|
|
 |
|
|
| The
Top 10 Privacy Stories of 2000 by Privacyfoundation.org |
Workplace
Surveillance is the Top Privacy Story of 2000
Other
Top Stories include Medical Privacy, Carnivore and DoubleClick
by Privacyfoundation.org
DENVER
– 12/28/00 – The
phenomenal rise, and technological sophistication, of workplace
surveillance leads the list of the Top 10 privacy stories of the
year 2000, according to a Privacy Foundation analysis.
Also in the Top 10 are proposed new medical privacy rules; the FBI’s
controversial use of the Carnivore email wiretap; DoubleClick’s
stalled plan to track consumers online; and the arrival of chief
privacy officers in corporate boardrooms.
"The rise of the Internet has sent a flood tide of privacy
concerns through business and society, and the waves are breaking
big-time in the workplace," said Stephen Keating, executive
director of the Privacy Foundation. "Two-thirds of major American
firms now do some type of in-house electronic surveillance, while
an estimated 27 percent of firms monitor email."
Some of the fallout from that surveillance can be measured in lost
jobs, as entities ranging from Dow Chemical to the Central Intelligence
Agency have fired or disciplined employees for alleged misuse of
workplace communication networks.
"Employers may be rightly concerned about security and productivity
issues, or legal liability arising from emailed sexual banter,"
said Keating. "But pervasive or spot-check surveillance conducted
through keystroke monitoring software, storing voice-mail messages,
and using mini-video cameras will undoubtedly affect morale and
labor law, as well as employee recruitment and retention practices."
Servicing the workplace surveillance market are a host of companies,
including Checkpoint, SpectorSoft, Telemate, and WinWhatWhere. Noting
that employers have substantial economic, legal - and now, technical
- clout over employees in this area, one chief privacy officer for
a major corporation told the Privacy Foundation that, "Employees
are toast."
Looking ahead, the Privacy Foundation expects that some companies,
particularly those in need of highly-skilled, high-tech workers,
will tout "spy-free workplaces" as a fringe benefit. The
Privacy Foundation has deployed a team of business, law and technical
researchers to study workplace surveillance issues and will have
more to report in the first quarter of 2001. Based at the University
of Denver, the Privacy Foundation is a non-profit and non-partisan
organization dedicated to research on privacy issues and efforts
to educate the public.
Following is a list of the Top 10 privacy stories for the year 2000,
as well as forecasts, and a partial list of source material. The
analysis was done by PrivacyFoundation.org personnel, including
Keating; Richard Smith, chief technology officer; and researcher
Justin Rickard. For questions, please contact Keating by email at
sk@privacyfoundation.org
or at 303-717-2607; or Smith by email rms@privacyfoundation.org
or at 617-962-8351.
The
Top 10 Privacy Stories of 2000
1)
Workplace Surveillance Heats Up: "Employees are Toast"
Millions
of employees in the U.S. and worldwide are now subject to electronic
monitoring by employers – a stealthy trend fueled by relatively
cheap technology (like mini-surveillance cameras and keystroke monitoring
software) and employer paranoia about unauthorized use of email
and the Internet by employees. Two-thirds of major American firms
now do some type of in-house electronic surveillance, and 27 percent
of all firms surveyed monitor email, according to the American Management
Association. Dozens of companies including Xerox, Dow Chemical and
The New York Times (and government agencies including the Central
Intelligence Agency) fired and disciplined employees in 2000 because
of alleged bad behavior in using the companies’ communications networks.
"Employees are toast," one chief privacy officer told
the Privacy Foundation, noting that employers have substantial economic,
legal - and now, technical - clout over employees in this area.
LOOK
FOR: "Workplace privacy rights" to become a negotiated
fringe benefit, with New Economy companies leading the way.
SOURCES:
More
U.S. Firms Checking Email , American Management Association,
4/14/00
Dow
Chemical Fires 24 [and disciplines 235] in Email Controversy,
CNET, 9/15/00
Big
Boss is Watching, Yahoo Internet Life, 10/00
Narcware,
Forbes, 5/1/00
TOP
OF PAGE
2)
Patient Privacy Rules
Widespread
public concerns about disclosing personal medical information to
doctors and hospitals - for fear the records will end up in the
hands of databanks, insurance companies and prospective employers
- led to new federal rules proposed in late December. Six years
in the making, the revisions to the Health Insurance Portability
and Accountability Act (HIPAA) will oblige doctors to seek patient
consent to use medical records in routine matters, and give patients
greater access to their own records. The 1,553 pages of new patient
privacy rules, proposed by the U.S. Department of Health and Human
Services, will take two years and billions of dollars in private
sector costs to implement. In February, President Clinton signed
an executive order prohibiting the use of genetic information in
federal employment practices. The genetic screening issue is still
unsettled in the private sector.
LOOK
FOR: Changes and delays in the proposed patient privacy rules, as
health care lobbyists target Congress and the Bush Administration.
SOURCES:
Clinton's
Health Privacy Rules Await Congress' Perusal, Associated
Press, 12/21/00
$17.6
Billion over 10 Years to Protect Medical Files, Boston Globe,
12/21/00
President
to Bar Genetic Discrimination, CNN, 2/8/00
TOP
OF PAGE
3)
Carnivore Attacked
Acknowledgment
by the FBI of an email surveillance technology named Carnivore set
off alarm bells among privacy advocates, who called for more public
disclosures about Carnivore’s capabilities, and restraint in its
use. The FBI’s claim that Carnivore had only been used 25 times,
primarily in national security cases, did little to allay concerns.
Carnivore operates under existing wiretap laws - laws that have
been broadened through court orders to allow an estimated two million
phone conversations to be monitored annually by law enforcement.
A technical review of Carnivore, done by an Illinois institute that
was hand-picked by the U.S. Justice Department, was seen by critics
as a whitewash. The broad fear is that the FBI could use Carnivore
to tap the data pipes of Internet Service Providers and cast a wide
net for emails, not just those sent and received by the targets
of specific investigations.
LOOK
FOR: Increased scrutiny of law enforcement surveillance technologies
by civil libertarian groups and activists.
SOURCES:
Carnivore
Eats Your Privacy, Wired News, 7/11/00
Critics
Blast FBI's First Release of Carnivore, CNET, 10/2/00
EPIC's
Carnivore Archive, Electronic Privacy Information Center
TOP
OF PAGE
4)
DoubleClick Unplugged
The
merger of database marketer Abacus Direct with online ad company
DoubleClick hit front pages and sparked a federal investigation
in January 2000 when it was revealed that the company had compiled
profiles of 100,000 online users – without their knowledge – and
intended to sell them. The resulting outcry stymied the plan, which
was shelved later in the year as DoubleClick and combative chairman
Kevin O'Connor endured the steep decline among Internet ad stocks.
In the press and in the public square, the name "DoubleClick"
became synonymous with Internet privacy breaches. Nonetheless, the
matching of consumers’ web-surfing habits with traditional "offline"
personal data (name, address, income) remains a lucrative lure for
marketers. Avenue A and MatchLogic were two online marketers hit
with proposed class-action lawsuits alleging that they track customers
without permission.
LOOK
FOR: The biggest online/offline direct marketing experiment in history:
the operational merger of AOL and Time Warner.
SOURCES:
DoubleClick
Sued for Privacy Violations, CNN, 1/28/00
DoubleClick
Postpones Data-Merging Plan, CNET, 3/2/00
Kevin
O'Connor Gives People the Willies, eCompany, 10/00
Online
Ad Companies Hit With Privacy Suits, CNET, 9/22/00
TOP
OF PAGE
5)
Rise of the CPO
Microsoft,
IBM, American Express and dozens of other firms, ranging from the
Fortune 500 to start-up e-commerce firms, created and filled a new
executive position called Chief Privacy Officer. With no clear career
path to the job, the first CPOs have backgrounds ranging from law
to marketing. Job duties are best described as Chief Flak Catcher,
heavy on public relations, with fledgling attempts to coordinate
their company’s strategic, legal and technical teams to protect
consumers – or at least enforce the company’s own posted privacy
policies. At the federal level, law professor Peter Swire wrapped
up his two-year tenure as the nation’s first chief privacy counselor
to the president.
LOOK
FOR: Certification programs for CPOs, as exemplified by Alan Westin’s
Privacy and American Business initiative, evolving into graduate
classes and degree programs at Universities.
SOURCES:
CPOs
Make Boardroom Debut, Infoworld 12/15/00
IBM
Appoints Chief Privacy Officer, Computerworld, 11/29/00
Privacy and American Business
TOP
OF PAGE
6)
Amazon.com Surveys the Data Mine
Amazon.com,
a bellwether of the Internet economy with 20 million customers,
changed its privacy policy in September to warn that customer data
will be considered a marketable asset if the company is ever acquired,
or sells off operations. The move, made as Amazon faced scrutiny
from Wall Street about its financial prospects, underscored criticisms
about the way that dot-com companies revise privacy policies to
capitalize on customer data. Several other high-profile cases made
the news in 2000. A company called Toysmart.com went bankrupt and
its customer database went up for auction – until the Federal Trade
Commission blocked the deal.
LOOK
FOR: More civil lawsuits against Internet retailers for alleged
violations of privacy policies – and Congressional action in 2001.
SOURCES:
Privacy
Watchdogs Blast Amazon, Ecommerce Times, 9/14/00
Privacy
Groups Call Amazon Policy "Deceptive", CNET, 12/4/00
Toysmart.com:
Back in the Middle Again, The Standard, 8/18/00
TOP
OF PAGE
7)
The Urge to Merge Financial Information
The
Gramm-Leach-Bliley Act went into effect in November, permitting
banks, brokerages and insurance companies under the same roof to
share customer information – and potentially share it with third
parties – provided that that they notify customers how confidential
information will be used and allow them to opt-out. An extension
passed earlier in the year gives financial institutions until July
2001 to comply with the new rules. Privacy advocates complain that
the act has loopholes and does little to protect online transfer
of information.
LOOK
FOR: Consumer complaints about misuse of personal data by financial
institutions.
SOURCES:
Extension
Granted on Financial-Data Privacy Law, The Standard,
5/9/00
Sharing
Secrets, The Standard, 5/8/00
Gramm-Leach-Bliley
Key Provisions, Securities Industry Association
TOP
OF PAGE
8)
Wireless Privacy Battles Loom
New
mandates for cell phone Emergency 911 service raised a host of questions
about wireless privacy in 2000 – and appear poised to create a new
wireless advertising industry. With tens of millions of cell phones
in use, the U.S. government is mandating the deployment of location-sensing
E911 service for cell phones in 2001. Just as telemarketers exploited
the ubiquity of wireline phone service, there are a wide range of
data-service providers and marketers eager to piggyback on the new
wireless technology to send text ads and discount offers to cell
phone subscribers.
LOOK
FOR: Technology companies and federal regulators warding off wireless
spam by proposing an industry-wide "opt-in" solution for
consumers to receive text messages.
SOURCES:
Talking
About Wireless Privacy, The Standard, 12/18/00
Richard
Smith's Tipsheet on E911, Privacy Foundation
FCC Press Releases on E911,
Federal Communications Commision
TOP
OF PAGE
9)
Microsoft Crumbles on Cookie-Blocking
In
the summer, Microsoft released a software patch for Internet Explorer
that would allow a computer user to automatically block third-party
cookies, which are small software files set on computer hard drives
by Internet advertisers. Facing grumbles from the online advertising
community, Microsoft backed off the patch, and instead will support
the
P3P (Platform for Privacy Preferences) standard in the upcoming
Internet Explorer 6.0. P3P is a privacy dial that will allow users
to set privacy preferences for sites while web surfing. Earlier
in the year revelations that the National Drug Control Policy Office's
Anti Drug Web placed "cookies" on user's computers led
to an executive order banning cookies on federal websites.
SOURCES:
Microsoft
Offers Tracking Alert for IE 5.5, CNET, 7/20/00
Cookie
Patch Released for I.E. 5.5, CNET, 8/31/00
Microsoft
Looks for Consensus on Security, ZDnet, 12/7/00
Memo
on Federal Website Privacy Practices, 6/22/00
TOP
OF PAGE
10)
A New Kind of Public Record
The
emails subpoenaed from Microsoft during its federal antitrust trial,
and the email traffic to and from Florida Gov. Jeb Bush sought by
the media during the 2000 presidential election controversy, are
just the beginning. In a variety of cases, computer server logs
of government agencies and schools were sought by the media, and
by individuals, as public records. Among the incidents: a county
prosecutor’s secretary, fired in Washington state, had her email
traffic disclosed to the media; in suburban Indianapolis, a school
superintendent who resigned had his alleged web-surfing activities
published in the local newspaper.
LOOK
FOR: Fishing expeditions by the media, political opponents, and
activist citizens, seeking email and computer server logs through
public open record law requests.
SOURCES:
Superintendent
Who Resigned Had Viewed Sexually Explicit Material on School Laptop
Computer, Topics.com, 10/27/00
Media
Examining Jeb Bush's E-Mails, About, 11/30/00
TOP
OF PAGE
Copyright
Privacyfoundation.org
|
| |
|
Related Links: Lying with Pixels (article)
| The Truth about your Credit Report (article)
Related Reading: The
Art of Lying (book) | True
Lies (movie)
|
| |
|
|
