Privacy for Dummies?

How Corporations Hide Behind Net Privacy 'Solutions'

I've got a confession to make--promise not to tell--but all the buzz about Web privacy lately has my head spinning. Cryptos and cookies and psychographics--it's hard enough to keep track of my e-mail, let alone the buzzwords of the moment. And considering I'm hardly alone, that's unfortunate. Because with all the alarmist cover stories, one point continually seems to get lost in the vapor: the very things that make the Net invasive are the same things that stand to make it profitable.


Target marketing. Selling is no longer focused on products but on customers. There are only so many ways to improve upon hand soap, but the amount of information about its buyers is a seemingly bottomless pit. More than any other medium, the Web facilitates what is known euphemistically as customer "relationships." Every click, every transaction can be archived and analyzed for new insights into consumer behavior.

Accountability. Half an ad budget is wasted, goes the adman's cliché--he just doesn't know which half. The Net stands to improve that ratio with an ability to track consumers unparalleled in other media. Nielsen ratings, box office receipts, and magazine audits are crapshoots next to the data the Web can offer.

What's more, the old revenue models are largely irrelevant. Advertising isn't paying the bills, and Web users seldom pay for content.

Thus, the way for sellers to maximize the power of the new medium is for users to forfeit privacy. Just about everyone making noise about privacy dances around this central contradiction, though, and for good reason: users don't want to give themselves up. The issue is the number-one reason people cite in public opinion polls for staying off the Web--a point not lost on privacy groups racing to establish industry self-regulation.

The industry has responded with two fixes: one a branding campaign, the other technical. The first is championed by TRUSTe, a nonprofit sponsored by AT&T, IBM, Excite, Netscape, Netcom, Wired, and others. Promoting itself as a sort of Better Business Bureau of the Web, TRUSTe licenses its Trustmark logo to be displayed on participating Web sites. To get the Trustmark, a site must clearly display a privacy statement disclosing the type of information gathered, how it will be used, and with whom it'll be shared; and the site must pay TRUSTe an annual licensing fee of $249 to $4999.

Unfortunately, as anyone who has ever actually clicked on a privacy statement knows, understanding one requires a good deal of specialized knowledge. In fact, those who know enough about data collection to understand a statement aren't really the people most likely to have a problem. It is the millions out there who'd respond to a Reader's Digest survey with intimate details about their health who need the most help.

Regardless of one's data savvy, who wants to click on and read a privacy statement--often up to two pages long--before visiting each site? (Worse, some privacy statements only apply to specific pages; one site could have several.) Talk about reasons to avoid the Web: brain drain, anyone?

Yet, ironically, the Trustmark works by providing psychological reassurance, by providing an honest front. Disclosure is no doubt helpful. You can't very well regulate Web sites without them acknowledging their practices. But disclosure also makes a handy straw man--as if the problem isn't that businesses are routinely collecting piles of data on their customers, but simply the fact that we don't know about it.

Another straw man: anonymity. TRUSTe and big media overpersonalize privacy abuse, playing up imaginary stalkers to deflect attention from the way corporations actually use data. TRUSTe's print ad campaign, for instance, pictures a grinning beach bum with the caption: "After 17 years, Matt is starting a new life. With your name and social security number."

If this ad expresses the realistic fears of anyone, it's the digiterati creating this stuff--the starry-eyed libertarians who want the ability to hide. While "identity theft" does happen, it's rare; data collecting conducted by corporations, on the other hand, is institutionalized. In fact, it's one of the key reasons corporations invest in the Web. But unlike some hacker/boogeyman or conspiratorial Big Brother, corporations don't want to know whom you're sleeping with, whether you like your boss, if you called mom this week. Companies don't care about you, only what you'll buy.

The "solutions" offered, then, include those like Engage Technologies (which is a sponsor of TRUSTe): new, higher-tech data-gathering systems that trace users without collecting names and addresses. The joke is that companies don't really need your name and address. What they need is a unique identifier--a number will do--to keep track of your preferences and actions so they can target marketing messages more efficiently.

If TRUSTe's campaign is successful, most people will see the seal of approval and feel reassured. What they're unlikely to realize is that TRUSTe does not prevent companies from collecting as much data as they want and trading it. TRUSTe simply requires that companies disclose their actions.

Ultimately, TRUSTe is about PR--by its own definition, "dedicated to building users' trust and confidence on the Internet, and in so doing, accelerating growth of the Internet industry." The message to Web publishers is clear: if you disclose privacy practices to users, you'll ultimately get more out of them.

Next Page »