Data Cant Ever Get Away

Debates concerning e-privacy usually focus on the risk of deliberate abuse. Perhaps its more important to protect our personal data against incompetence, rather than malice.

Eli Lilly, maker of the antidepressant Prozac, didnt mean to disclose the e-mail addresses of 600 users of that drug. But when the company discontinued an e-mail reminder service to Prozac users, it revealed participants identities in a notification of this change. How depressing.

I get too many e-mail messages whose addressees are listed in a “To:” field, rather than being kept confidential (at least from casual inspection) by addressing them as “bcc:” recipients. But thats a detail. In a broader sense, this Prozac incident illustrates a fundamental difference between the Internet and other forms of mass communication: At some level, the Internet demands that you stand up and be recognized before you can be IP-addressed.

I was struck by the coincidence of Lillys e-mail snafu coming on the heels of the BBCs decision to cease broadcasting to North American and Pacific region listeners. International shortwave broadcasts enable anyone to listen to anything; no one has any way of knowing what programs you subsequently choose to receive.

When the BBC chooses to rely, in part, on Internet distribution of its programs, I imagine listeners to Radio Free Europe being told to get the truth from a U.S. government Web site—followed by their own governments seizure of ISP data to determine whos been downloading what. Internet communications leave footprints that reveal our interests to others.

Its not about data collection. Its about data control. Its about making disclosure impossible, instead of just unlawful, before the Internet will truly earn users trust.