By Nitin Chittal

"The right to be left alone is the most comprehensive of rights, and the right most valued by a free people." Justice Brandeis.

Wtih the Internet's growing popularity today, this fundamental right to privacy is being violated brazenly.

Take for instance, the experience of a fellow analyst. When he logged on to Cheekoo.com (the dot.com that provides 15 hours of Internet access free every month to anyone who has an ISP account) to register, he was in for a shock. Instead of loading a blank registration form, he was asked to authenticate information that had already been collected. And, to his astonishment, most of the information present was correct.

Where did this site get the information? Obviously, some from an ISP's records and some collated from information dispersed unwittingly on other Web sites.

They know where you click
In fact, around the world the issue of privacy on the Internet is assuming centre stage. Consumers and consumer protection groups are concerned that businesses will use the opportunity offered by the Internet to capture information about unsuspecting people who visit their Web sites. By merging this information with a wide range of publicly available data (such as credit histories, phone bills, etc.) Web sites would be able to accumulate vast databases of information about their customers.

This is exactly what companies like DoubleClick, 24/7 Media and many other companies are doing. DoubleClick which serves up ads on many Web sites, uses anonymous digital snapshots or "profiles" of millions of cyber surfers, based on where they browse and what they do online, to dish up personalised ads on its clients' Web sites.

It's one thing to use the data collected for one's own use, but it is altogether another matter when the data is sold to others. Serving up personalised information might not be all that bad per se. But when the information has been collected without the knowledge or the sanction of the user, things take on a different hue. When the companies go a step further, it starts getting muddier. For instance, DoubleClick had planned to link profiles with much more specific information, including names and addresses culled from real world databases that cover 90 per cent of American households. The company dropped the plan when public outcry grew strident. Earlier, AltaVista, a popular search engine, promised to ask explicit permission before sharing a visitor's personal information with other companies.

Self regulation, a sham!
Even so, sans regulations, Web companies continue to walk all over privacy issues. Self-regulation is touted a lot by Internet companies with privacy policies displayed on Web sites. But it actually amounts to almost nothing. For example, when people register at MyYahoo for one of its services, they are asked to provide their birthdays and e-mail address -- ostensibly as a safeguard against loss of password. But Yahoo also uses that information for a service called the Birthday Club, sending product offers from three to five merchants to users via e-mail on their birthdays. Anyway, it costs companies very little to send out junk e-mails and e-catalogs that are expected to generate response rates of no more than 2 per cent (similar to that of direct postal mailers). This implies that 98 per cent of the e-mails are of no use to them, but come with the bother of cleaning the e-mails periodically or running the risk of clogged e-mail in-boxes.Almost 66 per cent of companies questioned by the Federal TradeCommission (FTC) in May 1999 had privacy policies put up on their Web sites. But most were unwilling to adhere to them. The FTC survey pointed out that while more than 90 per cent of the companies polled collected personal information, fewer than 10 per cent actually followed all the established fair information practices.

The consumer strikes...
The good news is that the consumer backlash in the West is gaining ground. Within days of DoubleClick deciding against its plan to link databases, 24/7 Media too cancelled similar plans. In fact, many companies have anticipated the backlash. In late 1998, Geocities, a popular internet operation that allows people to put up free Web sites, agreed to settle FTC charges that it had misled 2 million members by secretly selling personal information about them to marketers. America Online reversed its decision to sell members' phone numbers when members complained. Blizzard Entertainment, makers of the Starcraft online game, confessed in 1998 to using the Internet to obtain personal information from consumers without their consent.

...but not in India
In India, however, consumer rights are way too primitive. Consider the fact that VSNL Internet subscribers are bombarded with junk mail. On enquiry it turns out that a tiny, obscure firm has detailed information on Internet subscribers of not only VSNL but also other ISPs. And the firm is ready to sell this information, of course, for a tidy sum of money. It could be a long time before privacy issues begin to generate some attention in India.

Comments
Privacy is a prime concern. Most dot.coms all over the world do not take the privacy issue very seriously. Even if the company does not sell subscriber information, the lack of internal network security in the company exposes the database to internal hackers who may steal the database and sell it to anyone who is willing to pay. In India, even cell phone companies, credit card companies etc make their databases available to others who may bombard the consumer with mail both physical and electronic. -- Flynn Remedios, Internet security consultant, Karrox technologies.

In general, privacy issues in India will be much more of a problem than security, because if there is anything we Indians are less conscious of than security, it is respect for the other's privacy.