Openness vs. privacy on the Web

Opt-in. Opt-out. There's only one word of difference between the two phrases, but there's a world of difference for people who care about Internet privacy.

Both refer to the way merchants or other Web site operators who collect information about you can use that information outside of their own businesses. In most cases, that means selling it to anyone who's willing to pay for it.


The data can include not only your name, physical address, e-mail address, phone number, credit card information and purchases, but also details of every item you looked at while you were shopping. With Web bugging techniques, merchants can even track your surfing habits on other Web sites and sell that information as part of the package.

In the battles over privacy legislation in Congress - and now in state legislatures such as Maryland's - privacy advocates prefer the opt-in method, which requires you to affirmatively give permission before a merchant can peddle your personal information to outsiders.


Retailers and other Web site operators who collect this information prefer no law. For years they've argued that the industry can regulate itself, but given one horror story after another, nobody believes that anymore. So if there has to be a law, they prefer the opt-out method. This gives them the right to sell your information unless you forbid them to do so.

Why is this so important to business? Lauren Weinstein, moderator of the Privacy Forum, one of the Internet's oldest watchdog groups, puts it this way:

"Increasing numbers of Internet-related firms are finding that one of their few truly valuable assets is their customer database, often chock full of fascinating information. Even small databases with high accuracy rates can be lucrative, while large databases can prod even the most jaded of direct marketing gurus into a frenzy of excitement."

As usual, the devil is in the details. In this case, the Opt-in-Opt-out detail will probably show up in a little box that appears at the bottom of an order form with wording like this: "From time to time, would you like us to share your name with partners who will provide you with valuable offers that match your interests?" (Translation: Can we sell your name to anybody who coughs up enough cash so they can fill your in-box with spam and call you at dinnertime to sell you life insurance and storm doors?"

Under the opt-in method, the box would be unchecked, and you'd have to click on it to give the merchant permission to sell your information. Under the opt-out system, the box would already be checked, and you'd have to remove the check to maintain your privacy.

In many ways, the battle in Maryland's General Assembly is a microcosm of the national opt-in-or-out battle. On the opt-in side, House Bill 14, introduced by Prince George's County Democrat Anthony Brown, would prohibit merchants from sharing personal information "unless the individual affirmatively consents to the sale or distribution of the records."

SB219, sponsored by Carroll County Republican Timothy R. Ferguson, takes the opt-out approach, prohibiting the sale of consumer information "unless the merchant offers a conspicuous and explicit method on the merchant's Internet site that allows the consumer to prohibit the merchant from collecting, using or disclosing the personal information." That sounds reasonable, but given the creative obfuscation that Web sites already apply to placement and content of their privacy statements (some of which go on for pages of legalspeak), it's unlikely that any but the most determined Web surfer would find his way into opting out. And there's nothing in the bill to keep a merchant from changing the terms of his privacy policy without giving customers a chance to opt out again.

It's also interesting that the fight over privacy legislation is moving to the state level. Although survey after survey has shown that voters are concerned about Internet privacy, Congress has struggled over the issue for three years without taking action.


The business interests lined up against Brown's "Opt-in" bill at a hearing last week argued that given the Internet's borderless nature, any legislation should be nationwide in scope - giving merchants and consumers everywhere a consistent set of rules and protections.

Once again, this has the ring of logic, but in reality, industry lobbyists know it's much easier to kill, stall or disembowel federal legislation with contributions to a handful of key Congressmen than it is to hijack 50 state legislatures. It's not that state legislators are immune to campaign contributions, football tickets and fancy lunches. But they tend to be closer to their constituents while federal lawmakers are less influenced by out-of-state arm-twisters.

If you're interested in maintaining your privacy, maybe the state is the place to start. If even a handful of state legislatures act to keep your personal information personal, Congress may be forced to do something about the issue.

In Maryland, you can send e-mail to legislators directly from the General Assembly's Web site at