CDT POLICY POST Volume 6, Number 6 March 3, 2000

A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY

CONTENTS:
(1) DoubleClick Puts Profiling on Hold; AltaVista Adopts Opt-In
(2) Next Steps: Raising Industry Standard through Consumer Action
(3) CDT Testifies on Privacy

_____________________________________________________________

(1) DoubleClick Puts Profiling on Hold; AltaVista Adopts Opt-In

In an important step for privacy, Internet advertiser DoubleClick announced on March 2 that it will hold up plans to tie personally identifiable information such as names and addresses to users' online surfing habits until government and industry have reached an agreement on privacy rules for the Internet.

CDT played a major role in alerting the public and policymakers to the privacy pitfalls of DoubleClick's profiling plans. On February 1, CDT started an online campaign, creating a Web site where Internet users could: 1) opt-out of DoubleClick; 2) write to DoubleClick's CEO to complain; and 3) write to Web sites that allowed DoubleClick to set cookies on their viewers, seeking clarification of what personal data those sites were sharing with DoubleClick. Over 100,000 people visited our DoubleClick action site. On February 29, CDT along with the Privacy Rights Clearinghouse, Consumer Action, the Gay & Lesbian Alliance Against Defamation (GLAAD), and the American Civil Liberties Union (ACLU) filed a Statement of Additional Facts and Grounds for Relief with the Federal Trade Commission, seeking immediate action to prevent harm to consumer privacy as a result of DoubleClick's data matching.

In the wake of CDT's online campaign and FTC filing, several prominent businesses publicly distanced themselves from DoubleClick and reevaluated their own privacy practices.

DoubleClick's announcement: http://www.cdt.org/privacy/000302doubleclick.shtml

AltaVista's reply to CDT: http://www.cdt.org/action/doubleclick/altavista.shtml

Our FTC filing: http://www.cdt.org/testimony/000225ftcdcstatement.shtml

___________________________________________________________________


(2) Next Steps: Raising Industry Standard through Consumer Action

These recent developments signal an important shift in the privacy debate. DoubleClick's decision to halt its plan to create fully identifiable profiles of online users is testament to the growing and vocal consumer privacy constituency online. These newly empowered Netizens can use the technology to express their privacy concerns in the marketplace, and companies are paying attention.

AltaVista's move to an "opt-in" privacy policy is a significant departure from the industry norm and proves that Internet companies can respect privacy and still provide free, innovative services to consumers. Intuit's move to limit the flow of personal information about users to DoubleClick, sets the stage for Web sites taking a more proactive approach to analyzing the privacy implications of their business relationships.

This week's DoubleClick and AltaVista developments set an important benchmark for other companies online. CDT will now turn its attention to urging other companies to meet this standard.

___________________________________________________________________


(3) CDT Testifies on Privacy

In two separate Hill appearances this week, CDT spelled out its privacy vision.

Testifying before a joint House-Senate hearing on February 29, CDT senior staff counsel Jim Dempsey addressed the need for strong privacy protections limiting government access to information. Responding to calls for legislation in response to the denial of service attacks last month, Dempsey stressed that good network security is the responsibility of the private sector, not the government, and can be achieved without sacrificing privacy or anonymity online. He pointed out how legal standards for government surveillance are too weak, and urged Congress, if it adopts any new legislation on computer crime or surveillance authorities, to keep it narrow and to balance it with privacy enhancements.

In Senate testimony on the AOL-Time Warner merger on March 2, CDT Executive Director Jerry Berman noted that the proposed merger highlights both the increased risks for privacy problems as the Internet evolves, and the great potential for self-regulatory efforts to enhance privacy protection. Both AOL and Time Warner have access to significant amounts of personal data about their subscribers. For AOL, this includes, for example, information about online service subscribers, AOL.COM portal users, and ICQ and instant messaging users. Time Warner has access to information about ranging from cable subscriber usage to magazine subscriptions. The specter of the merged companies pooling all of their information resources, and then mining those resources for marketing and other purposes, should be cause for concern.

Fundamentally, however, the AOL Time Warner merger does not alter the equation for a privacy solution. Protecting privacy on the Internet requires a multi-pronged approach, Berman testified, that involves self-regulation, technology, and legislation, whether or not the merger occurs.

Dempsey's testimony: http://www.cdt.org/security/000229judiciary.shtml

Berman's testimony: http://www.cdt.org/testimony/000302berman.shtml

_____________________________________________________________


Detailed information about online civil liberties issues may be found at http://www.cdt.org/.

This document may be redistributed freely in full or linked to http://www.cdt.org/publications/pp_6.06.shtml.

Excerpts may be re-posted with prior permission of ari@cdt.org

Policy Post 6.06 Copyright 2000 Center for Democracy and Technology