Calendar of Events Weather Traffic and Transportation Message Board Directory
for on This Site All the Web Google
 

 

Law & Technology

Law and Technology

Privacy Activism: an Interview with Deborah Pierce

By Sara Longley

Apr 11, 2002 -- If you've been reading the Law & Technology column for a while, you know that its regular author, Deborah Pierce, is interested in protecting personal privacy on the Internet. So interested, in fact, that she's launching a non-profit company, PrivacyActivism.org. As the founder and executive director, she will work to educate consumers about how to protect themselves while they are online. I reached her by phone in San Francisco as she is neck-deep in preparations for the 2002 Computers, Freedom and Privacy conference.

Sara Longley: Did you start out taking law classes to be a privacy lawyer or did you come to that later?

Deborah Pierce: I started as a little proto-privacy maven even as a kid. I was so interested in privacy. It really started in college, when I had a work-study job at UC Santa Cruz at the development office there, the fundraising office. And I was working with a lot of alumni and prospect research, and there were a lot of privacy issues there. The office was tracking alumni and potential donors so they could raise money. Some of the things you look at to decide if somebody is a good prospective donor are public records, graduation information, lots of pretty personal things. I had no idea that that was the way the world worked, in terms of privacy, and I just thought, 'How would I feel if I knew that my college was doing this?' And of course, it's done every day, all the time.

When I was in law school I discovered the CFP conference, which is Computers, Freedom and Privacy. That's a big conference for the privacy community ... I got my law school to send me there as a student, and I was overwhelmed that there's this entire community from all over the world, from all different points of view. Law enforcement would be there, the business community would be there, the activists would be there, and the panels would have a mixture of all different people.

The first CFP conference was in 1991, and this year I'm on the program committee. So it's very exciting that I discovered this thing so many years ago, and now I'm finally contributing to give something back to it.

SL: Tell me a little more about the Electronic Frontier Foundation.

DP: EFF was founded in 1990. They were started because there was this case in Austin, Texas with Steve Jackson Games. Steve Jackson Games had a bulletin board with this conspiracy game, and the Secret Service thought it was real, and went in and raided the company--practically put them out of business. EFF was formed just to defend Steve Jackson Games, and they won. It was one of those legendary things on the Net. I found out about EFF a couple years after that, and of course at CFP people were there from EFF, and so I got to meet them. Then I interned for EFF while I was in law school and eventually became one of the staff attorneys there. EFF's general purpose is defending free speech and privacy, and they're focusing a lot of their attention these days on intellectual property issues, primarily digital music and what people's rights should be with regard to that.

The origins of PrivacyActivism.org:

DP: Loking around on the West Coast, there really wasn't any group that was doing consumer privacy issues online. The only people doing anything like this are Privacy Right Clearinghouse in San Diego, and they're mostly focused on financial privacy and identity theft. There are other organizations like the ACLU and Consumer's Union, but their primary issue isn't online privacy as it relates to consumers. Even with EFF, I had to split between consumer privacy and [protection from government intrusion], like with Carnivore. I really felt there was a need for an organization like PrivacyActivism.org. That was one of the reasons why I started it.

The other main reason was, when I talked to the press or just people on the street, talking about privacy, they would say, 'But I have nothing to hide, why should I care?'

That was the first question I would always get, and it's a very complex question. I want to be able to answer that question, to get people to care. Within the privacy community we've been trying to do that for 20 years. But we usually do it in words, so there's a lot of legal jargon, a lot of technical jargon, and people ... if you bombard them with jargon, their eyes just glaze over. So I decided I want to make it more accessible. My whole take on this is to do it graphically and visually, on the theory that a picture is worth a thousand words.

One of the projects I'm working on now is a video game, actually a joint project with EFF. What we're doing with the video game is showing what happens to people's privacy rights and what happens to their 'fair use' rights under copyright law when they decide to download music off of the Internet. Are you going to a buy the music, are you going through a 'peer-to-peer' network like Gnutella, or Audio Galaxy or something like that? Is some company tracking you? Are they profiling you, or are they making you do a pay-per-view, which obliterates any fair use that you may have? And then we have a score at the end, with a main character who makes all these choices along the way. It's kind of a fun cute game, but also educational.

SL: I always worry, if I sign up for something on the Web, what else I'm going to get because of it: How much spam will I get, and where the information I give them is going to end up.

DP: Most sites, if you go looking for their privacy policy, it's usually at the bottom of the page in really tiny type. And if you do read it, privacy policies are not the most clearly written documents I've ever seen. I went to Audio Galaxy to do research for this game, and through the legal jargon what they were basically saying was, 'We're going to collect all your personal information, and we're going to share it all, and we're going to sell it all, and if we go bankrupt, we're going to give it away.' You might not necessarily get that if you were just randomly reading it, but I was looking at going 'Oh my god, this is outrageous.'

SL: So, somebody like myself, without a legal background, could read it and not pick up on the implications?

DP: Yeah! So they're recording what kind of music I'm listening to through that particular service, how often I'm listening to a certain song, or what genre I'm listening to...that's very personal, and I should at least be able to 'opt out' of that data collection. And their privacy policy is not the clearest, but that's the norm.

SL: But then would they say that because they're a free service, they need to somehow make money, and that's their way of having an income to provide the service?

DP: That's exactly what they would say. My response to that would be, okay, that's a fair trade. But don't hide it! Let's put that agreement up front, so that people understand going into it that that's the bargain they're making. And that's not the way it is right now.

SL: It seems like different people have different ideas about what should be private.

DP: There are things that people don't understand about links between various pieces of information. When I was at CFP one year, I heard this professor from MIT who had done a study, and she found that if you take birth date and zip code and match that up from public records like voter information, you can uniquely identify up to 85 percent of the city's population ... That stuff is scary when you think about [for example] 'Okay, I think I'll go into the office today and find out what my horoscope says,' so I'll type in my birthday. And I think, 'I want to know what the weather is,' so I'll type in my zip code, and now if Yahoo decides they want to match that up with public records, they can find out exactly who I am! People don't know that.

SL: I think a lot of cross-referencing that is possible now, people aren't really aware of. They know it's possible but they don't realize it's being done.

DP: And when they find out, their jaws hit the table. The people [in the audience when the MIT professor presented her study], these are people who are up on the issue.

SL: Then there's the little kids and teenagers who would just type in their birthday, thinking, 'Nobody can tell who I am.'

DP: There have been studies that show kids and teenagers are very trusting about what they put out there on the Net. And so there's that information, stored in some database, and if somebody wanted to start a profile, that's going to be there forever.

To learn more about PrivacyActivism.org or online privacy issues, visit the site at www.privacyactivism.org. Deborah Pierce will return with a column of her own in our April 25 issue.


Reader Comments

Discuss this article in the forums!

   No comments yet!
 

© 2009 Seattle Press on Line.

Powered by JournalMaker.