Private Matters

The world of digital snoops and spooks is a pretty dark space, but Richard M. Smith has illuminated some of its darker corners.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

The world of digital snoops and spooks is a pretty dark space, but Richard M. Smith has illuminated some of its darker corners. It was his work that revealed Amazon.coms gathering of personal information about customers without their knowledge or consent, Microsofts registration practices and RealNetworks underhanded data-gathering methods. In his spare time, Smith identified the author of the Melissa virus.

Now he has formalized his passion for outing snoops by taking on the title of chief technical officer at the Privacy Foundation, a newly created advocacy group financed by Denver entrepreneur Peter Barton and housed at the University of Denver.

Hes ready for the Brave New Privacy Millennium. Are you?

What to Expect

Here are three privacy issues Smith is anticipating.

> The Gramm-Leach-Bliley Act prohibits banks from sharing personal financial information with third parties such as telemarketers and provides customers with better "opt-out" controls over where their financial information may or may not go.

"Financial organizations are going to have to be a lot more forthcoming about how they use information about us," Smith said. In the first six months of this year, he predicted, we can expect mailings from financial companies explaining how they use our personal financial data. "Theres a big disclosure requirement from banks and financial institutions that wasnt there before," he said, "and it will be interesting to watch how everyone deals with that.

"Will people ignore those questions?" Smith wondered. And when they find out how all that data has been used all along, "will they get upset?"

He suspects that when folks wake up to what banks and other financial institutions have been doing — and still want to do — with all that private information, it may not be a pretty picture. But at least the reality of privacy-invading practices will be out in the open.

> E-911 is a better 911 emergency service for cell phone users. It is also a technology that police agencies can use to pinpoint the exact current location — and any route taken — by a cellular phone customer.

"E-911 has a very strong Orwellian feel to it, " Smith said. "Its a personal tracking device. Theres been a tremendous investment — a half dozen companies building the tracking technology; tens, maybe hundreds, of millions of dollars getting it ready and more money spent deploying it. People within the cell phone or wireless industry know all about it, because theyve had to deal with it now for four years."

The Federal Communications Commission has become involved because advertisers want to use E-911 to pitch ads that pertain to a persons location — for example, a store that advertises a sale as you pass it or a restaurant that tells you about its specials when you enter the neighborhood.

Still, Smith said, "Nobodys really bothered to tell the public" about E-911s more sinister aspects. "When people start hearing about it and the mass media picks up on it," he said, "I think there could be a big backlash against it — to the point that the FCC would say, Whoa, wait a minute, we maybe cant do this. Ive asked a lot of people if they knew this was going to start happening, and almost nobody was aware of it."

> The Childrens Internet Protection Act (CIPA) is new legislation mandating that schools or libraries install Web filtering devices or lose crucial federal funds.

Parents, quite reasonably, dont want their families assaulted by pornography, violence or other inappropriate material, Smith said, adding, "The CIPA is an example of one way to try to deal with the bad part of the Internet."

But filtering, he said, isnt the most significant issue with the CIPA. Its the cookies — those little invisible "tokens" that a Web sites software uses to track surfers travels on the Web. Web sites insert these cookies onto a users hard drive, where they sit until theyre called on to return all kinds of information about the user and the browsing and purchasing he or she has done online. Think of them as moles that sit on your computer, sucking up all your information and spitting it back to marketers. As a result, some toy e-tailer may wind up knowing more about your childs interests — and therefore about how to market to them effectively — than you do.

"Theres clearly a problem with a lack of good privacy controls in Web browsers," Smith said.

Microsoft Takes a Step

With its Internet Explorer 6, the new version of its browser, Microsoft is attempting to address what the company perceives to be a growing consumer concern about privacy, Smith said. "Because of all the media attention to Internet privacy issues, Microsoft is now putting in better controls for privacy," he said. "It seems like theyre making a very honest effort to improve the control that people have on cookies and [other issues relating to] privacy policy. Im kind of hopeful that theyll actually do a very good job."

These are just three examples of privacy issues Smith said we can expect in the new year. Assaults on privacy multiply faster than watchdog groups such as Smiths Privacy Foundation can respond to them. The best weapon for combating these assaults is an educated public. So be sure to check in on the work of privacy advocacy groups as the year unfolds and, of course, check this column regularly for up-to-date personal privacy violations — and their solutions.