03/16/19 HEADING OFF E-VOYEURS AT THE PASS

Return to main story

HEADING OFF E-VOYEURS AT THE PASS

When a U.S. Navy investigator concluded that Senior Chief Petty Officer Timothy R. McVeigh was gay based on information obtained from America Online Inc., the incident flared into a controversy over privacy on the Web. But it wasn't technology that failed to protect the sailor. The culprit, according to AOL, was ''human error.'' An AOL customer-service representative confirmed for a Navy investigator, posing as a friend of McVeigh's, that the screen name ''Boysrch'' was indeed that of McVeigh. The investigator already had obtained a member profile, which had stated marital status as gay.
Protecting privacy, as McVeigh and AOL have learned, is not simply a matter of bits and bytes. In cyberspace, more companies are discovering that safeguarding personal data requires a combination of strict corporate policy and state-of-the-art technology. ''The two are inextricably linked,'' says analyst Kate Delhagen, of Forrester Research Inc.
OPTING OUT. While only a sprinkling of the hundreds of thousands of Web sites have privacy policies today, there's movement afoot. By May, the World Wide Web Consortium, a Net standards body, will come up with a technique that allows people to build a personal profile inside a browser and share it selectively with Web site operators they deem trustworthy. And the Direct Marketing Association has helped 700 companies, including Omaha Steaks, Harry & David, and the Florida Department of Motor Vehicles, draft privacy policies through a service at the association's Web site.
So what are Web operators doing? After the McVeigh incident, AOL tightened its internal policies and training. The online service makes names and addresses of members available to direct marketers after screening the mail that will be sent. The company's policy, however, bars disclosure of any other personal data--unless required by a court order. And members can opt out of having their name and address given to marketers. Says AOL CEO Stephen M. Case: ''We are extremely sensitive about concerns of privacy and don't want to cross over that line.''
New technology is helping them toe that line. At BarnesandNoble. com, for example, visitors can have the online bookstore configured to show new titles in their favorite genres. But with software provided by Firefly Inc. and downloaded from the bookstore site, individuals can choose to turn that feature off. Or, they can set it to alert them when an online merchant is asking for profile information. That way the individual can decide how much data to share. ''We won't use personal information to solicit the consumer or sell it as lists,'' says John Kristie, vice-president of information technology at BarnesandNoble.com. Adds Saul Klein, Firefly's vice-president for strategy: ''The whole point is to put the user in control of personal information.''
COOKIE DATA. Some Web sites are more interested in where you've been rather than who you are. For example, some areas on Time Warner Inc.'s Pathfinder site require a name and E-mail address and contact registered users with promotional material--but only with their consent. Time Warner also uses cookies, a technology that allows a Web site to track a person's Web travels. Data from cookies let Time Warner determine what's popular so it can change the mix of programming. ''Frankly, we're much more interested in cookie data than in personal information,'' says Dan Okrent, editor-in-chief of Time Warner Interactive.
In the end, though, to calm the heebie-jeebies, far more Web operators will need to put privacy protection on a par with data collection.
By Paul C. Judge in Boston

Return to main story