ARTS & FARCES internet

As if web bugs and cookies weren’t enough, leave it to Microsoft to find a way to make both obsolete. With its recently introduced Passport technology, Microsoft is aiming to be the premiere aggregator of Internet user data on the planet by compiling the world’s largest consumer database. In theory, Passport is supposed to be a way for users to store their identifying information on their computers for use automatically at participating websites, allowing them to login without having to retype all of their personal information. While Microsoft claims that the user retains sole control over what information is transmitted, there’s no way to verify this and reports from Smith as well as Microsoft insiders indicate the claim may not be true. In practice, Passport is a replacement for cookies. This explains why Microsoft is implementing cookie management controls in upcoming versions of its Internet Explorer browser software.

When you enter a Passport-enabled website, your browser is redirected to Microsoft’s Passport site where your passport is verified and your browser is sent back to the originating site with authentication. During that redirection, the two sites are exchanging information about you and unlike cookies, there’s no way to keep this from happening. Microsoft, therefore, has a record of each and every visit to each and every Passport-enabled website. That record is linked to your name and email address and most likely other personally identifiable information including home address, phone number, credit card number(s), etc.

Currently, Passport is used only on Microsoft-branded sites, but an alarming number of websites have agreed to Passport-enable their sites. And you can count on Passport eventually being built into either the Internet Explorer browser or the Windows operating system (or both).

The question, illustrated painfully clearly by the Pew study, is simple: If most Internet users don’t even know what a cookie is, how are they going to protect themselves from predatory marketers?

The answer is also potentially found in the Pew study. Consumers must meet dishonest marketing with guerilla tactics:

• 24% used fake names and email addresses
• 20% used “secondary” email addresses
• 9% used encryption technologies
• 5% used anonymous surfing technologies

What We Can Do Now

1. Recognize the individual right to privacy. In July 1998, the Minnesota Supreme Court acknowledged that Minnesota citizens have the right to bring lawsuits for invasion of privacy. “The right to privacy is an integral part of our humanity: one has a public persona, exposed and active, and a private persona, guarded and preserved. The heart of our liberty is choosing which parts of our lives shall become public and which parts we shall hold close,” wrote Chief Justice Kathleen Blatz in her opinion.
2. Recognize that transactional data and personal information about an individual is owned by that individual. The state may assign my address, and the telephone company may assign my phone number, but that data should be owned by me. I should control the purposes for which that information may be used.
3. Comply with the European Union Data Protection Directive. European countries recognize personal privacy as a fundamental human right. The Directive requires that citizens be told to what purposes their personal information will be put when it is collected. It also allows them to opt-out of any information transfer to a third-party and any global information transfer must take place between countries with “adequate” data protections. In the simplest terms, information gathered for one purpose may not be used for another purpose without the subject’s informed consent.
4. Encourage the citizenry to use strong public-key cryptography and prohibit any mandatory key escrow system. Yes, criminals will surely use cryptography; just as they use telephones and computers and other tools that we all share. But the citizenry will also be more secure, and that greater good far outweighs anything else. Besides, Pandora is already out of that particular box.