Online Privacy with Robert O'Harrow
Wednesday, May 17, 2000
11 a.m. EDT
Every minute you are online, businesses are working to know you better than you may know yourself. Some call it the "Big Brother" phenomenon. Businesses call it personalization.
While this profiling may be a leap forward for businesses, computer users are increasingly becoming wary over how the information gathered on them could be used and regulators are eyeing the process closely.
Robert O'Harrow has been covering privacy for The Washington Post for almost three years. He will answer your questions on personalization and on protecting your information.
Here is a transcript of today's discussion.
Robert O'Harrow: welcome to Live Online and our E-Life special on data collection, personalization and privacy. I'm Robert O'Harrow, a reporter at the Washington Post. I look forward to answering your questions and reading your thoughts about privacy this morning. (forgive the awkward attempt at humor). Let's get going...
NEWPORT NEWS, VA:
In what ways could the information be used negatively toward you? Like for instance in cases where you have to provide you personal information--How much money you make.
-If you are college educated
-Your address etc.
Robert O'Harrow: Data collection on the world wide web represents a great opportunity for consumers and businesses. information about what we like to read, wear and buy - where we like to cruise on the internet - can enable businesses to tailor products and services to us. but...one risk is that companies or others might use it to manipulate. If too much information falls into the wrong hands, it can be used to create a bogus i.d. and rip you off. More about this as we go along...
After covering privacy for three years, are you more careful about the tracks you leave online? Have you taken steps to protect your privacy on- or off-line?
Robert O'Harrow: As I've learned more about all of this, I've become more selective about how I share my personal information. with companies that I trust, I share a lot. with those I don't know, I'm a bit more stingy. and I almost always try to reckon what's in it for me if I share my name, address, telephone number and the like. I encourage everyone to develop better information habits. Take advantage of the good stuff. Avoid the bad by spewing personal data willy nilly.
What developments,if any, during the past year do you regard as constructive where privacy is concerned?
Robert O'Harrow: The blossoming of interest in privacy - and the impact of data collection in general - is probably the most constructive trend. More people than ever seem to be on to the issue (some of our political leaders, though, for less than pristine reasons, I suspect). As a result, there's a lot more talk about how to protect the interests of anxious individuals, while encouraging the Internet's growth and all its amazing benefits. Maybe people are even beginning to form those good information habits I mentioned...
Is there any legal or constitutional provision that protects a US citizen from commercial profiling while surfing on the internet? I remember reading about how Doubleclick.com withdrew their efforts to collect data of web surfers by name/email
address - beyond public outcry of invasion of privacy - what else is stopping internet firms from collection such data?
Robert O'Harrow: Not that I know of. In fact, contrary to conventional wisdom, there are relatively few legal protections of personal information at any level. In many cases, the "right to privacy" that people cite doesn't actually exist in law. On the other hand, Americans feel such a right in their gut (at least when they're not getting a discount for sharing their name and buying habits.)
What is the central repository for information gained from on line material?
Robert O'Harrow: Actually, there is no one repository, unless I missed reference to it on the X-Files. Companies everywhere are building their own giant data warehouses, primarily for marketing reasons. And there are a variety of information services companies. One that comes to mind maintains data about nearly 200 million of us. (And it's hard for many people to imagine just how much this company and others like it have.)
Are internet providers or other software manufacturers like Microsoft really capable of tapping into your hard drive without a user's permission?
Robert O'Harrow: In the Digital Age, permission is becoming a very slippery thing. It is possible for companies to "read" at least parts of your hard drive, usually in order to ease transmission of information. If I'm not mistaken, Microsoft "read" the hard drives of some customers seeking help in setting up the software that runs their computers...Reminder: this doesn't have to be nefarious. But it all depends on how and why it's being done.
Is all this privacy stuff turning people into a bunch of anti-social loners?
Robert O'Harrow: Leave alone already. Why are you asking me that!
Beyond a credit history review, is there any way to review a commercial profile information to determine how accurate it is?
For example, is that person alive? I notice that long after a person has died that they continue to get junk mail. A educational / university account might still exist long after the student / researcher has left the campus...
Is there any safe guard to prevent a commercial profile from accidentally mixing up personal data two people with the same names? Consider a Bob Smith, who has changed several ISPs over his life time -
a Commercial profiler links all of Bob Smith's previous email account under one
Bob Smith to get a total picture of who Bob Smith is. Now later this Commercial profiler comes across two people who both have the same name John Doe who both live in the same County/regional database. Consider that both John Does have different ISPs but these accounts were active at different times. What would stop the commercial profiler from accidentially combining both John Doe commercial profiles into one John Doe commercial profile?
Robert O'Harrow: More and more companies are pledging to give people access to the files that are kept about them. Try asking and see what happens. I know some in Congress are considering making such access a requirement. Some companies, however, plead that it can be a costly, time consuming process. So let's watch and see.
Do you know a lot about classified information, things on the sly? Might you write a screenplay someday?
Robert O'Harrow: They'd kill me if I answered truthfully. Screenplay? I don't have the right wardrobe.
Could commercial profiling someday incorporate private medical history? How private are medical insurance and hospital records? Could such information be incorporated into a commercial profile? What's preventing this from happening? For example, a company looking to sell a new drug/or medical procedure may want to directly market its drug to the patient.
Robert O'Harrow: I'm told some commercial profiles, such as those being built by insurers and drug companies, already include a lot of medical history? I suppose that means that history isn't private, exactly. It may surprise many people, but medical records aren't protected in the same way that, say, your video rentals are. One of the big booms right now is direct-to-consumer marketing of drugs. To make such pitches possible, the drug companies are STRIVING to know more about you...and you...and you.
What is your opinion of "cookies", from the standpoint of the average at-home PC user? Are they of some advantage to the user?
Robert O'Harrow: Cookies sometimes get a bad rap. They're not inherently evil. In fact, they're crucial to providing you with a seamless experience at a Web site, because allow a site to know you are you from page to page. But, there's always a "but" with this stuff, advertisers and others are using cookies also to track your online cruising. And we all know that raises some interesting 21st Century questions...
I have a rather philosophical question regarding the most pernicious form of invasion of online privacy - spam.
I get tons of UBEs and UCEs every day and I have to wonder why the spammers even do it. I recently read a Salon.com piece on trying to actually trace down and buy the "product" and the article stated that it was extremely hard to find the source, let alone get these guys to respond. Say I want to buy that "university degree from an accredited institution", if I should try to track the spammer down to buy the alleged degree, I'd have an easier time finding Amelia Earhart. If spammers are not selling anything, and spend most of their time evading others - and receive TONS of bad press in the mean time - then what's the point? Even if they bag the one unwitting victim, if that victim can't find the source in order to fritter away their money, then why do it? What do they get out of spamming: is it for the -rather pathetic- thrill or is it a feint or subterfuge for data mining to sell to other companies?
Robert O'Harrow: Geez, I hate spam. I have no idea what they really want apart from the obvious. $$$$$$! I suspect that we receive so much spam because the spammers know that enough of us (you know who you are) actually respond to them and part with our money. Is that philosophical enough for you?
What are the worst things you've seen happen relative to violation of privacy rights, and do you see any possible future connection between world-wide viruses (e.g. I Love You virus) and release of private info (as you know, the I Love You virus tapped into a user's mailing address book).
Robert O'Harrow: Good question. The worst thing? I know that many, many people felt violated two years ago when they first learned their prescription records were being analyzed and shared outside their pharmacies. People also were upset to learn their driver license photos were being sold by the millions. Actual damages - to credit records, bank accounts and security - occur most often I believe when con artists steal identities and run up bills. Identity theft is a huge and growing problem...
If I am just surfing the web, what can someone find out about me, if I do not give out any information?
Robert O'Harrow: If you allow cookies to be set, Web computers can build a profile of where you go and how long you linger at certain sites. A company called Engage builds what it calls anonymous profiles, using information from some 3,000 sites, in order to target ads at you. In the future, if you share information with one Web site, it will be very possible that site will share your name etc. with others.
How does one selectively accept "good" cookies vs. all cookies? I know when I surf around, my computer is bombarded with cookie files (which I routinely delete). Is there a computer program you know of which could serve as a kind of smart gatekeeper to keep out the trash?
Robert O'Harrow: First you set your browser to alert you that a cookie wants to be set. When a dialogue box pops up, you can press the "more information" button and learn who or what is setting the cookie. Then choose whether you want to accept or not...
Do ISP's monitor their customer's browsing?
Robert O'Harrow: Depends what you mean. I know ISP's can see just about everything that goes through. There are also some companies that want to use ISP traffic to create profiles of computer users, a process that would in effect eliminate the need for cookies. Just wait for the day when your ISP says you will have to pay more if you refuse to allow them to monitor your cruising...!
Very nice questions, all. Thanks for stopping by. Do think about developing those good information habits. Until next time...
© Copyright 2000 The Washington Post Company