UNESCO calls Infoethics meeting Website of the month The battle of the bug	Cybersnoopers on the prowl Sophie Boukhari
Professor Philip Agre of the University of California at San Diego has sounded the alarm about systems that threaten private life. Protection of personal data has become a major concern among Internet users The power of new technologies is creating a formidable ‘surveillance economy’ Website of the month http://www.fao.org From its Headquarters in the Eternal City comes the Food and Agriculture Organization (FAO) website. Rated “exceptional” by the Encyclopaedia Britannica, which placed it among the top 1% of 65,000 sites profiled, it is available in English, French, Spanish and Arabic, and provides answers to everything you always wanted to know about food (as well as agriculture, fisheries, forestry and more) but were unable to ask. As well as extensive statistical data covering 210 countries and territories, it provides access to early warning systems on food and agriculture emergencies and prevention systems for animal and plant pests and diseases. A mapping system for information on food insecurity and vulnerability is in the pipeline. Participate in a number of ongoing e-mail conferences or in this year’s Food for all fund-raising campaign. Search or browse through more than 3,000 of the most recent and relevant pictures in FAO’s photo library. Currently featured: tropical fruit. Did you know that the 4 most traded fruits are pineapples, mangoes, avocados and papayas, imports of which totalled $2.2 billion in 1996 alone? If you live in an area where the Internet is not yet available, do not despair: FAO distributes CD-ROMS with similar information. The battle of the bug As the third millennium draws near, the entire world is threatened by the millennium bug, an unprecedented computer phenomenon that could have effects as wide-ranging as erasing maps to minefields and a recession more severe than the one caused by the 1973 oil price hike. Computers were programmed to indicate dates with just two characters—98 for 1998—to save memory. At zero hour on 1 January 2000 their clocks could turn back a century to the year 1900. The consequences could be unfortunate—an elevator could abruptly come to a halt between floors—or disastrous—the computers that help operate a nuclear power plant’s cooling system or manage air traffic could stop running. To avoid such scenarios, programs must be modified, tested and harmonized. Those operations are technically simple, but they require an exhaustive review of hundreds of millions of applications in every area from banking to manufacturing and healthcare. This painstaking task requires implementing major projects, hiring highly skilled workers and purchasing new hardware, leading the world’s largest companies to make substantial investments. But for many businesses, especially small- and medium-sized firms, it is apparently already too late to tackle the problem. According to upper-end estimates, on a planetary scale the operation will cost one trillion dollars, but the tab could soar even higher as the deadline nears and unexpected snags crop up, especially since the corrections made to programs themselves cause new problems. The millennium bug has mobilized armies of computer programmers in the United States, Canada and the United Kingdom, but the problem has drawn scant attention in other industrialized countries, such as France. Meanwhile, Asia is crippled by its banking crisis and the developing countries are too poor to afford to modify their computer systems.	In the digital age, how can privacy be protected without infringing people’s freedom to trade via Internet? ‘No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence. . . . Everyone has the right to the protection of the law against such interference or attacks.” This may not be the best-known article of the Universal Declaration of Human Rights, but the growing invasion of privacy by digital technology and the Internet is bringing it to the fore. A number of opinion polls among Internet users show that protection of data about their personal lives has become a major concern. The inventor of the World Wide Web himself, Tim Berners-Lee, said recently he was worried about the consequences for private life of use of the Internet. Cyberspace experts, consumer advocates and human rights defenders all warn that the “big-brotherization” of society is steadily advancing. And the political police are no longer the only ones involved, nor even the main perpetrators of it, at least in the Western democracies. These days, the most skilful manipulators of new information and communications technology to build up files on individuals are private companies collecting personal data on tens of millions of people. Simon Davies, the British head of Privacy International, a human rights watchdog group, says every citizen of an industrialized country appears today in about 200 different data bases. Such mines of information are centralized, sifted through and correlated to produce very detailed profiles of consumers. The files are then resold to all kinds of firms, which use them to sharpen their marketing strategies, assess the economic reliability of customers and adjust to specific commercial demands. The Internet is an ideal tool for this meticulous task of categorizing the population. It is an extraordinary source of data as well as a practical way to handle such information and circulate it. Canada’s commissioner for the Protection of Private Life, Bruce Phillips, noted in 1996 that surfing the Web was a bit like playing strip-poker: you start by taking off your tie and before you know where you are, your trousers have disappeared. In other words, “anonymity is not the rule on the Internet, still less is the idea that you don’t leave any traces behind you.” This warning by France’s Commission on Data Processing and Freedoms (CNIL) applies to a broad range of practices designed to tap into the secrets of Internet users. Most websites include some kind of questionnaire to fill in. The US Federal Trade Commission says 85 per cent of 1,400 commercial sites it looked at in March 1998 gathered personal information in this way. A medical clinic, for example, invited consumers to submit their name, postal and e-mail addresses and insurance company and to make comments about their health problems. Some on-line services require such details before they will give access to their site. Internet users can lie to get past these questions. A study by the University of Georgia, in the United States, showed that 40 per cent did so when the questions got too detailed. But “most people are very naïve,” says Alain Weber, an Internet expert with the French League for Human Rights. “They wouldn’t be so free with the information if they knew how it could be used.” A US banker in Maryland, for example, recently obtained a list of cancer patients, matched them with his customers and then automatically rejected loan applications from those who were ill. Data seekers on the Internet stop at nothing. The US Federal Trade Commission is concerned about the “troubling” practices of commercial websites aimed at children: nine out of 10 of them extract information from these young people and fewer than a quarter suggest asking permission from their parents before providing it. Meanwhile, cybersleuths use many tools and monitoring programmes to record people’s movements around cyberspace. Data banks like DejaNews index all messages in on-line discussion groups. Anyone can type in the name of a person, click on “profile” and get their e-mail address and all the messages they have sent to the group, which will provide information about their tastes, about how they spend their leisure time and what their opinions are. The CNIL also notes that the gathering and use of e-mail for commercial ends is a basic problem. To make matters worse, the Internet is a world of invisible tracks. You get the impression when you surf the web that you leave no traces behind you. The truth is rather different. Some sites place spying devices, or “cookies”, on your computer’s hard drive the moment you log on to them, so they can tell which pages of the site you have looked at, when you looked, and for how long. If you visit a site devoted to sado-masochism, for example, you reveal aspects of your character you would not admit to your closest friend. A survey last year by an American NGO, the Electronic Privacy Information Centre (EPIC), showed that a quarter of the 100 most popular sites on the Web use cookies to obtain profiles of their users. When you next visit them, they can present you with advertising tailored to your interests, or even send you without your knowledge programmes like Java Applets, which can reconfigure a site according to each visitor’s tastes. The range and power of new technologies are creating a formidable “surveillance economy,” says Davies. So strengthening protection of the right to privacy is an urgent matter. The European Union directive on “the protection of individuals with regard to the processing of personal data and on the free movement of such data” is a step in this direction. Under the directive, which comes into effect on 25 October 1998, the processing of data about ethnic origins, political opinions, religious and philosophical beliefs, trade union membership, health and sex life, is prohibited except where there are special exemptions or derogations. Moreover, in each of the European Union’s fifteen Member States, a special authority is to protect individual’s rights and freedoms with regard to the processing of personal data. It is to guarantee citizens the right to be informed, to have access to data concerning them and the right to correct it, and to erase data whose processing does not comply with the provisions of the directive. Article 25 states the principle that the transfer of personal data to third countries may only take place if the receiving countries offer a level of protection that is “adequate” within the meaning of EU legislation. “If the European plan succeeds,” says Davies in the American monthly magazine Wired, “every country on earth will soon adhere to a global privacy code. If it fails, the United States and Europe could end up in the throes of an ugly trade war over the international transfer of personal information.” In a globalized economy where information about consumers is the new gold mine, the stakes are huge, involving no more and no less than the future of all banking and trade transactions, especially electronic. The United States has already gone on the offensive by accusing Europe of using privacy protection laws to erect barriers around the valuable European market of 370 million people. White House technology adviser Ira Magaziner has even threatened to go to the World Trade Organization (WTO) about it. At the same time, he insists that the US is just as concerned to protect the privacy of its citizens as European governments are. And all studies show that Internet commerce cannot succeed unless consumers can count on information about themselves being kept confidential. Behind such skirmishing lies the familiar difference of approach between the US and Europe. The former trusts the market to solve the trickiest problems, while the latter prefers to set up public-sector bodies to do so. Though the American authorities are well aware of the need to reassure Internet users, they are also sympathetic to the arguments of direct marketing and financial lobbyists, who think the solution lies less in imposed regulation than professional self-regulation through codes of conduct and the development of encryption technology and ways of erasing individual tracks left in cyberspace. EPIC assessed the effectiveness of self-regulation by looking at the websites of firms which were members of the Direct Marketing Association (DMA), which opposes any legislative interference. It concluded that “the DMA’s efforts to promote privacy practices is having little impact on its new members, even after repeated assurances from the DMA that this approach is effective.” The Federal Trade Commission came to the same conclusion after a wide-ranging survey published in June 1998. It said that “the industry’s efforts to encourage voluntary adoption of the most basic fair information practice principle—notice—have fallen far short of what is needed to protect consumers.” Pressure from consumers and from Europe may force firms to change their mode of operation. If it does not, we may lose not only the freedom to buy and sell but also our personal freedom. “The advent of the surveillance society will bring with it a new era of social control,” warns Davies. “The two have always existed hand in hand.” Websites http://www.privacy.org http://www.epi.org http://www.cnil.fr http://www2.echo.lu:legal/en/dataprot/directiv/directiv.htm
UNESCO calls Infoethics meeting The worldwide spread of new information technologies and the emergence of an associated invisible economy which ignores national frontiers and laws underline the urgency of political regulation and an ethical vision of the “global information society.” With this in mind, Unesco is organizing the second InfoEthics congress, bringing together several hundred people, including some 30 leading international experts, in Monte Carlo from October 1-3. “Cybersociety” has made the world a single country of which we are all destined to be citizens, as long as we have effective access to information. As economic, financial and technological globalization proceeds, we need to develop world citizenship and governance which guarantee access to quality public information and call for new tools of government. Factors in a fairer and more democratic information society include free access to public and government information, serious study of how privacy can be protected in the face of new ways of using personal data, encouragement of “free” software and open (“non-proprietary”) standards to foster intellectual innovation and cooperation, and development of the World Wide Web’s cultural and linguistic diversity. These topics will be the focus of discussions in Monte Carlo. http://www.unesco.org/webworld
The UNESCO Courier