Speak and be heard, by everyone What's the difference between the government and the private
sector in how you approach abuses in privacy and civil liberties?
There are obviously differences. I think that we have traditionally
in the U.S. had a lot of mistrust of the government and there tends to be
less mistrust of the private sector. But I think if you look at the
situation today with new information technology that the problems on the
government side are better controlled than they are on the private side.
After going through experiences like Watergate in the '70s, there were a
lot of controls placed on the ability of the government to collect
information and restrictions put on the way the government could use
information about individuals. That's not the case with the private sector.
In the '70s I think the problem was with the government. But today I think
we're starting to see that we need to look at what the private sector is
doing. I think the PTRAK Social Security
Number episode from last summer is an illustration of that. The public
reaction also shows that that's an area where people are increasingly
getting concerned.
What do you think are the main nongovernmental abuses of privacy
happening right now?
I think the big problem right now is we can't even really accurately
define what the problems are. I think there is a lot of nonconsensual
collection of information that we're seeing. For instance, the average
users, when they log onto a Web site really have no idea what kind of
information can be collected and might actually be getting collected. Of
course there's the whole issue of cookies
that a lot of people talk about and I think that that's a valid
concern.
That's a technology that, without any notice to the user, is
apparently collecting information about what an individual is doing within
a particular site. So there's the issue of whether people have the right to
be notified that information is being collected and that their online
activities are being monitored.
When you move beyond that, even to situations where people are knowingly
providing information, such as when they register at a site, there is
really very little information being provided right now about what kinds of
uses that information might be put to. Is it going to be sold? Is it going
to be used for marketing purposes?
I think people have a right to know what
the policy is. There is the technological capability to collect a lot of
information and there is not yet much public oversight of the ways in which
that information is being used.
Some cultural theorists feel that the Internet is making
us turn inward. Is there any danger that things can become too
individualized, that we will lose the big picture of what is good for
society?
I think that's a very hard question. I think, on an individual
level, it is the experience that a lot of us have that this technology can
tend to be somewhat antisocial. But I don't think that the average user of
the Internet is insisting on their privacy because they're ignoring
governmental concerns.
I think it's a question of looking at the reality of
the world today and just concluding that the government's rationale for
attempting to control this technology isn't very logical and is probably
futile in any case. I think people are coming to the conclusion that
there's no reason to sacrifice their individual rights in the interest of
what the government's talking about.
We talk about governmental interests in controlling this technology. I
think it's surprising that we're seeing these issues arising in the United
States at all. I would have expected a few years ago that we would see
these problems in places, like in China, Singapore, and less democratic
countries. I can easily understand why a repressive government would be
concerned about this kind of technology. It's less apparent to me why a
government like ours would have the concerns that they have.
If you look
back to things that our government itself has done--things like the
creation of Radio Free Europe or the Voice of America, you would assume
that a technology like the Internet would really be embraced as a way to
make information freely available to people all over the world. But for
some reason that's not happening and it's not entirely clear to me why it
isn't.
Should companies should be able to read their employees emails?
I don't think they should, but until that issue gets legally
resolved in favor of my position, I think at the very least employees
should have a right to know whether or not their email is subject to
monitoring and interception. And I think right now that's the big problem,
that very few companies are developing policies on the monitoring of email
and making that policy available to their employees.
So I think as a starting point people have a right to know what the rules
are when they're given a computer and an email account and told this is
theirs to use. I think there is just the basic issue of fairness that
comes into play, that people ought to know whether or not their
communications are going to be monitored.
The very few courts that have dealt with that issue have basically said
that the email system is the property of the employer and the employer can
therefore do what they want with it. We don't say that about other forms of
communication that are facilitated by the employer.
For instance, if that
same employee were to take a piece of paper from the company's supplies and
write something and put it in an envelope and stick it in the mail, I don't
think any court would uphold the company's right to retrieve that of the
postal system and read it. So this is an example of an issue where the law
needs to catch up with the technology.
Besides encryption, what are other ways?
Well I think there needs to be a lot more self-educating about the
security issues that are involved online. I think the average person
assumes that what they do online is anonymous, that records are not being
kept, that mail is not being archived. And that is frequently not the case.
So I think people really need to be educated on the realities of this
technology. As a consumer issue I would have to say that it's not entirely,
or it shouldn't be entirely the responsibility of the individual user to
find out how this stuff works. I think there should be an obligation on the
part of the people who are providing these services, whether it's an online
service, or a Web site, or whatever, I think there should be an obligation
on the part of companies that are maintaining these systems to inform
people as to how the systems work and the kinds of information that are
being generated and collected. It's too much of a burden to put on the
average user to get an understanding of how this all works.
I'm somebody
who spends a lot of time looking at these issues and I can't say with any
degree of certainty what happens to my email after I send it in terms of
the path that it takes and the archiving that might be going on along the
way. So I think people need to learn about the technology, but they also
need a lot of help in doing that self-educating.
We've been through the Communications
Decency Act, we're hashing out encryption, what are some of the next
privacy issues you expect to arise around the Internet in the coming years?
Another significant issue that's on the horizon is the whole issue
of digital money or electronic payment systems. This is increasingly an
issue that we see the government taking a lot of interest in and expressing
a lot of concern about.
The issue with digital currency is that there are
really two ends of the spectrum that we could end up with, or of course
something in the middle. On the one end we could have a totally anonymous
electronic payment system that would be the digital equivalent of paper
money. Today when we go into a store and pay with a $20 bill there's no
record of that transaction. It is, in fact, anonymous. On the other end of
the spectrum, credit card payments are well-documented and recorded.
So the question is going to be, "Which model should digital payment systems
follow?" And unfortunately there's the capability in that technology to
obliterate the anonymity that we have with paper money. We could in fact
move to a system where we won't have paper money and all payments will be
made in some digital form, whether from a debit card or some other system
where suddenly there will be records kept of every transaction no matter
how small it is. So I think that that's a very big battle that's on the
horizon.