Politicians must consider others on the Net

Curious, isn't it, that the only online privacy issue that seems to have captured the attention or concern of politicians in the State is the Bertieahern.com porn-site fiasco. This mournful tale hit all the news broadcasts and a few talk shows as well, when the Taoiseach discovered that his name had been inappropriately appropriated into a dot.com.

Unfortunately, the dot.com turned out to be a pornography site whose owners wanted cash in exchange for surrendering the domain name.

There was much sputtering and outrage from various politicians, expressing shock and dismay that one's identity could be kidnapped in such a way and then allied to a porn site. How could this happen, and didn't an individual have control over one's own name and what it was associated with online? Could laws be brought in to prevent this, they asked - thus demonstrating a woeful ignorance of key Internet issues such as privacy, control of information, right to domain names and cybersquatting, that have all been before courts and national governments over the past few years.

Last week, Ms Nora Owen brought the stolen identity issue up before the Dail during question time. Was anything being done at all to prevent other politicians from waking up one morning to find that www.noraowen.com was a pornography site, or a racist hate site, or, for that matter, a site selling vacuum cleaners or auctioning discount flights to the Algarve?

Please. As the Americans say, not everything is about you. I would like to suggest that politicians wake up and realise that the porn-site saga actually raises crucial political and societal issues that they should have interested themselves in long ago, especially as Ireland tries to make itself into an e-commerce centre.

The fact that this only seems to concern them when they find their own names and identities being used in a way they dislike underlines how hopelessly out of touch most of them have been on complex issues that will shape what kind of society we want to have in the future. So, members of the Dail and Seanad, could you concern yourselves for a moment with how such issues affect the rest of us, please?

It's not as if there haven't been opportunities for debate and decisive action. Indeed, we have an e-commerce Bill moving through the Oireachtas right now, and no one, I believe, has raised any of these issues or asked where and when they will be addressed.

Shamefully, we also are under threat of legal action from the European Commission for not having implemented the new Data Protection directive yet (it's been around since 1998). This is an essential piece of legislation that would at least give some sound legal basis for the protection of personal privacy in the Internet world.

These might include limitations on the collection of so-called "passive" data (where websites can assemble all sorts of personal data about you as you surf, without your knowing), firming up requirements that websites state their privacy policies clearly, the creation of a bare-bones minimum for such privacy policies, a restriction on the sending of spam (unsolicited e-mail advertising) and a guarantee that Irish Web users can use programs that let them surf the Net anonymously.

Even once we pass the 1998 Data Protection directive here, we still need firm legislation in all these areas. Historically, the existing Data Protection Act, which dates from the 1980s, has only been enforced sporadically and, to my knowledge, has never been used in Europe to place any requirements or restrictions on - or to legally pursue - a website, although it should apply to all computer-held data.

A trawl of Irish sites, for example, produces dozens of company sites with no privacy policy at all, while many that do have them seem to have put together ad hoc statements that reveal little about what they do with either active or passively collected information. I do not know of one that gives an address to which an individual can apply to see what data is held on him or her or ask to have it deleted from a database or modified. Yet this is an EU citizen's right under the existing legislation.

The US has no such protections but is actively considering some sort of explicit, legal privacy protections in the wake of several reports pinpointing the cavalier way in which most websites deal with personal information.

In particular, the Federal Trade Commission (FTC) has been increasingly annoyed with the slow response of the corporate world to offering the most basic protections to consumers. The FTC calls them fair information practices and they include stipulations on notice, choice, access and security.

As part of the FTC's continuing concern in this area, it appointed an advisory committee to report back on privacy, security and potential approaches for protection and legislation. That report, released this week, makes for some interesting reading for anyone interested in this area of debate - hello, Dail?

The committee's brief was not to recommend a particular course of action, but to lay out the issues and provide a menu of choices for response. These it does fairly well but with a strong American perspective.

I found of particular interest the fact that the report starts from an unstated assumption of certain "rights" of businesses to consumer data, a very American bias in a country that often idolises commerce and takes a laissez-faire approach to industry.

Privacy guarantees that Europeans take as a matter of course are, in the report, seen as the most extreme of four options given for the control of personal data. This does not bode well for any settlement of the continuing battle between the US and Europe over how the US is to deal with the Data Protection directive.

While we have been busy here producing various public and private reports evaluating the commercial aspects of e-commerce and telecommunications, we have done little to address even the most basic privacy concerns that arise with the use of computers and the Net.

klillington@irish-times.ie

Web Link FTC Advisory Committee report: www.ftc.gov/acoas/