Web's trust runs short

Consumers: Fears about invasions of privacy may be curtailing Internet use and online shopping.

January 17, 2000|By Simson L. Garfinkle | Simson L. Garfinkle,BOSTON GLOBE

According to a pair of studies recently released by the Wharton School of Business, online shopping could be in trouble: Although total spending increased last year, the average amount spent per Internet user decreased.

Meanwhile, a growing number of Internet users are dropping out and going permanently off line, the reports found.

The researchers at Wharton, who have tracked more than 23,000 Internet users since 1997, say that the biggest factor depressing online sales is concern about privacy -- specifically, monitoring by third parties.

A second big factor is an unwillingness to trust online businesses with private data.

Web surfers are right to worry: What you do online reveals a tremendous amount of information about who you are, what you believe, how you spend your money, and what you do with your time. It's all too easy for Web businesses to correlate this information into a highly detailed profile.

There are two ways that consumers can be harmed by an online profile. First, it can reveal information that a person might wish to keep secret. Second, the information might be incorrect or incomplete, causing the revealed picture to be not just invasive, but unfair and misleading.

In November, I bought some videos from Amazon.com. Then I went to Amazon's recommendations page to see what movies Amazon's computers thought I would like, based on my previous book and video purchases. One of the movies was "Goodbye, Emma Jo," which I bought. It turned out to be an erotic lesbian film.

I had never bought pornography before, although I had purchased women's fiction and literature. Now, since I bought the "Emma Jo" movie, every time I ask Amazon for movie recommendations, about half of the movies turn out to be lesbian porn.

This amuses me, but someone else might be offended, or might be worried that Amazon is spreading misleading information to other companies.

The Internet business community realizes that online privacy is an issue that's not going away, so over the past few years companies such as Amazon have taken steps to address consumer fears. Many Web sites post a privacy policy that explains what kind of personal information they collect and what they do with it.

Some companies (but not Amazon) have signed up with TRUSTe (www.truste.com) or BBB Online (www.bbbonline.com), organizations that promise to enforce these voluntary privacy policies.

Amazon's policy says: "Amazon.com does not sell, trade, or rent your personal information to others. We may choose to do so in the future with trustworthy third parties, but you can tell us not to by sending a blank e-mail message to never(at)amazon.com."

Whether that is a legally binding promise is hard to tell. If I were depending on Amazon's policy, and it were to change, I wouldn't have much recourse.

Another big problem with these privacy policies is that you have to take the time to find each site's privacy policy and then read it before you can decide whether you wish to do business. Some companies use an unambiguous computer language to describe their privacy practices. You could program your computer to download automatically the privacy policy for every site you visit and with a warning if the site's policy offends your sensibilities.

That's the idea behind the World Wide Web Consortium's Platform for Privacy Preferences (P3P) project. Beyond screening out Web sites that refuse to respect your privacy, the system can transfer your personal information to Web sites that you deem acceptable. For example, some Web sites won't let you browse their pages unless you provide your name, e-mail address, and ZIP code. With P3P, you could program your computer to automatically provide this information to a Web site if the site met your privacy criteria.

There's been a lot of industry support behind P3P, with public testimonials from AOL, IBM, Microsoft, Netscape and others. It's possible that this technology will be built into your Web browser before the end of the year.

But not everybody thinks that P3P is the answer to the Internet's privacy dilemma.

One problem with the system for automatically sending personal information to Web sites is that P3P makes it harder for users to provide false information, a technique used by many surfers to protect their privacy.

Another problem with P3P, as it is envisioned, is that it transmits a tremendous amount of personal information about the user to the Web site, but little information about the Web site is sent to the user to assist in making a privacy judgment.

"What type of business is it? Is it a private or a public company? Where is it incorporated? Is it a subsidiary of another company, and if so, which one? Unfortunately, P3P does not allow a user to ask any of these important questions," writes Christopher D. Hunter, a doctoral candidate at the University of Pennsylvania's Annenberg School for Communication, in an article he recently finished.

The fundamental problem with P3P, he says, is that it does not ensure an individual's privacy, only "industry's view of privacy."

This is a general failing on the Internet today. An important principle in data protection is for individuals to be able to see their records and correct factual errors. There is no way for me to get into Amazon.com's database and convince its computers that I am not a connoisseur of lesbian porn.

Hunter's article, which makes for excellent reading about P3P and online privacy in general, can be found at www.asc.upenn.edu/usr/chunter/p3p.html.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.