Resources • Special Report: Privacy • Graphic: Life Amid the Data Dealers • W. Post: Opinions on Web Privacy Mixed (Apr. 2, 2001) • .com: Bugs That Go Through Computer Screens (Mar. 15, 2001) • Tech Week Series • Washtech.com

Tech Week: Privacy
Washington Post reporter Robert O'Harrow

Wednesday, May 16, 2001; Noon EDT

Psst. You're being watched. Every purchase you make at the grocery or the department store is closely monitored and stored away in a database. Data warehouses compile detailed profiles of your shopping habits, income history and debts. Somewhere, a criminal may get access to your Social Security number and use it to obtain a driver's license or a credit card in your name. In the future, information brokers will know even more about you and your family.

Writing in the May 16 'Wired Life' special section, Washington Post reporter Robert O'Harrow explores how the data dealers work and how pervasive the data gathering is in modern America. (Click here to read his article)

Submit your questions and comments for Robert O'Harrow before or during Wednesday's discussion.

Editor's Note: Washingtonpost.com moderators retain editorial control over Live Online discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions.

To read the most recent responses, click "Get New Text" or select "Automatically Update Page."

Washtech: We'll be getting started in just a few minutes. Please submit your questions, and thank you for clicking into today's live discussion.

Washtech: Thank you for joining us today. You've written widely about the privacy issue for The Post. Have you found that there is a growing consensus among Americans about how privacy should be protected? What's the status of the public debate today?

Robert O'Harrow: Thank you for having me. There's no question that more people are thinking more often about privacy issues. Regular folks and lawmakers alike are worried about how their names, Social Security numbers and other personal details are being used. But consensus? Hardly. The same people who worry about privacy often love the benefits they get by allowing their information to be used - discounts at the grocery, easy access to credit and so on. Ambivalence is the word that comes to mind.

Cleveland, OH: There seems to be a flood of privacy related legislative inititives introduced by Congress. This appears to be in response to such things as the EU push for privacy and the omnipresent media coverage regarding privacy violations. Because privacy rights and access to information are both important interests, do you think that this "privacy stampede" can shift the balance between privacy and access too far to one side and thereby create some of the harms historically associated with a closed information society? As examples, will political corruption increase as a result of financial privacy strengthening or will medicial malpractice flourish due to stronger medical privacy?

Robert O'Harrow: Very good question. Most of us are still trying to understand what we mean when we say privacy. All too often it comes down to a personal (no pun intended) perspective. Overly restrictive regulations could indeed stifle many of the amazing benefits of the Internet, computing and other technology. It could also cut down on oversight of the sort that reporters try to provide. Seems to me that the debate should not lose sight of the need for balance.

Washington, DC: I think there is general confusion between privacy and security. Can you tell us how you define the two and their relavancy to the average consumer?

Robert O'Harrow: In simple terms, as Justice Brandeis once put it, privacy is the right to be "let alone." We all want and need at times to be free from scrutiny. It seems to me that security is the protection of information that's been collected. Different sides of the same coin. Dear readers, please feel free to offer your own definitions...

MH in MD: The Acxiom service that you mentioned in your article, where companies' toll-free numbers use caller-ID to identify callers, would that work for an unlisted number, where the name and address wouldn't normally be available? And do companies that use this service block or treat differently a caller that have caller-ID blocked? I am considering adding caller-ID blocking solely because of Acxiom's service.

Robert O'Harrow: A couple of answers: Companies do treat different callers differently, based on whether they're existing customer, their profile and the like. In some cases, that's called personalized service, and people like it. As for caller-ID blocking, you're probably out of luck. Doesn't work on toll free lines because the company paying for the line has a right to know who is using it.

Bethesda, MD: Seems to me that we too often operate under a 19th Century view of privacy. Given the realities of 21st century technology and population levels, we have to accept monitoring in public areas. If you really want privacy, move to Montana or the island in the sea... Just my opinion.

Robert O'Harrow: There are a fair number of people who agree with you, and there are growing number of cities and institutions where video monitoring is commonplace. Baltimore comes to mind. So do many casinos, which watch gamblers from on high like hawks looking for prey. Law enforcement authorities recently scanned the faces of people attending the Superbowl and compared the images against files of known criminals...

Washington, DC: Should we just give up and get used to the fact that corporate America knows everything about us?

Robert O'Harrow: That's probably a bit fatalistic. Corporate American doesn't know everything about you - for example, that time last week when you kicked your dog, or when you shortchanged the highway toll. Seriously, all this data collection is at a very early stage. Now's the time to sort out how to do it right, at least imho. It's all about making adult decisions about how your personal information can be best used in an information society.

Washington, DC: I was infuriated the other day to discover that my usual drugstore is now starting one of those customer card programs that the grocery stores use. You'll no longer be able to get sale prices without using your card and hence handing over all your personal info and allowing them to track your purchases. Short of avoiding the chains altogether, what's the best way to combat this growing practice?

Robert O'Harrow: Don't get too infuriated. If you think about it, what do those sale prices represent? A tradeoff: Your information for discounts. If it bothers you, don't participate. Many people don't mind the tradeoff at all. As long as you can make an informed choice...Anybody disagree?

Anchorage, Alaska: It appears that there is fear coming from all sides, with advocates hailing privacy is dead and industry claiming threat of bankruptcy if the wrong legislation is passed. Some argue for a mixture of gov. oversight, technology and self-regulation. What is your viewpoint?

Robert O'Harrow: My viewpoint? It's private. What's really important now (and in the coming years) is to have an open, honest debate about the basics, the benefits and drawbacks. We need to know how companies and the government collect, share and analyze data. We need to know how they're putting it to use. Policies need to flow out of a good understanding of what's going on. I'm not sure we have a good understanding of the practices and implications yet.

Anywhere, USA: Tradeoffs for discounts are one thing, but what are they doing with my personal info? If it's just figuring out what products I like so they can give me more/better access to them, fine. But what if they're telling other companies about me, and what if one of their employees steals my personal info...?

Robert O'Harrow: A good one to come back to. Try this one out for size: Ask. Press companies to be open about their policies. If there is an inconsistency - if you believe a company official is blowing hot air - draw attention to it. If all else fails, call this reporter and talk it through. Maybe it would help to explain the company's practices and confusing privacy policy in the newspaper.

Washtech: So if 'ambivalence' best describes the public debate on privacy, who is out there now trying the lead the debate toward consensus? Any lawmakers or interest groups?

Robert O'Harrow: Several lawmakers are trying to address concerns about privacy. Sen. Shelby, for one, helped lead the way on rules about driver license records. Rep. Markey has been talking about Internet privacy and related issues. Rep. Leach has been a mover on financial privacy. The FTC, meanwhile, has taken the lead on several key issues: data collection about children, financial privacy and rogue information brokers.

Alexandria VA: Re: Store loyalty programs--nobody says you have to give them your correct name or address or phone when you fill out the application

Robert O'Harrow: Interesting point. I know of a former undersecretary of Commerce who acknowledged, in The Post, using a phony name on his shopper card. Be warned, though. You may be held responsible.

Washtech: We're half way through today's discussion folks. Keep sending your great questions and comments.

Annandale, VA: The problem is not only that Corporate America has the information, in a big part, it is that Big Government is doing this as well. Why should your local Police Dept scan 100,000 faces at the Super Bowl to MAYBE see 1 criminal. And why can they subpoena Grocery Store records for purchases? Where does this slippery slope stop? Who sets the limits on Government? At least with Corpoarations, one can decline to do business with them (most of the time).

Robert O'Harrow: Fears about government's use of personal data go way back - and frankly are justified in some cases. One reason for vigilence of course is the fact that government has sources of authority that go far beyond what businesses can bring to bear. But it's important to note that government agencies are far more regulated - by the Privacy Act and other laws - in how they use individuals' information.

Virginia: I agree with your first answer - most Americans seem to be ambivalent about this. I have had my social security number taken off my drivers license/insurance cards/university IDs, etc... I will not shop at Safeway because they track your purchases. I do shop at Giant, but have a (supposedly) anonymous card that doesn't link what I buy to my name. I shop at CVS, but only use the card when I buy something on sale.

It bothers me a lot that so much info is collected about us, but most people that I talk to about it don't seem to be concerned at all. Why is that?

Robert O'Harrow: Simple. We like bargains, we like conveniences and we have a tough time seeing the harm (unless of course we sit down in a quiet, private place and think about what it all means.)

Cleveland, Ohio: Hi Robert,

I hate the idea that somewhere, someone knows what things you buy on line, how much you spend and what websites you visit. I don't know about everyone else, but I certainly don't want a marketing or direct mail company to know that I've bought khakis at JCrew.com or maternity clothes at oldnavy.com. Other than erasing the cookies and internet history on a weekly basis, is there a good way to prevent this information from being collected or erase it from your computer?

Robert O'Harrow: Cleveland, thanks for the question. It sounds like you have to make some choices. Do you want to buy things online or not? It's hard to ask a business not to collect some information from you when you're asking them to send you a product. On the other hand, you seem to be taking some good steps to ward off unwanted scrutiny by clearing out your cookies. (Which, by the way, people, are not necessarily bad things.)

Reston Va: Bob O,
Enjoyed your reporting for the Post for some time, you are as ever prescient regarding many trends (witness purchase of The Clash "Sandinista" double LP, circa 1977). Do you think that we are going to have to accept this increasingly obstrusive surveillance, in order to be part of the digital age? Or are their alternatives?
Thanks
Maui's bro

Robert O'Harrow: Ouch. Now the roots of my pop-music taste are finally public. Cheers old friend. As for surveillance, no question we're going to have to get used to more of it - if you want to take full advantage of the 'net, digital television, your Palm Pilot (I love mine!) and on and on. But it will pay (in peace of mind) to pay attention and make smart decisions about how and when you are allowing information about yourself to be collected. Ask good questions.

Fairfax, VA: Is there a consumers rights movement or organization centered on the privacy issue?

Robert O'Harrow: There are lots of them and more on the way. Choose your flavor: old guard civil libertarians, digital anarchists, DC-based policy wonks, industry-funded groups. They all have something to say to anyone who inquires. Check out the privacy pages at washingtonpost.com. There are plenty of links, which, of course, lead to plenty more.

Washtech: To check out the privacy pages Robert mentions in his answer above, go to: http://washingtonpost.com/wp-dyn/business/specials/privacy/index.html

Washtech: Orono, ME: Speaking of privacy...does the Post collect IP numbers or anything when people post messages to its discussions? How much information do you guys have about individual users?

Washtech: Please take a look at washingtonpost.com's privacy policy, located at: http://washingtonpost.com/wp-srv/interact/longterm/talk/members.htm
washingtonpost.com does gather info. from users, especially when they register for e-mail and other services. No personal information is ever shared with other organizations. Thanks for your great question.

Robert O'Harrow: Not exactly sure what the site collects. But I applaud your effort to read the privacy policy. Send the site an e-mail and ask directly.

wiredog: Remember, just because a company has a strong privacy policy now doesn't mean they won't change it later. Amazon did that, which is why I no longer buy from them.

Robert O'Harrow: Good point. It may be worth remembering this inelegant phrase: Data is forever.

Washington, DC: I heard Phil Gramm talk on privacy a while back, and he made the point that consumers often benefit from the information that companies collect. Gramm said, for instance, that it's advantageous to him if marketers figure out, say, that he's interested in hunting magazines and not interested in the J. Crew catalog.

I don't agree with Phil Gramm on much. But I do think he has a point here. Is it really so bad if Safeway knows that I like to buy bananas..and uses that knowledge to provide me coupons for that product?

Robert O'Harrow: That's really up to you to decide, isn't it. My question is: Are you sure that's all they're doing? (It's not.) Do you want a permanent file of everything you buy sitting around somewhere? From what I can tell, grocery stores jealously protect their databases. But, as the undersecretary of commerce put it to me, who knows how the information will be put to use down the road? I'd venture to say the uses will be benign- and beneficial to individuals. Who knows?

Reston, 20190: For Cleveland, who was worried about cookies: If you buy online from jcrew.com they have your credit card info and, probably, e-mail address. The credit card resolves to your home address, SSN (through the bank), and phone number. Why worry about the cookies? You've already given the merchants database everything.

Robert O'Harrow: A response from one of our gentle readers...

Randallstown, MD: Hi Robert,

I'm trying to increase traffic to a client's website and was planning on doing some mass emailing. It was suggested to me to buy a list of bulk email addresses. So many companies offer this service. How do I know which ones are reliable and what should I know about before I decide to do this? Thanks.

Robert O'Harrow: Mass emailing? Just assume my address is incorrect if you don't mind...

Falls Church VA: Good afternoon. My question centers around financial institutions. How do you feel about 'account aggregation' (or screen scraping?)-- having one username and password for all your personal and financial accounts? Do you feel that this is just another way for banks and financial institutions to gather data about you, or it is a real service to the consumer?

Robert O'Harrow: Thank you all for such smart questions. Share your information wisely and ask good questions.

Washtech:

That was our last question today. Thanks to everyone who joined the discussion, and thank you again Robert for leading this discussion.

Stay tuned to Live Online:

Keep up with the latest in news, sports, politics and entertainment with washingtonpost.com e-mail newsletters.

   |      |