Alan Westin: Afternoon. My name is Alan Westin. I’m a professor of public law and government at Columbia University, publisher of Privacy & American Business, which is a national newsletter that covers the consumer and employee issues of privacy that are involved in the activities of American business.
I’m going to introduce the panel at the end of my introductory remarks. I remember Adlai Stevenson having said once that an introduction should bear the same relationship to the subject as a fan does to the fan dancer. That is it should go before the subject but not attempt to cover it completely. And I intend to leave plenty of revealing parts for our panelists, but I do want to try to give you some historical and political perspective on the issue, and hopefully sharpen up the issues that they’ll comment on.
First of all, let’s recognize that the privacy of transaction records is not a brand new issue at all. We have many decades of experience, and I think it helps to understand that we have two types of consumer transaction records that we’re talking about.
First where the consumer has a direct and contractual legal relationship with the organization that’s compiling the records. This is the way we think of bank accounts, and credit cards, insurance records, retail records, and other kinds of service providers—often quite sensitive information involving medical and health affairs and so forth. Our telephone records, our subscription records to publishers of various kinds, cable TV and so forth. In all of these we generate records. The records are preserved for various periods of time. They contain, in varying degrees, quite important sensitive and delicate information.
The other type of transaction records are where the consumer does not have a direct relationship with the record collector and user. But various services are put together for business and governmental use, drawing upon the basic transaction records. Two very good examples are credit bureaus, which take transaction records from all the people that we have direct relationships with and create an independent record that then is used for making risk assessments of various kinds. As consumers we do not have a legal relationship with the three national entities—for example TRW, Equifax, and TransUnion—but our transaction records are there and various kinds of organizational and legal rules give us rights of notice, access, correction, etc.
Another good example is direct marketing records, which are compiled by people who make up lists with various names, addresses, and characteristics which they do not themselves generate in a legal direct relationship with us but they get from people who picked up those names and addresses because of our transactions with other parties.
Having described then the fact that we’ve been collecting records like this for an awful long time and that the privacy issues are important but not brand new, it’s also important to identify a couple of the historic trends with which these records have been managed. And there are three of them that I’d like to point out.
First that in these kinds of transaction records it’s almost always been the rule that names and identities are attached to the record and preserved, often for long periods of time. Anonymous and transaction records have not been linked together in the past world of transaction records.
Secondly, compartmentalization has been the great protector of privacy in many many aspects in these previous record systems. Meaning that there were arrangements we had with our healthcare provider, our bank, our cable TV company, that were based upon a reciprocal, specific relationship: we gave information relevant for that purpose and it was bounded by and used within that kind of sector or particularly‐defined relationship.
And third, our rights in those systems tended generally to be defined by law as a sector law. So we think about the Federal Communications Act, the Fair Credit Reporting Act, the Bank Secrecy Act, the cable act, the video rental privacy act, the Digital Telephony legislation. It all sort of focused on a particular industry and the information bargains, rights, responsibilities that that particular sector had amassed.
With that in mind, though, let’s look at the new world it’s unfolding with transaction records. The new world has increasingly sensitive and increasingly attractive records to a variety of users, governmental and business and not‐for‐profit. But, something is happening here which is really why we’re talking about it today.
First of all with dissolving the compartments. We’re tremendously concentrating records from different compartments or sectors into what could be unified records. Financial records are on the online and Internet‐type systems—interactive service systems. So are our political and charitable contributions, potentially. Our shopping for goods and services. Digital and voice communications that we engage in. Credit histories and consumer profiles that will be generated from our use of the systems. And all of this will be in the hands of the managers of the new interactive services.
And who are the managers? They’re not any longer from any one sector. It’s not your friendly bank; it’s not your telco; it’s not your publisher of your New York Times, Washington Post, LA Times. It’s a new business entity, which may be funded by a lot of these players, but it is a standalone, new type with no ethical and professional tradition in the relationship of how they handle the information. A new crowd without an historic anchor for their relationship with us as consumers.
Finally, in the Internet and other environments there are no norms at all. We don’t have laws, we don’t really have much by way of tradition as to information providers and how they handle the information. And so, there’s an even less-structured environment in which our transaction records are potentially acquired.
On the other hand before we get entirely pessimistic, what’s different I think about the interactive services environment is that it offers some exciting new tools, if we wish to use them, to define and assert certain privacy rights, including some very large new rights that were just not technologically possible before. And the panel will be talking about this but let me just mention a few.
There’s obviously the ability to have anonymous and pseudonymous communications if we mean to. The use of information agents that go out and seek and acquire information from us but potentially leave no audit trail and create no transaction records. The potentiality of cryptography to make the content of a record protected even if the time and location may not necessarily be protected—although that can be too, as we know. And finally, some potential of the systems to offer a sign‐on or sign‐up procedure which solves the opt‐in/opt‐out problem because people can be served with notice and they can be asked that if they proceed these are the rules of the game. And there may be ways if we wish to, and others on the panel will discuss this, to create a dynamic interactive environment on privacy as well as for goods, services, information, and communication.
Now what does the public think about this? Fortunately we know something about that. In your proceedings you’ll find under the session here, the report of a national survey that Privacy & American Business commissioned from Louis Harris and Associates, asking the public how it felt about these issues.
What we found is a very high enthusiasm for having information services from the home, whether it’s by cable or by computer device, with 52% of the public going on to say that they would find it attractive to have information put onto their screen based on a subscriber profile of the way in which they were using the service. But immediately, 51% of the public says that they would be concerned about the rules by which that subscriber profile would be compiled and presented to them. They are very concerned about the privacy issues, and when we asked in the survey what kind of safeguards the public would want, roughly three out of four members of the public signed on to the four basic fair information practices rules of advance notice, control over what information is presented, access to the file to check and correct it, and the ability to opt out and control the use of the information.
So, right away we know that the public is interested, concerned about privacy, understands what the rules of the game are, and in what I think is the most interesting finding of the survey, the people who are most interested in using interactive services are the ones who are most concerned about privacy. So the best customers are the most privacy‐minded. A wonderful message to send to the service providers lest they forget that their best clientele happens also to be the most privacy‐concerned.
The issues that our panel are going to be talking about are what kinds of information do service providers need to acquire on an identified basis in order to operate? What can they get away with not collecting? Can they segregate information by sensitivity? What kind of consumer consent and agreement are going to be built into systems, or should be built into systems? What kind of access rights third parties will have—business, government, and others who would like access to information. And are the existing laws and rules that we have adequate or do we need to think about a new structure of legal rules as opposed to the new technological opportunities that I sketched.
We have an outstanding panel to talk about these things, and let me introduce them briefly to you. The way we’re going to have this is first we’re going to have two general presentations, and then we’re going to have two lawyers debate some of the legal issues.
First we have Michael Stern (also a lawyer but not here in his legal debate role) who is a former English professor and journalist who became a lawyer, practiced from 1983 to 1991 when he joined General Magic, and now deals with the wide range of intellectual policy and technology issues that the firm has in the marketplace.
And then there’ll be Janlori Goldman, Deputy Director and cofounder with Jerry Berman of the Center for Democracy & Technology in Washington, a public interest group that wants to address all of the issues of participation, rights, equity, etc. in the new technology world. Formerly, Janlori was the Director of the ACLU’s privacy and technology project in Washington DC.
Our lawyers will be Ron Plesser, a partner in the Washington law firm of Piper & Marbury, specializing in privacy issues for many industries like telecommunications, media, direct marketing and so on. Ron was formerly the general counsel in 1975 to ’77 of the US Privacy Protection Study Commission. And before that with the Center for Responsive Law as a freedom of information expert.
Charles Marson, who’s a partner in the San Francisco law firm of Remcho Johansen & Purcell. From 1968 to ’77 he was counsel with the American Civil Liberties Union of Northern California. He’s been an Associate Professor at Stanford, teaching courses on privacy and freedom of information. And now among other things he helps companies that are navigating the Internet to deal with the freedom of information, First Amendment, and privacy issues they encounter there.
So let me call first on Michael Stern.
Michael Stern: Thanks Alan, I’m glad to be here. And I plan to be very brief and to speak at a pretty high level. In some ways what I’m going to be talking are some of the enabling technologies that will make what our other panelists have to discuss either come true or be inhibited or prevented from coming to fruition.
My very brief overview is of two key concepts that I think the idea of an intelligent software agent can help make come true. One is the idea of turning the network or cyberspace in its entirety inside out by letting us project avatars of ourselves into the network to do things on our behalf while we have the time to do something else. And the other is the notion of democratization of surveillance technology, which can lead to more consumer control over information and more privacy protection.
I’m going to break all the rules of these things and start out by telling a joke, although I think the joke has some thematic relevance to what we’re talking about. Many of you may have already seen this one. I got a bunch of copies of it sent me over the Internet. It’s not a lawyer joke, which is what people usually send me but let me take a crack at telling it.
A young man is walking down the street and suddenly he hears a little voice saying, “Help me, please.” He looks down at his foot and there’s a frog there. The frog says, “I’m a beautiful princess, please kiss me and I’ll show you.” The kid doesn’t say anything, he just picks it up and puts it in his pocket.
Keeps walking down the road and hears a little voice coming out of his pocket saying, “Look, I told you I was a beautiful princess and if you just kiss me I would show you. Tell you what. If you kiss me I’ll stay with you for a week.” No response, the kid keeps walking.
The voice pips up out of the pocket again, “Look, I told you I was a beautiful princess. Not only will I stay with you for a week if you kiss me, I’ll grant every wish you have before I leave.” No comment, kid keeps walking.
Finally the voice pipes up in great exasperation and says, “I told you I was a beautiful princess, I would grant your wishes. Look, I’ll marry you and stay with you forever, just kiss me.”
The kid finally pulls the frog out of his pocket and looks at it and says, “Look, I’m a computer programmer and don’t have time for personal relationships. But owning a talking frog is really cool.”
So, I come to you today as a man who’s in the business of selling magic frogs. But let’s call the frog an agent instead. What do we all have in common with the young programmer in the story even though most of us are not technologists? The thing we have in common is that our most precious resource is time. It’s not information, it’s time.
Which one of us has time for a personal relationship with the great sea of information that surrounds us? I certainly don’t. I mean, I try to read two daily newspapers, four weekly magazines, four quarterlies, a couple of books a month, etc. It’s just not possible for me to also use my two commercial online accounts and surf the net. So what I’m saying is, why not let your frog do it?
The essence of agency is the delegation of tasks. And mobile intelligent agents, which is the business that my company is in, make that a real possibility. I’m not talking about a more commonplace notion of resident software agents. And in fact the Foner paper in your proceedings, which is I think the very last paper, does a good job of describing more typical resident agent programs. They’re things like smart forms and templates that do low‐level things like you know, giving you shortcuts in a spreadsheet or a word processor, to user profiling to select things from news feeds and so on. What I’m talking about is something rather different, which is in our case an object‐oriented program that goes out into the network, navigates through various kinds of directories, queries various kinds of databases, and can engage in secure transactions on your behalf through use of authentications, encryption and so forth.
The key notion here in terms of turning the network inside out is the idea of a reverse RFP, or request for proposal. I project myself into the network, telling potential merchants and other service providers out there what I want, while protecting my privacy by refusing to accept solicitations from them I don’t want, and by not even contacting those people who I’m not interested in. Rather than having to get into my vehicle and drive out on the information highway or jack into the cyberspace and do it myself, my avatar does it for me. So I can project myself in the network without staying online.
The talents of agents are outlined in the the paper I put in the proceedings in a little bit more detail than I have time for here. But the kind of things that these intelligent agents can do is find things, notify you about things, and orchestrate a whole host of activities to create an end‐to‐end transaction or experience. For example find me tickets; find me information; find me—especially—directory information, and intelligent directories are a critical part of what I’m talking about, and again there’s a little bit more detail in the paper; notify me of a sale; notify me of a change in something, and that chance could be something like notify me if there’s a change in somebody’s web page because I care about it; notify me if there’s a change in a stock price; notify me if my plane is going to be late. The little device I have on the table there has a service in it that will reserve airline tickets for me. The next stage of that is for it to post an agent in the SABRE database that can track flight times and page me (as I can do wirelessly on that device) and tell me whether or not my plane is on time.
And orchestrating all these activities into the kind of service that can fulfill my wants—I want X: you know, I want to buy tickets to a basketball game, reserve a dinner somewhere, and have it all done for me automatically to save my precious time, is the kind of thing that these mobile intelligent agents can do in the world of commerce. In the world information, they can go out and query everything from a chat group on an online service to the Library of Congress database and do some intelligent work for you while you spend your precious time doing something else.
How this relates to the questions that Alan raised, you know, the four basic privacy rights or concerns that consumers have about what kind of records they create when they engage in this kind of conduct through their avatars: lack of awareness about what data’s being collected about them; lack of access to that data; and lack of control over both who uses it and to whom that data is disseminated, can be addressed at least potentially by intelligent mobile agent software technology.
And again, one of the examples we talked about…my amplifying on, is the idea of an agent in General Magic’s technology this would be a telescript, a script that would go out into the network. In our framework you can instruct this agent to either not drop a logging record in certain locations so there will be no trace that it has visited there; or if it does leave a record, you are able to post something there that will notify you if that record changes or if it’s disseminated or its state changes in a particular way. So you can basically tell your avatar “Don’t go to that place if they demand that you drop a certain kind of record” that you’re not willing to drop. Or if you’re willing to drop the record you can at least stay in touch with who knows that information and what’s being done with it.
Agents can decline to interact with certain types of other agents, like people who are making solicitations trying to sell you something, trying to collect your name for dissemination you think is improper. They can decline to respond to certain kinds of inquiries and so forth. More importantly, and here’s what I mean by the democratization of surveillance: you could post an agent, theoretically, to watch user profiles in other databases about you, and again to do the same thing: to notify you when they change; to notify you when they’ve been accessed and by whom, and for what purpose and so forth. The permit and other authentication and security regimes built into our particular form of technology, which could be duplicated by others, permit all this to happen. And in turn, in creating and monitoring an intelligent directory, you could request that your agent be posted in a directory to screen access to your profile information and to only give certain parts of it to certain other agents, ones who have the right kind of permits or the right kinds of authorities to access that kind of information about you. This again is a reverse RFP process. You’re projecting yourself into the network so that most of the work is done for you in terms of what gets through to you to make a personal choice about.
You know, my favorite notion about the way technologies which right now are owned by large corporations which don’t have much feel for grassroots—one of our biggest shareholders is AT&T for example. If you think of the Rodney King videotape and America’s Funniest Home Videos, David Brin the science fiction writer has written a novel called Earth which takes the idea of personal Handycams, translates them to glasses that all people in all locales can wear which automatically film whatever you’re looking at. And this democratization of surveillance technology basically eliminates street crime but also eliminates privacy in the sense that what you do on the street can be filmed and shown to anybody, any time, any place. But the idea of an intelligent agent I think will migrate out of the hands of large network operators and large merchants into the hands of grassroot programmers and eventually ordinary people who don’t not know anything about software, in order to create these kinds of avatars whom they can instruct what kind of information to leave behind and how to track what’s done with it. So again, there’s more information in the paper if you’d like to look at it, but let me stop there. Thank you.
Janlori Goldman: Hi. It’s good to be back at CFP here. I’m telling, you this… Michael told me he had seven minutes, and now I know how he did it in seven minutes. I thought I spoke quickly. Um…I don’t have any jokes, I’m just gonna get right into it.
Um…one of the things that we’ve been looking at more and more at the Center for Democracy & Technology is ways that people can have control over both the kind of information they want to receive, the kind of information about themselves that they want others to have, and how they want it to be used if they want it to be used at all for other purposes, and allowing for some kind of technological control that goes beyond just trying to put in place some good policies which take the control away from the individual and leaves it in the hand of either the government or the private sector. And I think part of what Michael was suggesting in his presentation was that there are technological means for having people control information that they receive.
I’d like to take it a little step beyond that, which is that in the privacy area, people should be able to have control over the information about themselves that they give out. And that if they want to get involved in some kind of a transaction or receive some kind of a benefit, they should be able to choose, at that time, whether they want the information used for some other purpose; for some purpose unrelated to the one for which it was collected. And I think that even though it’s popular to talk about the free market and letting people make choices by going from place to place and figuring out where the information use best suits them…that takes a lot of time, first of all. And second of all I’m very cynical that it will ever work.
The free market when you’re talking about individual rights doesn’t work at all. Even the people with the very best of intentions, the companies with the best of intentions, the governments with the best of intentions, screw up. They use information about us in ways that they said that they weren’t, or in ways that they don’t intend—not necessarily out of malice. But because somebody screws up, and they’re not accountable. Maybe there’s a bad story in the paper which says you know, American Express responds to a subpoena for an individual’s records and instead gives out records on many people. It was an accident, and it’s not necessarily against the law. But how are they accountable?
So what I would suggest is that when we talk about privacy and we talk about the modern definition of privacy, which is letting individuals to make choices about how information on them should be used, then we should talk about ways to make that happen. There should be legally-enforceable expectations of privacy, and technical means to make it happen. Not just relying on the best of intentions or even that someone is following the law.
One of the things that happens in the privacy community is that we haggle go over all kinds of terms and clichés and jargon. And one of the things that Ron and I haggle over all the time when we’re working on policy issues is this whole thing of individual consent. Some of you familiar with the privacy lexicon probably know about opt‐in and opt‐out, and there are huge splits and…you know, you’re not pure unless you’re in favor of opt‐in and you’re a terrible person if you’re in favor of opt‐out and there’re all kinds of politics around opt‐in and opt‐out. And what I want to suggest when we’re talking about technological control is that that is going to become a moot debate. That if people have the opportunity, and the right, to make the choice about how they want information about them used, as they’re making a decision about whether to use a certain service or whether to engage in a certain business, when you’re talking about an interactive electronic environment, there can be a screen that people have to read and have to get through before they ever get to the information or the service. And that is a screen that notifies them about how the information will be used, and gives them the chance to say whether they want it used for some other purpose. Can’t move forward until that happens.
And that is a way I think that people will have to take the responsibility of making those kinds of decisions. And to me it seems like a much more meaningful consent provision than a lot of the consent provisions that we currently have written into the law which we fought very hard for, which talks about how notice has to be conspicuous. That is has to be written in large letters at the bottom of the page, even if it’s on Page 8.
There is a progression, I would say, in the last few years. An understanding at least in the policy area, that what we need to do is to protect transaction records to a greater extent than we have. And that as transaction records are looking more and more like content in terms of the sensitivity of the information; in terms of how much transaction records reveal about individuals; how much personally identifiable information is contained in a transaction record; that we are talking about greater legal protections on that information.
One of the things that I’ve always found ironic is that when the FBI see a piece of privacy legislation moving through the Congress or they even hear that it’s a possibility, they of course react and they do their job and they say that privacy is a terrible thing because they won’t be able to get access to information about people who might be terrorists or child kidnappers. And one of the arguments that they always make when they say that they should have access to information, even if we restrict the private sector’s the use of the information, is, “Everyone else is going to have access to it except us. Everyone else can have access to this personal information except the FBI, doesn’t that seem crazy to you?”
And if any of you are with the Bureau here I have to say as I’ve said to you before that it seems like the most…outrageous argument. Because of course that’s what our Constitution is about. That we have protections for the individual as against the government. That it is exactly the FBI who should not be getting personal information. [laughter; applause] But this is not a radica—I mean this is an idea that’s been around for a long time. It’s just there’s a process of education that has to happen every time we look at a piece of privacy legislation.
But where we have privacy legislation that currently restricts the government’s access, such as the Right to Financial Privacy Act, or the Fair Credit Reporting Act, bug allowed the private sector to use it, then we have some other problems. And I think this is where what we’re talking about is not necessarily the kinds of Fourth Amendment abuses that we see with the government but an issue about loss of individual control.
And I don’t— Well, I have often said that I think that the line between the government and the private sector is blurring and that is true as we’ve seen with the IRS recently publishing a notice in the Federal Register that they want to get access to direct marketing lists, and public— They want to use public records in order to develop profiles on tax filers. And so there really is a blurring of the line.
But there are serious consequences, from how information—personal information—is used in the private sector. And that if people don’t have real choice as to how that information is used there can be consequences in terms of loss of jobs, in terms of loss of certain benefits—government benefits, in terms of not having access to credit. Which is for most people an important thing.
But the other consequence which is very hard to measure, probably impossible to measure, is that when people don’t have control over information about themselves, then there’s a loss of individuality, a loss of autonomy. And that people are reluctant to make certain choices, to engage in certain kinds of activities, if they think that someone is going to get access to that information, if they think that they’re being watched. There’s a quote from law review article written by the late Ed Bloustein where he said a watched society is a conformist society.
And I think that’s very relevant here. That people are reticent to step forward, engage in certain kinds of activities, if they are always worried about who’s going to see what they’re doing, who’s going to know about what they’re doing and that they don’t know about it. That it engenders a certain paranoia, not just among people who have worked for or belong to the ACLU, but I think in the general population.
And that one of the reasons that a number of private companies have supported privacy legislation in the past, and ardently supported the legislation, is because there is an economic consequence to there not being strong privacy protections. That if people are reticent to step forward, if they are reticent to use new technologies, if they are reticent to use new services, or any service for that matter, then the business community suffers as well. That they want people to have confidence that the information that they give, and the kinds of information that are collected about them…whether they give it willingly or not, will be protected.
The critical issue here obviously is the secondary use of information. And one of the things that we also haggle over is…expecta— You know, when talking about secondary uses what is the expected use? And that needs to be spelled out in terms of notice. But I can tell you one thing that isn’t an expected use… The online service providers came under a quite a bit of heat last year when congressman Ed Markey…not through a whole lot of pretty intense investigative work, he read the DM News, Direct Marketing News, which I have learned a while ago is the very very very best source for figuring out what the marketing industry it’s up to and I keep thinking at some point Ron is gonna advise them that they should either have a completely secret list, or they should encrypt all of their their ads.
America Online had an ad in the DM News in September of ’94, bragging about the fact that they had a million active members growing fast. It’s hot. Test the direct mail responsiveness, members of the nation’s fastest‐growing provider of online services today. That they were selling information about their members. About their gender, their income. Their home and business addresses. Their children by age, other kinds of personal information. I would say that this was not an expected, or a related use, of subscription lists. And it wasn’t just a question of the subscription list, it went far beyond that and gave very detailed personal information.
So Markey said to the service providers, “Does anyone here have a set of privacy guidelines? Does anyone here tell subscribers that this is what they’re doing with the information about how they’re using this service, and other information, and give them a chance to say, ‘I don’t want it used for that?’ ” Is it really choice when you’ve got three major service providers who are engaged in this kind of activity?” And not all of them were to the same extent. They had varying degrees of privacy intrusion.
Probably what’s going to happen is not a whole lot of anything in terms of legislation in this area, but it has created a greater responsiveness, a greater awareness, that people don’t want to have personal information about them used like this without them having any knowledge and without them having a chance to stop it.
So I would say that we are in a time of incredible opportunity and possibility with the technology. That while the technology certainly—and you’ve heard me say this before, probably. But the technology certainly does present incredible opportunities for abuse of personal privacy. But that in some ways I think it offers even more opportunities for people to protect their privacy. For people to make greater, more informed, and more sophisticated choices about how they want information used. And for people to have greater control over not only information about them but over how they’re seen in their communities. Over what want people to know about them and when. And essentially how they want to project themselves into the community that is a critical aspect of privacy. It’s a critical aspect of autonomy. And I’m hoping that as the technology develops a lot of these issues will be moot and people will just make the choices as they move along. Thanks.
Westin: We’re now going to present a series of questions to our two consulting lawyers, who we hope will present different viewpoints. First of all let me ask, we heard at lunch for example an excellent presentation about property and property as a way of organizing rights in the intellectual property area. As far as consumer transaction records are concerned, is it useful to define who legally owns these records? Or if not is there some other way of asserting consumer interest in privacy other than the ownership right? And I’ll Ron to start, and then I’ll ask Charles Marson.
Ron Plesser: I don’t think… The answer’s no. I don’t think the property analysis works at all in privacy. I don’t think it, as we heard at lunch, it probably will not work very well in intellectual property. But I think over the years back in the Privacy Commission looking [?], the property concept is a dangerous one because it’s usually one that us lawyers look at precedent and case law. And I think if you look at precedent and case law on the property issue in the privacy context, the list owners win. I mean I don’t think there’s much question about that. I’m always very confused about why advocates talk about you know, creating the ownership concept as a way to control data for consumers. It seems to me that that one is not going to work very well. Because first of all the property interest in a list or in information has traditionally been a business asset of the person who’s collected or put the effort into creating it. In saying that, I don’t think at all that that negates the interests of the person about whom the information relates. And going back to the Privacy Commission times and in the modern age, we have tried to develop interest for consumers in information, and so that they should have assertable, enforceable rights in certain circumstances that we could go through.
One of the overall issues I want to talk about is a sense, Alan, that I think you see us going into the NII, and that means everything has to be treated the same because of the kind of a mixing bowl effect of online providers. I continue to kind of disagree with that. I continue to think that sensitive information or how we treat information is really relative more to the nature of it. If you try to choose and pull together information, you may be subject to the highest standard. But that people should be given the opportunity… One of the best documents that I think has come out in a long time is a project that Esther Dyson and Janlori Goldman, with some input from others of us on the outside did in the National Information Infrastructure Advisory Council. And I think what they’ve come up with is a very good consensus document. It doesn’t make anybody completely happy on either side but one of the last sentences of the preamble says the application of privacy principles may differ according to the type of information being considered and the nature of the relationship between providers and users. And I think it’s that kind of analysis, to look at the nature of the relationship rather than trying to to get stuck on old property right interests, that is helpful.
Westin: Charles, do you agree or disagree?
Charles Marson: I mostly agree although I’d put a slant on it that you or Ron might call cynical. I think that it’s useful to ask who owns these records to remind ourselves that we don’t. It’s useful to remember that the basic legal rule is that the owner of the record is the third‐party business that you do business with and not you, and that as we’ll see in a minute explains why you have so very few rights, for the most part, when somebody goes looking at those records. Usually you don’t even know about it till after it’s happened and until it’s used against you.
It’s also a good benchmark from which to start. I think if you ask the question “who owns these records?” you have a place from which you can begin to discuss what’s important about privacy. I think if you stop at the question of who owns these records, you’re talking a 19th century solution to 21st century problem.
Let me give you an extreme example to bring it home. Let’s suppose that you’re a male and you’re HIV positive. Or let’s suppose that you’re a female and you’ve had a therapeutic abortion. Now, there’s no doubt that your doctor and your hospital and your health insurer, and not you, own those records. Is there anyone here who would say that they therefore could publish them on the front page of The New York Times? I don’t think so. And I think laws in all fifty states would interrupt that kind of behavior, and for good reason. The good reason being that we’ve seen past ownership into other kinds of values, for example the sensitivity of the various records that Ron mentioned. So, ownership is a starting point to remind us where we need to go, and maybe where we used to be, but beyond that it’s useless.
Westin: Ron, do you want to add something?
Plesser: Before we go on to the next question I… The ownership issue also gets very complex in this new online world. And it’s not the ownership interest of the consumer against the person with whom they do business. It’s the persons who do business. There’s not one person, there’s a communications carrier—who may or may not be a common carrier, it may have some proprietary interest in the transactional records. There’s Internet providers. There are people who are actually selling the product. There are list fulfillment people, and then the credit card companies. There could be— No one has done kind of a chart of this, but I mean just off the top of your head there’s probably five or six different entities that are handling personal information as it goes through the system. And the debates on who owns the data exists often between them.
Now, in most cases that gets resolved my contract, and that usually related to the power of the specific institution. But those are the real battles that we see I think going on akin to the intellectual property issues, in terms of really whose customer are you? Are you American Express’ customer? Are you the Internet access provider’s customer? Are you the long distance company’s customer? Are you L.L.Bean’s customer? Who’s customer are you? Who has that kind of primary or lead relationship, or does everybody have kind of equal dibs to the information? And those are issues that I think the industry and the consumers need to work out as well.
Westin: Okay. Let me go to the second question. We’ve already had some discussion about positive consent on the part of consumers to the ways in which their interactive transaction records would be used. Let me start with Charles now. What kind of consumer consent do you believe should be required and is this going to be something that would be set by law, or is this something that you would look to organizational policy to set?
Marson: I would strongly urge organizations to set this policy before Congress does it for them. We usually know what the result of the latter kind of behavior is.
I suppose that in Janlori’s terms I’d be a part of the opt‐in community, although I could certainly see an argument that if my own service provider wants to use information about me to market to me maybe an opt‐out system would be alright. But I’m strongly influenced by Janlori’s other argument, and I agree with it completely that the technology that we’re talking about here is blurring the difference between opt‐in and opt‐out, because of the screens that we can say “yes” or “no” to when we sign onto the service.
I think it’s probably less important to say opt‐in or opt‐out than to say in or out of what? In or out of some vague promise that your information will be used in some way compatible with the purposes for which it was originally collected? Well, in my mind that’s a weasel word that does me as a consumer no good at all. It’s been central to the biggest hole in the Privacy Act for twenty years, and you can count the number of court decisions that have been enforced on your fingers without ever getting to your thumb. That is— That kind of— I don’t need to opt in, I would opt out of a protection like that.
I think that any agreement that is made between the consumer and the service provider ought to be clear and very specific as to what information is going where. It ought to be easy to do. It ought to be on the screen, or it ought to be at least on an 800 number, or on some form that you have to fill out anyway. It certainly should not be buried down in six‐point type at the hundred and thirty‐third page of your product manual, ordering you to write a letter to some place in New York. It ought to be set up in such a fashion that it’s obviously easy to do, that they really want you to choose instead of hoping that you’ll default and do absolutely nothing.
And the final thing I want to know, if I’m opting in opting out, is whether the protections that the companies are offering me are meaningful at all. Let’s say they want to sell my information to some secondary marketer and they’ll say, “Oh this is great for you Marson. Now you’ll get all these specific catalogs about the things that we know really interest you.” Okay. “And we have an agreement with the secondary market and it says it’ll only be used for purposes of marketing to this guy Marson and for nothing else.” Great.
So, they get the information, the secondary marketer immediately sells it to some tertiary marketer, who shows it to a prospective employer or a health insurer or the government or something like that. And I go to my service provider and say, “What’s going on here? You promised me it was confidential,” and they say, “Well it says right here in our contract with these other guys they’re not supposed to use it for that.”
If that’s all that they’re promising me, I want to opt out of that too. I want to know whether their agreement is enforced and enforceable with these secondary users. Whether there are audit trails. Whether there are audits that follow up on those audit trails. Whether they do anything about violations or whether they permit me to do anything about violations. And absent that kind of specific information my question is opt in or opt out of exactly what?
Plesser: Well, we do have something to argue about, I guess. That’s good.
First of all I’m generally known I’m sure as Mr. Opt Out. And I feel strongly about that but not for everything. And I think that’s important to say. I think that if you’re talking about medical records information, if you’re talking about financial transaction information, then I think that additional control is warranted and indeed important. But if you’re talking more about subscriber lists or mailing lists or information that you subscribe to a magazine or gave to a charity, that really does not have much detail information I think an opt‐out is appropriate.
I think there’s also a separate question about when the information comes from a public record. That’s a debate that…I was in front of Congress last year in connection with the motor vehicles bill. And it’s also a question that I think we will recurrently as to how public record information can be used and what are the right of a consumer. Again, that kind of response to it, it gets silly worry about property interests if you’re talk about public records. You’ve got to talk about creating enforceable interests.
The one area that I think I disagree with, and maybe I don’t want to take this into too deep a conversation on legal technicalities. But we always talk about secondary use. And I think what Chuck was saying, the contracts of people who’re using it… One of the principles that has been recurrent in all of the laws that’ve passed so far in the advisory committee report that recently came out is that information that’s incident to the ordinary and acknowledged course of business. And the advisory committee added the word “acknowledged” to course of business, to that kind of general phrase. Which I thought was a good addition. But that you don’t, I think, need somebody’s consent to complete a transaction that they’ve asked you to start. I don’t think you need somebody’s consent to…if you’re going to have a fulfillment house send out a cable magazine, I don’t think you need their consent to do that. I think that you do need contracts. You need to have your agents and other people subject to control if there’s a bad debt if somebody’s ordered something from you and not paid. I don’t think you need consent to go to a collection agency. I think that’s incident to the use. I think that’s an important concept. I don’t want to kind of drag it into that detail but I think the incident use…
And I think it is a good idea to have the ordinary course records acknowledged. I’ve spent a lot of time over the last couple of years crafting notices under the cable act, and we are quite careful about what we say in those notices to make sure that an interested consumer can read them and get a fair amount of knowledge. There’s been some litigation involved in that that has given the industry a fair breath of of how they comply. But there’s also the threat of litigation, the threat of compliance. And I think those statements work.
I think by and large opt‐out has worked. It’s been a process that has worked for most of the legislation that we’ve seen. There is also legislation in the healthcare and other areas that should have affirmative consent. Affirmative consent is an important concept. But I don’t think we can treat everything the same and we have to look at different relationships and create different answers.
If we’re talking about NII… I mean, I ask you, and this is… I’ve been to four out of five of these conferences and I know what comes next, you know. I know the questioning period and the nature of this. And I would— I mean, I want—
Westin: You’re in big trouble, Ron.
Plesser: I understand that. I mean, I’m going to put the microphone back in front of my face.
The the question is, what is the impact of affirmative consent and those kind of rules under transferring of information through the Internet? What is the balance that we need to create in terms of creating a free flow of information. If I write Jan a letter that had some personal informa—an email, can she she forward it, can she copy it to other people? Does she need my consent to do that? What if it’s a business relationship? If General Magic has some information on me and it is forwarded through the process. Where do we do this balance? I don’t have those answers, and I hope maybe we get a little feedback and not tomatoes on that.
Westin: Chuck has asked for an equal right of reply to your making another comment on the first question. So he gets one.
Marson I think that we should be careful about assuming that the privacy calculus and the privacy implication of a particular datum is constant no matter what’s done with it. I think we have to be sensitive to the fact that it may be trivial in terms of privacy in one context and very damaging in another. When you go to the supermarket and you scrape your stuff across the the bar graph reader, and and the bar graph reader is sold to the marketer who sends you a catalog because of your tastes, that’s not a particularly big deal.
But if it’s resold to somebody who gives it to your prospective employer and health insurer and they sit around they say, “Gee, look at all that cream. Look all that butter. Look at all that booze… I don’t know about this person.” And if it gets into the hands of your angry spouse’s divorce lawyer during a period of separation and celibacy, and they say, “Well look at all this contraceptive stuff, look at all these condoms,” I mean, it can have a different impact depending on who’s looking at it and for what purpose. You just can’t say this is trivial, this isn’t very important, but this is a medical record and therefore it needs high degree of protection. These things are contextual.
Westin: Okay, it’s the perfect segue to our third question. So far we’ve been talking primarily about commercial use, but what about the government? As you well know, at what time OJ called anybody and from where is of great interest to the government. Who did Ted Kennedy call from Chappaquiddick is of great interest to the government. And so the third question is what rules would you want to provide for government access to interactive transaction records? Are the present rules adequate? Are the remedies adequate? How would you treat the government’s ability to use legal process to get the information that comes across the interactive service’s transaction record? Ron, we’ll let to start.
Plesser: Well let me say that the example the Jan said before in terms of the IRS… As as she knows, the Direct Marketing Association was one of the first if not the first organization to scream about that and to bring it to the attention of the press and a lot of other people. And that is a practice that is very disquieting in terms of using marketing lists, or any kind of commercial list, for law enforcement purposes. One, they’re not accurate, for anything like that level. Two, they’ve never been compiled for the purposes of administrative action, and for them to be used for administrative action is I think improper and the industry has worked very hard to resist that.
ECPA was— The Electronic Communications Privacy Act was passed with the support of industry because it was a great concern in 1988 that people would not use the systems that were being developed if the government could kinda sashay in and get either the content, and to a lesser extent the transactional information.
That law was made even stronger last year, and I know we’ll get boos and hisses here when I mention the Digital Telephony statute which otherwise was an awful statute. I’ll hiss with you. It was an awful statute, but the one thing that is in there that is good is that it beefs up the requirement for a government to…the federal government must get a court order before they can get not just the content of a communication but also the transactional information related to that content. And I think that was a very important action. The entire issue of government access I think is very serious. The law that we have in ECPA on communications is pretty good. There’s a part in the Exon Amendment that changes it in a way that no one is very clear about. It adds the word “digital” between “wire” and “electronic” and I think we’re all concerned about what implications that will have. I think that is a very positive law in government access. And I hope we can control and continue to control government access to the electronic networks.
Westin: Charles, you get the last word on this.
Marson: The laws about government access to these kind of records are dismally bad from the point of view of the consumer. With few exceptions the government goes to the holder of the record, gives them some sort of legal process which the holder puts in the file, gives the record to the government, and the subject of the record never hears about it until later on if there’s a prosecution or some kind of action. To cut out of the transaction the one person who cares seems to me to deserve the description “dismal.”
When Congress does pass laws to try to improve on this situation it usually fails. Eighteen years ago and did it for your bank checks. And it made this elaborate system of notice that if the government, with some exceptions, was going to look at your bank checks you were gonna get notice and a chance to resist.
But they also wrote in a substantive standard into the law, which was that the government was going to win whenever the information was “relevant to a legitimate law enforcement inquiry,” which is about as minimal a standard as you can imagine. And there are two, precisely two, cases in the last eighteen years stopping the government from getting checks under this law. I call that a failure.
I think that short retention periods by people who obtain these records, and notification to the consumer unless some court order or act of Congress prohibits it, would go a long way toward improving the consumer’s situation. But it still isn’t gonna get very good.
Westin: Okay. We’re now going to ask Janlori and Michael if they’d like to make a comment on any of the questions that’ve been made, and then we’ll invite you to come to the microphones for the last fifteen minutes of our session.
Janlori, can you contain yourself to a comment?
Goldman: For a long time I have been confused about this debate about ownership.
It doesn’t work in a privacy environment. People own information about themselves. It’s theirs. It belongs to them. And they don’t own it the way…you know, the hotel owns this glass or you know, the way I own my watch. They own it ’cause it’s a piece of themselves. It represent who we are, how we feel, what we think, what we buy, where we go, what we do…what organizations we belong to. All kinds of things about us. We own that about ourselves.
And I don’t understand why we talk about how people own the lists that they compile. They own the personal information on the list that they compile. It doesn’t make any sense when you’re talking about rights. We’re not talking about ownership of things, we’re talking about ownership of information about people. And that if we’re going to talk about ownership then we should talk about it terms of people owning the information about themselves, and allowing it to be disclosed—that they’re giving it in order to get something back. But that that shouldn’t be the loss of their privacy—the loss of control over that information shouldn’t be the price of them getting a certain service or getting a certain product or getting a certain benefit from the government. And that is what we talk about when we talk about legally‐enforceable expectations of privacy. And I don’t think that this other conversation about ownership is useful at all except to create a losing situation for individuals. [applause]
Stern: I think I have something was controversial, or at least…or will lead to less applause than that. The whole notion about opting in and opting out is too blunt an instrument, and third‐generation agent‐based networking technology for example will let the contextualization that you were talking about take place on a datum‐by‐datum basis. That’s the whole point. So I mean, I think in some ways technology’s making some of the conventional categorizations that we do increasingly irrelevant. That’s both a great opportunity and a great risk.
Westin: Thank you all very much. Our time is up.