Privacy at the crossroads

Sun Microsystems Inc.'s chief executive officer Scott McNealy made waves two years ago when he made this statement about protecting privacy on the Internet: "You have no privacy, get over it."

A short time ago, McNealy said that while he still felt his earlier statement was true, the Internet was actually safer because "you can encryptthings" and "provide controlled access" to halt unwanted spying. So, do we have no privacy as a result of the digital revolution or are we better off than we would be otherwise?

The privacy expectations of Americans have never before been so outof line with the privacy reality. This disparity produces the privacy anxiety that we have all felt at one time or another when we've wondered, for example, why a company wants our Social Security number.

Although credit card companies have long been able to track our store purchases, they have never been able to infer our personalities from disparate data, as they can on the Web. The federal government's broad collection of personal information is protected by the Privacy Act, but a great deal of public-record information previously obscured by the difficulties offinding it in paper documents is now online, searchable from anywhere in the world.

The Internet does offer new tools that could lead to greater data protection. Privacy-enhancing technologies, such as "anonymizers" and other encryption products, could help individuals gain more control over their personal information. And systems can be designed in ways that minimize the collection or linking of information.

However, privacy-enhancing tools and "privacy by design" do not enforce baseline standards for privacy. Without basic protections in law, individuals will not be able to fully use these technologies. To rebuild public trust,the public must know that "bad actors" will be punished and that certain minimum privacy expectations can be met.

Aside from the hyperbole, McNealy's recent analysis is actually partly correct: Americans lack the privacy protections they believe they should have, and the Internet is well suited to user-control technologies thatcan make the situation better. Yet his view is incomplete. A third component of the privacy solution must be found in enforceable rules implementing the principles of fair information practices: notice; choice; limitations on collection, use and disclosure; access; and accountability. Working out the details of those rules and applying them fairly to both the private and public sectors will not be easy.

Given the rapid changes in both technology and online business models, the Internet represents a privacy crossroads. If we do not enhance protections to limit the ability to track our browsing, reading and other online activities, the trust in our basic institutions will suffer irreparable damage.

So get over it, Mr. McNealy. Americans care deeply about privacy, andthey expect industry and government to provide the user-controlled products and services that match their privacy expectations.

Schwartz is a policy analyst at the Center for Democracy and Technologyin Washington, D.C.