THE INDIVIDUAL EXPOSED

On the Internet, goes the saying, nobody knows you’re a dog. If that ode to on-line anonymity was once true, the notion seems laughable today. The Internet is now more like an unlocked diary, with millions of consumers divulging marketable details of their personal lives, from where they live to what they eat for dinner. Operators of sites on the World Wide Web collect and sell the information, or use it to lure advertising. Software tracks the sites you visit and the pages that catch your eye. If you were a dog, on-line snoops would soon learn that you’re a collie who plays a mean game of Frisbee catch and likes your kibble moist.

No one is immune. On-line databases bulge with facts on millions of Americans. “Spammers” cram your e-mailbox with ads. And continuous loopholes in Netscape Navigator and Microsoft Explorer are giving Web administrators direct access to the hard disk of any browser user visiting their site.

Businesses recognize the Web’s potential as a “shopping mall,” but because of concern over consumer privacy, many stores in that “shopping mall” were forced out of business. It doesn’t help matters that many Web sites don’t reveal how they intend to use the information collected or whether it might be shared. In a recent survey by the Boston Consulting Group, more than 74% of on-line users worried more about offering up private facts on-line than they did via phone or mail—so they often refused or gave false information. Mounting user fears prompted the Federal Trade Commission to hold a four-day public workshop recently to determine whether the government should step in. Congress is examining the issue, too; several measures to govern the use and sale of personal data, such as Social Security numbers, are pending.

Facing possible regulation, on-line companies vowed during the workshop to help individuals preserve their anonymity and decide whether to reveal personal details. After all, a pro-consumer stance is good for business. It is estimated that on-line consumer commerce will grow from 1996’s $500 million to as much as $78 billion by the year 2002—if privacy is addressed, that is.

There have been recent attempts to do so. Recently, Netscape and about 100 other Internet companies proposed a privacy-oriented Open Profiling Standard (OPS). Also, Microsoft and 80 other businesses recently signed on. Under OPS, you would no longer be asked to register your name, age, ZIP code, and other facts at each site. Rather, you would store them in an encrypted file on your hard drive. A site could grab any part of the file only after you had approved how the data would be used. The explanation would pop up when you clicked on an independent auditor’s logo authenticating the claims. The World Wide Web Consortium, which develops various standards for the Web, is mulling the proposal and working on its own privacy standard. It should be completed within the year 2002.

Of course, you can avoid keying in anything you consider private. But that would bar you from using quite a few sites, and abstinence is not always foolproof. Using a technology called “cookies,” some sites, unbeknownst to you, can pick up the address of the site you most recently visited and the Internet service provider (ISP) or on-line service used, and can log your movements within the site. Even companies that advertise there can also drop cookies on your hard drive without your knowledge; some expire only after the year 2002.

Web users do have a few ways to deal with the cookie problem. Surfing through the Anonymizer hides your identity but slows you down to some degree. You can also program most popular Web browsers to accept or reject cookies before they are downloaded to your hard disk. Many shareware programs, which can be tried out before being purchased, can help you manage cookies (you might want to permit cookies from a personalized news product, for example) or cut them out entirely; Cookie Crusher, Cookie Pal, and CookieMaster can all be downloaded.

You’re Everywhere! You’re Everywhere!

None of these tools, however, will wipe out details about you that are stored in on-line databases ranging from telephone books such as Switchboard and WorldPages to commercial reference services such as Lexis-Nexis, CDB Infotek, and Information America. Résumé banks, professional directories, alumni registries, and news archives can all be harvested, as well.

Resourceful thieves can exploit these on-line caches. The Delaware State Police nabbed a couple recently who had obtained birth certificates and drivers’ licenses in others’ names (thus enabling them to open bank accounts and get credit cards) using information gleaned from sources that included the Internet. Going on-line made it much easier to get at some of the more personal information.

Eight major reference services announced an agreement at the FTC workshop to prevent the misuse of nonpublic data, such as the name, address, and Social Security number found at the top of a credit report. A law enforcement agency, for example, might see all of the data, but a commercial enterprise might not see the Social Security number.

Much of the material in on-line databases is culled from public files such as property tax records and drivers’ license rolls. That raises questions about the quality of the data. It’s a known fact that databases are notoriously inaccurate. Yet major institutions use such services to judge, say, fitness for jobs and insurance. Privacy advocates say consumers should be told if any personal facts are being sold, and should have the right to dispute errors in the databases. In their proposed privacy guidelines, however, reference services agreed merely to tell people the “nature” of the data held on them.

Privacy advocates also argue that consumers should be able to opt out of junk e-mail, or spam. America Online, the largest on-line service, says that up to 34% of the 19 million e-mail messages its members receive each day are junk, and that spamming is members’ No. 1 complaint. Although all major on-line services and ISPs prohibit spamming and use filtering programs to weed it out (several have won injunctions barring spammers from their networks), the filters don’t always work. Sleazy marketers often also use fake return addresses that are nearly impossible to track down. The FTC recently vowed to prosecute perpetrators of fraud and deception, soliciting the assistance of the new Internet E-Mail Marketing Council.

The FTC recently gave on-line businesses and organizations six months to a year to make good on their promises to protect the privacy of on-line consumers. If that does not happen, the FTC will consider taking stronger steps to enable people to browse and buy in confidently as if they were shopping at the local mall.

Stolen identity? It can ruin your credit. And that’s just the beginning.