|
|
Commentary
What You Need to Know Before You Go Online: Privacy ConcernsWhen you are sitting alone at your computer, it’s easy to think that your online activities are private. However, at any step you messages could be intercepted and your activities monitored in the vast, untamed world of cyberspace. Do you feel uncomfortable knowing that other people can retrieve your personal information? Do you feel suspicious of sites that ask you for a lot of information? Do you wonder why they need this information and whether you really need to give it out? This section will answer these questions and tell you what to do to better protect yourself in an online auction setting, or more generally, during any online transactions. What types of information might others want to collect about you? There are many different types of information about you that others might be interested in collecting. Web sites generally collect two types of personal data: 1) personal identifying information, and 2) demographic and preference information. Personal identifying information includes your name, postal address, and/or e-mail address. Demographic and preference information includes your age, gender, income level, education, hobbies, browsing patterns (what sites you visit) and interests. This information can be used either in aggregate, non-identifying forms for purposes such as market analysis. It can also be used in conjunction with personal identifying information to create detailed profiles of consumers. However, web sites and other parties might also be interested in more specific and sensitive identifying information, such as your social security number, your mother’s maiden name, your financial information, your credit card number, or your bank account number. Be especially careful when giving out any of this type of information! How might others get this information about you online? So, now that you know what types of information others may want about you, you are probably wondering how they can get that information. There are many different ways; some legal, some illegal; and some you probably didn’t even realize existed. Directly supplied information When you register with a site, it might ask you for certain types of information. You might also give away information by filling out online surveys or other online forms. If you have given information about yourself, such as your preferences, to one web site, that information may be shared or sold to other web sites or marketing companies. Also, if you have your own web site or if you have created an online biography on another site, it can be searched system-wide or remotely viewed by anyone. Cookies Suppose you visit a web site to see how much they are charging for the Harry Potter series. The next time you visit that site, it displays a list of recommended items, including the Harry Potter movie on DVD, Harry Potter figurines, and Harry Potter clothing. Chances are this is not a coincidence, rather the site “knows” and remembers you, in a manner of speaking. Web sites may deposit data about your visits on your hard drive in text files called cookies. Using these cookies, a web site assigns your computer or your username a unique identifier so that you will be recognized in subsequent visits to the site. On each return visit, the site can call up user-specific information including your preferences or your interests, as indicated by documents you accessed in prior visits or items you clicked on while in the site. So, just by visiting the site, you are releasing information about yourself. At the office If you access the Internet from work, you should know that employers are increasingly monitoring sites visited by employees in an effort to prevent web surfing during work hours. However, extreme monitoring could be a violation of your privacy. Be sure to ask about your employer’s online privacy policy and if there isn’t one, recommend that such a policy be developed. Law enforcement agencies Law Enforcement officials can have access to your transactional records. If there is an ongoing criminal investigation against you, law enforcement officials can obtain court orders to access your web information if they can demonstrate that your online information is relevant. (See Communications Assistance for Law Enforcement Act, 18 U.S.C. § 2703(d)). This provision does prevent “fishing expeditions” by government officials that hope to find evidence of crimes by accident. The information on your computer Many commercial online services will automatically download graphics and program upgrades to your home computer if you are a user of their service. Certain online services have admitted to both accidental and intentional “prying” into the memory of home computers that sign-on to the service. In some cases, the prying has been so extreme that personal files have been copied and collected by the online services. The online user should be aware of this potential privacy abuse and investigate new services thoroughly before signing on, always asking for the privacy policy. Illegal transfers of your information Your personal or financial information may be illegally obtained. Persons known as hackers or crackers can break into some computer systems or intercept information that is being transmitted by the Internet. A site can also illegally share or sell your information. To learn more about protecting yourself from illegal transfers of your information, see the section below on preventing “What Can I do to Stop or Prevent the Transfer of My Information?” What Can Happen When Others Have Access to Your Information? Junk mail or direct marketing For web site owners, the information you provide to them about your preferences is very valuable! It aids them in developing lists of online users with similar interests and behaviors. It also creates the potential for “junk mail” and other marketing tools. The information may be used internally (for the benefit of processing orders or conducting marketing analysis) or externally (for sale to third parties). Ever wonder how those senders of junk mails know your email address? Now you know! Records of your “browsing patterns,” also known as “transaction-generated information” are as valuable as sources of revenue for online services, as the data you supply when answering surveys or questions during registration. Like directly supplied information, the transaction-generated information can be used by direct marketers as a basis for developing highly targeted lists of online users with similar interests and behaviors. As a result, you may get tons of “junk e-mail” and telemarketing calls. Because of the value of this information, the collecting of cookies is increasing, posing a major threat to your online privacy. In addition, the software you use to browse remote sites invisibly provides website operators with information about your service provider and with information about the location of other web sites you have visited. Some web browsers are programmed to transmit your e-mail address to each website you visit! Identity theft Another danger of releasing your personal information, online or in any setting is identity theft. You should be wary of releasing your Social Security number. Providing your Social Security number is not a requirement for placing an order at any e-commerce web site! There is no need for a merchant to ask for it! For more information, check out the Privacy Rights Clearinghouse, a consumer protection organization. Financial fraud Similarly, there are many dangers involved with others having access to your financial information. Contrary to many people’s beliefs that giving out a credit card exposes you to fraud, the safest way to pay online is with a credit card. In the event that something goes wrong, you are protected under the Federal Fair Billing Act. The Act allows you to dispute charges on your credit card and to withhold payments during a creditor investigation. If it is determined that your credit was used without authorization, you are only responsible for the first $50 in charges, which you are rarely asked to pay. The concern you should have in giving out your credit card number is in relation to the website’s safety measures in transferring the data. You can find such information in the privacy or security policy sections of a site. If you use a credit card, make sure your credit card is not actually a debit or ATM card. As with checks, a debit card exposes your bank account to would-be thieves. Your checking account could be wiped out in a matter of minutes! Further, debit and ATM cards are not protected by federal law to the extent that credit cards are. Other dangers Finally, be aware that there are possible social dangers of having others access your personal information through the Internet. There is the potential for harassment, stalking, being “flamed” (emotional verbal attacks), or for “spamming” (being sent frequent unsolicited messages). Women can be particularly vulnerable if their e-mail addresses are recognizable as women’s names. Consider using gender-neutral online ID’s. What can I do to stop or prevent transfers of my information? Don’t release unnecessary information We need to provide websites certain information in order for them to process our orders. But, do we have to give them our demographic and preference information? NO. When placing an order, there is certain information that you must provide to the merchant, such as your name and address. However, oftentimes a merchant will try to obtain more information about you, such as your leisure activities, lifestyle, or annual income. This information is used to target you for marketing purposes that can lead to “spam” or even direct mail solicitations. Don’t answer any questions you feel are not necessary to process your order. Some web sites will mark the questions which need to be answered with an asterisk (*). Should a company require information you are not comfortable sharing, exit the site and find a new source for the product. Websites may ask you for your demographic and preference information “to provide better service for you in the future.” If you feel comfortable releasing your demographic or preference information, make sure that the website will not abuse your submission by selling your information to third parties. Read the website’s privacy policy statement carefully to understand its purpose in collecting your information. Read the site’s privacy policy statement Every reputable auction or shopping website has a section called “Privacy Policy” where you can find information about the practices it utilizes to process your order. If you read carefully, you can find out whether the site intends to share your information with a third party or affiliate company, and whether it requires these companies to refrain from marketing the information to their customers. What if the statement says “We will not sell your information and we will only provide your information to our affiliates to better serve your needs”? It seems like a good deal because they are promising not to sell your personal information and letting you know that they are working with their affiliates to provide you with the latest news about products that you are interested in. Think again! A lawyer can easily construe that sentence as a promise from a site not to directly sell your information. However, it does not promise that its affiliates will not sell your information to some information brokers, telemarketers, or spammers (those who send you spam, also known as junk e-mails). *Note that the privacy statement is actually taken from the most recognizable online shopping site, Amazon.com. Scared of the tricks a website can play to bury your rights with legal jargon? So are many others! Even the chairman of the Federal Trade Commission aired such a concern. In a recent study, a readability expert found that privacy policy statements from renowned websites, such as Yahoo and Amazon, were only readable to those who have finished at least two years of college education. Currently, only 24% of American adults have a college degree, meaning that privacy policies will leave the majority of online customers clueless. Even if they can’t understand all privacy statements, American consumers are increasingly concerned with their privacy online. Most consumers feel uncomfortable about even the internal sharing of information between company affiliates. For your own protection, if a privacy policy statement of a website is verbose; consisting of legal jargon, long sentences, and incomprehensive paragraphs; think again before you provide your personal information. How else do I know that a website is safe? There are other issues you need to investigate to ensure that the web site you are dealing with is reputable and any personal or financial information you share with the site is secure. Before you release any highly sensitive information, such as your credit card number, be sure that the site uses encryption technology to transfer information from your computer to the online merchant’s system. Encryption scrambles the information you send, such as your credit card number, in order to prevent computer hackers or crackers from obtaining it en route. The only people who can unscramble the code are those with legitimate access privileges. You can tell when you are dealing with a secure web site in several ways. First, if you look at the top of your screen where the web site address is displayed, you should see https://. The “s” that is displayed after the “http” distinguishes that website as being secure. Often, you do not see the “s” until you actually move to the order page on the web site. Another way to determine if a web site is secure is to look for a closed padlock or an unbroken key displayed at the bottom of your screen. Both show that the site is secure. Of course, transmitting your data by secure channels is of little value to you if the merchant stores the data unscrambled. You should try to determine if the merchant stores the data in encrypted form to prevent hackers from getting to your information. Be sure to read the merchant’s privacy and security policies to learn how it safeguards your personal data on its computers. If the company or person you are dealing with is unfamiliar, do your homework before buying their products. Online auction sites have a feedback rating for each seller that you should check before you place your bid. If you decide to take a chance with the unknown company or person, start out with an inexpensive order to learn if the company is trustworthy. Reliable sellers, especially corporate seller, should advertise their physical business address and at least one phone number. Give them a call and ask questions to determine if the business is legitimate. A good question to ask is how the merchant handles returned merchandise and complaints. You can also research a company through Internet yellow pages, the Better Business Bureau (see listing below) or a government consumer protection agency like the district attorney’s office or the Attorney General. Perhaps friends or family members who live in the city listed can verify the validity of the company. Remember, anyone can create an auction account online! Look for online merchants who are members of a seal-of-approval program that sets voluntary guidelines for privacy-related practices. Look for a privacy seal of approval such as TRUSTe (http://www.truste.org), on the first page of the web site. TRUSTe participants agree to post their privacy policies and submit to audits of their privacy practices. Seals of approval are also offered by the Council of Better Business Bureaus (BBB) (http://www.bbbonline.org), and the American Institute of Certified Public Accountants, WebTrust (http://www.aicpa.org/webtrust/index.htm). The BBB service has been adopted by a coalition of companies called the Online Privacy Alliance (http://www.privacyalliance.com). Be aware that a strong privacy policy and membership in a web seal program do not guarantee that the web merchant will protect your privacy forever. Policies can change (as did that of Amazon.com just recently). The company may file for bankruptcy and sell its customer database. The website might be purchased by another company with a weaker privacy policy. The company’s data can also be subpoenaed for law enforcement investigations or civil cases. Unfortunately, you have little control over the disposition of your customer data in such matters. Given all of these uncertainties, you will want to think about the sensitivity of the data that is being compiled when you shop online. There is no single best approach to take. Each consumer has a different interpretation of what is considered “sensitive.” A few more tips on online privacy concerns Many auction sites require the bidder to login before placing or viewing a bid. The bidder is usually required to input a username and a password. When selecting a password, do not use your social security number or any other commonly known information such as your birth date, mother’s maiden name, or numbers from your driver’s license. Also, do not reuse the same password for other sites. If your children are online users, teach them about appropriate online privacy behavior. Caution your child against revealing any personal or family information. You may want to buy something from an online auction based in another country. One thing that makes the Internet wonderful is that it breaks down territorial boundaries and allows people from all around the world to bid or sell in the same website without leaving home. However, if you deal with U.S. sellers, you are protected by state and federal consumer laws, including your constitutional privacy rights. You might not get the same protections if you place an order with a company located in another country. Take advantage of privacy protection tools. There are several technologies that help online users protect their privacy. Discussed below are encryption, anonymous remailers, and memory protection software. Encryption Encryption is a method of scrambling an e-mail message or file so that it becomes gibberish to anyone who does not know how to unscramble it. The privacy advantage of encryption is that anything encrypted is virtually inaccessible to anyone other than the designated recipient. Thus, private information may be encrypted, transmitted, stored or distributed without fear that it will be scrutinized by outsiders. An encrypted e-mail message cannot be read by anyone who has obtained the message legally or illegally. Therefore, any message containing private or sensitive information should be encrypted prior to communicating it online. Various strong encryption programs, such as PGP (Pretty Good Privacy) are available online. Because encryption prevents unauthorized access, law enforcement agencies have expressed concerns over the use of this technology and Congress has considered legislation to create a "back door" to allow law enforcement officials to decipher encrypted messages. Users should be aware that the legal status of this technology is still unsettled. Moreover, exporting certain types of encryption codes or descriptive information to other countries is limited by federal law. (International Traffic in Arms Regulations, 22 CFR § 121.1 et seq.). However, its use within the United States is not currently restricted. Anonymous remailers Because it is relatively easy to determine the name and e-mail address of anyone who posts messages or sends e-mail, the practice of using anonymous remailing programs has become more common. These programs receive e-mail, strip off all identifying information, and then forward the mail to the appropriate address. There are several anonymous servers available on the Net. Memory protection software Software security programs are now available which help prevent unauthorized access to files on one’s home computer. For example, one program encrypts every directory with a different password so that to access any directory you must log in first. If an online service provider tried to read any of these files, it would be denied access. These programs may also include an "audit trail" that records all activity on the computer's drives. Next: Let the Bidding Begin: A Walk Through the Auction Process |
|
