Here's one 'cookie' many consumers don't want

Corporate data gathering over the Internet has many Americans calling for more laws to guard their privacy.

April 18, 2000

As a former employee of the Central Intelligence Agency, Phil Jones has always had a well-developed sense of secrecy. But today, virtually every time Mr. Jones goes on the Internet, he is opening up his personal life to more exposure than a cheap Polaroid.

Whenever he logs onto sites that ask users to submit personal information in return for services, Jones (who didn't want his real name used for this article) realizes that volumes of data about his browsing habits, personal tastes, and even finances are being collected and sold to companies eager to market to him.

"I've just sort of given up on trying to protect my privacy," he says.

Jones is a reminder of one of the cruel ironies of the Internet Age: A medium originally associated with anonymity has become in many Americans' eyes the single greatest threat to privacy.

As individuals surf the Web, companies are keeping records of their purchases and surfing patterns, allowing them to build detailed personal profiles. In the vernacular of "Casablanca," they have a complete dossier on you.

For many consumers and critics, it's a "1984"-like scenario - only in this case, Big Brother isn't the government. It's Microsoft and Frito-Lay.

A survey released this week by the San Francisco-based market research firm Odyssey reveals that 82 percent of households using the Internet believe government should regulate the use of their personal information. Another 92 percent say they do not trust corporations with keeping data confidential.

"Somebody needs to be in charge of the schoolhouse," says Frank Torres, legislative counsel for Consumers Union, publisher of Consumer Reports, in Yonkers, N.Y.

So far, more than 50 bills have been introduced in the current session of Congress aimed at curbing abusive online data gathering. And on Friday, the Children's Online Privacy Protection Act will kick in. Under this law, Web sites must get parental permission before gathering data on children under 13 and disclose how they use the information.

Data collection has become more sophisticated and stealthier, says Jeff Fox, senior editor of Consumer Reports, whose May issue contains the first of a three-part series on data-collection techniques used by the Internet industry.

Instead of just recording which brand of potato chip you buy, technology is allowing corporations to link disparate strands of personal information, Mr. Fox explains. As a result, surfing habits could potentially be linked with medical and financial information.

Through the use of so-called "cookies" - small pieces of data that allow Web servers to identify an individual's browser and read information from it - surfing patterns are tracked and recorded. Logging onto a Web site, or even viewing an online ad, can load a cookie onto your hard drive. Information is then collected by marketers to better sell their wares.

Fueling the problem, claim privacy advocates, is last year's Financial Services Modernization Act, which has made collation of information easier. By removing the legal fences that for years stood between banks, insurance companies, and financial institutions, private information that was once the property of just one of entity is now readily shared.

Internet industries currently rely on a system of self-policing to curtail privacy abuse. But these corporate policies "don't hold any more weight than New Year's resolutions," says Fox. "It's like letting corporate polluters monitor themselves."

Yet despite privacy concerns, the use of cookies is not entirely sinister, point out many in the technology industry. For one thing, they allow consumers to fill out forms and state preferences only once.

"If you banned [cookies] you would bring the Web to a crawl," says Sanjay Parekh, head of Atlanta-based Digital Envoy. Mr. Parekh's company has developed technology that allows marketers to target Internet-users geographically, but without extracting other kinds of information. Web sites can figure out, say, the Zip Code of a surfer, but little else.

"Web sites, for example, that know your location when you log on can tell you where the closest Federal Express drop box is," Parekh explains.

Cookies also allow sites to tailor services to individuals, making suggestions just as a friendly store clerk might. "Amazon.com has a compelling Web experience, suggesting books you might like based on past browsing," explains Gary Allison, director of developer solutions at Pervasive Software, in Austin, Texas.

For consumers concerned about privacy, Web browsers can be set to block cookies. Other programs will set off a warning if a site is collecting data.

"A key point is this is participatory information. You can remain anonymous if you want to - you can make yourself impossible to trace," Mr. Allison says.

But for some consumers, including Jones, these warning and blocking programs are too much trouble. "I used to use them but I just gave up," he says.

(c) Copyright 2000. The Christian Science Publishing Society