The Checkout

Privacy Worries Here to Stay

After spending most of yesterday listening either in person or via phone to the Federal Trade Commission's three-day hearing on protecting consumers in the coming decade, I can report back that, from what I've heard so far, life in the future will not be much different than it is today. The dominant consumer protection concern that emerged from Day One of the gathering? Privacy.

Fred Cate, a law professor at Indiana University and privacy expert, laid out the direction cyber fraud was heading.
Identity theft isn't going to end. But there's a new wrinkle: "synthetic identity theft," where cyber thieves cobble together a false identity with bits of personal information gathered from the Web. They, of course, use these false identities to rip off people, for example, in online auction settings.

Cate and at least one other speaker brought up location-based information and services. You can already find them in navigational systems in cars and even in your cellphone. As more people start to use the growing number of commercial uses for positioning technology, the concern is what happens to that data and whether consumers will be given adequate notice of how their information is being used.

Is telling consumers about privacy policies even worth it? Cate questioned the effectiveness of such notices, which, in theory, keep consumers in the know and gives them a choice to opt in or opt out. Cate quipped that no one reads privacy notices and I think he's probably right. So the question is what else can be done to give consumers control over their personal information?

While we grapple with that issue, a new generation of online scams is exploiting our fear of cyber crime. Dave Cole of cybersecurity product maker Symantec Security Response noted in passing the growing number of fake cyber security products that try to trick consumers into downloading spyware.

Much of what was mentioned yesterday was not that different than what consumers already contend with. A potentially novel twist on cyber crime stemmed from comments made by Joseph Bates of the Consumer Electronics Association.

Bates regaled the crowd with a glimpse into our Jetsons-like future, where all manner of technologies will converge in mind-blowing ways such as a refrigerator-oven hooked up to the Internet that we can order to whip up dinner via phone, PDA or computer. Such a contraption was unveiled at the 2002 Consumer Electronics Show. Internet-linked ovens costing $8700 are already on the market.

Inevitably, those among us who are exceptionally paranoid began wondering what horrible concoction we might come home to if hackers gained access to our wired kitchens. Tuna aspic? Liver quiche?

Fortunately, there's no financial incentive to gross out random strangers. At least not yet.

What do you think regulators should be talking about in terms of protecting us from in the future?

By Annys Shin |  November 7, 2006; 7:15 AM ET Consumer News
Previous: Seeing the See Clearly Method for What It Is | Next: You've Been SMiShed


Please email us to report offensive comments.

I don't have any insight into the future, but if it's like the present we're in trouble. I DO read privacy notices and recently read one from Chase. It said that I could opt out so they would not share my information, then went on to say that Chase reserved the right to share my information anyway. A very dim future.

Posted by: Martin Crabtree | November 7, 2006 9:00 AM

What I very, very much want to know is why my personal information is not, in fact, mine. If a store in my town came by my house and cut all my flowers to stick in a vase by its cash register, everyone would call that theft.

When a company gathers information about me and sells it to someone else without giving me any money for that, that should also be THEFT. While I understand the information gathering for internal use (after all, I chose to use that company), any selling of it should be FLAT OUT illegal. Forgot opting out. The only ethical position should be deliberately opting in for a discount or a percentage. Some actual gain for the victim.

Of course, while business has government in its pocket, this is a pipe dream.

Posted by: Let's call me anonymous... | November 7, 2006 9:35 AM

How about making it illegal for most places to demand social security numbers? Places like doctors offices, dentists, hospitals do not need this information, yet routinely ask for it. All they need is your name and insurance information (member number etc.). I recently was making an appointment for my child to see a doctor at Johns Hopkins hospital, they wanted my SSN, my spouse's SSN, my child' SSN, our addresses, and, on top of that they wanted my maiden name! I said 'no' to most of these and made up a maiden name. Asking for so much information should be made flat out illegal.

Posted by: Elle | November 7, 2006 11:48 AM

oh, other places that routinely ask SSNs are car dealerships, even though you don't use their financing. There have to be strict laws governing who can request personal information and under which circumstances.

Posted by: Elle | November 7, 2006 11:52 AM

As Martin said, you opt out...... subject to the collector deciding if your opt out is relevant to their needs or their system or their requirements of keeping your opt out optional - optional to them.

Let's Call Me made as good a statement as I've seen regarding personal privacy. The only bad thing is that we've gone too far and can't pull back what's already out there. And, people will always succumb to the "it's for security reasons..." and let the business reasons lump in.

I refuse to give my social security number to anyone. Do I know it's out there? Of course, but that still doesn't mean I'm giving it to anyone who asks. It's a small effort but to me it's an important one.

Posted by: Germantown | November 7, 2006 12:01 PM

First you minimize the information you give out and then you demand government PUNISH identity theft. Privacy must be addressed by the government, and there needs to be oversight. However, consumers don't do enough to protect their personal information...why do you give your phone number when you shop at certain stores? Or your address when you are paying in cash?

Posted by: Deb | November 7, 2006 1:20 PM

I read the privacy statements, and I ask for the privacy act statement. There's a law that says if they (whomever they are) want your SSN, they have to provide a Privacy Act Statement, and, if requested, detail the specific reasons they need the information they're asking for. We don't need new laws; we need to enforce (either through the law, or through our own action) the ones we have.

I cannot count the number of dumb looks I get when I ask for that, or the responses when they say "but I have to have this" and I continue to say NO.

Just say NO.

Now, if only the gov't would see it's way to allowing us to copyright our information, we'd be "in like Flynn," using civil court to financially enforce our desire for privacy. A woman in one of the western states copyrighted her SSN, and sued, but the Feds said it wasn't hers to copyright... a blow to all of us. Likewise, your address isn't yours, nor is your phone number - it's all "on loan."

And, ready for this: The DoE (that's Department of EDUCATION, folks) are forcing parents to supply the last four of their childrens' SSNs to improve tracking of grades. They will not get my child's SSN until they pry it from my cold dead fingers!

Posted by: GeorgeEliot | November 7, 2006 4:17 PM

Good for you, Elle, for refusing to volunteer so much personal info. I don't give my SSN anymore, unless told that I cannot be processed without it. People need to start questioning why they are asked for certain info. I know we all want to be cordial, especially when at the MD's office, but we need to start asking what is 'essential' info. There are too many people in an office with easy access to your info--all day long. If I can get away with it, all you'll get from me for contact info is my email address!!!! (Even that's not too safe, though i try to only check it on my school's anonymous computers in our library. I know everything is tracked by the Gov)

Let's speak up and demand some rights, folks!

Posted by: lil | November 7, 2006 6:10 PM

You can't protect your own identity anymore. We all need a professional security force looking after us. Our data is out of our control. Take a look at and see what you think.

Posted by: Frank | November 7, 2006 8:02 PM

Give a fake ssn, address, phone number, or whatever. Even better, give the address and phone number of your Representative or Senator. After arguing with clerks for a couple years, I started doing that.

Posted by: oberle | November 8, 2006 11:56 AM

Ditto on giving out fake information. I do that all the time, especially if they won't take no for an answer. My goal is to confuse the databases that I'm in.

I can see why institutions want this information - it's valuable to them. And I can see why the laws dictate opt out of data sharing instead of opt in - because the government and business are in bed with each other.

What I don't get is why we consumers are willing to put up with this. Perhaps we're too distracted???

Posted by: cynic | November 8, 2006 12:55 PM

Oooo ... scary. My 'fridge is watching me.

Or, maybe it is just the space aliens ... again. Little rascals.

Posted by: ;0 | November 8, 2006 2:12 PM

I also read my Privacy Statements from banks, etc. But they need to call them Anti-Privacy Statements or No-Privacy Statements. You have no information privacy, and the fine print says so!

They will share the info with their affiliates, their subcontractors, their marketing firms, and other commercial services that have any connection to the bank at all. Basically, they tell you that they will share the info with anyone they d*** well please, and you can't do anything about it.

Then on top of that is the paragraph that says they can change their policies whenever they want, and they will be sure to inform you that you have less privacy than before. (But you cannot change the policy nor opt out, when you are already in.)

Finally, there is no way to get your data back, ever. All the Privacy Policies note that the company will keep your info, and sell it to whomever they please, even if you leave the bank, withdraw your money, stop using the services, etc. Twenty years later, they still have and sell your info. Believe it or not, they still own and sell your info AFTER YOU DIE!!

You have no private information!

Posted by: tjallen | November 9, 2006 7:36 PM

The comments to this entry are closed.


© 2010 The Washington Post Company