With Netizens and the federal government increasingly concerned about online breaches of privacy, a consortium of Internet companies today formally launched Privacy Assured, a pilot program that will offer a free seal of approval to Web sites that comply with the group's privacy rules.
A precursor to the more comprehensive eTrust program scheduled to debut on the first of next year, the Privacy Assured pilot is an attempt on the part of the Internet industry to regulate itself--before the government steps in--and make the Internet a safer marketplace.
To receive the Privacy Assured endorsement, companies and organizations must agree to not knowingly list information on individual users without prior consent; block reverse searches that can be used to retrieve user names, addresses, email, and phone numbers; and release only aggregated usage statistics that can not be used to identify individuals. Subscribers must also agree to allow individuals to remove personal information if they wish.
The initiative emerged last spring from conversations among Internet company executives who are afraid that widely publicized privacy controversies, such as last month's Lexis-Nexis-P-TRAK database scare, threaten to torpedo nascent electronic commerce, according to Timothy Dick, director of the consortium and chief executive of the online directory company WorldPages.
WorldPages serves as the group's principal watchdog and clearinghouse for consortium activities. Other founding members are Four11, an online search engine; Internet Profiles, a Web measurements and analysis company; Match.com, an online matchmaking service; and NetAngels, a developer of advanced profiling technology.
While the group is not the first to spring up around a Net issue--such as the legality of the Communications Decency Act or the regulation of encryption technology--the issue of privacy touches a particularly edgy nerve with private citizens.
"We realized there was a groundswell [of consumer and company interest] around this issue," Dick said. He said links placed on the Web pages of the five consortium member companies have already generated nearly two dozen inquiries by Web site operators during the two weeks leading up to today's formal launch.
And according to Clare Price, a research director for Gartner Group, several more privacy rating companies and consortiums are likely to emerge during the next 18 months as the market for such tools is fed by the advent of mainstream commercial activity on the Internet.
"They create a comfort level for consumers," she said. While personal information--like the Social Security numbers that users were concerned about in the case of the P-TRAK database?-has been widely available for years both on and offline, Price says, junk mailers will be the most likely targets of the new privacy rules.
But Price is skeptical that the industry will be able to ward off government regulation through private and voluntary restrictions. "There is going to be a lot of policy making around the Web not only in this country, but globally," she said. She added that a lot will depend on how widely used and highly esteemed rating services such as Privacy Assured and its upcoming successor eTrust become.
As a first attempt at guarding privacy, Privacy Assured is completely voluntary and has no real disciplinary powers but is relying on peer pressure to attract supporters.
Companies and organizations interested in signing up their Web sites must agree in writing to comply with the Privacy Assured rules. The process takes about six weeks, according to Timothy Dick, at the end of which the Web site will be able to display a Privacy Assured logo, essentially a seal of approval.
The blue logo links users to the consortium's Web page, where visitors may access a list of certified sites. The Privacy Assured logo is designed for electronic commerce operations, but noncommercial Web sites may also sign up for the free service.
The logo is only the first step in a broader, affiliated campaign to protect online privacy called eTrust, which is being promoted by the Electronic Frontier Foundation. The Foundation, which bills itself as an ad hoc group of Internet and electronic commerce pioneers, has been developing eTrust since July to create certified security, privacy ratings, and develop online business practices necessary to build public confidence in Internet commerce.
But the Privacy Assured consortium had a head start on a basic list of rules that it decided, with the Foundation's agreement, to start implementing right away.
"We think eTrust will ultimately handle privacy issues," said Dick. "But there is a tremendous consumer and company demand that needs to be addressed before eTrust will be ready."
The Privacy Assured consortium will be replaced by eTrust next year when it launches on January 1, according to Stanton McCandlish, program director for the Electronic Frontier Foundation. "The goal is to give consumers a well-informed avenue of choice of the personal information they make available and how it is used," McCandlish said.
While the two groups share the same mission, eTrust will be "less of an honor system," said McCandlish, although the Foundation will not initially audit all of the participating sites. Like Privacy Assured, the EFF initiative will rely on consumer complaints to uncover violations. For instance, customers will be able to lodge complaints if they think a Web site has sold their information to junk emailers.
"It's a bit of a presumed innocent model," McCandlish explained. If eTrust auditors discover a site has violated the agreement it will lose the group's endorsement and find itself on a list of noncompliant members.
The first iteration of eTrust will be demonstrated at the Commerce Net Conference in two weeks. When it's ready, it will be provided to Web site operators for a sliding-scale fee based on site size and activity. More complex guidelines for issues such as medical privacy, children's Internet privacy, and freedom of speech will come later, according to McCandlish.