Mark Grossman's Computer Law Tip of the Week

Privacy on line is a hot button for many people. They're justifiably concerned that they may inadvertently be giving away more information about themselves than intended while they're surfing the Net. In fact, this concern may be well justified. With a little education though, you can minimize your risks or, at least, understand them.

The quickest and easiest way to jump right into the heart of the privacy issue is to visit the Electronic Privacy Information Center (EPIC) Web site at http://epic.org/. It contains a wealth of information and links to other information on privacy.

One link on the EPIC site took me to a survey conducted by the Graphic, Visualization, & Usability Center of the Georgia Institute of Technology at http://www.gvu.gatech.edu/user_surveys/survey-1997-10/#exec. According to that survey, the issue that respondents say is most important is privacy (30.49 percent) followed by censorship (24.18 percent).

The average Internet user seems to have this generalized concern that people can hack into their computer while they're on the Net, steal their credit card information and, who knows, maybe steal their identity while they're at it.

This concern about privacy hinders the growth of the Internet and especially Internet commerce because people are overly concerned about the information that they're giving away over the Internet. It's a bit tough to buy something over the Net if a person is reticent to type in their home address for a delivery. A little information can go a long way here.

The fact is that every time you visit a Web site, you're transmitting some basic information about you and your computer setup. A site that illustrates this well is at http://www.anonymizer.com/. When I went there and clicked on the link that reads, "You don't have to tell us, we already know all about YOU," it told me the following information about me. I've provided simplified translations in brackets.

"You are affiliated with Netrox LLC. [Netrox is my internet service provider (ISP).] Your connection provider is located around Miami, FL (MAP). [Netrox is located around Miami.] Your Internet browser is Mozilla/4.04 [en] (Win95; U). [I use Mozilla (Netscape) version 4.04.] You are coming from ppp-09.mia-tc-1.netrox.net. [Yes, they can trace exactly where I'm coming from, but the trail ends with my ISP.] I see you've been visiting this page at www.cnn.com." [This is the Web site that I visited immediately before visiting anonymizer.com.]

Now conceivably, my ISP, like any ISP, could have a log that says that my account was using ppp-09.mia-tc-1.netrox.net at a particular time. With that information, you could now trace that Web site visit to anonymizer.com back to me personally or, at least, somebody using my account.

Most reputable ISPs will tell you that they would never give their log information to anybody without a subpoena or other appropriate court order. Still, be aware that the information could exist.

Try http://www.anonymizer.com. I don't know about you, but the first time I did it, I was startled. (By the way, if you click on "MAP" when you do this experiment, it will bring up a map showing the location of you internet service provider's office, but notably not your home.)

Notice that the one thing that isn't revealed though - your name and address. Still, if you've ever visited a Web site that you prefer to keep private, be aware that the next site you visit could record where you were immediately before.

Now, what I've talked about so far has to do with information transmitted over the Net. That's still not as bad as what you keep locally on YOUR HARD DRIVE. If you use Netscape 4.x, press "Control-H." Up pops a history of Web sites you've visited. It also tells you the title on the Web page visited, its Internet address or URL, the date you first visited it, the date you last visited and how many times you've been there.

On the theory that this column will be read by thousands of people, I must admit that I'm chuckling to myself thinking about how many of you will be getting sweaty palms worrying that anybody could know what Web sites you've visited. Then comes the next worry, which is "who's looked already?" If I were sadistic, I'd make you wait until next week's column before I tell you how to erase it.

But alas, I'll tell you now. In Netscape 4.x, you go to "Edit," and then "Preferences." Finally, you click on "Clear History." You also now have the opportunity to set how many days you want a Web site to stay in your history file. If you have an earlier version of Netscape, sorry, but I don't remember if the commands were the same. Anyway, this is as good a time as any to upgrade your browser to the latest version.

If you use Internet Explorer 4.x, you click on "Start," "Control Panel, "Internet," "General," "Clear History."

Of course, just because you erase or modify a computer file doesn't mean that all traces of the information are gone from your hard drive. The old file could be in your "Recycle Bin" among many other places, but that's a whole other column.

Posting Material on the Web

The flip side of visiting a Web site is posting material on the Net. The rule here is incredibly simple. Once you send material into cyberspace, you have irretrievably and forever lost any control over its dissemination. You can never successfully be sure that you have retrieved all traces of it.

Of course, in some ways cyberspace is no different from other more physical places. For example, if you give me a letter and then demand it back, you can never really know that you have all of the copies.

What makes cyberspace different is the ease of transmitting to the entire world. Have you ever posted a message to a newsgroup? (For the uninitiated, newsgroups are like computerized bulletin boards. Basically, you send an e-mail to a newsgroup and anybody in the world with newsgroup access can see your post.) Did you know that I can go to http://www.dejanews.com/ and find your post? In fact, if you're a newsgroup regular, I can find everything you've ever posted. Depending on what you've written about over time, I may be able to piece together an interesting profile on you, your life and your views.

Some Privacy Tips

There are some strategies that can help you maintain a reasonable level of privacy in cyberspace. I say this while reminding you that complete privacy isn't the goal. If that is your goal, you will need to find yourself an isolated cabin in the woods. You give up a small piece of privacy every time you give someone your address or telephone number. That's a normal and reasonable thing to do, but because cyberspace is new, many people lack the experience that in other contexts we call "common sense." So, here are some common sense tips.

Before you give any information to a Web site, check to see if they have a posted Privacy Policy. If they do, review it. It may tell you what they do with your private information. You may choose not to do business with them if you don't like the policy. Unfortunately, most companies whether its cyberspace, mail order, or whatever will sell your information to third parties.

Keep your passwords a secret. Change your passwords often. These tips are so basic, but people don't do it. (Hello, to my daughter in college. Did you hear me THIS time about your password?)

Tell your kids never to reveal their last name, address, or telephone number online without your okay. Tell them that this includes online pen pals and chat rooms. You must remind your kids of these rules often.

Remember that nobody will ever ask you for your sign-on password once you're online. Don't be fooled by anyone or anything that asks for your password once you're online. It's a scam!

Finally, don't reveal anything online that you wouldn't reveal offline. Don't get careless on the Net. It's like any big city. You have to be careful.