From...

by Alex Lash

(IDG) -- RealNetworks was caught two weeks ago with its hand in the information cookie jar. Without warning users or asking permission, its popular RealJukebox software was transmitting personal info, including titles and songs from users' CD libraries, back to the company. TRUSTe, the industry's self-policing solution to the privacy problem, once again responded to a member's high-profile data violation by clearing its throat, expressing grave concern and sternly welcoming the offender – chastened and repentant – back into the family circle. No probation. No repeal of its seal of approval. Nothing harsher than coaxing it to let outsiders audit its privacy practices.

A similar situation happened this spring when Microsoft improperly gathered user information through a Windows 98 registration wizard. TRUSTe frowned, tsk-tsked, and in the end really did nothing.

	MESSAGE BOARD
Online privacy

TRUSTe, other "trustmark" organizations, and lobbying groups like the Washington-based Online Privacy Alliance are all signing up members pledging to follow good privacy policy. Their goal: Head off government meddling in matters of online privacy. Over the summer, for instance, they helped to dissuade the Federal Trade Commission from recommending privacy legislation to Congress, despite an industry-funded report that showed fewer than 10 percent of Internet sites that collect personal information had adequate privacy policies.

MORE COMPUTING INTELLIGENCE

IDG.net home page

The Standard.com

Industry Standard email newsletters

Industry Standard daily Media Grok

E-BusinessWorld

Reviews & in-depth info at IDG.net

IDG.net's personal news page

Year 2000 World

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for computer industry cognoscenti

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

Net companies that promise to abide by baseline privacy standards and pay up to $5,000 win the right to display the TRUSTe seal, proving their trustworthiness to visitors. If the nonprofit TRUSTe were truly to excommunicate its more generous members – like RealNetworks and Microsoft – it couldn't survive. It's an inherent conflict of interest.

By displaying a seal and posting a privacy policy, the argument goes, a company makes promises that are enforceable under consumer fraud laws if broken. But the only enforcer in the United States – the FTC – would rather help violators move into compliance than mete out fines that could dissuade others from taking foolish risks with customer data.

Entrepreneurs like to talk about pushing the envelope with business models and new products. But an unfortunate byproduct of that attitude is that companies are pushing the privacy envelope. So far, consumers have shown little resistance. Consider their willingness to take free Net access and PCs in exchange for submitting personal data and promising to watch lots of ads.

That may be changing: RealNetworks faces at least two class-action suits for its transgressions.

No matter where you turn on the Web, someone will be collecting your data. And "sorry" won't cut it if hackers get in, or if a misguided soul in the marketing department decides to share customer lists with someone. Apologies seem to be enough to placate the industry's watchdogs, who say government oversight would hold back the Internet Economy. Letting RealNetworks, Microsoft and other privacy violators off with a slap on the wrist only encourages others to take chances.

It's time to put away the carrot and bring out the stick.