| March 25, 1998 Robert Biggerstaff Secretary RE: Privacy Guidelines 1998 -- PP954807 To The Commission: In the interest of truth in advertising, I would like to preface my remarks with some information about myself and my involvement in privacy issues. I was one of the panelists on the Commission's Privacy workshop last June. I am a degreed engineer and I have spent my entire professional career designing, developing, and working with computer networks and database systems, both in the private sector and for systems used by the United States government. While not a zealot or fanatic, I would describe myself as someone with a heightened sense of privacy issues. This is a direct result not of any personal experience where I have been the victim of any crime or invasion of privacy, but rather the result of my "inside knowledge" of the Internet, computer databases, their uses -- and misuses. I am also the President of the National Association Mandating Equitable Databases (the NAMED, Inc.), a nonprofit consumer organization chartered to help educate the public about unsafe data industry practices and to assist consumers in "opting out" and otherwise asserting their rights over the use of personal and private information. These comments will be brief as I believe there is a close functional analogy to the Internet and Cable Television, and my comments and recommendations are based on this simple premise. I also run a small website, and my privacy policy is also modeled on this premise. Consider an analogy of the Internet to Cable TV. You enter a monthly service agreement with a service provider, whereby you receive access to a number of channels (sites) and you have the ability to obtain other channels (sites) if you join/pay/register for them. There are also pay-per-view channels (sites). Your viewing habits can be easily tracked and recorded. There are some channels (sites) for all types of special interests... including some patently for adults only, and some offering information on controversial topics such as abortion, birth control, AIDS, drugs... the list is endless. Providers, with the assistance of the cable operators, have the ability to identify individual viewers of each channel (site). A complete dossier of what you view (visit) can be compiled and used for innumerable purposes - some innocuous, and some malicious (you can ask Judge Bork about the latter). Public disclosure or commercial use of information about your viewing habits (cable or Internet) has serious impacts on privacy and on your ability to exercise first amendment and other constitutional freedoms. We are all aware of intrusive marketing ploys, that collect all manner of personal information via a web site and then use it to further populate massive databases. There have already been examples of "front" sites purporting to be "for" or "against" a particular cause (such as abortion), when in reality they were being run by the "other side" as a scam to obtain names and addresses of "opponents" in order to target them for harassment, ridicule, or just to keep "on file" in case the subject ever ran for office or otherwise stepped into the public spotlight. Computers never forget. Will a web site visit resulting from a one time curiosity with hemp production or a college term paper on abortion turn into weapon to be brandished by an enemy 30 years hence? I believe it should not. Should visiting a site about a militia group in the news put you on a dozen mailing lists and identify you as a supporter of neo-Nazi groups?. Absolutely not.... but that is the state of technology and information practices today. Congress recognized with the Cable Communications Policy Act of 1984 (47 U.S.C. §§ 521 et seq) ("the Cable Act") that viewing habits and other records associated with a consumers cable TV account were deserving of extra protections, partially because of the high regard for personal liberty and privacy, and protecting the citizens right to seek entertainment and information on cable TV without fear that records of their viewing habits would be subject to misuse or disclosure. There are also similar federal laws covering similar consumer data such as movie rental and telephone records. I believe that the limits placed on cable television records would be well suited as a model for regulation of web site records. Indeed, with massive computerization of all aspects of retail sales and information collection (such as supermarket "shopper" cards, personal dossier database such as Axciom, and the explosion of irresponsible Internet based information brokers such as "Dig Dirt" and "Sherlock") I believe the Cable Act model may need to extend to all manner of commercial entities that collect, store, and release consumer's personal information not already covered by federal law (such as credit reporting agencies). We are all familiar with the "Know, Notice, and No" mantra. The above recommendation of modeling Internet web site information practices on the Cable Act clearly would satisfy all three prongs of "Know, Notice, and No." I leave the reader with the following hypothetical. If judge Bork were nominated to the Supreme Court today, and instead of revealing his video tape rentals, his Internet site visits were revealed, disclosing an occasional visit to controversial sites, what would be the reaction? I believe it would be the same as we saw in response to the release of his video rental records.... swift action by Congress. I hope we don't have to wait for damage to be done before reasonable action is taken. I thank the Commission for entertaining my comments. Sincerely, Robert Biggerstaff |