questions asked, the reporter received a list of
more than 5,000 children’s names, addresses, phone
numbers and ages.

Metromail officials declined to comment on camera, but
issued a statement calling the incident “unfortunate,”
contending that the company exercised strict control
over the sale of such information.

Lawmakers cited the episode last month when introducing
bills in the House and Senate that would bar the sale or
purchase of such information about children without
their parents’ consent.

With our increasing reliance on digital networks, more
horror stories like these seem inevitable.

Unlike print publishing or broadcasting, where
advertisers blast out messages and have no way of
measuring whether you ever see or pay attention to them,
network technology enables marketers to watch as you
click around on a screen or through various Web sites –
a vigil they call “monitoring the clickstream.”

So far, simply clicking into a Web site cannot betray
fine-grained information about you, like your e-mail
address, name or phone number. In fact, the technology
of today’s Web does not deliver more than the machine
address of your Internet provider or your domain name
(e.g., www.nytimes.com).

But this is changing. In the name of providing
“demographics” to Web advertisers, many companies are
creating detailed forms for users to fill out, sometimes
under the guise of registering for a Web site.

Filling out such forms can easily create a dossier that
includes your e-mail address, your street address, phone
number, credit-card information, the car you drive, how
many children you have and so on. And then, without your
knowledge or consent, this information is often
delivered to companies that market lists, who then sell
them to anyone willing to pay the price.

As network technologies become more sophisticated, the
privacy implications become even more ominous. What
happens to the information in all those user profiles
that you — and your children — may be filling out to
customize your news delivery, help you decide which car
to buy, specify your preferences on everything from toys
to flowers to ice-cream flavors to condoms?

Who gets to know what newspapers you read, where you or
your kids shop, or what you and your kids watch on TV
and when you’re home watching it.

Not the type of information you would want to make
available to just anyone — especially without your
permission. Which is why the FTC’s inquiry into the
data-gathering business is so important.

In fact, the agency might want to inspect a bit more
closely the privacy provisions of the Telecommunications
Reform Act. In the name of increased competition, the
new telecommunications law says that a cable or
telephone company cannot provide data about its
customers to one of the company’s own subsidiaries
unless it also offers that data to a third party.

A growing number of companies on the Web, sensitive to
consumer jitters and believing that their customer data
provides a competitive edge, jealously guard such
information and promise never to sell or rent it to
outsiders.

But people concerned about protecting consumer data
should not have to rely on the integrity or business
acumen of the vendors they deal with. The public would
be better served by federal rules more sharply
restricting the ability of marketers to obtain and sell
information on consumers.

Better yet: Consumers could hold legal title to their
data, so that it could not be gathered or traded without
their consent.

Maybe the FTC will put the public’s interest before that
of the direct marketing industry’s lobbyists. After all,
the marketers can always find other ways to conduct
their business. But once people lose control of their
personal information, there’s no getting it back.

Denise Caruso

Copyright 1996 The New York Times Company