Privacy Is Common Issue Online

[R. A. Hettinga]

http://www.nytimes.com/2002/06/03/technology/03ECOM.html?tntemail0=&pagewanted=print&position=top




June 3, 2002

Privacy Is Common Issue Online
By BOB TEDESCHI

THOUGH businesses and their customers have largely taken divergent paths to
e-commerce - businesses promoted it endlessly; consumers embraced it
tepidly - these two groups are in lock step on at least one issue: online
privacy.

They both profess concern, but do little about it.

This reality is underscored by a report to be issued today by Jupiter
Research, the online consulting company, which found that businesses and
their customers barely lifted a finger to protect individual privacy
online, but fretted outwardly about the possible abuses of personal
information and the chilling effect on Internet spending.

Although 70 percent of online consumers say they are worried about online
privacy, the study found, just 40 percent read Web site privacy statements,
and 82 percent would give personal information to new shopping sites in
exchange for a chance to win $100 in a sweepstakes.

The business attitudes toward online privacy are slightly more difficult to
quantify, but Rob Leathern, who wrote the Jupiter report, said that most
companies budgeted less than $40,000 annually for online privacy
initiatives.

It has been increasingly clear over the last year that consumers and
businesses have been talking out of both sides of their mouths on the
online privacy issue, but the Jupiter report suggests that businesses are
nonetheless losing what could be an easy opportunity to score points with
consumers by crafting privacy-friendly policies, and failing to head off a
movement in Congress to force-feed those principles to businesses.

"If you make it easy for customers to exercise their privacy rights, they
will do it," Mr. Leathern said. But, he said, such thinking is beyond the
scope of most corporations today, "since companies are spending all their
money on C.R.M.," shorthand for customer relationship management technology.

With a sophisticated system, a company's customer service representative
could, for instance, look at a computer screen when a customer calls with a
problem, and see her entire purchasing history, be it through a catalog, a
Web site or a store, while also seeing prompts for product recommendations
or the optimal length of time to spend on the phone, given the customer's
value to the company.

For consumers who do not necessarily trust corporations to treat their
personal information with the proper amount of respect - whether that
involves not sharing it with other companies or keeping it secure - the
push to adopt such technologies should be further reason for anxiety, Mr.
Leathern said.

"You don't see a lot of companies putting together all the pieces, and
understanding the implications of bringing all this data together and
letting all these people inside the company see all the data," Mr. Leathern
said.

That is bad news not just for consumers, he said, but also for the
companies that lined up in 1999 and 2000 to serve what they thought would
be a rising demand for privacy-enhancing technologies. Companies like
Zero-Knowledge Systems, SafeWeb and others initially offered products that
helped people surf anonymously or manage the information companies could
collect about them online.

But consumers were unwilling to pay for such technologies, and advertisers
were unwilling to pay enough to reach the visitors these sites and others
attracted, so the privacy technology companies turned to Plan B, as in
B-to-B. Aside from selling their consumer technologies to companies like
Hewlett-Packard to install on new computers, as is the case with
Zero-Knowledge, privacy technologists have also been adapting their
products to suit other corporate needs.

For instance, SafeWeb originally gained notoriety in 2000 and 2001 for
creating technology that let Internet surfers avoid being tracked. Late
last year, it began packaging its software inside an appliance that helps
keep communications between corporations, remote partners and employees
secure and private.

Other companies like Watchfire, Privacy Council and PrivacyRight have
devised technologies that help companies manage the flow of customer data,
and detect when it is being used in a way that could violate government
regulations or the companies' stated privacy policies.

But with companies moving slowly on the privacy issue, despite the ongoing
prospect of additional government regulation, these privacy technologists
are digging in for a long, hard sell.

Austin Hill, co-founder and chief strategy officer of Zero-Knowledge, said:
"You'll start to see more activity on this in the next year and a half to
two years. A lot of organizations have moved beyond questions like, `What's
our privacy policy?' And now they're looking at what tools they have to
help manage it."

Technology companies see some hope in corporations like the RBC Financial
Group, which operates the Royal Bank of Canada and RBC Centura Bank in
North Carolina, among others, and has used what analysts regard as a
progressive privacy policy to differentiate itself from competitors.

W. Peter Cullen, RBC's corporate privacy officer, said that in the last two
years the company had used about 15 different programs to show consumers
that it was striving to exceed government-mandated privacy regulations for
financial service providers in the United States.

For instance, the company is preparing to give away so-called personal fire
wall software to its online banking customers, after a successful test of
the offering last year. RBC also delayed the rollout of wireless banking
until it found a Nokia phone with a chip allowing customers to encrypt
passwords and other information.

"You do that sort of thing enough, and it starts to drive people's positive
perception of your brand," Mr. Cullen said.

RBC has tried to quantify the effects of its privacy policies, relying on
research suggesting that 7 percent of a customer's buying decision relates
to privacy issues. Using that and other assumptions, Mr. Cullen said RBC's
privacy policies were responsible for $700 million worth of consumer
banking business.

Over the last two years, some observers have said that these types of
aggressive privacy initiatives would force competitors to follow suit. But
that has not yet been the case.

E-Loan and Expedia began subjecting themselves to voluntary privacy audits
by PricewaterhouseCoopers in 1999 and 2000. The audits have helped
demonstrate that the companies' internal data-handling methods are
consistent with their privacy policies, but they have not sparked much
interest among competing companies.

Expedia, which received another passing grade for privacy from
PricewaterhouseCoopers in April, acknowledged that its lead had not been
followed by competitors. Suzi LeVine, Expedia's director of product
marketing, said the company still gleaned benefits from the audits, in that
it learned about how to improve its data handling.

As for whether the audits, and the PricewaterhouseCoopers seal of approval
on Expedia's site, have helped it gain customers, Ms. LeVine said it was
hard to tell. "But we believe it's the right thing to do," she said, "and
we'll continue to try to get people to recognize that value."

Ms. LeVine would not disclose the cost of the audits, but E-Loan has said
they cost about $120,000 a year, not counting lost staff time. In an
Internet economy where both cash and staff are in short supply, and where
there is a surplus of consumer apathy when it comes to privacy, it is
little surprise that not many companies are following suit.

Copyright 2002 The New York Times Company | Permissions | Privacy Policy
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com