Log In

Reset Password
BERMUDA | RSS PODCAST

`Cookies' raise Internet privacy concerns

As an experiment, the next time you surf the Internet go into your browser's "options'' menu and change to the feature that warns you before you accept cookies. Depending on your browser (Netscape Navigator or Microsoft Explorer) and the version, you will have different options.

In a full version of Explorer you go into the "advanced'' menu of "options'' and switch to "prompt before accepting cookies'' feature. Then surf. Then get surprised at how many prompts you get while surfing. I bet you'll get so annoyed at having to choose before accepting "cookies'' you'll soon turn off the feature.

A cookie is an ubiquitous tracking device that plagues the Internet. A cookie is a text-only string that gets entered into the memory of your browser and stays in a folder in your computer for a period of time.

According to researcher Lori Eichelberger, a cookie can contain "a wide variety of information, including the name of the website that issued them, where on the site the user visited, passwords, and even user names and credit card numbers that have been supplied via forms.'' Check out www.cookiecentral.com/stopcm.htm for more information, and ways to prevent tracking.

There are many privacy concerns about cookies, including the fact that most are being stored in a users' computers without knowledge or consent. Yes, companies are tracking our movements and building up huge databases about our specific preferences. Innocuous you might say. What do I have to hide? That's the excuse of the naive. Because as more and more people use the Internet, companies -- and others -- are finding powerful ways of tracking behaviour that can get right down to the specifics. In addition to being a nuisance, the potential for cookie abuse is clear.

Nobody knows what the data can be used for and that's the troublesome part.

The issue over cookies and other means of tracking behaviour on the Internet has always been controversial, but has come to the fore in recent months in a battle over privacy between the US and Europe.

In October the European Union Directive on Data Protection (see www2.echo.lu/legal/en/dataprot/directiv/directiv.html for the whole directive) went into effect. The directive is designed to protect privacy on the Internet and the way other electronic data is stored and used. The law calls for countries to set up national watchdog agencies to protect the transmission of personal data and prevents the transfer of such data collected from consumers in Europe to countries without the same standards.

The issue goes deeper than the use of cookies of course. Consumers in Europe apparently have absolute control over all storage of personal data -- including financial information such as credit card use. Permission must be sought before information is collected, and the company or organisation must explain how the data is going to be used.

There is a question of whether such a law is fully enforceable and whether its practicable.

The EU has threatened sanctions against companies with subsidiaries in Europe.

The US has disagreed with such legislation on general principles, saying regulation is not the answer. In general the US is concerned such regulations will supposedly stifle the free flow of information and the ability of companies to cross market goods. Instead the Clinton administration wants to go the route of self-regulation, asking companies and organisations to voluntary follow agreed standards of privacy.

The US Commerce Department has also put forward a plan -- which the US has rejected -- to issue "safe-harbour'' regulations designed to protect US companies with operations in Europe.

Discussions between the US and the EU are ongoing over issues such as how to enforce privacy guidelines and how to give surfers access and control over the information being collected.

Myself, I like to err on the side of protection of personal privacy on the Internet. I know of no company that won't be tempted to collect and use such information. Those deciding to follow such a voluntary system will feel constrained by their operations. Since there are no sanctions, why bother? And the lack of regulation will allow others less ethical to collect information with impunity. Regulation can always be relaxed as necessary.

As Georgetown University Law Centre adjunct professor, and Electronic Privacy Information Centre director Marc Rotenberg said in testimony before a US House of Representatives committee hearing on the issue, scepticism about self-regulation is justified.

"The commercial incentive to collect and sell data is enormous,'' he said (www.epic.org/privacy/intl/rotenberg-eu-testimony-598.html). "The safeguards are weak and easily ignored. Typically, there is little more than fine print.

The essential framework for privacy policy -- a code of fair information practices that sets out the obligations of companies that collect personal information and the rights of individuals that give up personal information -- is often missing, incomplete, or completely unenforceable.'' Until countries start requiring stricter privacy laws on the Internet, cut those cookies out of your hard drive.

In the world-wide debate of privacy the new conspiracy thriller Enemy of the State has hit the movie screens with perfect timing. The movie features satellite surveillance systems, access to bank records, phone taps, and an innocent man being digitally hounded. A review about the reality of the technology can be read at www.wired.com/news/news/culture/story/16507.html.

Very real according to Wired News. However the move "overestimates how well databases are linked together, and the possibility of real-time record retrieval,'' according to Mr. Rotenberg. "But someday, it will be possible to conduct that type of constant surveillance of a target.'' Tech Tattle deals with issues relating to technology. Contact Ahmed at 295-5881 ext. 248, 238-3854, or techtattle ygazette.newsmedia.bm.