Self-Regulation for Internet Privacy

Copley News Service, 04/05/2001

The Internet is changing civilization as we know it, for the better in my opinion. However, like any revolutionary new technology, there are potential dangers associated with the Internet that cannot be ignored.

The loss of personal privacy is among the top concerns. Whether to the prying eyes of government or to private snoops gathering personal and financialinformation for fun and profit, the Internet is like a huge picture window into the lives of Web users. No one wants to live in a fish bowl. Everyone – individuals and businesses alike – wants reasonable assurances that information they provide on-line, whether personal or financial, is reasonably protected from public and government scrutiny. The first and most obvious answer to this problem, of course, is to strictly limit the information you give out on the Internet and to inform yourself about the privacy and security policies of companies you deal with on-line. Caveat emptor: Let the buyer beware – or in this case, Let the user beware -is still the governing principal in commercial activities.

In the case of the Internet, however, it may be impossible for users to know what is going on in the “microcosm” of cyberspace where electronic bytes of information travel at the speed of light. It’s not surprising, therefore, that a growing chorus has arisen for Congress to “do something” about Internet privacy.

When the new Congress convened in January, the issue of Internet privacy – how best to ensure the privacy concerns of millions of Americans logging onto Web-based services of all kinds – was supposed to be Technology Topic No. 1. But as usual when it comes to the question of Congress “doing something” to “correct failures in the free marketplace,” the larger question is what can it do effectively without making matters worse?

The good news is that as Congress deliberates, the need for it to “do something” is being overtaken by both technological change and growing competition among state governments, Internet service providers, and Web sites themselves (both commercial and non-commercial) to reassure consumers that their privacy is being adequately safeguarded. In fact, they’re doing a lot more than the federal government, which (lest we forget) is by far the largest collector and user of personal information.

The tech industry has promoted the principle of self regulation and setting industry wide security standards as the best way to keep consumers happy in cyberspace. Politicians like to protect their regulatory turf by pooh-poohing the idea of an industry regulating itself. In fact, though, self regulation has always been a most fruitful means of taming the excess of unbridled markets. Just think of Underwriters Laboratories with its safety ratings, or that old chestnut, the Good Housekeeping Seal of Approval. If the private sector sets standards and benchmarks and makes them credible over the years, the public benefits much more than it would from ham-handed, politically motivated, government regulations that become obsolete before the ink is dry.

Internet regulation is a slippery slope, and we have to face the fact that government can never keep up with the rapid pace of change in the high-tech sector. Consumers and privacy advocates alike will be better served by a flexible approach including self regulation, common industry standards, and common-sense consumer advocacy.

My good friend and colleague Floyd Kvamme, chairman of Empower America, and President Bush’s outstanding choice to be his new co-chair of the President’s Council of Advisors on Science and Technology, spoke to this issue in testimony before the House Financial Services Committee on March 29. He stressed that “with product life cycles becoming ever shorter, issues of importance to these sectors arise quickly and demand immediate attention. Because of its slow-moving nature, government policy-making simply is not equipped to respond to many of these concerns in a timely fashion. Oftentimes, a late or misguided government response will do much more harm than good.”

Exactly right. And government doesn’t have a great record itself in protecting information about citizens who use its Web sites, including the IRS, which both shares information (without informing the “consumer”) with many other agencies, and has itself proved vulnerable to hacking.

Maybe we should stick with the wisdom of the high-tech industry leaders, folks who have done more for consumers than any bureaucrat I’ve ever met.

Jack Kemp is co-director of Empower America and Distinguished Fellow of the Competitive Enterprise Institute. His column is distributed by Copley News Service.