The Politics of Privacy


SUPPOSE I AM A FIFTH GRADER selling Girl Scout cookies. Commercially ambitious and a bit of a geek, I don't just peddle them to the neighbors. I set up a Web site and take orders by email. And who should order six boxes of Tagalongs but Billy Jones—the cutest boy in the class! I shoot a message to my best friend, Susan, telling her about the order. "I think he likes me—what do you think?" Susan forwards it to Rachel, who sends it to Casey, who tells Holly, who tells her brother Sam, who tells his friend Steve . . . and pretty soon everybody in the fifth grade knows all about Billy and me.

I doubt that gossip has gotten any less embarrassing since I was in the fifth grade. What's different now is that a lot of people would like to make a federal case out of Billy, the cookies, and my email. By sharing the information about his order with Susan, I have violated his fundamental "right to privacy." While operating a commercial Web site, I have collected and disseminated a fact about Billy without his permission. The Federal Trade Commission should be after me in no time.

That's what "privacy advocates" seem to think. Testifying before a House subcommittee in late March, Marc Rotenberg, the director of the Electronic Privacy Information Center, condemned the variety and gradual evolution of privacy standards in cyberspace: "Where once individual consent was central to the disclosure of personal information, now the focus is on individual choice for a range of disclosures. Where privacy techniques focused on the means to protect identity, now the focus is on means to obtain information. . . . Something is clearly amiss."

Since there's no law about what information can be gathered and how it can be used, Web sites take different approaches: Some let individuals choose exactly what to reveal about them-selves and how to let the information be used. Others tell visitors how they intend to use the information they collect, which gives each person the leeway to decide whether to stick around. Still others—like my hypothetical cookie site—say nothing at all, letting the surfer beware.

This laissez-faire regime not only allows different strokes for different folks. It also lets bootstrapped Web sites grow without creating complex system for managing information from visitors. It allows small operations to informally poll people without violating federal laws. It permits experimentation and learning. It fits the flexible, diverse, entrepreneurial, sometimes amateurish world of the Web. And it drives people like Rotenberg crazy.

Choice does not produce the outcome he wants, so he deems it a failure: "Self-regulation has not helped protect privacy on the Internet. It has in fact made it harder for us to focus on the larger questions of a coherent privacy policy."

Privacy advocates assume that you own your "identity"—all the disparate information about yourself—and therefore have the fundamental right to control what information is available to others. That's what Rotenberg means when he refers to "consent": If someone wants to tell someone else a fact about you, the teller has to get your permission.

BUT THE PREMISE SIMPLY isn't true. The other party in any relationship—your former landlord, your boss, my cookie site, or Amazon.com—owns information about you as surely as you do. And freedom of speech isn't the monopoly of officially certified "journalists." Gathering and sharing such information is as old as gossip, and neither speech nor commerce can function if it is illegal. In effect, privacy advocates are trying to outlaw reputation. Like the more honest censors behind the Communications Decency Act, they are also trying to assert control over a dynamic medium that defies their static vision of the one best way. They are demanding a "coherent policy" to replace diversity with decrees. And they are living proof that not all enemies of the evolving future are politically conservative or technologically ignorant.