|
Presentations
PRIVACY AND E-COMMERCE presented at the IEEE CONFERENCE IN EDMONTON
May 10th, 1999
By Catherine Johnston, President & CEO, The Advanced Card Technology Association
of Canada
Good morning. I would like to thank the program
committee and in particular Des Fernando,
for arranging my participation today. I applaud
you for coming out to this session, because
I'm not sure I would be keenly interested
in a topic of privacy and e-commerce.
In spite of that, the topic is interesting
because it incorporates two very misunderstood
and sometimes misrepresented terms. Let's
start with privacy. With all the things you
worry about, where does privacy rank? How
many of you think, "I have nothing to
hide"? Personally, I always think there
is nothing remarkable about my life, so who
would be interested? When we think of privacy,
we think of keeping things secret or at least
confidential.
Today the term is used to cover much broader
risks. In addition to keeping highly personal
information secret, we are also concerned
about what information exists about us, who
and how many people have it and if it is
accurate, complete and timely. Technology
makes it very difficult for any of us to
answer those questions and as a result, consumers
are becoming increasingly more concerned
about what they call privacy.
We have all heard stories about inaccurate
information. For example, the person who
received a parking ticket based on a license
plate number inaccurately recorded, even
though the person was not even in that city
on that day. The repercussion here is that
the person must take the time to fight the
ticket. Let me tell you about a more serious
case.
A man in the United States had a medical
test and a result was coded incorrectly on
his chart. The information was relayed to
his employer's insurance company. As a result,
the employee's medical insurance was cancelled
and the employer was notified. Without insurance,
he could not keep his position. It gets worse.
Every time he applied for a new job, his
medical records were brought forward, he
was denied insurance and as a result, this
man became unemployable.
Here is a case where the insurance company
thought it knew the test results, but they
had inaccurate data. Even though this was
a true story, let's change it slightly to
look at other possibilities. What if the
hospital had caught the mistake and corrected
their records? The incorrect data had been
sent to many other places. The hospital could
not possibly know how broadly the information
had been distributed and therefore could
not correct records out of their control.
I only have 15 minutes, so I won't give you
examples of the consequences of information
that is incomplete or out of date, but I'm
sure you have heard stories. I do however,
want to identify two other risks.
The first is that perfectly valid information
about someone else is mistakenly attached
to you. How many of you have gotten phone
calls from companies that think you owe them
money, when indeed it is someone else with
a similar name? A dangerous spin on this
is when someone deliberately steals your
identity. This is one of the fastest growing
frauds of this decade.
Technology has caused us to lose control
of our personal information. We are all well
aware that the Internet is the fastest growing
communication tool in the world. As millions
of people use the Internet for a variety
of reasons, they are giving away personal
information, usually without their knowledge
or consent. Consumers often divulge personal
information to enter online contests, apply
for discounts or register to use certain
web sites. It is a common misconception that
this information remains confidential. In
reality this information can be collected,
stored and even purchased without the consumer's
knowledge or consent.
Some of these seemingly innocent transactions
could come back to haunt you. According to
an article in the Toronto Star last Friday,
consumers should be aware of the minefield
of personal data available on the web. David
Sobel, Chief Council to the US Electronic
Privacy Information Centre warns that in
5 or 10 years, it could become routine for
a potential employer to query web databases
to determine whether an applicant frequents
certain types of web sites.
You must wonder to yourself how easily accessible
personal information might be. Surely the
common web user can't easily access information
about you. Sorry, it's easier than you think.
There are examples of emails and other personal
information that have been uploaded to web
pages and finding them is as easy as entering
a name into a search engine. Even Social
Insurance Numbers can be found online. One
web site displays the social insurance numbers
of Bill Gates, retired General Colin Powell,
investor Warren Buffett and a California
senator.
According to Barry Steinhardt, Associate
Director of the American Civil Liberties
Union, the advent of the internet means,
"It is easier to collect, store and
cross reference personal information about
individuals. The Technology for data collection
has developed far more rapidly that the law
that protects us against the misuse of data
and against the collection of the data without
our consent."
Not everyone shares Mr. Steinhardt's concern.
James Warren, founder of the annual Computers,
Freedom and Privacy conference, feels that
along with intrusions in privacy come the
solutions. His suggestion is to use cryptography
- the technology for scrambling and unscrambling
digital communications. He believes that
if cryptography were incorporated into computers
and networks, most of the privacy problems
would go away. I can't support that theory.
The idea of technology and the invasion of
privacy tend to remind us of the classic
book, '1984', revealing a world in which
Big Brother watches every move. Let's take
a look at that from a realistic perspective.
On your way into work you stop to buy gas
and pay for it with a credit card. You go
out for lunch and pay for it with your debit
card. So far the capture of your information
seems to be a simple tracking of your purchase
patterns and where you were at specific times.
Now, let's say you purchase an item online.
Not only do you give your name and card number,
you also provide your address for delivery
purposes.
Over time, you provide a great deal of information
about yourself. E-commerce may require that
even more information be provided as a way
to authenticate the participants.
So what is the solution? We are not going
to return to a world where all purchases
are paid for with cash and merchandise taken
with us. We are far too enamored of the conveniences
of technology. E-commerce is growing rapidly
in the business-to-business sector, but privacy
concerns are slowing down the emergence of
consumer to business e-commerce.
Around the world, governments are dealing
with privacy issues by developing regulations
and legislation. The European Directive and
the desire of non-union countries to maintain
a favourable trading relationship, drive
much of this activity. In Canada, we are
introducing federal private sector privacy
legislation. Most provinces have public sector
legislation but the Province of Quebec is
the only one to deal with the private sector.
Legislation will only be effective if it
is clear, there are adequate penalties for
breaches of the law and the penalties are
applied. From the consumer's side, we must
be more aware of what information we provide
and question why it is being requested. For
example, when we buy batteries at Radio Shack,
and pay for them with cash we should not
give them our address, simply because they
ask for it. Businesses and governments must
give thought to the information they collect.
They should ask for only the specific information
they require, they should tell the consumer
what they intend to use the data for and
ask their permission for any secondary use.
No longer is it the paranoid conspiracy minded
individual who worries about the tracking
and collection of all personal data. It is
a fact that personal information is now big
business. It is gathered, collected and sold.
Personal information related to spending
trends helps marketing firms to create better,
direct, and more cost effective marketing
strategies. While this may be a terrific
new business tool for some, the benefit does
not necessarily outweigh the social cost.
The public will not trade privacy for increased
corporate profit margins. This is where legislation
comes into play. Legislators must create
fair laws to ensure the proper and ethical
management of personal information. If not,
the old saying, 'caveat emptor - let the
buyer beware' will take on a new meaning.
Good privacy practices will be the foundation
for good e-commerce.
Catherine Johnston
President & CEO
Advanced Card Technology Association of Canada
905 426-6360
ACT Canada is an international non-profit
association for the advancement of card technologies.
We work on behalf of our members to promote
the awareness, understanding and use of all
advanced card technologies; including optical,
smart, capacitive and emerging technologies.
If you would like to learn more about ACT
Canada membership please visit the membership section of our web site or contact our office at
(905) 426-6360.
Please forward any comments, suggestions,
or questions to info(AT)actcda.com
|
 |
