Want CNET to notify you of price drops and the latest stories?

Is no privacy the price of personalization?

Portals have evolved into the flashy cousins of ISPs, offering a host of free services--but the traffic peaks that come from being broader service providers also bring an array of legal traps.

4 min read
Portals have evolved into the flashy cousins of ISPs, offering free email, personal Web sites, and custom content on their own dime--but the resulting traffic gains also bring an array of legal traps and new responsibilities.

A series of recent lawsuits underscores the challenge portals face in shielding the breadth of personal information they collect from consumers. Although many Web-based services may appear anonymous, data repositories can come back to haunt those who use certain portal services.

Yahoo, Lycos, Excite, and the Microsoft Network all may gather information such as a person's name, email address, postal address, or interests during registration for services ranging from customized news pages to chat and email. All also have policies posted prominently stating how the data will be used and whether it will be shared, promising to shield the data--that is, unless they are forced by a court order to reveal it.

The buzz word of the day seems to be "personalization"; from the portals to financial services firms and special-interest sites such as those for sports fans, users are often given the opportunity to trade personal data for a page built just for them. The idea is that everybody wins--users get exactly what they want, so in theory they will come back often and stay a while, and the site gets a loyal audience and a wealth of demographic data it can use to sell advertising at a premium.

But in practice, the trade is not that simple.

"There is an enormous danger here because in the name of personalization, the portals are collecting huge profiles of users which are available under subpoena to any lawyer or investigator," said Jason Catlett, a privacy expert and founder of Junkbusters.

And in a series of recent lawsuits, companies are seeking to uncover the identity of people who posted messages on the most popular portal, Yahoo. The plaintiffs in the separate cases claim the Yahoo users slandered their firms.

Last week, ITEX Corporation of Portland, Oregon, which operates an online trade center, told CNET News.com that after subpoenaing Yahoo, it had identified a handful of message board users who ITEX alleges in a September 1998 lawsuit libeled the company.

In a similar case this week, Seattle-based Wade Cook Financial Corporation said it may also subpoena Yahoo to reveal the true identities of ten anonymous bulletin board users.

When it comes to message boards, the most the companies can hope to get from Yahoo is an email address. Still, ITEX's success in hunting down users has shown that the email addresses lead to an ISP, which has more detailed customer information.

Although Yahoo harnesses many more private details through its personalization services and free email accounts, the message board cases are a stinging reminder that anonymity and the Net no longer go hand in hand.

"If people had an anonymous conversation on the bus about a company, there is no plausible means for the company to go after them for damages," Catlett said. "Just because we can track conversations on the Net doesn't mean that we should. Rather, we should promote technologies to 'anonymize' speech."

The message board lawsuits also put portals such as Yahoo in the same position as ISPs--having to secure the data they escrow and then comply with legal authorities when someone is accused of wrongdoing over their services.

"If someone violates the policy we reserve the right to revoke their posting privileges," said Mike Riley, producer of Yahoo Finance, where the ITEX posts were found. "In general, we're not going to give out any information about any Yahoo user unless we are compelled to do so by legal proceedings."

Under part of the Communications Decency Act that was upheld, an online service can't be held liable for content posted by a third party, but the same provision also encourages providers to report any suspected illegal activity they find on their networks.

Some legal experts say Yahoo and other portals' decision to authenticate users is a smart business strategy.

"The message board operators don't have liability exposure for the messages that are posted, but they are in a position to help bring the posters to justice if something illegal happens. It's being a good corporate citizen," said Rich Gray, an Net attorney at Bergeson, Eliopoulos, Grady & Gray.

"You can get involved in tremendous rumor mongering on the Net that can do damage to a corporation and its shareholders," he added. "If you can't find them, there won't be a remedy."

Still, others say that portals should carefully balance their business interests with visitors' privacy protections.

At least one defendant in the ITEX message board case, Nick Lindesay, said he doesn't disagree with Yahoo's policy of authenticating users but does feel that businesses with deep pockets can abuse the situation by filing lawsuits aimed at silencing critics.

"The valuable service that message boards provide is to create a forum where people can discuss companies, shed light on problems, and to suggest to management that they need to deal with certain problems," said Lindesay, who used to work for ITEX. The company's suit accuses him of making defamatory comments on a Yahoo Finance message board. ITEX is seeking a minimum of $500,000 in damages from each defendant.

"Yahoo has the right to collect the data in that they provide a service," he added. "But I have the right to voice an opinion without a person who disagrees with me coming after me. I consider what ITEX has done an invasion of my privacy."

The Yahoo message board cases further solidify what legal experts have been warning for sometime now: the Net is no longer a free-wheeling medium where anything goes.

"These message board cases are a dramatic demonstration that if you want privacy, maybe you shouldn't be swimming in those waters," said Karl Olson, a First Amendment attorney with Levy, Ram, & Olson in San Francisco. "My advice is, 'user beware.' If you're saying something you don't want people to trace back to you, you better think twice."