Don't Regulate Free Data Exchange

The debate inside the Beltway over privacy policy is heating up as surveillance and database technologies become ever more sophisticated. In light of this rapid change, the most important function of the legislative branch is to exercise strong and vigorous oversight of government abuse of privacy, not to posture and regulate the free exchange of data between private parties, consumer and merchant alike.

The rush by politicians to "do something about privacy" is understandable, but it's driven largely by polls of dubious value. A recent survey of privacy surveys released by the Competitive Enterprise Institute finds a preponderance of push-poll queries-and a wide gap between the stated opinions of those surveyed and the revealed preference of real-world behavior. Yes-or-no questions that ask Internet users if they're concerned about online privacy invariably get large majorities saying they are. Yet 75% of Internet users have given out their credit-card number online, evidence that they feel the secure-payment systems for E-commerce to be worth both the risk and convenience of shopping online.

Also, 57% worry about credit-card theft from online purchases, an anxiety that should logically carry over to the real world, where multipierced waiters wander off with your credit card every time you pick up the check at a restaurant. Credit-card and identity theft is a fraud issue covered by and prosecuted under existing statutes. Similarly, concerns over data collection and exchange arising from E-commerce can best be addressed by the First Amendment and contract law, and by law-enforcement action taken when breach of contract occurs. For instance, when the now-defunct Toysmart.com attempted to sell its customer information as part of a bankruptcy fire sale, in violation of its stated privacy policy, the Federal Trade Commission stepped in and prevented it.

The online revolution, which had been the engine of so much of the growth in the American economy, has slowed. The farcical antitrust prosecution of Microsoft was the first big signal that this sector no longer would be free of the heavy hand of government, and the push for new federal privacy laws is another sign that the regulators don't plan to back off. The dynamism of the information sector and its concomitant spontaneous structure, including market regulation, have enabled merchants to keep responding to new technologies and changing consumer needs and tastes. One-size-fits-all rules handed down from Washington will undermine this rapid response and will only serve to harm consumers.

Market regulation of privacy issues in the online sector arose with services such as Trust-e, an independent certification system that ensured that participating Web sites stuck to stated privacy policies. Since then, cookie-blockers, cookie-scrubbers, cookie-filters, encrypted E-mail, anonymizers, and even pseudonymizers, of various levels of sophistication and price have become available to consumers. The next big step, barring government intervention, will be the unveiling of the Platform for Privacy Preferences, which is to be fully integrated into Windows XP, presently scheduled for an October rollout. P3P lets consumers enter their preferences about how much information they wish to share with Web sites and automatically compares those preferences for compatibility with Web sites they visit.

A federal law that requires Web sites to offer consumers a chance to opt out of the site's information sharing could distort market solutions on both ends. Many merchants would feel less pressure to offer opt-in programs because they can point to their compliance with the federal baseline. Mandatory opt-out requirements also deny consumers the opportunity to pay for goods and services with information rather than cash if they wish. For instance, companies such as Juno and AltaVista have offered free Internet access in exchange for personal information. Although those experiments ultimately failed, other information-for-product exchanges exist, such as Eudora Plus E-mail software. Rigid federal regulations could threaten further development of such innovation.

Consumer choice also is threatened by the cost of such regulation. Big business can absorb the cost of rigid, complex federal regulation, but some smaller, independent businesses operating with slim profit margins will be forced offline; others will never bother logging on in the first place, meaning fewer products and choices for consumers.

Market regulation has done a commendable job meeting and adapting to consumers' privacy needs and preferences online. The feds shouldn't work to overthrow this system, but rather work to oversee, regulate, and restrain the systems under their purview-such as the FBI's Carnivore-which already do more than their fair share of watching, tracking, and cataloging our online activities.

James C. Plummer Jr. is a policy analyst for Consumer Alert, a nonprofit group in Washington concerned about the growth of government regulation. He's also the Webmaster of www.nccprivacy.org, the site of the National Consumer Coalition's Privacy Group, made up of 24 organizations that recognize the benefits of the market economy and consumer choice. You can reach him at [email protected].