Internet

Gore pushes new Net privacy laws

Vice President Al Gore calls for new laws to deter identity theft and to prohibit the collection of data from children on the Net.

WASHINGTON--Faced with mounting public pressure to enforce stricter online privacy protections, Vice President Al Gore today called for new laws to deter identity theft and to prohibit the collection of data from children on the Net without parental permission.

As expected, the White House also announced its opposition to the creation of a universal identification number for medical records, wants stronger enforcement of credit-record protection laws, and will create a federal privacy liaison.

In addition, See related roundup:
FTC's privacy crackdown the administration wants to see a state-federal task force set up to deal with privacy and public records, since many of the commercial databases that sell and distribute sensitive personal information get their data from the government.

Today's effort pushes forward Gore's "electronic bill of rights" to protect individuals online, which he proposed in May. Until now, the administration has widely endorsed industry self-regulation to help shield online privacy.

"Let's begin with a simple premise: Privacy is a basic American value, in the information age and in every age," Gore said today.

"At every step you may be leaving a trail of personal data that may be used or abused by people you have never met in places you have never been," he added. "You should have the right to choose whether your personal information is disclosed; you should have the right to know how, when, and how much of that information is being used; and you should have the right to see it yourself, to know if it's accurate."

The growth of the Internet See reporters notebook:
Why you should care about crypto and electronic databases may make life and business transactions more convenient, but it also could compromise personal privacy if adequate protections aren't put in place. Various surveys show that Americans are reluctant to engage in e-commerce and other online activities due to concerns that personal data--such as their Social Security number, home address, or financial account information--will be compromised.

The White House initiative aims to quell those fears, as well as conflicts with a strict European Union privacy directive that goes into effect this fall. An EU ambassador was on site today to hear Gore's plan.

The EU law threatens to cut off e-commerce and personal record exchanges with nations that don't disclose how the data will be used. The law also directs countries to set up an authority to monitor the privacy policy and provide clear legal recourse if companies violate the rules.

The administration's initiative still might not be enough to satisfy critics or meet the standards set by European countries, however.

"I think they are simply avoiding the tough issues. This doesn't address the EU directive," said Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC).

"The tough issues are establishing legal protections for privacy on the Internet and reforming the [export] controls on encryption," he added. Encryption secures digital communication and can't be cracked without a person's private key.

The administration today backed up the Federal Trade Commission's call for legislation to prohibit collecting personal data from Net users under the age of 13--unless the site has parental permission.

Building on its children's privacy recommendations, last week FTC Commission Robert Pitofsky went one step further and said that if industry self-regulation failed, then a law should be passed to shield all online users' information and give consumers power to control their data. The White House did not embrace this broader proposal, however.

"In the kids-under-13 area, we've seen a fair amount of agreement on all sides, so the administration is taking that consensus-building that has happened and going to the bank," said Deirdre Mulligan, a staff attorney for the Center for Democracy and Technology (CDT).

"They are putting the stakes in the ground. In every case they are not creating a legislative push, which is an easy way out," she added. "We don't think addressing children's issues is enough. We want the FTC to be given new authority to establish appropriate privacy protections for adults and kids."

Gore praised the Senate for its passage yesterday of identity theft legislation to increase penalties for using false identification, stolen credit cards, and forging checks, for example. The White House also is pushing a bill to crack down on those who wrongly obtain confidential customer information from banks.

The White House invited a victim of identity theft to the event today. She told the story of having bank loans and checks taken out in her name and her inability to stop the perpetrators.

"We need to make identity theft a federal crime," said Rep. Rosa DeLauro (D-Connecticut), who introduced House legislation to eliminate the stipulation that a person must first commit fraud before being busted for identity theft.

"The theft of someone's identity ought to be the crime, not [just] the theft of someone's assets," she added.

The electronic bill of rights still encourages industry self-regulation to do a larger share of the job, such as following the Online Privacy Alliance's guidelines. Gore warned, however, "If you don't find a way quickly, effectively, to regulate your own industry, we will find a way."

Regarding the creation of a privacy liaison, advocates say the value depends on who the person is and how much influence he or she has on the White House.

The privacy adviser will be placed in the Office Information and Regulatory Affairs within the Office of Management and Budget.

"The question is, what kind of power and resources do they have and who is it?" the CDT's Mulligan added. "They have to be technology-savvy and have a knowledge of privacy and international affairs."

Still, privacy activists praised the White House for taking a stance about electronic privacy.

"The big news is that the vice president is going to say there should not be a national patient record number established until medical privacy protections are in place," the EPIC's Rotenberg added. "I give them credit for that."

News.com contributor Steve Allen reported for this story from Washington. Courtney Macavinta reported from San Francisco.