AoIR member Laura Gurak in Chronicle of Higher Ed.
[Congratulations, Laura, on the prominent notice of your work, and the granting of more than a "soundbite" for your ideas! -Sj]
Tuesday, February 19, 2002
http://chronicle.com/free/2002/02/2002021901t.htm
LOGGING IN WITH . . . Laura J. Gurak
Minnesota Professor Takes a Critical Look at Online-Privacy Issues By DAN CARNEVALE
Laura J. Gurak is director of the Internet Studies Center and associate professor in the rhetoric department at the University of Minnesota-Twin Cities. She is the author of a book called Cyberliteracy: Navigating the Internet with Awareness (Yale University Press). In it, she discusses a number of issues, including the erosion of privacy and what state and federal governments should be doing to protect personal information in the digital age.
Q. What are some of the biggest concerns regarding privacy online?
A. In the U.S. one of the biggest concerns is that we don't really have any overarching principles. We just do everything on a really ad-hoc basis. We don't have any laws that are federal except at the most minimal kind of level. And in terms of data protection, just as an example, you look at all the conflicts that have come up over the past few years, like the DoubleClick controversy [a plan, ultimately scuttled, in which the company was going to track which Web sites individual Internet users visited so that it could customize advertisements for them] or things where people are innocently shopping or surfing online, and all this stuff is happening in the background with their data being collected and mined. We don't really have any policies in place to deal with that.
Even if you read the privacy statements on most shopping sites, they really don't say much. They just say, like, "Oh yeah, we respect your privacy, and we'll be nice to you, and you can trust us." But they actually don't have a lot of legal weight, and they really don't have a lot of legal backing. So people right now are kind of giving away the store without really knowing it.
And the other thing is that the European Union passed this EU data directive -- it was a couple of years ago. And the idea there is that when you're doing business over the Internet with a citizen of the EU, you're not allowed to collect and use their personal data without their permission.
Q. So is the United States behind the rest of the world with privacy standards?
A. The EU, of course, has an opt-in policy. They have to get people's permission [to collect information about them]. I think the Canadians have been a little more attentive to it. What it looks like in the U.S. is that the Federal Trade Commission under [President] Clinton was starting to think about issuing guidelines, and then under Bush it looks like nothing's going to happen at all. ... So as far as privacy on the Internet, it's still a complete laissez-faire situation in the U.S., and the companies really rule.
Q. How does an opt-in policy work compared with the American opt-out?
A. In the U.S. people always tell you that if you don't like getting so much junk mail, you can send your name to one of those companies that will take you off mailing lists -- that's opt-out. You have to do it. The consumer has to do it. In Europe, and particularly under the EU data directive, it's the other way around. Companies have to ask your permission to use your name and address and spending habits and stuff. So we have the exact opposite approach of the EU. And that was fine before the Internet, but now it's really tricky. If people are shopping at Amazon.com or something and they're from different countries, you have to figure out how to deal with that.
Q. Should the U.S. government be doing more to regulate this?
A. They should at least be doing more to talk about it in the U.S., anyway. At a minimum we should have some national discussion on this. But of course, after September 11 that kind of thing doesn't seem really important to people. You know, for obvious reasons, after September 11 we've seen an increase in proposed legislation for the wiretap laws that [U.S. Attorney General John] Ashcroft wants the Senate to pass.
Q. It sounds like the government is trying to become more intrusive, not less.
A. Right, that's the funny turn of events that have happened. It's kind of unfortunate. Like one thing that's being discussed now is this national ID card, which is really not going to do much at all. Because if you can fake your identity well enough, you can fake it with an ID card too.
Q. How does this affect colleges and universities?
A. The University of Minnesota ... just developed an online privacy policy for the whole university because we wanted to take a proactive stance. When students use our online registration system -- it's really nice, it's Web based, and they can register for courses from home -- it sends cookies [bits of computer code that reside on a computer and identify its user over the Web]. Students can't even register for a class without a cookie being sent. So I think one thing universities can do is take an active stance in determining what kind of privacy policies they want to have that are maybe different than the private sector. Universities have a different role to play. We can think these things through thoughtfully. We can think about the balance of the public's rights and the rights of individuals.
Q. So universities should lead by example?
A. Yes, very much so. Universities can do that with copyright, too. We can do that by making sure that we exercise fair use, that we don't follow these excessively restrictive guidelines on course-pack copying. I mean the reason most copy centers on campuses won't copy course packets is that they're afraid to be sued. But part of it is that no university is stepping forward and saying, "Listen, if we do it on our copy facilities at our university, it's fair use. Go ahead and sue us." So universities can certainly lead by example in all those areas.
Q. What should students on campus be most concerned about?
A. Students already have some pretty good protections in the way of federal laws ... and student records. Most universities are pretty open about student data. ... I don't think students have too much to fear at universities. They should be aware, though, that a university Web page or a university home page is really not theirs. It belongs to the university. So whatever they do on there is being backed up every night and tracked. Not really surreptitiously, but just as part of the natural IT process.
So students running any sort of interesting or controversial Web sites on a university server shouldn't feel like they're just completely anonymous. But another thing students could do is get involved with university government, because a lot of our committees ... have a student member on the committee. So it's good for students to get involved in the university-wide decisions on these things, too. Because I think a lot of students know more than we do about the real issues.
Q. What sorts of problems have professors run into?
A. One thing for professors to think about is, How much data is too much? Here, [we have] those student evaluations that are due at the end of every term, and you get this quantitative score. Well they want professors to let all their quantitative scores be posted on the Web so when students decide what classes to take, they'll look you up and say, "Oh, she got a 6.9."
... I think professors have to decide whether they really want that. That's not necessarily private information, but it's new in the sense that students can suddenly click on your name and see your ranking. It's kind of like the eBaying of higher education. Is that the kind of thing that's good or not?
There's also another issue, too, which is that a lot of professors use the Internet for research data -- collecting data and working with data. And there's going to have to be more and more protections on that kind of thing so that data that's being used for human-subjects research is safe and protected.
------------------------------------------------------------------------ Copyright © 2002 by The Chronicle of Higher Education
participants (1)
-
Steve Jones