Testimony of Deirdre Mulligan, Staff Counsel, Center for Democracy and Technology

Center
for Democracy and Technology Testimony of Deirdre Mulligan,
Staff Counsel, Center for Democracy and Technology
before the House Committee on Commerce Subcommittee Telecommunications, Trade, and Consumer Protection
July 21, 1998

Summary Testimony of Deirdre Mulligan Staff Counsel Center for Democracy and Technology before the House Committee on Commerce Subcommittee Telecommunications, Trade, and Consumer Protection July 21, 1998

The Center for Democracy and Technology (CDT) is pleased to have this opportunity to testify on the issue of individual privacy in the online environment.

CDT is a non-profit, public interest organization dedicated to developing and implementing public policies to protect and advance civil liberties and democratic values on the Internet. One of our core goals is to enhance privacy protections for individuals in the development and use of new communications technologies.

CDT believes that it is time for Congress, and relevant stake-holders to develop a bipartisan national privacy policy for the Internet. Self-regulation, while a necessary component of the electronic marketplace, has proven, on its own, to be insufficient. However, to move forward we must acknowledge two important concepts: self-regulation is a necessary component of protecting privacy in the global and decentralized electronic commerce environment; and, privacy legislation can aid privacy and electronic commerce by creating a level policy and practice playing field and a viable benchmark for oversight, enforcement, and redress.

We believe that Congress should enact legislation enabling the Federal Trade Commission to craft baselines for protecting privacy during commercial interactions. In addition, Congress should continue to explore and develop other legislative proposals to protect privacy, explore the role of technology in protecting privacy and methods by which the government can promote the development of privacy-enhancing technologies, and explore the creation of a privacy infrastructure including a federal entity to develop privacy policy for both the public and private sectors.

A purely self-regulatory system is inadequate

Recognizing that both individual company efforts and broader industry efforts to provide clear rules to protect privacy are a necessary component of achieving privacy protection, we believe that, on its own, self-regulation will fail to provide meaningful privacy protections for individual privacy. Some believe the current lack of privacy protection to be purely an issue of timing, and that given more time industry will successfully provide wide-reaching privacy protections. While systems to protect privacy are likely to become more prevalent and robust, there are structural flaws in a purely self-regulatory system which have repeatedly proven to undermine consumer protection and there are specific difficulties that arise from the nature of the Internet.

The stage is set for privacy legislation

The Federal Trade Commission's recent Report to Congress: Privacy Online confirmed what advocates, industry representatives and the public knew: privacy on the Internet was far from a reality. The Federal Trade Commission's three year focus on privacy had raised the level of attention and concern, but had not delivered concerted action by businesses operating online. It is time to build upon the commendable efforts, some quite recent, such as BBB Online, the Children's Advertising Review Unit, the Online Privacy Alliance, and TrustE. Enabling the FTC to craft appropriate guidelines to protect adult's and children's privacy would provide an opportunity to develop privacy rules that establish strong protections for individuals, a fair baseline for a competitive marketplace, and a framework of trust for electronic commerce.

Technology and privacy

In addition to crafting federal rules to protect privacy, we must look to technologies that protect privacy. Technologies such as anonymizers and P3P, the Platform for Privacy Preferences can provide protection across the global and decentralized environment of the Internet where law or self-regulation may fail. The rise of technologies that empower individuals to affirmatively control personal information on international networks presents an opportunity to fundamentally shift the balance of power between the individual and those seeking information. However, they must be viewed within the larger context of other efforts to produce cohesive privacy protections in the online environment. Currently US encryption policy is interfering with the availability of technical tools that protect privacy. Congress should seek to increase the availability of encryption and promote the development of other privacy-enhancing technologies.

Conclusion

Privacy protections must keep pace with changes in technology and society's use of technology. As we consider privacy in the changing communications environment we must question past assumptions, and the legal distinctions based upon them. Or more importantly, we must ask whether they provide protections reflective of our commitment to individual privacy autonomy, dignity, and freedom. Privacy protection in the electronic commerce environment will best be achieved through a combination of legislation, self-regulation and technology.

Other Privacy Issues.

The Center For Democracy And Technology
1634 Eye Street NW, Suite 1100
Washington, DC 20006
(v) +1.202.637.9800 (f) +1.202.637.0968

For more information, write webmaster@cdt.org