Expert: Go Easy on Privacy Regulations Privacy from Companies9/20/2000; 11:38:10 AM 'Say what you will about Richard Epstein, but don't call him a privacy zealot. 'The erudite University of Chicago law professor said Tuesday that instead of staking out extreme positions on both sides of the topic, advocates instead should consider the likely outcome of government regulations....'This is very true, and a Wired article from later today turns out to provide the perfect example to that. In An Ordeal: Copin' with COPPA, we see

...Therrien has come to believe that the Children's Online Privacy Protection Act is a flawed piece of legislation, and has decided it's easier to help his kids forge their ages to set up email accounts than it is to submit his credit card number, as at least one free email service (Hotmail) is demanding. "Maybe I'm admitting to a crime there, but I had a philosophical problem with giving them that kind of information," he said. "I don't want to give up credit card numbers where all I'm trying to do is set up an email account for my kids."

I'm sure COPPA gave our Congress-people lots of warm fuzzy feelings, but COPPA isn't working out all that well, because I don't think Congress ever stopped to think about side-effects. Designing privacy protection systems has all the legal complication that passing any law entails, and all the technical complications of system design, multiplied together. Few people understand both sides of the problem... perhaps nobody.Going back to the "expert" in the Wired article, I don't agree with him 100% but I do understand and agree with his call for thinking before we leap. There is one thing he said that I'd particularly like to take issue with, though:'Cox said that the benefits of exchanging personal information -- such as lower costs and greater customization -- exceeded the privacy costs.'Says who? Perhaps he's only talking about giving information away to a certain site for customization purposes, and it probably is true that the benefits of doing that outweight the costs... but it's not what we privacy advocates have a problem with! In those cases, you can simply refuse to divulge your information and nothing catastrophic occurs.The bad thing is the culture of selling, buying, aggregating, and selling again. If you want to order something online, you have to tell them where to ship it. In order to allow Userland to host this site, I had to tell them my e-mail address. Certain "breaches" of privacy are necessary, but that doesn't mean that the info necessarily must be sold, or else lower the value of our economy. When info is sold, company-to-company, there's often (nearly always) no real benefit to the consumer, regardless of what the focused advertising(/annoyance) proponents say. This info sharing is not necessary for our economy to survive. The critical point, though, is that we believe the decision of whether information is shared, whether customer-to-company or company-to-company, belongs to us, the consumer, not 'experts', and certainly not the companies! That is the 'extreme position' we privacy advocates take. I guess it's your call on just how 'extreme' that is.ps: This all begs the question of how valuable your privacy is. Some people seem to place it near zero, others quite high. Look at it as a supply-demand cost issue: Right now, the supply of privacy is high (or perceived to be high) so many people are having a hard time assigning significant value to it. What would this same expert say if the supply was low?