Protecting the Private I
Big Brother is watching the Net. Do you know how much he knows about you? Do you care?
By ESTHER DYSON
 

Do we need a new privacy to match the new economy? Not long ago, I saw a survey that asked business people questions such as whether it's ethical to listen to employees' phone calls or
read their e-mails. But it didn't raise the key issue: Do the emplo-yees know? If your friend Alice tells you something, is it O.K. to tell your other friend, Juan? It all depends on what Alice
expects of you. And if there's any doubt, you should ask her.

These simple principles are so obvious that it's amazing people forget them when it comes to the Internet. The basic standard still applies: If in doubt, ask.

Of course, things are different on the Net. First of all, almost all relationships are between strangers, especially those between merchants and customers. Should a seller have to ask what he can
do with the transaction data each time a sale is made? That's a big burden for both parties. Moreover, many merchants would prefer not to delve too deeply into all of this. They would rather
just assume that their information-collection methods are O.K. and use the data as they see fit. They argue that everything would be more expensive if they couldn't use marketing information
effectively: Internet content would no longer be free. Besides, they add, people know what's going on anyway and really don't mind.

While many consumers in fact don't have problems with all of this, some do. Certainly, their preferences vary—so why not ask what they are? That's what computers are meant for: to manage
lots of information, including details as to how consumers want their data used. True, many users, if you were to ask them to actively consent to the use of their data, simply wouldn't bother.
The process of making an explicit choice is a burden for customers as well as for merchants.

What's the solution? To most people a problem is a problem, but to some—especially those building the New Economy (despite its current travails)—a problem is an opportunity. Many
companies, from Microsoft to small start-ups, are building tools that allow users to specify their privacy preferences and then communicate automatically with websites using a standard
language called P3P. The websites also state their privacy policies in P3P, and then the computers figure out if they match. Some of the systems require you to store your data with the
vendor; others let you manage everything yourself. Some of these firms will succeed, some won't. Some are trustworthy, some may not be.

And that brings us to the second part of the solution. What should governments be doing? Some, most notably in the European Union, think they should pass laws restricting the use of
personal data. Others, like the U.S., restrict the use of medical information but are pretty lax on almost everything else. Still others haven't addressed the issue. (And all are hampered by the
fact that their citizens use websites outside their own country and beyond their own government's control.)

Although some oversight is helpful, especially for medical or government-mandated information, I think this basic approach is wrong. Let's go back to the first principle: people have different
preferences and sensitivities about the use of their personal information. Many like free content and well-targeted marketing offers. So why not let the market work? Let websites disclose their
practices in an intelligible way and then let consumers choose.

But there are some things governments should do. One is to educate people to look for and understand privacy practices. Another is to prosecute any company that does not observe the
privacy standard it pledges to uphold. And lastly, companies should be required to disclose their data-handling and security commitments to investors and insurance companies, so they can
be factored into financial decisions. Privacy policies are confusing for any consumer. But in a world where attention to consumer desires matter (and where careless use of data can lead to
liability and prosecution), an investor or insurer whose job it is to assess a company's long-term prospects has a strong interest in understanding what a company promises and whether it can
deliver.

Ultimately, consumer opinion does matter to the more committed vendors. You personally have an opportunity to weigh in on this debate, both by your behavior and through direct feedback.
Demand data-use information and use it to pick which sites you do business with. And send e-mails to companies whose policies you like or dislike. All those data-tracking tools mean that
your opinion will be counted!

Esther Dyson is chairman of EDventure Holdings and author of Release 2.1: A Design for Living in the Digital Age. She invests in I.T. start-ups in the U.S. and Europe,
including Russia