Nameless in Cyberspace: Protecting Online Privacy

Generally, that well-practiced tango between anonymity and disclosure goes on smoothly in the real world.

But in the virtual world, it can sometimes have scary consequences, including the loss of your privacy and identity.

If you are shopping in the real world, you aren't carrying a sign with your address on it. But in the virtual world, even if you're just window shopping, more and more web sites require that you register or accept a 'cookie' so they can track your internet travels.

The end result is that consumers are wary of the web. They know that a social security number entered online could wind up in an identity thief's hands. They know that a phone number or email address given for "questions about your order" could quickly turn into dinnertime sales pitches or junk emails flooding their inboxes. And they want it to stop.

And so the next time consumers go to a web site and are asked to fill in their name, address, age and income levels, they give a bogus identity to avoid being tracked - such as Albert Einstein with an income of $5 and an email address of e=mc2.

What are customers really saying when they do that? They're saying they don't trust the security of the site, and they don't trust that the owner of the site is going to respect their privacy and not abuse or sell their personal data.

Harris Interactive says 70 percent of consumers worry their online transactions aren't secure and 75 percent are concerned companies will share their personal information with others. Those fears reduced U.S. online purchasing by $15 billion last year, according to the latest consumer research.

It's estimated that electronic commerce would double if people had greater confidence that their privacy was protected on the web. In fact, the lack of confidence in privacy outpaces all other concerns - including price and ease of use - in inhibiting people from buying on the web.

That's a huge wasted opportunity. And a very clear message that we have some serious work to do to turn these percentages around.

And while serious (very serious) the privacy issues we're dealing with today are trivial compared to what's ahead. What are the implications for individual privacy in a world where millions of people are driving internet-enabled cars that have their movements monitored at all times? What happens to privacy for millions of people with internet-enabled pacemakers? Who has access to real-time data on your heartbeat, blood pressure and cholesterol levels? Your doctor? Your insurance company?

The answer must begin with a responsible marketplace. Through business policies and practices, the IT industry has to send an unambiguous message that tells people: "You can trust us. You have choices. They will be respected. And you'll know in advance how any information that you give us will be used."

If you build relationships with customers based on trust, they will ask you to add them to mailing lists, they will ask you to recommend products from marketing partners, and they will stick by you forever.

Here are some rules designed to set the stage for acceptable use of customer data:

  • Do a thorough inventory of your company to understand exactly what your position on privacy is and confirm that this privacy policy is being rigorously carried out throughout your operations.
  • Post a privacy statement that clearly states how personal information will be used. If information will be used beyond the immediate processing of the transaction, it should be clearly stated. More than half of the respondents in a survey we took reported leaving a site if the privacy policy is unclear. If they don't see it - or if they don't understand it - they leave.
  • Give customers a choice about using data beyond what is required for transaction processing. Consumers will continue to embrace the internet only to the degree that they trust those who use the technology to respect the privacy of their personal information. Equipping consumers with knowledge and choice about how their personal information is used is key to building such confidence and trust.
  • Last, businesses must look for ways to improve their privacy practices. Consumer demand for privacy is increasing. Just as companies continually look to improve their products and services to meet customer demand, the same thing needs to be done with regard to privacy.

The good news is new technologies are coming to market that give individuals the power to prohibit or limit others from tracking their movements on the web. For example, there's specialized software that will enable businesses to automate enforcement of company privacy policies. Another solution is emerging in open standards like the Platform for Privacy Preferences (P3P), which allows your browser to compare a web site's privacy policies with your own preferences, thereby ensuring that you only visit or do business with web sites that agree to meet your personal standards for privacy protection.

The IT industry needs to continue to accelerate work in this direction. But these technologies are not the only solution. The answer lies in companies instituting strict practices and behavioral standards - and following them.

Privacy is, above all, a question of behavior, not technology. It's a question of finding the best set of motivators and inducements to meet a simple challenge made more complicated by the networked world, but simple none-the-less. And that is: consumers want businesses to do more than just pay lip service to privacy policy, they want to see it in practice.

Dr. Arvind Krishna is vice president for security products, Tivoli Software at IBM (


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.