US Congress sits on hands while Web whizzes by

'Bookend' legislators hope industry will fix privacy so they won't have to

Don't look to the US government for online privacy protection. It's all too confusing. The Congressional Commerce Committee were scratching their heads while Federal Trade Commission reps testified on Internet privacy legislation earlier this week, contradicting each other, and at times even themselves. FTC commissioner Sheila Anthony claimed to be "concerned" that the continuing absence of online privacy would "undermine consumer confidence and hinder the advancement of electronic commerce and trade, specifically of trade with the European Union and its 320 million consumers." Fair enough, but her colleague, FTC commissioner Orson Swindle, scoffed at any such need, pointing to a new, 14-page FTC report flattering industry's efforts to regulate Web privacy by itself. "I do not believe [our] Report accurately reflects reality," he declared, drawing more than a few double takes. But he quickly made it right: "First, the dated and unfavorable results of the 1998 FTC Study are prominently described in the first seven pages of the Report, while the current and favorable results of the [industry-sponsored] 1999 Georgetown survey are relegated to a brief discussion in the middle," Swindle explained. The point here apparently is that industry-sponsored surveys are a good deal more reliable than those cobbled up by his own office, and deserve greater attention. Go figure. The Commerce Committee, for its part, is indeed puzzled, and the jury is very much out. The Register has learned that any decision is likely to be delayed until after current US/EU policy harmonisation talks on Web privacy give some indication of which way the hot air is blowing. If national regulation appears inevitable, Congress is sure to climb on the legislative bandwagon lest the US Commerce Department gets the jump on them. But for now things are a bit quiet on Capitol Hill. That's because the Committee fears producing a slapdash bill that will require continual and publicly-embarrassing switchbacks and tweaks to get it into a reasonable form, as few members have the background in Internet computing needed to make a first-round knockout bill likely. Numerous members are "like bookends" in the discussions, a Committee spokesperson joked to us. "They're not up to speed on the issues, or the technology." In that case perhaps it's best that they don't try anything too strenuous - like drafting an Internet privacy statute, say. The core message here is that Web users had better look after their own privacy: the legislative momentum is drifting towards diffusion and forfeiture of responsibility - all of which may be a good thing, actually. And Zero-Knowledge Systems president Austin Hill couldn't agree more. His Canadian firm makes a software package combining strong crypto, proxy servers, remailing, and several other tricks to ensure not just privacy, but anonymity, on line. "Why should you trust the laws?" Hill asks, then answers: "Laws can change." Trust cryptography; trust the math, he urges. "Users," he says, "shouldn't have to trust me, or anyone else, for their privacy." A fair observation, and in it a hint of the boost companies like his may get from US Congressmen scratching their heads as the Internet whizzes by. Oh, and as for the Clinton Administration's position on Web privacy, Internet inventor Al Gore declined to take The Register's call. Perhaps he's now occupied with inventing the World Wide Web. We'll let you know if we ever get through. ®

Sponsored: Network DDoS protection