Senators fail to agree on privacy approach

After six months worth of allegations of privacy invasions involving some of the largest Internet companies, it should come as no surprise that politicians are calling for new laws. The fact that it's an election year probably made it inevitable.

But an unusually lengthy Senate Commerce Committee hearing on Tuesday, titled "Consumer Online Privacy," made it clear that there was zero consensus on what approach to take.

Politicians fretted about everything from retailer Amazon keeping records of what customers purchased, unsubscribing from spammers' lists, peer-to-peer software vulnerabilities, the now-defunct NebuAd, cancer patients whose sensitive e-mail is redistributed, Facebook "commercially scanning" its users' information, which regulators should be in charge, and whether mandating credit card-like disclosure statements for Web sites would be a good idea.

Don't look for any actual legislation to be enacted anytime soon, in other words.

The hearing comes as U.S. companies' data collection and use practices are being subjected to increasing scrutiny on Capitol Hill, in part because of high-profile privacy missteps by Facebook, Google's accidental capturing of some unencrypted Wi-Fi traffic, and allegations that everything from Twitter to smart grids and in-store advertising has become overly privacy-invasive. And there was AT&T's data breach last month that potentially exposed some personal information about more than 100,000 Apple iPad owners.

Meanwhile, two lengthy--and highly regulatory--data use bills recently have been proposed in the House of Representatives. Internet industry representatives have warned they could cause economic harm.

Even if the members of the Senate Commerce Committee agreed on legislation tomorrow, there's scant time left to enact it this year. But in addition to allowing senators to position themselves as pro-privacy in relation to a topic that's been in the news, Tuesday's hearing could set the stage for an actual law in 2011.

The question is just what form it might take. Tuesday's committee meeting ranged so widely it's difficult to find an apt analogy: it was rather like an armed services committee veering from discussions of Wikileaks to Taiwanese tank purchases to nuclear arms reduction to what military bases to close.

Sen. Claire McCaskill (D-Mo.), for instance, was worried that after she "looked up a foreign SUV" on the Internet, she visited another Web site and "there were a bunch of ads for foreign SUVs." (McCaskill carefully assured the cameras that if, in fact, she were to go through with a purchase of an SUV, "it would certainly be an American SUV.")

Of coupons and cloud computing
McCaskill then asked Google privacy engineer Alma Whitten what happens if someone prints out a coupon with a bar code and takes it into a store. "Isn't it true that at this point...embedded in that bar code is a whole bunch of information about you?"

Whitten tactfully replied that Google does not "engage in" the practice of offering grocery store coupons.

Committee Chairman Jay Rockefeller (D-W.Va.), who appeared not to be a frequent customer of Amazon or eBay, was worried that an online retailer "records every book you purchase" and "these machines, as I call them, are storing all of this information about you."

Sen. George LeMieux (R-Fla.) wanted "uniformity like I know we've done with credit cards with the box that you see on your credit card statement that is in bold." In the past, LeMieux said, "Congress passed that regulation (which) allows you to see in clear writing what it is and there's some uniformity to it, I think that that is good for consumers."

LeMieux didn't go into details about what kind of boxes Web sites would be required to post, or how mobile devices would display it. (There are some related industry efforts afoot to do that for browsers.)

Sen. John Thune (R-S.D.) was more concerned with what happens when government agencies move to cloud computing--something that this week's security announcement by Google makes more likely.

"Does that improve the data security of that information?" Thune asked. "And are there particular security or privacy threats that we ought to be cognizant of as government agencies make that transition?"

Julius Genachowski, the chairman of the Federal Communications Commission, replied with a boilerplate answer: "Well, cloud computing, I think, can in some instances increase the efficiency and more options for businesses, small businesses that want to store data."

One of the few electric moments came when the committee chairman accused Facebook's chief technology officer, Bret Taylor, of lying.

"When somebody asked you the question, 'Who's responsible for privacy protection,' you said, 'Everybody who works at Facebook is. Everybody who works there is' and I found that somehow suspicious and disingenuous," Rockefeller said."

He added: "I think companies have to be divided up in certain things and people don't spend all of their time on every single question that comes before them saying, 'What's the--what are the privacy consequences of this. I don't believe what you said."

Taylor was briefly taken aback by being called a liar. "I think that's a very fair point, Mr. Chairman," he replied. "What I intended to say is that the engineers and product managers who are developing the products at Facebook take into account privacy at every aspect of the product design. We do have a team devoted exclusively to (security)."

Rockefeller appeared to be mollified by that response. "I like that," he said. "I accept that."

Perhaps the best line came from Sen. John Kerry, the Massachusetts Democrat. "There is a lot of confusion and a lot of anxiety among the public at large about what power they have over the collection of information and over their lives," he said.

Confusion and anxiety about technology? The same could, perhaps, be said about the members of the Senate Commerce Committee.

[solitare_pax]

Nice to see our tax dollars at work to restrict our freedoms under the facade of 'privacy'.

From these comments, I would say most of those Senators would be hard-pressed to pour water out of a boot with instructions printed on the heel.

[dumbspammers]

The European Union already has strong privacy legislation in place, and most American businesses of any size do business in Europe - so they already have the mechanisms in place to comply with those laws.

Guaranteeing consumer privacy is not "restricting our freedoms." It is, in fact, a way to ensure that citizens are not afraid to exercise the freedoms they already have. Would you buy anything from a business if you knew that business was going to require you to give up personal, private information, with no guarantee that the information would not be sold? What if it was to be sold to pornography spammers? Do you want spam for porno coming to your home? Right now, there is NO guarantee that won't happen in you shop at (for example) WalMart.com

I would be hard=pressed to disagree with your assessment of the competence of the American lawmakers, however. Regardless of Party affiliation, the only things they seem to do well are get re-elected, and abuse interns. Anyone with half a brain could adapt the European laws to our situation, and quickly.

[mlschafer7]

Facebook?s current privacy policy is approximately 10 pages long, and has a Flesch-Kincaid Reading Ease of 34. Any score below 30 is best understood by college graduates. AT&T?s 18 page privacy policy, has a reading ease level of 20. Google?s current privacy policy is approximately five pages long, and has a reading ease score of 12, which is best understood by college graduates that have over 18 years of formal education.

Tuesday?s Senate hearing is just a first step in address what seems to be the ever growing concerns over privacy online. While it is currently unclear what next steps the government will take in addressing these concerns, it is unlikely that Congress will get a vote on any privacy legislation this year. Sen. John Kerry [D-MA] did release a statement, however, saying he intended to pursue legislation. The FTC is hoping to release recommendations regarding privacy online in the fall.

[CNET editors' note: Promotional URL deleted.]

[OniOokamiAlfador]

Perhaps the best line came from Sen. John Kerry, the Massachusetts Democrat. "There is a lot of confusion and a lot of anxiety among the public at large about what power they have over the collection of information and over their lives," he said.

"Best Line" my pasty butt. Kerry just did the same thing he always does. He states an obvious neutral fact, and waits to see which side is "winning" to declare his opinion.

[RationalHeterosis]

There seems to be some confusion among techies about roles during Congressional hearings. When a party is invited to testify before Congress, it is incumbent upon the person testifying to inform the members of the panel.
I watched the Hearing. I thought the industry came off like a bunch of arrogant, techie kids who don't have the patience for Congress, or their customers. This is a problem when both customers and Congress have the power to put you out of business. Articles like this won't help the industry's reputation with Congress or business analysts.

[kehandley]

The actual confusion is that most people think there need to be some smart guys in Washington running things. And Most people probably are confused enough to think that their representatives in Washington are smarter than they (the constituents) are. If only we had more people asking "Why the hell is anybody 'asking' someone to testify about a product that is optional to use?" and "And if they have to testify to somebody about it, why is it these clowns?" and "Why do people like telling other people what to do?"

[bwinski]

This is TRULY sad.. The technology that these clowns are trying to 'regulate' or manage is SO FAR AHEAD of them I'm astonished that they're not embarrassed to be seen in public having a conversation about ANY of this.. This kind of hearing is where phrases like 'the Internets' and 'a series of pipes' came from..

Your closing hypothesis is truly telling "...Confusion and anxiety about technology? " best describes ALL members of congress who are worried about where their next BRIBE (campaign contribution in a manila envelope) and have NO CLUE how technology has grown, flourished and now controls day-to-day transactional happenings between almost everyone on the planet!! Truly dim..

[Kasar99]

They should just do what they've done for other things they don't understand. Copy someone else's legislation, even if it could be considered piracy.

Take Germany's and modify it to fit US norms. Of course that wouldn't work, they'd first have to be convinced that any private citizen deserved a modicum of privacy.