Privacy 2000: In Web We Trust?

Profiles in Commerce

Consumer profiling isn't new. For years, mail-order firms have been tracking the products you buy so that they can send you catalogs specific to your interests. Shopping club cards allow supermarket chains to keep detailed records of the groceries you purchase. And special-interest magazines regularly sell lists of subscribers to third-party marketers.

While the practice of profiling is widespread in the offline world, its scope was limited until now because mail-order firms weren't able to easily pool their data--say, to combine records of your supermarket purchases with a list of your magazine subscriptions. But on the Net, it's fairly simple to create a record of every site you visit and every transaction you make. As a result, Web profiles can contain an unprecedented amount of information about your interests and activities.

"Say you go to a book site," says Evan Hendricks, editor and publisher of the Privacy Times newsletter in Washington, D.C. "[Profilers] can see what you looked at and what you bought. Do those books reflect political opinions, sexual preference, [or] health conditions?"

Critics paint a range of dark scenarios if Web profiles were ever to become available for sale on the open market. Corporations, for instance, could use profiles to screen out job applicants based on health advice they may have sought on the Web. Say an applicant filled out a health self-assessment form on a medical advice site and listed a family history of colon cancer. Conceivably, the site or its partners could market that information to employers. Or say the applicant bought medicine at a site like Drugstore.com or posted messages to an HIV chat group. All this information could be added to the user's profile, and employers could lower their insurance premiums by not hiring employees who could potentially have serious illnesses. "Those kinds of economic decisions can and will be made," says Fred Druseikis, chief architect for HealthMagic, a Winter Park, Florida, company that provides secure systems for sharing medical records over the Internet.

"In terms of how information is collected and used on the Internet," says Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC) in Washington, D.C., "to allow detailed secret profiles to be created is disastrous."

Theoretically, such profiles could also become subject to subpoena or be hijacked by an unscrupulous company or individual. "In a divorce or child custody case, your spouse could use your surfing habits against you," says Larry Sontag, a Seattle-based privacy consultant and author of It's None of Your Business (PMI Enterprises, 2000). "This information could be available to hackers, employees of a company who may be having a bad hair day, or any crook with access to the Internet," Sontag adds. "The lack of privacy means that [this data] is available to both honest and dishonest people."