Alan Westin: Afternoon. My name is Alan Westin. I’m a pro­fes­sor of pub­lic law and gov­ern­ment at Columbia University, pub­lish­er of Privacy & American Business, which is a nation­al newslet­ter that cov­ers the con­sumer and employ­ee issues of pri­va­cy that are involved in the activ­i­ties of American business. 

I’m going to intro­duce the pan­el at the end of my intro­duc­to­ry remarks. I remem­ber Adlai Stevenson hav­ing said once that an intro­duc­tion should bear the same rela­tion­ship to the sub­ject as a fan does to the fan dancer. That is it should go before the sub­ject but not attempt to cov­er it com­plete­ly. And I intend to leave plen­ty of reveal­ing parts for our pan­elists, but I do want to try to give you some his­tor­i­cal and polit­i­cal per­spec­tive on the issue, and hope­ful­ly sharp­en up the issues that they’ll com­ment on. 

First of all, let’s rec­og­nize that the pri­va­cy of trans­ac­tion records is not a brand new issue at all. We have many decades of expe­ri­ence, and I think it helps to under­stand that we have two types of con­sumer trans­ac­tion records that we’re talk­ing about. 

First where the con­sumer has a direct and con­trac­tu­al legal rela­tion­ship with the orga­ni­za­tion that’s com­pil­ing the records. This is the way we think of bank accounts, and cred­it cards, insur­ance records, retail records, and oth­er kinds of ser­vice providers—often quite sen­si­tive infor­ma­tion involv­ing med­ical and health affairs and so forth. Our tele­phone records, our sub­scrip­tion records to pub­lish­ers of var­i­ous kinds, cable TV and so forth. In all of these we gen­er­ate records. The records are pre­served for var­i­ous peri­ods of time. They con­tain, in vary­ing degrees, quite impor­tant sen­si­tive and del­i­cate information. 

The oth­er type of trans­ac­tion records are where the con­sumer does not have a direct rela­tion­ship with the record col­lec­tor and user. But var­i­ous ser­vices are put togeth­er for busi­ness and gov­ern­men­tal use, draw­ing upon the basic trans­ac­tion records. Two very good exam­ples are cred­it bureaus, which take trans­ac­tion records from all the peo­ple that we have direct rela­tion­ships with and cre­ate an inde­pen­dent record that then is used for mak­ing risk assess­ments of var­i­ous kinds. As con­sumers we do not have a legal rela­tion­ship with the three nation­al entities—for exam­ple TRW, Equifax, and TransUnion—but our trans­ac­tion records are there and var­i­ous kinds of orga­ni­za­tion­al and legal rules give us rights of notice, access, cor­rec­tion, etc. 

Another good exam­ple is direct mar­ket­ing records, which are com­piled by peo­ple who make up lists with var­i­ous names, address­es, and char­ac­ter­is­tics which they do not them­selves gen­er­ate in a legal direct rela­tion­ship with us but they get from peo­ple who picked up those names and address­es because of our trans­ac­tions with oth­er parties. 

Having described then the fact that we’ve been col­lect­ing records like this for an awful long time and that the pri­va­cy issues are impor­tant but not brand new, it’s also impor­tant to iden­ti­fy a cou­ple of the his­toric trends with which these records have been man­aged. And there are three of them that I’d like to point out. 

First that in these kinds of trans­ac­tion records it’s almost always been the rule that names and iden­ti­ties are attached to the record and pre­served, often for long peri­ods of time. Anonymous and trans­ac­tion records have not been linked togeth­er in the past world of trans­ac­tion records. 

Secondly, com­part­men­tal­iza­tion has been the great pro­tec­tor of pri­va­cy in many many aspects in these pre­vi­ous record sys­tems. Meaning that there were arrange­ments we had with our health­care provider, our bank, our cable TV com­pa­ny, that were based upon a rec­i­p­ro­cal, spe­cif­ic rela­tion­ship: we gave infor­ma­tion rel­e­vant for that pur­pose and it was bound­ed by and used with­in that kind of sec­tor or particularly-defined relationship. 

And third, our rights in those sys­tems tend­ed gen­er­al­ly to be defined by law as a sec­tor law. So we think about the Federal Communications Act, the Fair Credit Reporting Act, the Bank Secrecy Act, the cable act, the video rental pri­va­cy act, the Digital Telephony leg­is­la­tion. It all sort of focused on a par­tic­u­lar indus­try and the infor­ma­tion bar­gains, rights, respon­si­bil­i­ties that that par­tic­u­lar sec­tor had amassed. 

With that in mind, though, let’s look at the new world it’s unfold­ing with trans­ac­tion records. The new world has increas­ing­ly sen­si­tive and increas­ing­ly attrac­tive records to a vari­ety of users, gov­ern­men­tal and busi­ness and not-for-profit. But, some­thing is hap­pen­ing here which is real­ly why we’re talk­ing about it today. 

First of all with dis­solv­ing the com­part­ments. We’re tremen­dous­ly con­cen­trat­ing records from dif­fer­ent com­part­ments or sec­tors into what could be uni­fied records. Financial records are on the online and Internet-type systems—interactive ser­vice sys­tems. So are our polit­i­cal and char­i­ta­ble con­tri­bu­tions, poten­tial­ly. Our shop­ping for goods and ser­vices. Digital and voice com­mu­ni­ca­tions that we engage in. Credit his­to­ries and con­sumer pro­files that will be gen­er­at­ed from our use of the sys­tems. And all of this will be in the hands of the man­agers of the new inter­ac­tive services. 

And who are the man­agers? They’re not any longer from any one sec­tor. It’s not your friend­ly bank; it’s not your tel­co; it’s not your pub­lish­er of your New York Times, Washington Post, LA Times. It’s a new busi­ness enti­ty, which may be fund­ed by a lot of these play­ers, but it is a stand­alone, new type with no eth­i­cal and pro­fes­sion­al tra­di­tion in the rela­tion­ship of how they han­dle the infor­ma­tion. A new crowd with­out an his­toric anchor for their rela­tion­ship with us as consumers. 

Finally, in the Internet and oth­er envi­ron­ments there are no norms at all. We don’t have laws, we don’t real­ly have much by way of tra­di­tion as to infor­ma­tion providers and how they han­dle the infor­ma­tion. And so, there’s an even less-struc­tured envi­ron­ment in which our trans­ac­tion records are poten­tial­ly acquired. 

On the oth­er hand before we get entire­ly pes­simistic, what’s dif­fer­ent I think about the inter­ac­tive ser­vices envi­ron­ment is that it offers some excit­ing new tools, if we wish to use them, to define and assert cer­tain pri­va­cy rights, includ­ing some very large new rights that were just not tech­no­log­i­cal­ly pos­si­ble before. And the pan­el will be talk­ing about this but let me just men­tion a few. 

There’s obvi­ous­ly the abil­i­ty to have anony­mous and pseu­do­ny­mous com­mu­ni­ca­tions if we mean to. The use of infor­ma­tion agents that go out and seek and acquire infor­ma­tion from us but poten­tial­ly leave no audit trail and cre­ate no trans­ac­tion records. The poten­tial­i­ty of cryp­tog­ra­phy to make the con­tent of a record pro­tect­ed even if the time and loca­tion may not nec­es­sar­i­ly be protected—although that can be too, as we know. And final­ly, some poten­tial of the sys­tems to offer a sign-on or sign-up pro­ce­dure which solves the opt-in/opt-out prob­lem because peo­ple can be served with notice and they can be asked that if they pro­ceed these are the rules of the game. And there may be ways if we wish to, and oth­ers on the pan­el will dis­cuss this, to cre­ate a dynam­ic inter­ac­tive envi­ron­ment on pri­va­cy as well as for goods, ser­vices, infor­ma­tion, and communication. 

Now what does the pub­lic think about this? Fortunately we know some­thing about that. In your pro­ceed­ings you’ll find under the ses­sion here, the report of a nation­al sur­vey that Privacy & American Business com­mis­sioned from Louis Harris and Associates, ask­ing the pub­lic how it felt about these issues. 

What we found is a very high enthu­si­asm for hav­ing infor­ma­tion ser­vices from the home, whether it’s by cable or by com­put­er device, with 52% of the pub­lic going on to say that they would find it attrac­tive to have infor­ma­tion put onto their screen based on a sub­scriber pro­file of the way in which they were using the ser­vice. But imme­di­ate­ly, 51% of the pub­lic says that they would be con­cerned about the rules by which that sub­scriber pro­file would be com­piled and pre­sent­ed to them. They are very con­cerned about the pri­va­cy issues, and when we asked in the sur­vey what kind of safe­guards the pub­lic would want, rough­ly three out of four mem­bers of the pub­lic signed on to the four basic fair infor­ma­tion prac­tices rules of advance notice, con­trol over what infor­ma­tion is pre­sent­ed, access to the file to check and cor­rect it, and the abil­i­ty to opt out and con­trol the use of the information. 

So, right away we know that the pub­lic is inter­est­ed, con­cerned about pri­va­cy, under­stands what the rules of the game are, and in what I think is the most inter­est­ing find­ing of the sur­vey, the peo­ple who are most inter­est­ed in using inter­ac­tive ser­vices are the ones who are most con­cerned about pri­va­cy. So the best cus­tomers are the most privacy-minded. A won­der­ful mes­sage to send to the ser­vice providers lest they for­get that their best clien­tele hap­pens also to be the most privacy-concerned. 

The issues that our pan­el are going to be talk­ing about are what kinds of infor­ma­tion do ser­vice providers need to acquire on an iden­ti­fied basis in order to oper­ate? What can they get away with not col­lect­ing? Can they seg­re­gate infor­ma­tion by sen­si­tiv­i­ty? What kind of con­sumer con­sent and agree­ment are going to be built into sys­tems, or should be built into sys­tems? What kind of access rights third par­ties will have—business, gov­ern­ment, and oth­ers who would like access to infor­ma­tion. And are the exist­ing laws and rules that we have ade­quate or do we need to think about a new struc­ture of legal rules as opposed to the new tech­no­log­i­cal oppor­tu­ni­ties that I sketched. 

We have an out­stand­ing pan­el to talk about these things, and let me intro­duce them briefly to you. The way we’re going to have this is first we’re going to have two gen­er­al pre­sen­ta­tions, and then we’re going to have two lawyers debate some of the legal issues. 

First we have Michael Stern (also a lawyer but not here in his legal debate role) who is a for­mer English pro­fes­sor and jour­nal­ist who became a lawyer, prac­ticed from 1983 to 1991 when he joined General Magic, and now deals with the wide range of intel­lec­tu­al pol­i­cy and tech­nol­o­gy issues that the firm has in the marketplace. 

And then there’ll be Janlori Goldman, Deputy Director and cofounder with Jerry Berman of the Center for Democracy & Technology in Washington, a pub­lic inter­est group that wants to address all of the issues of par­tic­i­pa­tion, rights, equi­ty, etc. in the new tech­nol­o­gy world. Formerly, Janlori was the Director of the ACLU’s pri­va­cy and tech­nol­o­gy project in Washington DC

Our lawyers will be Ron Plesser, a part­ner in the Washington law firm of Piper & Marbury, spe­cial­iz­ing in pri­va­cy issues for many indus­tries like telecom­mu­ni­ca­tions, media, direct mar­ket­ing and so on. Ron was for­mer­ly the gen­er­al coun­sel in 1975 to 77 of the US Privacy Protection Study Commission. And before that with the Center for Responsive Law as a free­dom of infor­ma­tion expert. 

Charles Marson, who’s a part­ner in the San Francisco law firm of Remcho Johansen & Purcell. From 1968 to 77 he was coun­sel with the American Civil Liberties Union of Northern California. He’s been an Associate Professor at Stanford, teach­ing cours­es on pri­va­cy and free­dom of infor­ma­tion. And now among oth­er things he helps com­pa­nies that are nav­i­gat­ing the Internet to deal with the free­dom of infor­ma­tion, First Amendment, and pri­va­cy issues they encounter there.

So let me call first on Michael Stern. 


Michael Stern: Thanks Alan, I’m glad to be here. And I plan to be very brief and to speak at a pret­ty high lev­el. In some ways what I’m going to be talk­ing are some of the enabling tech­nolo­gies that will make what our oth­er pan­elists have to dis­cuss either come true or be inhib­it­ed or pre­vent­ed from com­ing to fruition. 

My very brief overview is of two key con­cepts that I think the idea of an intel­li­gent soft­ware agent can help make come true. One is the idea of turn­ing the net­work or cyber­space in its entire­ty inside out by let­ting us project avatars of our­selves into the net­work to do things on our behalf while we have the time to do some­thing else. And the oth­er is the notion of democ­ra­ti­za­tion of sur­veil­lance tech­nol­o­gy, which can lead to more con­sumer con­trol over infor­ma­tion and more pri­va­cy protection. 

I’m going to break all the rules of these things and start out by telling a joke, although I think the joke has some the­mat­ic rel­e­vance to what we’re talk­ing about. Many of you may have already seen this one. I got a bunch of copies of it sent me over the Internet. It’s not a lawyer joke, which is what peo­ple usu­al­ly send me but let me take a crack at telling it. 

A young man is walk­ing down the street and sud­den­ly he hears a lit­tle voice say­ing, Help me, please.” He looks down at his foot and there’s a frog there. The frog says, I’m a beau­ti­ful princess, please kiss me and I’ll show you.” The kid does­n’t say any­thing, he just picks it up and puts it in his pocket. 

Keeps walk­ing down the road and hears a lit­tle voice com­ing out of his pock­et say­ing, Look, I told you I was a beau­ti­ful princess and if you just kiss me I would show you. Tell you what. If you kiss me I’ll stay with you for a week.” No response, the kid keeps walking. 

The voice pips up out of the pock­et again, Look, I told you I was a beau­ti­ful princess. Not only will I stay with you for a week if you kiss me, I’ll grant every wish you have before I leave.” No com­ment, kid keeps walking. 

Finally the voice pipes up in great exas­per­a­tion and says, I told you I was a beau­ti­ful princess, I would grant your wish­es. Look, I’ll mar­ry you and stay with you for­ev­er, just kiss me.” 

The kid final­ly pulls the frog out of his pock­et and looks at it and says, Look, I’m a com­put­er pro­gram­mer and don’t have time for per­son­al rela­tion­ships. But own­ing a talk­ing frog is real­ly cool.”

So, I come to you today as a man who’s in the busi­ness of sell­ing mag­ic frogs. But let’s call the frog an agent instead. What do we all have in com­mon with the young pro­gram­mer in the sto­ry even though most of us are not tech­nol­o­gists? The thing we have in com­mon is that our most pre­cious resource is time. It’s not infor­ma­tion, it’s time. 

Which one of us has time for a per­son­al rela­tion­ship with the great sea of infor­ma­tion that sur­rounds us? I cer­tain­ly don’t. I mean, I try to read two dai­ly news­pa­pers, four week­ly mag­a­zines, four quar­ter­lies, a cou­ple of books a month, etc. It’s just not pos­si­ble for me to also use my two com­mer­cial online accounts and surf the net. So what I’m say­ing is, why not let your frog do it? 

The essence of agency is the del­e­ga­tion of tasks. And mobile intel­li­gent agents, which is the busi­ness that my com­pa­ny is in, make that a real pos­si­bil­i­ty. I’m not talk­ing about a more com­mon­place notion of res­i­dent soft­ware agents. And in fact the Foner paper in your pro­ceed­ings, which is I think the very last paper, does a good job of describ­ing more typ­i­cal res­i­dent agent pro­grams. They’re things like smart forms and tem­plates that do low-level things like you know, giv­ing you short­cuts in a spread­sheet or a word proces­sor, to user pro­fil­ing to select things from news feeds and so on. What I’m talk­ing about is some­thing rather dif­fer­ent, which is in our case an object-oriented pro­gram that goes out into the net­work, nav­i­gates through var­i­ous kinds of direc­to­ries, queries var­i­ous kinds of data­bas­es, and can engage in secure trans­ac­tions on your behalf through use of authen­ti­ca­tions, encryp­tion and so forth. 

The key notion here in terms of turn­ing the net­work inside out is the idea of a reverse RFP, or request for pro­pos­al. I project myself into the net­work, telling poten­tial mer­chants and oth­er ser­vice providers out there what I want, while pro­tect­ing my pri­va­cy by refus­ing to accept solic­i­ta­tions from them I don’t want, and by not even con­tact­ing those peo­ple who I’m not inter­est­ed in. Rather than hav­ing to get into my vehi­cle and dri­ve out on the infor­ma­tion high­way or jack into the cyber­space and do it myself, my avatar does it for me. So I can project myself in the net­work with­out stay­ing online. 

The tal­ents of agents are out­lined in the the paper I put in the pro­ceed­ings in a lit­tle bit more detail than I have time for here. But the kind of things that these intel­li­gent agents can do is find things, noti­fy you about things, and orches­trate a whole host of activ­i­ties to cre­ate an end-to-end trans­ac­tion or expe­ri­ence. For exam­ple find me tick­ets; find me infor­ma­tion; find me—especially—direc­to­ry infor­ma­tion, and intel­li­gent direc­to­ries are a crit­i­cal part of what I’m talk­ing about, and again there’s a lit­tle bit more detail in the paper; noti­fy me of a sale; noti­fy me of a change in some­thing, and that chance could be some­thing like noti­fy me if there’s a change in some­body’s web page because I care about it; noti­fy me if there’s a change in a stock price; noti­fy me if my plane is going to be late. The lit­tle device I have on the table there has a ser­vice in it that will reserve air­line tick­ets for me. The next stage of that is for it to post an agent in the SABRE data­base that can track flight times and page me (as I can do wire­less­ly on that device) and tell me whether or not my plane is on time. 

And orches­trat­ing all these activ­i­ties into the kind of ser­vice that can ful­fill my wants—I want X: you know, I want to buy tick­ets to a bas­ket­ball game, reserve a din­ner some­where, and have it all done for me auto­mat­i­cal­ly to save my pre­cious time, is the kind of thing that these mobile intel­li­gent agents can do in the world of com­merce. In the world infor­ma­tion, they can go out and query every­thing from a chat group on an online ser­vice to the Library of Congress data­base and do some intel­li­gent work for you while you spend your pre­cious time doing some­thing else. 

How this relates to the ques­tions that Alan raised, you know, the four basic pri­va­cy rights or con­cerns that con­sumers have about what kind of records they cre­ate when they engage in this kind of con­duct through their avatars: lack of aware­ness about what data’s being col­lect­ed about them; lack of access to that data; and lack of con­trol over both who uses it and to whom that data is dis­sem­i­nat­ed, can be addressed at least poten­tial­ly by intel­li­gent mobile agent soft­ware technology. 

And again, one of the exam­ples we talked about…my ampli­fy­ing on, is the idea of an agent in General Magic’s tech­nol­o­gy this would be a tele­script, a script that would go out into the net­work. In our frame­work you can instruct this agent to either not drop a log­ging record in cer­tain loca­tions so there will be no trace that it has vis­it­ed there; or if it does leave a record, you are able to post some­thing there that will noti­fy you if that record changes or if it’s dis­sem­i­nat­ed or its state changes in a par­tic­u­lar way. So you can basi­cal­ly tell your avatar Don’t go to that place if they demand that you drop a cer­tain kind of record” that you’re not will­ing to drop. Or if you’re will­ing to drop the record you can at least stay in touch with who knows that infor­ma­tion and what’s being done with it. 

Agents can decline to inter­act with cer­tain types of oth­er agents, like peo­ple who are mak­ing solic­i­ta­tions try­ing to sell you some­thing, try­ing to col­lect your name for dis­sem­i­na­tion you think is improp­er. They can decline to respond to cer­tain kinds of inquiries and so forth. More impor­tant­ly, and here’s what I mean by the democ­ra­ti­za­tion of sur­veil­lance: you could post an agent, the­o­ret­i­cal­ly, to watch user pro­files in oth­er data­bas­es about you, and again to do the same thing: to noti­fy you when they change; to noti­fy you when they’ve been accessed and by whom, and for what pur­pose and so forth. The per­mit and oth­er authen­ti­ca­tion and secu­ri­ty regimes built into our par­tic­u­lar form of tech­nol­o­gy, which could be dupli­cat­ed by oth­ers, per­mit all this to hap­pen. And in turn, in cre­at­ing and mon­i­tor­ing an intel­li­gent direc­to­ry, you could request that your agent be post­ed in a direc­to­ry to screen access to your pro­file infor­ma­tion and to only give cer­tain parts of it to cer­tain oth­er agents, ones who have the right kind of per­mits or the right kinds of author­i­ties to access that kind of infor­ma­tion about you. This again is a reverse RFP process. You’re pro­ject­ing your­self into the net­work so that most of the work is done for you in terms of what gets through to you to make a per­son­al choice about. 

You know, my favorite notion about the way tech­nolo­gies which right now are owned by large cor­po­ra­tions which don’t have much feel for grassroots—one of our biggest share­hold­ers is AT&T for exam­ple. If you think of the Rodney King video­tape and America’s Funniest Home Videos, David Brin the sci­ence fic­tion writer has writ­ten a nov­el called Earth which takes the idea of per­son­al Handycams, trans­lates them to glass­es that all peo­ple in all locales can wear which auto­mat­i­cal­ly film what­ev­er you’re look­ing at. And this democ­ra­ti­za­tion of sur­veil­lance tech­nol­o­gy basi­cal­ly elim­i­nates street crime but also elim­i­nates pri­va­cy in the sense that what you do on the street can be filmed and shown to any­body, any time, any place. But the idea of an intel­li­gent agent I think will migrate out of the hands of large net­work oper­a­tors and large mer­chants into the hands of grass­root pro­gram­mers and even­tu­al­ly ordi­nary peo­ple who don’t not know any­thing about soft­ware, in order to cre­ate these kinds of avatars whom they can instruct what kind of infor­ma­tion to leave behind and how to track what’s done with it. So again, there’s more infor­ma­tion in the paper if you’d like to look at it, but let me stop there. Thank you. 

Westin: Janlori? 

Janlori Goldman: Hi. It’s good to be back at CFP here. I’m telling, you this… Michael told me he had sev­en min­utes, and now I know how he did it in sev­en min­utes. I thought I spoke quick­ly. Um…I don’t have any jokes, I’m just gonna get right into it. 

Um…one of the things that we’ve been look­ing at more and more at the Center for Democracy & Technology is ways that peo­ple can have con­trol over both the kind of infor­ma­tion they want to receive, the kind of infor­ma­tion about them­selves that they want oth­ers to have, and how they want it to be used if they want it to be used at all for oth­er pur­pos­es, and allow­ing for some kind of tech­no­log­i­cal con­trol that goes beyond just try­ing to put in place some good poli­cies which take the con­trol away from the indi­vid­ual and leaves it in the hand of either the gov­ern­ment or the pri­vate sec­tor. And I think part of what Michael was sug­gest­ing in his pre­sen­ta­tion was that there are tech­no­log­i­cal means for hav­ing peo­ple con­trol infor­ma­tion that they receive.

I’d like to take it a lit­tle step beyond that, which is that in the pri­va­cy area, peo­ple should be able to have con­trol over the infor­ma­tion about them­selves that they give out. And that if they want to get involved in some kind of a trans­ac­tion or receive some kind of a ben­e­fit, they should be able to choose, at that time, whether they want the infor­ma­tion used for some oth­er pur­pose; for some pur­pose unre­lat­ed to the one for which it was col­lect­ed. And I think that even though it’s pop­u­lar to talk about the free mar­ket and let­ting peo­ple make choic­es by going from place to place and fig­ur­ing out where the infor­ma­tion use best suits them…that takes a lot of time, first of all. And sec­ond of all I’m very cyn­i­cal that it will ever work. 

The free mar­ket when you’re talk­ing about indi­vid­ual rights does­n’t work at all. Even the peo­ple with the very best of inten­tions, the com­pa­nies with the best of inten­tions, the gov­ern­ments with the best of inten­tions, screw up. They use infor­ma­tion about us in ways that they said that they weren’t, or in ways that they don’t intend—not nec­es­sar­i­ly out of mal­ice. But because some­body screws up, and they’re not account­able. Maybe there’s a bad sto­ry in the paper which says you know, American Express responds to a sub­poe­na for an indi­vid­u­al’s records and instead gives out records on many peo­ple. It was an acci­dent, and it’s not nec­es­sar­i­ly against the law. But how are they accountable? 

So what I would sug­gest is that when we talk about pri­va­cy and we talk about the mod­ern def­i­n­i­tion of pri­va­cy, which is let­ting indi­vid­u­als to make choic­es about how infor­ma­tion on them should be used, then we should talk about ways to make that hap­pen. There should be legal­ly-enforce­able expec­ta­tions of pri­va­cy, and tech­ni­cal means to make it hap­pen. Not just rely­ing on the best of inten­tions or even that some­one is fol­low­ing the law.

One of the things that hap­pens in the pri­va­cy com­mu­ni­ty is that we hag­gle go over all kinds of terms and clichés and jar­gon. And one of the things that Ron and I hag­gle over all the time when we’re work­ing on pol­i­cy issues is this whole thing of indi­vid­ual con­sent. Some of you famil­iar with the pri­va­cy lex­i­con prob­a­bly know about opt-in and opt-out, and there are huge splits and…you know, you’re not pure unless you’re in favor of opt-in and you’re a ter­ri­ble per­son if you’re in favor of opt-out and there’re all kinds of pol­i­tics around opt-in and opt-out. And what I want to sug­gest when we’re talk­ing about tech­no­log­i­cal con­trol is that that is going to become a moot debate. That if peo­ple have the oppor­tu­ni­ty, and the right, to make the choice about how they want infor­ma­tion about them used, as they’re mak­ing a deci­sion about whether to use a cer­tain ser­vice or whether to engage in a cer­tain busi­ness, when you’re talk­ing about an inter­ac­tive elec­tron­ic envi­ron­ment, there can be a screen that peo­ple have to read and have to get through before they ever get to the infor­ma­tion or the ser­vice. And that is a screen that noti­fies them about how the infor­ma­tion will be used, and gives them the chance to say whether they want it used for some oth­er pur­pose. Can’t move for­ward until that happens. 

And that is a way I think that peo­ple will have to take the respon­si­bil­i­ty of mak­ing those kinds of deci­sions. And to me it seems like a much more mean­ing­ful con­sent pro­vi­sion than a lot of the con­sent pro­vi­sions that we cur­rent­ly have writ­ten into the law which we fought very hard for, which talks about how notice has to be con­spic­u­ous. That is has to be writ­ten in large let­ters at the bot­tom of the page, even if it’s on Page 8

There is a pro­gres­sion, I would say, in the last few years. An under­stand­ing at least in the pol­i­cy area, that what we need to do is to pro­tect trans­ac­tion records to a greater extent than we have. And that as trans­ac­tion records are look­ing more and more like con­tent in terms of the sen­si­tiv­i­ty of the infor­ma­tion; in terms of how much trans­ac­tion records reveal about indi­vid­u­als; how much per­son­al­ly iden­ti­fi­able infor­ma­tion is con­tained in a trans­ac­tion record; that we are talk­ing about greater legal pro­tec­tions on that information.

One of the things that I’ve always found iron­ic is that when the FBI see a piece of pri­va­cy leg­is­la­tion mov­ing through the Congress or they even hear that it’s a pos­si­bil­i­ty, they of course react and they do their job and they say that pri­va­cy is a ter­ri­ble thing because they won’t be able to get access to infor­ma­tion about peo­ple who might be ter­ror­ists or child kid­nap­pers. And one of the argu­ments that they always make when they say that they should have access to infor­ma­tion, even if we restrict the pri­vate sec­tor’s the use of the infor­ma­tion, is, Everyone else is going to have access to it except us. Everyone else can have access to this per­son­al infor­ma­tion except the FBI, does­n’t that seem crazy to you?” 

And if any of you are with the Bureau here I have to say as I’ve said to you before that it seems like the most…outrageous argu­ment. Because of course that’s what our Constitution is about. That we have pro­tec­tions for the indi­vid­ual as against the gov­ern­ment. That it is exact­ly the FBI who should not be get­ting per­son­al infor­ma­tion. [laugh­ter; applause] But this is not a radica—I mean this is an idea that’s been around for a long time. It’s just there’s a process of edu­ca­tion that has to hap­pen every time we look at a piece of pri­va­cy legislation. 

But where we have pri­va­cy leg­is­la­tion that cur­rent­ly restricts the gov­ern­men­t’s access, such as the Right to Financial Privacy Act, or the Fair Credit Reporting Act, bug allowed the pri­vate sec­tor to use it, then we have some oth­er prob­lems. And I think this is where what we’re talk­ing about is not nec­es­sar­i­ly the kinds of Fourth Amendment abus­es that we see with the gov­ern­ment but an issue about loss of indi­vid­ual control. 

And I don’t— Well, I have often said that I think that the line between the gov­ern­ment and the pri­vate sec­tor is blur­ring and that is true as we’ve seen with the IRS recent­ly pub­lish­ing a notice in the Federal Register that they want to get access to direct mar­ket­ing lists, and pub­lic— They want to use pub­lic records in order to devel­op pro­files on tax fil­ers. And so there real­ly is a blur­ring of the line. 

But there are seri­ous con­se­quences, from how information—personal information—is used in the pri­vate sec­tor. And that if peo­ple don’t have real choice as to how that infor­ma­tion is used there can be con­se­quences in terms of loss of jobs, in terms of loss of cer­tain benefits—government ben­e­fits, in terms of not hav­ing access to cred­it. Which is for most peo­ple an impor­tant thing. 

But the oth­er con­se­quence which is very hard to mea­sure, prob­a­bly impos­si­ble to mea­sure, is that when peo­ple don’t have con­trol over infor­ma­tion about them­selves, then there’s a loss of indi­vid­u­al­i­ty, a loss of auton­o­my. And that peo­ple are reluc­tant to make cer­tain choic­es, to engage in cer­tain kinds of activ­i­ties, if they think that some­one is going to get access to that infor­ma­tion, if they think that they’re being watched. There’s a quote from law review arti­cle writ­ten by the late Ed Bloustein where he said a watched soci­ety is a con­formist society. 

And I think that’s very rel­e­vant here. That peo­ple are ret­i­cent to step for­ward, engage in cer­tain kinds of activ­i­ties, if they are always wor­ried about who’s going to see what they’re doing, who’s going to know about what they’re doing and that they don’t know about it. That it engen­ders a cer­tain para­noia, not just among peo­ple who have worked for or belong to the ACLU, but I think in the gen­er­al population. 

And that one of the rea­sons that a num­ber of pri­vate com­pa­nies have sup­port­ed pri­va­cy leg­is­la­tion in the past, and ardent­ly sup­port­ed the leg­is­la­tion, is because there is an eco­nom­ic con­se­quence to there not being strong pri­va­cy pro­tec­tions. That if peo­ple are ret­i­cent to step for­ward, if they are ret­i­cent to use new tech­nolo­gies, if they are ret­i­cent to use new ser­vices, or any ser­vice for that mat­ter, then the busi­ness com­mu­ni­ty suf­fers as well. That they want peo­ple to have con­fi­dence that the infor­ma­tion that they give, and the kinds of infor­ma­tion that are col­lect­ed about them…whether they give it will­ing­ly or not, will be protected. 

The crit­i­cal issue here obvi­ous­ly is the sec­ondary use of infor­ma­tion. And one of the things that we also hag­gle over is…expecta— You know, when talk­ing about sec­ondary uses what is the expect­ed use? And that needs to be spelled out in terms of notice. But I can tell you one thing that isn’t an expect­ed use… The online ser­vice providers came under a quite a bit of heat last year when con­gress­man Ed Markey…not through a whole lot of pret­ty intense inves­tiga­tive work, he read the DM News, Direct Marketing News, which I have learned a while ago is the very very very best source for fig­ur­ing out what the mar­ket­ing indus­try it’s up to and I keep think­ing at some point Ron is gonna advise them that they should either have a com­plete­ly secret list, or they should encrypt all of their their ads. 

America Online had an ad in the DM News in September of 94, brag­ging about the fact that they had a mil­lion active mem­bers grow­ing fast. It’s hot. Test the direct mail respon­sive­ness, mem­bers of the nation’s fastest-growing provider of online ser­vices today. That they were sell­ing infor­ma­tion about their mem­bers. About their gen­der, their income. Their home and busi­ness address­es. Their chil­dren by age, oth­er kinds of per­son­al infor­ma­tion. I would say that this was not an expect­ed, or a relat­ed use, of sub­scrip­tion lists. And it was­n’t just a ques­tion of the sub­scrip­tion list, it went far beyond that and gave very detailed per­son­al information. 

So Markey said to the ser­vice providers, Does any­one here have a set of pri­va­cy guide­lines? Does any­one here tell sub­scribers that this is what they’re doing with the infor­ma­tion about how they’re using this ser­vice, and oth­er infor­ma­tion, and give them a chance to say, I don’t want it used for that?’ ” Is it real­ly choice when you’ve got three major ser­vice providers who are engaged in this kind of activ­i­ty?” And not all of them were to the same extent. They had vary­ing degrees of pri­va­cy intrusion. 

Probably what’s going to hap­pen is not a whole lot of any­thing in terms of leg­is­la­tion in this area, but it has cre­at­ed a greater respon­sive­ness, a greater aware­ness, that peo­ple don’t want to have per­son­al infor­ma­tion about them used like this with­out them hav­ing any knowl­edge and with­out them hav­ing a chance to stop it. 

So I would say that we are in a time of incred­i­ble oppor­tu­ni­ty and pos­si­bil­i­ty with the tech­nol­o­gy. That while the tech­nol­o­gy cer­tain­ly—and you’ve heard me say this before, prob­a­bly. But the tech­nol­o­gy cer­tain­ly does present incred­i­ble oppor­tu­ni­ties for abuse of per­son­al pri­va­cy. But that in some ways I think it offers even more oppor­tu­ni­ties for peo­ple to pro­tect their pri­va­cy. For peo­ple to make greater, more informed, and more sophis­ti­cat­ed choic­es about how they want infor­ma­tion used. And for peo­ple to have greater con­trol over not only infor­ma­tion about them but over how they’re seen in their com­mu­ni­ties. Over what want peo­ple to know about them and when. And essen­tial­ly how they want to project them­selves into the com­mu­ni­ty that is a crit­i­cal aspect of pri­va­cy. It’s a crit­i­cal aspect of auton­o­my. And I’m hop­ing that as the tech­nol­o­gy devel­ops a lot of these issues will be moot and peo­ple will just make the choic­es as they move along. Thanks. 


Westin: We’re now going to present a series of ques­tions to our two con­sult­ing lawyers, who we hope will present dif­fer­ent view­points. First of all let me ask, we heard at lunch for exam­ple an excel­lent pre­sen­ta­tion about prop­er­ty and prop­er­ty as a way of orga­niz­ing rights in the intel­lec­tu­al prop­er­ty area. As far as con­sumer trans­ac­tion records are con­cerned, is it use­ful to define who legal­ly owns these records? Or if not is there some oth­er way of assert­ing con­sumer inter­est in pri­va­cy oth­er than the own­er­ship right? And I’ll Ron to start, and then I’ll ask Charles Marson. 

Ron Plesser: I don’t think… The answer’s no. I don’t think the prop­er­ty analy­sis works at all in pri­va­cy. I don’t think it, as we heard at lunch, it prob­a­bly will not work very well in intel­lec­tu­al prop­er­ty. But I think over the years back in the Privacy Commission look­ing [?], the prop­er­ty con­cept is a dan­ger­ous one because it’s usu­al­ly one that us lawyers look at prece­dent and case law. And I think if you look at prece­dent and case law on the prop­er­ty issue in the pri­va­cy con­text, the list own­ers win. I mean I don’t think there’s much ques­tion about that. I’m always very con­fused about why advo­cates talk about you know, cre­at­ing the own­er­ship con­cept as a way to con­trol data for con­sumers. It seems to me that that one is not going to work very well. Because first of all the prop­er­ty inter­est in a list or in infor­ma­tion has tra­di­tion­al­ly been a busi­ness asset of the per­son who’s col­lect­ed or put the effort into cre­at­ing it. In say­ing that, I don’t think at all that that negates the inter­ests of the per­son about whom the infor­ma­tion relates. And going back to the Privacy Commission times and in the mod­ern age, we have tried to devel­op inter­est for con­sumers in infor­ma­tion, and so that they should have assertable, enforce­able rights in cer­tain cir­cum­stances that we could go through. 

One of the over­all issues I want to talk about is a sense, Alan, that I think you see us going into the NII, and that means every­thing has to be treat­ed the same because of the kind of a mix­ing bowl effect of online providers. I con­tin­ue to kind of dis­agree with that. I con­tin­ue to think that sen­si­tive infor­ma­tion or how we treat infor­ma­tion is real­ly rel­a­tive more to the nature of it. If you try to choose and pull togeth­er infor­ma­tion, you may be sub­ject to the high­est stan­dard. But that peo­ple should be giv­en the oppor­tu­ni­ty… One of the best doc­u­ments that I think has come out in a long time is a project that Esther Dyson and Janlori Goldman, with some input from oth­ers of us on the out­side did in the National Information Infrastructure Advisory Council. And I think what they’ve come up with is a very good con­sen­sus doc­u­ment. It does­n’t make any­body com­plete­ly hap­py on either side but one of the last sen­tences of the pre­am­ble says the appli­ca­tion of pri­va­cy prin­ci­ples may dif­fer accord­ing to the type of infor­ma­tion being con­sid­ered and the nature of the rela­tion­ship between providers and users. And I think it’s that kind of analy­sis, to look at the nature of the rela­tion­ship rather than try­ing to to get stuck on old prop­er­ty right inter­ests, that is helpful. 

Westin: Charles, do you agree or disagree?

Charles Marson: I most­ly agree although I’d put a slant on it that you or Ron might call cyn­i­cal. I think that it’s use­ful to ask who owns these records to remind our­selves that we don’t. It’s use­ful to remem­ber that the basic legal rule is that the own­er of the record is the third-party busi­ness that you do busi­ness with and not you, and that as we’ll see in a minute explains why you have so very few rights, for the most part, when some­body goes look­ing at those records. Usually you don’t even know about it till after it’s hap­pened and until it’s used against you. 

It’s also a good bench­mark from which to start. I think if you ask the ques­tion who owns these records?” you have a place from which you can begin to dis­cuss what’s impor­tant about pri­va­cy. I think if you stop at the ques­tion of who owns these records, you’re talk­ing a 19th cen­tu­ry solu­tion to 21st cen­tu­ry problem. 

Let me give you an extreme exam­ple to bring it home. Let’s sup­pose that you’re a male and you’re HIV pos­i­tive. Or let’s sup­pose that you’re a female and you’ve had a ther­a­peu­tic abor­tion. Now, there’s no doubt that your doc­tor and your hos­pi­tal and your health insur­er, and not you, own those records. Is there any­one here who would say that they there­fore could pub­lish them on the front page of The New York Times? I don’t think so. And I think laws in all fifty states would inter­rupt that kind of behav­ior, and for good rea­son. The good rea­son being that we’ve seen past own­er­ship into oth­er kinds of val­ues, for exam­ple the sen­si­tiv­i­ty of the var­i­ous records that Ron men­tioned. So, own­er­ship is a start­ing point to remind us where we need to go, and maybe where we used to be, but beyond that it’s useless. 

Westin: Ron, do you want to add something?

Plesser: Before we go on to the next ques­tion I… The own­er­ship issue also gets very com­plex in this new online world. And it’s not the own­er­ship inter­est of the con­sumer against the per­son with whom they do busi­ness. It’s the per­sons who do busi­ness. There’s not one per­son, there’s a com­mu­ni­ca­tions carrier—who may or may not be a com­mon car­ri­er, it may have some pro­pri­etary inter­est in the trans­ac­tion­al records. There’s Internet providers. There are peo­ple who are actu­al­ly sell­ing the prod­uct. There are list ful­fill­ment peo­ple, and then the cred­it card com­pa­nies. There could be— No one has done kind of a chart of this, but I mean just off the top of your head there’s prob­a­bly five or six dif­fer­ent enti­ties that are han­dling per­son­al infor­ma­tion as it goes through the sys­tem. And the debates on who owns the data exists often between them. 

Now, in most cas­es that gets resolved my con­tract, and that usu­al­ly relat­ed to the pow­er of the spe­cif­ic insti­tu­tion. But those are the real bat­tles that we see I think going on akin to the intel­lec­tu­al prop­er­ty issues, in terms of real­ly whose cus­tomer are you? Are you American Express’ cus­tomer? Are you the Internet access provider’s cus­tomer? Are you the long dis­tance com­pa­ny’s cus­tomer? Are you L.L.Bean’s cus­tomer? Who’s cus­tomer are you? Who has that kind of pri­ma­ry or lead rela­tion­ship, or does every­body have kind of equal dibs to the infor­ma­tion? And those are issues that I think the indus­try and the con­sumers need to work out as well.

Westin: Okay. Let me go to the sec­ond ques­tion. We’ve already had some dis­cus­sion about pos­i­tive con­sent on the part of con­sumers to the ways in which their inter­ac­tive trans­ac­tion records would be used. Let me start with Charles now. What kind of con­sumer con­sent do you believe should be required and is this going to be some­thing that would be set by law, or is this some­thing that you would look to orga­ni­za­tion­al pol­i­cy to set?

Marson: I would strong­ly urge orga­ni­za­tions to set this pol­i­cy before Congress does it for them. We usu­al­ly know what the result of the lat­ter kind of behav­ior is. 

I sup­pose that in Janlori’s terms I’d be a part of the opt-in com­mu­ni­ty, although I could cer­tain­ly see an argu­ment that if my own ser­vice provider wants to use infor­ma­tion about me to mar­ket to me maybe an opt-out sys­tem would be alright. But I’m strong­ly influ­enced by Janlori’s oth­er argu­ment, and I agree with it com­plete­ly that the tech­nol­o­gy that we’re talk­ing about here is blur­ring the dif­fer­ence between opt-in and opt-out, because of the screens that we can say yes” or no” to when we sign onto the service. 

I think it’s prob­a­bly less impor­tant to say opt-in or opt-out than to say in or out of what? In or out of some vague promise that your infor­ma­tion will be used in some way com­pat­i­ble with the pur­pos­es for which it was orig­i­nal­ly col­lect­ed? Well, in my mind that’s a weasel word that does me as a con­sumer no good at all. It’s been cen­tral to the biggest hole in the Privacy Act for twen­ty years, and you can count the num­ber of court deci­sions that have been enforced on your fin­gers with­out ever get­ting to your thumb. That is— That kind of— I don’t need to opt in, I would opt out of a pro­tec­tion like that. 

I think that any agree­ment that is made between the con­sumer and the ser­vice provider ought to be clear and very spe­cif­ic as to what infor­ma­tion is going where. It ought to be easy to do. It ought to be on the screen, or it ought to be at least on an 800 num­ber, or on some form that you have to fill out any­way. It cer­tain­ly should not be buried down in six-point type at the hun­dred and thirty-third page of your prod­uct man­u­al, order­ing you to write a let­ter to some place in New York. It ought to be set up in such a fash­ion that it’s obvi­ous­ly easy to do, that they real­ly want you to choose instead of hop­ing that you’ll default and do absolute­ly nothing. 

And the final thing I want to know, if I’m opt­ing in opt­ing out, is whether the pro­tec­tions that the com­pa­nies are offer­ing me are mean­ing­ful at all. Let’s say they want to sell my infor­ma­tion to some sec­ondary mar­keter and they’ll say, Oh this is great for you Marson. Now you’ll get all these spe­cif­ic cat­a­logs about the things that we know real­ly inter­est you.” Okay. And we have an agree­ment with the sec­ondary mar­ket and it says it’ll only be used for pur­pos­es of mar­ket­ing to this guy Marson and for noth­ing else.” Great. 

So, they get the infor­ma­tion, the sec­ondary mar­keter imme­di­ate­ly sells it to some ter­tiary mar­keter, who shows it to a prospec­tive employ­er or a health insur­er or the gov­ern­ment or some­thing like that. And I go to my ser­vice provider and say, What’s going on here? You promised me it was con­fi­den­tial,” and they say, Well it says right here in our con­tract with these oth­er guys they’re not sup­posed to use it for that.” 

If that’s all that they’re promis­ing me, I want to opt out of that too. I want to know whether their agree­ment is enforced and enforce­able with these sec­ondary users. Whether there are audit trails. Whether there are audits that fol­low up on those audit trails. Whether they do any­thing about vio­la­tions or whether they per­mit me to do any­thing about vio­la­tions. And absent that kind of spe­cif­ic infor­ma­tion my ques­tion is opt in or opt out of exact­ly what? 

Westin: Ron?

Plesser: Well, we do have some­thing to argue about, I guess. That’s good. 

First of all I’m gen­er­al­ly known I’m sure as Mr. Opt Out. And I feel strong­ly about that but not for every­thing. And I think that’s impor­tant to say. I think that if you’re talk­ing about med­ical records infor­ma­tion, if you’re talk­ing about finan­cial trans­ac­tion infor­ma­tion, then I think that addi­tion­al con­trol is war­rant­ed and indeed impor­tant. But if you’re talk­ing more about sub­scriber lists or mail­ing lists or infor­ma­tion that you sub­scribe to a mag­a­zine or gave to a char­i­ty, that real­ly does not have much detail infor­ma­tion I think an opt-out is appropriate. 

I think there’s also a sep­a­rate ques­tion about when the infor­ma­tion comes from a pub­lic record. That’s a debate that…I was in front of Congress last year in con­nec­tion with the motor vehi­cles bill. And it’s also a ques­tion that I think we will recur­rent­ly as to how pub­lic record infor­ma­tion can be used and what are the right of a con­sumer. Again, that kind of response to it, it gets sil­ly wor­ry about prop­er­ty inter­ests if you’re talk about pub­lic records. You’ve got to talk about cre­at­ing enforce­able interests. 

The one area that I think I dis­agree with, and maybe I don’t want to take this into too deep a con­ver­sa­tion on legal tech­ni­cal­i­ties. But we always talk about sec­ondary use. And I think what Chuck was say­ing, the con­tracts of peo­ple who’re using it… One of the prin­ci­ples that has been recur­rent in all of the laws that’ve passed so far in the advi­so­ry com­mit­tee report that recent­ly came out is that infor­ma­tion that’s inci­dent to the ordi­nary and acknowl­edged course of busi­ness. And the advi­so­ry com­mit­tee added the word acknowl­edged” to course of busi­ness, to that kind of gen­er­al phrase. Which I thought was a good addi­tion. But that you don’t, I think, need some­body’s con­sent to com­plete a trans­ac­tion that they’ve asked you to start. I don’t think you need some­body’s con­sent to…if you’re going to have a ful­fill­ment house send out a cable mag­a­zine, I don’t think you need their con­sent to do that. I think that you do need con­tracts. You need to have your agents and oth­er peo­ple sub­ject to con­trol if there’s a bad debt if some­body’s ordered some­thing from you and not paid. I don’t think you need con­sent to go to a col­lec­tion agency. I think that’s inci­dent to the use. I think that’s an impor­tant con­cept. I don’t want to kind of drag it into that detail but I think the inci­dent use… 

And I think it is a good idea to have the ordi­nary course records acknowl­edged. I’ve spent a lot of time over the last cou­ple of years craft­ing notices under the cable act, and we are quite care­ful about what we say in those notices to make sure that an inter­est­ed con­sumer can read them and get a fair amount of knowl­edge. There’s been some lit­i­ga­tion involved in that that has giv­en the indus­try a fair breath of of how they com­ply. But there’s also the threat of lit­i­ga­tion, the threat of com­pli­ance. And I think those state­ments work. 

I think by and large opt-out has worked. It’s been a process that has worked for most of the leg­is­la­tion that we’ve seen. There is also leg­is­la­tion in the health­care and oth­er areas that should have affir­ma­tive con­sent. Affirmative con­sent is an impor­tant con­cept. But I don’t think we can treat every­thing the same and we have to look at dif­fer­ent rela­tion­ships and cre­ate dif­fer­ent answers. 

If we’re talk­ing about NII… I mean, I ask you, and this is… I’ve been to four out of five of these con­fer­ences and I know what comes next, you know. I know the ques­tion­ing peri­od and the nature of this. And I would— I mean, I want—

Westin: You’re in big trou­ble, Ron. 

Plesser: I under­stand that. I mean, I’m going to put the micro­phone back in front of my face. 

The the ques­tion is, what is the impact of affir­ma­tive con­sent and those kind of rules under trans­fer­ring of infor­ma­tion through the Internet? What is the bal­ance that we need to cre­ate in terms of cre­at­ing a free flow of infor­ma­tion. If I write Jan a let­ter that had some per­son­al informa—an email, can she she for­ward it, can she copy it to oth­er peo­ple? Does she need my con­sent to do that? What if it’s a busi­ness rela­tion­ship? If General Magic has some infor­ma­tion on me and it is for­ward­ed through the process. Where do we do this bal­ance? I don’t have those answers, and I hope maybe we get a lit­tle feed­back and not toma­toes on that. 

Westin: Chuck has asked for an equal right of reply to your mak­ing anoth­er com­ment on the first ques­tion. So he gets one.

Marson I think that we should be care­ful about assum­ing that the pri­va­cy cal­cu­lus and the pri­va­cy impli­ca­tion of a par­tic­u­lar datum is con­stant no mat­ter what’s done with it. I think we have to be sen­si­tive to the fact that it may be triv­ial in terms of pri­va­cy in one con­text and very dam­ag­ing in anoth­er. When you go to the super­mar­ket and you scrape your stuff across the the bar graph read­er, and and the bar graph read­er is sold to the mar­keter who sends you a cat­a­log because of your tastes, that’s not a par­tic­u­lar­ly big deal. 

But if it’s resold to some­body who gives it to your prospec­tive employ­er and health insur­er and they sit around they say, Gee, look at all that cream. Look all that but­ter. Look at all that booze… I don’t know about this per­son.” And if it gets into the hands of your angry spouse’s divorce lawyer dur­ing a peri­od of sep­a­ra­tion and celiba­cy, and they say, Well look at all this con­tra­cep­tive stuff, look at all these con­doms,” I mean, it can have a dif­fer­ent impact depend­ing on who’s look­ing at it and for what pur­pose. You just can’t say this is triv­ial, this isn’t very impor­tant, but this is a med­ical record and there­fore it needs high degree of pro­tec­tion. These things are contextual. 

Westin: Okay, it’s the per­fect segue to our third ques­tion. So far we’ve been talk­ing pri­mar­i­ly about com­mer­cial use, but what about the gov­ern­ment? As you well know, at what time OJ called any­body and from where is of great inter­est to the gov­ern­ment. Who did Ted Kennedy call from Chappaquiddick is of great inter­est to the gov­ern­ment. And so the third ques­tion is what rules would you want to pro­vide for gov­ern­ment access to inter­ac­tive trans­ac­tion records? Are the present rules ade­quate? Are the reme­dies ade­quate? How would you treat the gov­ern­men­t’s abil­i­ty to use legal process to get the infor­ma­tion that comes across the inter­ac­tive ser­vice’s trans­ac­tion record? Ron, we’ll let to start.

Plesser: Well let me say that the exam­ple the Jan said before in terms of the IRS… As as she knows, the Direct Marketing Association was one of the first if not the first orga­ni­za­tion to scream about that and to bring it to the atten­tion of the press and a lot of oth­er peo­ple. And that is a prac­tice that is very dis­qui­et­ing in terms of using mar­ket­ing lists, or any kind of com­mer­cial list, for law enforce­ment pur­pos­es. One, they’re not accu­rate, for any­thing like that lev­el. Two, they’ve nev­er been com­piled for the pur­pos­es of admin­is­tra­tive action, and for them to be used for admin­is­tra­tive action is I think improp­er and the indus­try has worked very hard to resist that. 

ECPA was— The Electronic Communications Privacy Act was passed with the sup­port of indus­try because it was a great con­cern in 1988 that peo­ple would not use the sys­tems that were being devel­oped if the gov­ern­ment could kin­da sashay in and get either the con­tent, and to a less­er extent the trans­ac­tion­al information. 

That law was made even stronger last year, and I know we’ll get boos and hiss­es here when I men­tion the Digital Telephony statute which oth­er­wise was an awful statute. I’ll hiss with you. It was an awful statute, but the one thing that is in there that is good is that it beefs up the require­ment for a gov­ern­ment to…the fed­er­al gov­ern­ment must get a court order before they can get not just the con­tent of a com­mu­ni­ca­tion but also the trans­ac­tion­al infor­ma­tion relat­ed to that con­tent. And I think that was a very impor­tant action. The entire issue of gov­ern­ment access I think is very seri­ous. The law that we have in ECPA on com­mu­ni­ca­tions is pret­ty good. There’s a part in the Exon Amendment that changes it in a way that no one is very clear about. It adds the word dig­i­tal” between wire” and elec­tron­ic” and I think we’re all con­cerned about what impli­ca­tions that will have. I think that is a very pos­i­tive law in gov­ern­ment access. And I hope we can con­trol and con­tin­ue to con­trol gov­ern­ment access to the elec­tron­ic networks. 

Westin: Charles, you get the last word on this. 

Marson: The laws about gov­ern­ment access to these kind of records are dis­mal­ly bad from the point of view of the con­sumer. With few excep­tions the gov­ern­ment goes to the hold­er of the record, gives them some sort of legal process which the hold­er puts in the file, gives the record to the gov­ern­ment, and the sub­ject of the record nev­er hears about it until lat­er on if there’s a pros­e­cu­tion or some kind of action. To cut out of the trans­ac­tion the one per­son who cares seems to me to deserve the descrip­tion dis­mal.”

When Congress does pass laws to try to improve on this sit­u­a­tion it usu­al­ly fails. Eighteen years ago and did it for your bank checks. And it made this elab­o­rate sys­tem of notice that if the gov­ern­ment, with some excep­tions, was going to look at your bank checks you were gonna get notice and a chance to resist. 

But they also wrote in a sub­stan­tive stan­dard into the law, which was that the gov­ern­ment was going to win when­ev­er the infor­ma­tion was rel­e­vant to a legit­i­mate law enforce­ment inquiry,” which is about as min­i­mal a stan­dard as you can imag­ine. And there are two, pre­cise­ly two, cas­es in the last eigh­teen years stop­ping the gov­ern­ment from get­ting checks under this law. I call that a failure. 

I think that short reten­tion peri­ods by peo­ple who obtain these records, and noti­fi­ca­tion to the con­sumer unless some court order or act of Congress pro­hibits it, would go a long way toward improv­ing the con­sumer’s sit­u­a­tion. But it still isn’t gonna get very good. 

Westin: Okay. We’re now going to ask Janlori and Michael if they’d like to make a com­ment on any of the ques­tions that’ve been made, and then we’ll invite you to come to the micro­phones for the last fif­teen min­utes of our session. 

Janlori, can you con­tain your­self to a comment?

Goldman: For a long time I have been con­fused about this debate about ownership. 

It does­n’t work in a pri­va­cy envi­ron­ment. People own infor­ma­tion about them­selves. It’s theirs. It belongs to them. And they don’t own it the way…you know, the hotel owns this glass or you know, the way I own my watch. They own it cause it’s a piece of them­selves. It rep­re­sent who we are, how we feel, what we think, what we buy, where we go, what we do…what orga­ni­za­tions we belong to. All kinds of things about us. We own that about ourselves. 

And I don’t under­stand why we talk about how peo­ple own the lists that they com­pile. They own the per­son­al infor­ma­tion on the list that they com­pile. It does­n’t make any sense when you’re talk­ing about rights. We’re not talk­ing about own­er­ship of things, we’re talk­ing about own­er­ship of infor­ma­tion about peo­ple. And that if we’re going to talk about own­er­ship then we should talk about it terms of peo­ple own­ing the infor­ma­tion about them­selves, and allow­ing it to be dis­closed—that they’re giv­ing it in order to get some­thing back. But that that should­n’t be the loss of their privacy—the loss of con­trol over that infor­ma­tion should­n’t be the price of them get­ting a cer­tain ser­vice or get­ting a cer­tain prod­uct or get­ting a cer­tain ben­e­fit from the gov­ern­ment. And that is what we talk about when we talk about legally-enforceable expec­ta­tions of pri­va­cy. And I don’t think that this oth­er con­ver­sa­tion about own­er­ship is use­ful at all except to cre­ate a los­ing sit­u­a­tion for indi­vid­u­als. [applause]

Westin: Michael?

Stern: I think I have some­thing was con­tro­ver­sial, or at least…or will lead to less applause than that. The whole notion about opt­ing in and opt­ing out is too blunt an instru­ment, and third-generation agent-based net­work­ing tech­nol­o­gy for exam­ple will let the con­tex­tu­al­iza­tion that you were talk­ing about take place on a datum-by-datum basis. That’s the whole point. So I mean, I think in some ways tech­nol­o­gy’s mak­ing some of the con­ven­tion­al cat­e­go­riza­tions that we do increas­ing­ly irrel­e­vant. That’s both a great oppor­tu­ni­ty and a great risk. 

Westin: Thank you all very much. Our time is up.