Privacy made simple for high-tech minds

It is rare to find books on Internet policy issues that inform practitioners in a particular field and educate anyone involved in any facet of information technology development.

Technologists and policy folks usually do not speak the same language, and generally neither wants to read the other group's jargon. For example, a technologist might discuss "a kludge for a nontrivial problem," which a policy analyst may refer to as "a Band-Aid solution on a long-term issue." Either way, there is a good chance that the majority of those who need to understand the issue and its implications are already asleep.

So, it is a special treat to find two recently published books on one of the most important issues of our day — privacy — that are intended for both a policy and technology audience and anyone interested in the Internet.

"The Privacy Payoff: How Successful Businesses Build Customer Trust" is the work of Dr. Ann Cavoukian, the information and privacy commissioner of Ontario, and Tyler Hamilton, a technology reporter and columnist for the Toronto Star. Although the book's subtitle suggests a business theme, the book looks into building trust in all transactions, including those between government and citizens. Cavoukian and Hamilton persuasively argue that a new kind of documented trust is essential to success in today's online world. The keys to gaining this trust are information management techniques that include privacy and security protections.

To make their point, Cavoukian and Hamilton have grounded some basic theoretical ideas in practical tips, including a plan of action. Interviews with leading chief privacy officers in industry and government back up the tips. The most interesting interview may be with Zoe Strickland of the U.S. Postal Service who, as the chief privacy officer of U.S. mailing addresses, has one of the most difficult jobs in Washington, D.C. Strickland offers good advice, such as mapping data flows and policies. She also suggests using technology to audit the security and proper use of information in this framework.

Cavoukian and Hamilton devote several chapters to the specifics of technologies that can accomplish those goals. The result is a nice mix of basic technical information for the policy audience and a full education in policy concerns and solutions for the technological audience.

Technologists who enjoy "The Privacy Payoff" will undoubtedly be even more engaged by Dr. Lorrie Cranor's book, "Web Privacy with P3P." (Platform for Privacy Preferences, or P3P, is the new industry privacy standard.) Those familiar with O'Reilly and Associates will recognize the format of a book covering a new specification, but this book offers more than just details on how to use the latest privacy standard.

Too often, computer scientists are unfamiliar with the theories, categories and principles that are the focus of policy debates about privacy and security. Cranor, principal technical staff member at AT&T Labs, offers a clear, concise description of the current state of privacy on the Internet and then discusses the technology tools that help individuals gain more control over their personal information.

Cranor refuses to buy into the hype of press releases claiming each new tool to be the panacea for the privacy problem. Instead, she suggests that technology and public policy work in tandem. Thus, P3P is rightly seen more as a means to help move the worlds of technology and policy closer together than as a solution.

About a third of the way through, "Web Privacy with P3P" turns into a hands-on technical manual for implementing P3P on a Web site. At this point, it becomes far less interesting for policy specialists — except maybe those who can read Extensible Markup Language. However, the first third is more than just a nice read for analysts — it should be required reading for anyone attempting to understand technology's role in social issues.

Cranor once told me that she came very close to taking up journalism instead of computer science. With this well-written book, she has successfully combined both.

Schwartz is associate director at the Center for Democracy and Technology.