|From: Harry Lewis [quickjusticeHL@yahoo.com]
Sent: Sunday, April 09, 2000 10:32 AM
Subject: Advisory Committee on Online Access and Security, P004807 (Public Comment)
I'm concerned that the mandate of this Advisory Committee is narrowly limited to "online access and security". Notice, consent, search and seizure, and safe harbor, all critical components of the privacy debate, are omitted from the scope of its consideration.
I respect the obvious intelligence and ability of everyone who is a committee member, but given the very limited scope of its authority, the work of the Advisory Committee may well turn out to be futile.
With this caveat, the preliminary drafts prepared by Committee members seem headed in the direction of a convuluted information classification scheme analogous to the old "unclassified", "classified", and "top secret" labels employed by the cold war intelligence community.
If implemented as a matter of law, such a scheme will strangle the free flow of information and ideas on the web. It also would impose a heavy economic and logistical burden upon the industry which would erect serious barriers to entry for startups, add significant costs to overhead for others. The "cure" could be far worse than the disease.
In addition, traditional "freedom of information/privacy" principles aren't readily transferred from government to the private sector. While maintaining free, open access to databases comprised of unclassified government information is an essential part of a free and open society (which is why I oppose H.R. 354 as currently drafted), business requires confidentiality of proprietary methods and protection of trade secrets to maintain a competitive advantage over domestic and foreign competitors.
Widespread citizen access to confidential business databases isn't practical as a general matter: the costs are too high, and it compromises confidentiality that business requires to operate effectively.
With respect to access and security, then, I believe that a blunt notice to consumers would let the market operate most effectively. For example, "We don't give you access to any of our business information about you" is a notice that enables consumers to make an informed decision about dealing with that business. And "we provide absolutely no security for your credit card information in our database" certainly would dissuade me from dealing with a business.
There's one other aspect to consider: as the web becomes wireless, convoluted classification schemes become even more impractical.
I support strong consumer privacy protection in those areas beyond the scope of this Committee's authority: notice and opt-in consent, repeated frequently, ongoing disclosure of the use of tracking technologies, and repeated opportunities to exit tracking technologies, are the way to go.
"Privacy" is a shorthand way of characterizing consumer concerns about data mining and tracking practices which occur covertly and intrusively. George Orwell's "1984" suggested a nightmare scenario in which government itself employed certain technological "black arts" to surveil, control and manipulate its own citizens. We don't want to go there.