Computer users enjoy free things on the Web because advertising pays the way, marketers say. And if they want the free ride to continue, companies need data to make their advertising effective. Privacy groups say that's hogwash.
The world knows a lot about you, more than you might think. And you're the one leaving a trail of personal information as you travel the Web.
It starts from the moment you go online: Your Internet service provider assigns you an Internet protocol number, a series of numbers that acts like an address in the online world. (For example, 123.45.56.7890.) You might think it doesn't give away much about you. You'd be wrong.
You provide more clues as you go. You enter your ZIP code to find a restaurant or get a customized weather map. You type your birthday into an online form when you register to use a site. You provide your e-mail address for an early warning when your stocks take a dive. You reveal your interests by the pages you visit and how much time you spend on each. You don't even have to click on something; the Web knows.
Individually, you may not think these tidbits give away much that's useful. But marketers are collecting this information, adding things up and creating formidable databases that connect the dots.
Americans worry about their privacy, according to most polls. Yet we can be careless with personal information or willing to give it up for the flimsiest freebie.
Technology has taken the gathering of personal information to a new level, allowing companies to take data gathered from traditional sources, such as public records and product warranty cards, and combine those with data collected online. That paints a much more complete picture.
"People do not understand the nature of privacy," said Winn Schwartau, a nationally known Internet security expert from Seminole. "Most of us are already in the computers. We need Congress to give us our privacy back and mandate that electronic privacy is part and parcel of what we should have."
* * *
The Web is not a one-way street for information.
When you click on a site, your personal computer is talking to a Web server, which recognizes the PC from the Internet protocol number. The Web server sends back the requested information, and, in the process, often adds a hidden extra. It's called a cookie, a small text file used to identify the personal computer if it returns later.
Starting with the Internet protocol number, sites can use technology that tracks that number back to your Internet service provider or, say, where you work, often providing at least a clue about where you live. It can tell how long you linger on a Web page and what items you click on.
But you don't have to register, click on an ad or do anything more than visit a site to be tracked. The cookies can follow you as you surf from site to site. Ads placed on hundreds of sites by companies such as DoubleClick can recognize a computer, track where it goes and tailor marketing to that computer user's interests.
It doesn't stop there. Send an electronic greeting card to a friend or family member and you've given away a couple of e-mail addresses.
Use your mother's maiden name or other family information as a "security" measure when you register at a site. Sign up for a sweepstakes and provide information to enter. Visit a chat room using your real name and giving a lot of personal detail.
"Put all those pieces together and you have electronic identity theft," Schwartau said. "Why is Amazon.com going to care about my exact birthday unless they want to use it for some other purpose? When you go into a physical store, it's a nonissue. They want your money."
* * *
The arguments about collecting personal information on the Web boil down to this: Consumers enjoy free things on the Web because advertising pays the way, marketers say.
If consumers want the free ride to continue, companies need data to make their advertising effective. If consumers don't want to give up any personal information, they can decline, or "opt out," of accepting cookies and other data-gathering devices, the industry says.
Hogwash, privacy advocacy groups say. Web sites and marketers are collecting data without telling people, nor are they giving a clear explanation of how the information will be used. Consumers should have the right to choose, or "opt in," before anything personal is made available.
"A lot of businesses view privacy as something that gets in the way of a relationship between a business and consumer," said Gary Clayton, chief executive of the Privacy Council (http://www.privacycouncil.com). "They need to manage that relationship with a customer in a way that they're good stewards of the data. It doesn't mean they can't direct market. It doesn't mean they can't use it in partnerships."
The council works with businesses to develop effective privacy policies, based on what it calls a consumer-friendly point of view.
And Clayton isn't shy about criticizing practices he calls misleading, including long, legalistic privacy policies that are posted on many Web sites. "Consumers don't read all the fine print," Clayton said. "And most businesses know that."
But the consumer has a responsibility to know how the Web works, argues Lon A. Berk, a lawyer at the Shaw Pittman firm outside Washington. At a recent seminar in Tampa put on by the Stetson University College of Law, Berk posed this question:
"Is there really an expectation of privacy on the Internet?"
Most people don't take steps to block cookies or protect personal information online, Berk says. By not doing so, they are participating in a two-way communications process where they get the information they're seeking on the Web and the sites learn more about their visitors.
"Many users seem to object to a Web site's tracking their use through cookies," Berk said. "But the efficiency of their transactions on the Web site is the result of the information provided by these cookies. Given this, how can it be reasonable to expect that cookies will not be used?"
* * *
Some of the deepest fears about privacy on the Web concern the possibilities of online fraud and other crime. But few Internet users have been victimized.
Less than 3 percent of Internet users have lost credit card information online; only 3 percent say they have been cheated in an online purchase; and only 4 percent have felt threatened.
Nonetheless, stories about fraud, hackers and identity theft, which has been called the fastest-growing white-collar crime, raise concerns about losing personal information.
Tips from the experts: Think about the information you're going to enter on a Web site and don't go beyond what's requested. Don't use your real name in a chat room. Don't be too open in chat rooms. Set up an alternative e-mail address. Deal with businesses you're familiar with or take steps to verify that a site is legitimate, such as by calling posted phone numbers.
"I still think you can have a relatively meaningful experience without using things that will identify you," said Les Seagraves, chief privacy officer for EarthLink (http://www.earthlink.net), an Internet service provider.
Privacy worries also are creating opportunities for businesses such as Privista (http://www.privista.com), a New York company that offers information security services to consumers.
"What consumers are saying," Privista chief executive Eric Gertler said, "is "I want to engage in online commerce. I just don't want to do it with the potential that my identity will be stolen and my information will be bought and sold, and there can be credit card fraud. I want to know that companies respect me.' "
Privista has signed up 10,000 subscribers in 10 months for services that include its free Opt-Out Manager, which promises to reduce telemarketing, direct mail and e-mail pitches; ID Guard, which costs $19.95 a year and sends subscribers e-mail alerts if there is suspicious activity concerning their credit report; and Credit Insight, a $29.95 product that gives your credit rating, access to your credit report and the ID Guard service.
Despite the Web's Wild West reputation, crimes such as identity theft are more likely to occur the old-fashioned way: mail stolen from real mailboxes, personal papers tossed into the garbage or businesses carelessly throwing out records, according to Beth Givens, director of the Privacy Rights Clearinghouse in San Diego.
"Consumers can reduce their chances, but there's not a thing they can do to totally prevent" misuse or theft of their information, Givens said.
* * *
The phone book contains a few key facts about you: name, address and number.
"I'm one of a zillion people with telephones," said Andrew C. Greenberg, a partner in the Carlton Fields law firm's Tampa office. "I can't be distinguished from them. I'm fairly safe and anonymous in the numbers."
Other sources have more information that's far more useful, says Greenberg, the past chairman of the Florida Bar's Computer Law Committee. The government, for one, collects a lot of information.
And while the Florida Constitution guarantees people a right to privacy, it also says government records are public. If you buy or sell property, if you own a pet, if you have a business, if you get married, a lot of information is available for all to see.
Government agencies are moving those records online, where it's more accessible to the public and to companies looking for information. Add data gathered through marketing efforts and throw in your online profile and a picture begins to emerge.
"These things can be combined in ways they've never been done before," Greenberg said. "The economics are no longer prohibitive to get good detailed information about you."
That information is worth a lot, too. When online retailer Toysmart filed for bankruptcy, its most valuable asset was its customer list. It took the Federal Trade Commission to get an agreement that the list and personal information customers gave to Toysmart would be safeguarded by the new owner.
Other companies have tried, or are planning, other methods to gather information that worry privacy advocates:
* Microsoft unveiled "Hailstorm" this year, part of its vision of a future where people are connected by phone, gadget or PC anywhere they go.
It will start out as an elaborate message system that will send text messages to computers, pagers, phones and other devices. Hailstorm would expand in future years with users providing more personal information, stored on a Microsoft server, so the system can learn personal preferences and know when to interrupt someone with a message alert.
Microsoft promises that it won't mine the personal data for marketing and swears that it won't have security problems as it has in the past. But privacy advocates scoff.
"Microsoft has got it in their head that if they tell everyone what they're doing with their data, it's okay," said Marc Rotenberg, director of the Electronic Privacy Information Center, a public interest group. "But the real key to online privacy is to try to minimize the collection and use of data."
* Online auction site eBay said it might sell customers' personal information if it merges with another company, despite a promise to keep the data private. The new privacy policy outraged privacy advocates.
* Amazon.com started an "honor system" this year to allow people to donate money to Web sites they enjoyed, suggesting the move would help financially struggling companies. But Amazon controlled the system and could track where its customers visited, though it denied it would do so.
* DoubleClick dropped plans to combine its online and offline databases, but won a court ruling this year that upheld its right to place cookies on computers. It says it is taking more steps to protect personal information, though privacy advocates are skeptical.
All of this comes down to a choice for consumers, attorney Greenberg said. "People would like some control over their personal information. They would like to be able to bargain with business. "I will fill out this form and give you information that is personal to me if you promise not to do certain things.' "
Although Greenberg agrees that a lot of information is already out, he rejects the notion that it's too late to reclaim online privacy.
"Information does get stale rather quickly," Greenberg said. "If people do get protective, eventually they will have more privacy than they do today."
- Information from Times wires and files was used in this report. Dave Gussow can be reached at gussow@sptimes.com or (727) 445-4228.
