To regulate or not to regulate? Whether the government should institute privacy legislation to protect Internet users has become an increasingly acrimonious issue among lawmakers and lobbyists from both the pro- and anti-regulation camps. The battle reflects the public's growing concern that their personal information is being indiscriminately tossed around on the Internet.
In May, a study commissioned by the Association for Competitive Technology (ACT), an organization formed by technology companies in 1998, concluded that federal privacy legislation might deal a $36 billion blow to e-commerce. The ACT study estimates that Web businesses might be forced to spend roughly $100,000 each in order to comply with the consumer-access provisions stipulated by many of the proposed privacy bills in the House and Senate. The study's conclusions are based on estimates from more than a dozen software-consulting firms asked how much it would cost to design a Web site infrastructure that would allow users access toprivate information collected about them.
According to Steve DelBianco, ACT's vice president, most sites lack the financial resources to comply. "We estimate that only 10 percent of sites would make the investment on consumer access. The rest would have to stop sharing information, or close down. And it's impossible to say how much businesses would lose by not sharing lists."
Not everyone is buying the study's findings. A paper written by Peter W. Swire, a professor of law at Ohio State University and former chief counselor for privacy under President Clinton, argues that ACT's study is seriously flawed. He believes that one-size-fits-all compliance software packages will be made available to Web sites that will cost far less than $100,000. "Small, medium, and many larger sites will buy software packages," Swire wrote. "It is unrealistic to treat small sites as though they will pay the same compliance fees as large sites."
One of the most thorough privacy bills introduced in Congress, and one cited in the ACT study, is the Consumer Privacy Protection Act (S. 2606), introduced in May 2000 by Sen. Ernest Hollings, D-S.C. The bill requires Web sites to provide users access to personal information that the site has collected about them, and to allow users to "correct, delete, or supplement" that information.
DelBianco claims that the consumer benefits of such bills have not been proven. "Consumers don't need laws whose benefits are questionable, but [whose] costs are certain," DelBianco says. "And the costs will mostly be borne by small businesses."
Chris Hoofnagle, staff counsel with the Electronic Privacy Information Center in Washington, D.C., asserts that legal privacy protection will assure the public that doing business on line is as safe as doing it off line. "We're going to need a statutory framework to protect privacy rights," he says. "It's the standard in most of the world. The U.S. is the world's privacy dinosaur."
IN OTHER NEWS
The non-profit Internet security site Attrition.org announced in May that it will no longer track and archive the defacement of Web sites by hackers. Its volunteer staff could no longer keep up with the increasing numbers of defacement incidents. Over three days in April, more than 100 sites were defaced by online vandals -- three times as many incidents as occurred during 1995 and 1996 combined.
Your state might be next. N.Y. Gov. George Pataki has signed an executive order banning state employees from using state-issued handheld cellular phones while driving state vehicles. Pataki also proposed legislation to institute a statewide ban on the use of handheld cell phones on all public highways, except in cases of emergency.