EU privacy plan lacks support
Only 3 of the 15 EU countries have adopted the EU's stringent electronic privacy plan, a sign that market-driven Net policies are gaining support.
But President Clinton's senior adviser Ira Magaziner said the administration sees a somewhat unexpected light at the end of the tunnel: EU countries aren't 100 percent behind the plan either.
Magaziner addressed attendees last night at the Progress & Freedom Foundation's fifth conference here, where the online industry, politicians, Net forecasters, and civil libertarians are debating the future of business and personal freedom on the Net.
Except for its recent call for new laws to protect children's online privacy, the Clinton Administration is a strong supporter of industry self-regulatory policies to shield Net users' personal and financial information.
This provision, which is the cornerstone of the struggle between the United States and Europe, states, "The transfer of personal data to a third country which does not ensure an adequate level of protection must be prohibited," unless "the data subject has given his consent."
However, Magaziner said that only 3 of the 15 EU countries have adopted the stringent electronic privacy plan into law, a sign that market-driven Net policies are gaining more support than government regulation.
"While European governments are undeniably concerned about providing safeguards for personal data in cyberspace, they also recognize that any EU-wide policy that is seriously at odds with U.S. policy could mean damage to their economies," he said.
The United States will have an agreement with the European Union by September to deal with its policy. The EU plan also mandates that Web sites post privacy policies, disclose how the data will be used, and give people access to their data so they can make changes or object to it being used at all. Members must set up an authority to monitor the policy, and there are legal ramifications if companies violate the rules.
Magaziner reiterated the endorsement of programs that hand out "seals" to sites that promise to notify consumers about what data is collected, let people opt out, lay out a recourse mechanism for violations and programs that are audited for compliance, revoke seals for violations, and turn blatant offenders over to the Federal Trade Commission.
Still, Magaziner acknowledged that industry plans have been slow in coming and aren't fully in place. "The status quo for privacy online and offline is not adequate," he said in an interview after the address. "We want to see this improved."
And Magaziner didn't get far without being chided for the administration's inability to end the long-standing debate over the country's policy restricting export on encryption, which is intertwined with the online privacy debate.
Encryption scrambles digital communication, making it impossible to read if intercepted. The export policy requires that products shipped overseas eventually support key-recovery systems. Key recovery gives law enforcement officials who have obtained a court order a "spare key" to unlock the codes that secure email or computer files.
Lawmakers, the administration, privacy advocates, and the high-tech industry have been at odds over the policy for years.
Despite Magaziner's report that the administration has made notable progress in moving legislation to keep the Net free of discriminatory taxes and to turn control of the domain name system over to a nonprofit board, for example, some critics said no progress has been made on complicated issues like crypto.
"Almost everything you have to say is undermined by your administration policies on these issues," Harvard fellow and fonder of the Electronic Frontier Foundation, John Perry Barlow, told Magaziner after his speech.
Magaziner basically agreed, "I don't agree with the policy we have, but I understand the arguments on both sides of it," he said. "I can't pretend we have a resolution that is satisfactory--we don't."