Personal Privacy and
PERHAPS ON THE INTERNET they don't know you're a dog. But they probably do know your name, your e-mail address, the location of your server, and the type of computer and browser you're using.
A variety of high-tech tools are gathering information about your online activities. Sometimes called "little brothers," these technologies will watch you 24 hours a day, tracking your electronic footprints and selling the information to direct marketers, collection agencies, private investigators, Web-site designers, mortgage brokers, prospective employers and your clients' future litigants.
To glimpse what you reveal when you land on a Web site, point your browser to the privacy demonstration page of Washington, D.C.'s Center for Democracy and Technology, at http://snoop.cdt.org. You will reveal your computer and your browser. More personal information might be found on various directories, such as Yahoo's People Search (http://people.yahoo.com).
Information gathering, as anyone knows, is perfectly legal. But, as Lexis-Nexis discovered last summer when it announced its P-TRAK service--a database for lawyers seeking heirs, debtors, or shareholders--making information readily available electronically is not popular. After public outcry, Lexis-Nexis allowed people to remove themselves from its files.
Of course, as Lexis-Nexis vainly protested, much of the information was widely available: many data bases, including your bank's, have your Social Security number, and credit card companies know your purchasing and travel habits. Your mother's maiden name, which currently functions as our national "secret" password, is known, presumably, to many members of your family.
But there's something about modern technology that lulls people into thinking much information is private. And not just because the boxes on our desks are called "personal" computers. As Myrna L. Wigod, a partner and privacy specialist at Newark, N.J.'s McCarter & English, says, "People's expectations of privacy are greater than the reality--whether it's voice mail, e-mail, or the Internet."
That complacency may slowly be ending, in part thanks to legal horror stories. Respectable companies are sued for allegedly racist or sexist jokes circulating on their e-mail; suddenly, many companies start enforcing those e-mail policies their lawyers have been jawboning about for a while. Last October, an internal e-mail from Wired Ventures Inc.'s chief executive officer, Louis Rosetto, found its way to the Internet and helped derail the company's initial public offering.
In short, the Internet's potential dangers are clear. On March 24, Kansmen Corp. released the Windows 95 version of LittleBrother, a software tool that tracks Internet use and makes monitoring electronic movements easy even for executives who rarely venture into cyberspace. LittleBrother has nothing to do with censorship or George Orwell's "1984," insists the company's president; it is "a business productivity tool."
You can bet there soon will be a tech tool to block LittleBrother--call it BigSister--and employees may begin encrypting their e-mail, and using the "anonymizer" (www.anonymizer.com) to prevent sites they visit on the Web from capturing information about them.
But the real battle for privacy is moving from the workplace and the e-mail box to Capitol Hill. It concerns the most private, and yet most unprotected information about us: our medical histories.
Earlier this month, a National Research Council panel warned that although methods existed to protect patient records, there were few incentives for health organizations and pharmaceutical companies to safeguard the data. Indeed, there were many reasons to put every scrap of information about a patient into one electronic file, vastly facilitating administration--and increasing the value of the file. Patient information is now viewable by hospital employees and by human resources departments eager to reduce insurance costs.
Formerly, patients relied on the doctors' Hippocratic oath for protection. But doctors are small players now. Employers and insurers control the records.
Even if information is disclosed, patient rights are uncertain. "The common law tort of privacy uses the standard: 'highly offensive to the reasonable person,'" says McCarter & English's Ms. Wigod. If it's accidentally disclosed that someone had an HIV test, is that highly offensive? "It all comes down to the jury," says Ms. Wigod.
Legislators are grappling with the issue. The Medical Records Confidentiality Act of 1995 died after it became clear that the measure made things easier for information gatherers. A new bill, The Fair Health Information Practices Act, introduced in January by Rep. Gary A. Condit, D- Calif., proposes more limited disclosure.
Legislation is piecemeal. Thanks to revelations about Robert Bork's video habits, we enjoy the Video Privacy Protection Act of 1988. Cable companies cannot sell a list of the cable shows we've watched. Social Security numbers cannot be given out by government agencies. (But they can be by anyone else.) Under the Privacy Act of 1974, we may see, copy and correct personal information collected by the federal government. The Electronic Communications Protection Act of 1986 bars interception of electronic communications, with broad exceptions for employers and law enforcement.
Legislation is usually imposed in reaction to events. But the Internet's power is clear. When it comes to medical records, laws may soon become more far-sighted.
The Electronic Privacy Information Center's site, www.epic.org, contains much information about all aspects of privacy.
This article is reprinted with permission from the April 7, 1997 edition of The National Law Journal. © 1997 NLP IP Company.