- The Washington Times - Wednesday, February 2, 2000

Kirk Bailey, a computer specialist whose job includes protecting medical records, issued a challenge to colleagues in the information security field last October: Spend two months looking into my background and tell me what you discover.

The only rule was that they couldn't break the law or bother his immediate family, and they used a variety of investigative techniques. But mostly they researched online, and as a result, we now know Mr. Bailey was born by Caesarean section in 1951 and that he got a C in English at the University of Washington. They know what his house is worth and what his phone bills looked like.

"It was an enormous invasion on my comfort," he reported. "Here I can be sitting in my warm living room by the fireplace with my wife, and I think my privacy is protected, but in fact it's just a thin veneer and illusion."

The veneer is quickly growing much thinner. Just as the Internet shifts into high gear as a mass medium with millions of relatively unsophisticated users now employing the Web for purchases and recreation commercial interests are becoming adept at tracking and manipulating users. People who register to use Web sites, make purchases online or even just navigate from site to site may soon find that detailed information about themselves has been compiled by a company whose system can coordinate records of some 100 million Web visits with a database including names, addresses, telephone numbers and retail habits of some 90 percent of American households.

This is happening today. As Sun Microsystems Chairman Scott McNealy derisively proclaimed more than a year ago, "You have zero privacy; get over it."

Few Americans would be as openly dismissive as Mr. McNealy, but millions are inadvertently surrendering privacy. Until recently, most of the mass tracking done online was relatively anonymous. DoubleClick Inc. the largest Internet advertising agency has been collecting information about Web use for some time, and now has more than 100 million files charting Web use collected by online ID numbers. But by themselves, those ID numbers were relatively anonymous.

Things have changed. DoubleClick now owns Abacus Direct Group, a firm that maintains a database of names, addresses, telephone numbers and retail habits covering about 90 percent of all Americans. And now DoubleClick knows how to match the Abacus information with its Web-use database.

The details are a little technical, but boil down to this: DoubleClick knows your ID number. If it can get both a Web site where you have registered your name and other data to cooperate, it can match the ID with your identity. And then it's easy to tie that into the vast Abacus database (culled from records of credit card purchases, credit reports, mortgages and God knows what else) to get a detailed picture of who you are, what you do and where you visit on the Web.

The company calls this "personalization," and it does offer advantages. For instance, if DoubleClick knows I went to Phoenix for spring training last year (check out that Visa balance and my mileage plan on Southwest Airlines) and also knows that I have visited the Cub's Web site five times this month, it could figure I might be interested in targeted advertising about special hotel rates in Mesa this spring. And indeed, I would be.

But what the company calls "personalization" is also known as "invasion." A variety of consumer groups and Internet privacy advocates are gearing up to challenge DoubleClick at the Federal Trade Commission meeting next month, charging that consumers have been duped into thinking their behavior is anonymous while DoubleClick has been figuring out how to break the code.

To add insult to injury, DoubleClick won't disclose which sites are cooperating by supplying the user registration information it matches with Web data. "The fact that DoubleClick is not disclosing the names of the companies who are feeding them consumers' names is a shameful hypocrisy," a privacy advocate said. "They are trying to protect the confidentiality of the violators of confidentiality."

A DoubleClick executive counters that users who don't want their data used will have a chance to opt out but if they do, it will probably be in the fine print, and nobody who's ever looked at the twisted legalese of an online privacy policy document will expect much real disclosure there.

Mr. McNealy's admonition may be cavalier "You have zero privacy; get over it" but it's also a fair warning to keep in mind while you surf and register online. Beyond that, consumers should consider adding their voices to the Electronic Privacy Information Center (http://epic.org) or others planning to take the protest to the FTC.

Howard Weaver is editor of the editorial pages at The Sacramento Bee.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide