AFFIRMATIVE-CONSUMER/INTERNET-SIGNIFICANCE 345

COMPANIES AND WEBSITES HOLD HUGE STORE OF INFORMATION ABOUT EVERYONE

COMMERCIAL WEBSITES COLLECT HUGE AMOUNTS OF PERSONAL INFORMATION

Major R. Ken Pippin, Chief of Cadet Disenrollments at HQ USAFA/JA, United States Air Force Academy, Colorado. He is a member of the Bar of the State of Arkansas., "Consumer Privacy on the Internet: It's "Surfer Beware"", The Air Force Law Review, 1999, 47 A.F. L. Rev. 125, EE2001-JGM, p.128.

Commercial web sites collect tremendous amounts of personal information, also known as individually identifiable information, about consumers. n16 Individually identifiable information is information that can be used to identify an individual, that is elicited from the individual by the company's web site though active or passive means, and that is retrievable by the company in the ordinary course of business. n17 Personal information usually refers to specific items such as name, social security number, address, and phone number. In the context of discussing Internet privacy, its meaning is broader. It commonly encompasses personally identifiable information, which is information that can be used to identify, contact, or locate an individual. n18 The FTC divides personal information into two categories. The first is personal identifying information such as name and e-mail address. The second category includes demographic or preference information that is used in conjunction with personal identifying information for market research and the creation of consumer profiles. n19

LACK OF CONSUMER AWARENESS ALLOWS WEB SITE OPERATORS TO GATHER ENDLESS INFORMATION ABOUT INDIVIDUALS

Neil Weinstock Netanel, Arnold, White & Durkee Centennial Professor of Law, University of Texas School of Law, March 2000; California Law Review, "Cyberspace Self-Governance: A Skeptical View from Liberal Democratic Theory," EE2001-hxm lxnx

At the same time, the market for privacy protection rule regimes suffers from intractable information asymmetry and market failure. n334 As discussed above, Internet users awash in an overabundance of information are no more able to assess and compare products and rule regimes than are their offline counterparts. In this instance in particular, most users are not even aware that the web sites they visit collect user information, and even if they are cognizant of that possibility, they have little conception of how personal data might be processed. n335 We are used to relinquishing control over bits of personal information in many seemingly unrelated contexts. The problem in cyberspace is that, given the power of data processing, storage, and aggregation, users who acquiesce in what seems like a number  [*477]  of innocuous isolated instances of data collection, spread out over a considerable period, may well be surprised to find that all of those bits have been aggregated and compiled into a highly pervasive profile. In the face of such user ignorance, web site operators have little incentive to provide consumers with a full account of such information practices.

COMPUTERS HOLD INFORMATION ABOUT EVERYONE

Fred H. Cate, Brookings Institution, 1997; PRIVACY IN THE

INFORMATION AGE, EE2001 -mfp p. 2

As a result, others know more about you--even things you may not know about yourself-than ever before. According to a 1994 estimate, U.S. computers alone hold more than five billion records, trading information on every man, woman, and child an average of five times every day. Just one industry--credit reporting-accounts for 400 million credit files, which are updated with more than two billion entries every month and facilitate 1.5 million credit decisions every day.' The ramifications of such a readily accessible storehouse of electronic information are astonishing. Consider this catalog from the New York Times Sunday Magazine of the data that are routinely collected about you: access, manipulate, and store, especially from disparate, geographically distant, locations. And more data are generated in the first place, because of the ease and very low cost of doing so and because of the high value of data in an increasingly information-based society. Data often substitute for what would previously have required a physical transaction or commodity. In electronic banking transactions, for example, no currency changes hands, only data. And recorded data, such as a list of favorite web sites or an automatically generated back-up copy of a document, also make the use of computers easier, more efficient, and more reliable. Finally, our computer technologies and services tend to record what might be characterized as "gratuitous" data, such as the web sites we have visited.

ONLINE SERVICES HAVE PERSONAL INFORMATION ABOUT ALL THEIR USERS

Ann Cavoukian, Ph. D, Info. and Privacy Commission in Ontario, and Don Tapscott, Alliance for Converging Technologies, 1997; WHO KNOWS, EE 2001 -mfp p. 103

Marketers were quoted as saying, "The people -providing the information [the advertisers] can now watch you [the consumer] as you watch the information [the ad]." Online services "can know all about you" - as users interact with an ad, responding to questions and providing information, marketers can become familiar with what products they like and dislike, how many children they have, their ages, their home, their pets, how long they lingered on certain products, and more. Some say that the most important services sold by popular search engines such as Yahoo and Lycos will be advertising and data collection-"meta-info," or information about information.

92% OF WEBSITES COLLECT PERSONAL INFORMATION, ONLY 14% HAVE PRIVCY POLICIES

USA TODAY, June 7, 1999, SECTION: NEWS; Pg. 26A TITLE: Privacy promises don't pan out // acs-VT2001

It would be easy enough to dismiss all of these as minor hiccups if many cyberfirms hadn't cavalierly dismissed privacy concerns in the past, and they still fail to put privacy protection at the top of their agendas. A Federal Trade Commission survey last year found that while 92% of Web sites collected personal information, a scant 14% bothered to post privacy policies. Even today, after prodding from regulators and from industry groups that hope to fend off federal regulations, more than a third of the most popular sites don't post privacy policies, according to a Georgetown University study.

STATE OF PRIVACY PROTECTION ON THE INTERNET IS TERRIBLE

CHARLES PILLER, Los Angeles Times, March 20, 2000, SECTION: Business; Part C; Page 1; TITLE: WEB FIRMS HAVE SORRY RECORD ON PUBLIC'S PRIVACY // acs-VT2001

Yet don't expect the abuses to stop. The ratings offered by Enonymous.com suggest that even sites with privacy policies offer scant protection. Their ratings award zero to four stars based on how much protection a Web site promises. The results:

* Some 77.3% of all sites surveyed earned zero stars and offer no privacy policies.

* 7.7% got one star, meaning that users have no privacy rights. The site may contact you, and your identifiable personal information can be shared or sold to others without your permission.

* 8.8% were two-star sites, signifying that the site may contact you without permission but will share your data only with your explicit permission.

* 2.7% earned three stars, denoting that the site will not contact you or share your personal data without your explicit permission.

* Only 3.5% earned four stars, meaning they will not contact you without explicit permission and will not share your data under any circumstances.

100 OUT OF 100 TOP SHOPPING SITES DO NOT PROTECT CONSUMER PRIVACY -- SANTA ISN'T THE ONLY ONE READING YOUR SHOPPING LIST

John Schwartz, Washington Post Staff Writer, Washington Post December 17, 1999, SECTION: FINANCIAL; Pg. E04 TITLE: Internet Privacy Eroding, Study Says; Top 100 Web Shopping Sites Checked // acs-EE2001

Shoppers who have flocked to online stores for their holiday shopping are losing privacy with every mouse click, according to a new report.

The study by the Washington-based Electronic Privacy Information Center scrutinized privacy policies on 100 of the most popular online shopping sites and compared those policies with a set of basic privacy principles that have come to be known as "fair information practices."

The group found that none of the 100 sites met all of the basic criteria for privacy protection, which include giving notice of what information is collected and how it is used, offering consumers a choice over whether the information will be used in certain ways, allowing access to data that give consumers a chance to see and correct the information collected, and instituting the kind of security measures that ensure that the information won't fall into the wrong hands.

"This study shows that somebody else, other than Santa, is reading your Christmas list," said Jeff Chester, executive director of the Center for Media Education, which also worked on the survey.