/ Reprint: Privacy in the Electronic Environment: All Smoke and Mirrors

This paper was adapted from a presentation at the AAAS-ICSU Press-UNESCO Workshop on Developing Practices and Standards for Electronic Publishing in Science, Paris, October 12-14, 1998.

Q: What is the difference between America Online and the Internal Revenue Service, Lloyds of London, and L.L. Bean?

A: Only AOL tells you upfront and in great detail how it protects your privacy.

AOL says (among other things), "We do not give out your telephone number, credit card information or screen names, unless you authorize us to do so."

In this increasingly privacy-aware world, that's reassuring. Yet it's interesting that we don't demand such assurances from other institutions, some of which get information from us that is far more personal. Where is the IRS's privacy statement? Does L.L. Bean tell us the kind of safeguards it has on its 800 line to protect us when we give our credit-card number over the phone? And what about those insurance companies? Recently my new household-insurance company sent out a newsletter to all its agents listing my name among those of selected new customers. Company officials couldn't understand why I objected. They couldn't see that identifying the company that holds a list of my valuables might leave me open to victimization from the unscrupulous. But AOL would have understood — as would anyone in the electronic environment.

We're more aware of the problems on line, because the environment is new, and we are not yet completely comfortable with it. On line we are aware that information is both evanescent and permanent. An e-mail message you wrote to a discussion list three years ago remains on some server somewhere — beyond your control and yet within someone's reach. (See Thomas Field's article for more on that.)

The risks are also greater on line. In the real world we rely on security through obscurity. We are protected because we recognize that information about us is expensive to get compared to the value of having it. The ease with which someone can invade our privacy on line is sobering. A lazy snoop could find all sorts of information about us while sitting at a desk, sipping a latte, using just a computer and a modem. No need to break into offices in cities around the country in the dead of night, eluding watchmen, focusing a pencil-ray flashlight on a hastily grabbed file, then taking a picture with a tiny half-frame Minox camera. An unscrupulous person, seeking to amass a file of potential suckers, can get current information quickly and far more accurately than by making random phone calls to see who bites.

But the same technology that makes invasions easy also helps prevent them. Do you remember how long it used to take to change your address on magazine subscriptions? Or remember trying to track down your file when you had a case in a civil court? Now many businesses let you update your information on line. Or they put their hands on it electronically when you phone in to find out your status.

The real issue is not technology. Any problem technology creates, technology can solve. The real problem is the feeling of security, the belief in privacy. That is the reason for all those laws and regulations that are being proposed (and, especially in the E.U.), enacted. People are asking their governments to guarantee their privacy by imposing sanctions, some of them criminal sanctions, on companies that don't protect them.

Interestingly, most of the laws and regulations are less onerous than they seem at first. The underlying principle is No Surprises. If you want information from me, you have to tell me how you are going to use it, and then you have to keep your word.

Unfortunately, in this Information Society, many companies are guilty of hoarding whatever information they can get, in the belief that some day it will become valuable. They are like the misers of legend who, once they collected their gold, buried it in secret vaults to which only they had access so that the tax collectors, the charity collectors, and their relatives could not tell them how to spend it. And like those misers, the information hoarders (and many of us are in this group) don't even use the information. It's just nice to know it's there in case you find a good use for it.

So my message today is:

Give it up! Stop insisting that you need control of all the information you collect. Tell people in advance what you're going to do with the information, and then do only that.

At JEP we collect information about our subscribers. We ask them their names and e-mail addresses, we ask them where they work and what they do. We even ask them to tell us their favorite ice-cream flavors, although that information is not required. We also collect information that people don't volunteer, like what domain they are from, and what time they visit us. That information is collected automatically by our server.

And here's what we tell them we will do with all that information — and note that we have included in our explanation the fact that we collect information they don't offer, and we explain what we can and will do with that information, too.


If you visit our Web site but do not subscribe or send us e-mail, we will not have enough information to contact you. We collect no e-mail addresses, only the domain names (the letters that follow the @ sign in your e-mail address) of visitors to our Web site. We tally what pages visitors visit, but do not trace the path of individual visitors. The information that we collect from readers is used only to improve the content of our site.

If you visit our Web site and send us e-mail, we will try to respond to your comment or question. If you write a letter to the editor, and it is published, your e-mail address will be posted unless otherwise requested. An e-mail address received that way will not be used for our own promotional purposes or shared with other organizations.

If you visit our Web site and subscribe (it's free!), we will send you a notice of each new issue when it appears. We will not sell or share our subscription list with other organizations. If you have subscribed and wish to unsubscribe, please contact us.

If you have questions or concerns about the online privacy policy of The Journal of Electronic Publishing, please contact us. E-mail: jep-info@umich.edu

Note that there is no fax number or postal address. That is intentional. This is, after all, The Journal of Electronic Publishing.

Privacy has to do with information about an individual, not aggregate information. By making that distinction, we can reassure people about privacy. It would be interesting to know that 72 people rented "Debbie Does Dallas" in the last six months. It is embarrassing to be identified as one of them. Laws and rules aside, it's an issue of trust. No matter what we think of the Internal Revenue Service (especially around April 15), we trust that it will protect our information. We don't insist on knowing what kind of encryption the IRS has on its computers, or whether they have a firewall between our tax return and prying eyes.

To keep the trust that we, as publishers in the scholarly environment have built, we need to reassure our subscribers, authors, and readers as we move into new technologies. And we can reassure them by letting them know what we collect, what we do with it, and what rights they have.

We need to face up to the issues, and answer the questions before they are asked.

  • Do we keep a log of every search they do? Every article they call up?
  • Do we keep track of what sites they visited before they came to us, or what sites they go to?
  • Do we coordinate our subscriber data with their domains or e-mail so that we will know what they saw or said, and when?
  • If we have personal information, how do we protect it?
  • What procedures are there for correcting errors in our records?
  • Do we use cookies, and if so why, and what do we do with the information?
  • Do we make the names of members of our listservs available, and if so to whom?
  • How long do we archive Web conferences and newsgroups?
  • How do we protect the collection of information such as credit card numbers?

Most important, we need to use the technology to reassure our users. We can do simple things like not showing passwords or credit-card numbers typed on the screen (although the tradeoff is multiple mistakes by people who don't type well). We can have a "secure" section of our Web sites that require browsers that can accept the security. We can encrypt our transactions (although not yet internationally — a subject of another workshop).

The U.S. General Services Administration has the following suggestions about privacy on Web sites that we, as publishers, can adopt:

  1. Place a high priority on protecting the public's privacy at Web sites.
  2. Stay up-to-date on the impact changes in Web-site technology have on privacy.
  3. Notify the public using an appropriate privacy notice whenever you are collecting data on the Internet.
  4. Use information only for the purpose for which it was gathered as disclosed in the privacy notice.
  5. Protect privacy for all forms of data (text, graphics, sound and video).
  6. Information obtained to conduct system administration functions must still be protected.

The hardest job we have as publishers in this new environment is establishing and keeping people's trust — in the technology, in our services, and in us. The way to build that trust is through disclosure. Tell people what we are going to do, and then do it.

Judith Axler Turner pioneered the many electronic-publishing innovations made by The Chronicle of Higher Education in her position there as Director of Electronic Publishing. She now has the same title at Turner Consulting Group, a Washington, D.C. company that specializes in Web applications. A current client is the PubMed Central project at the National Institutes of Health. She has been the Editor of The Journal of Electronic Publishing since 1997. She may be reached at judith@turner.net..

Link from this article:

America Online's privacy policy, http://legal.web.aol.com/policy/aolpol/privpol.html