Web-Privacy Bills Make Cable Interests Queasy

WASHINGTON -Several Internet-privacy bills now before Congress could considerably alter the landscape for cable operators, their competitors and scores of other online and off-line industries.

But attempts to tailor privacy bills to the Internet won't be easy, considering that most businesses, including cable, have woven the Web into just about everything they do.

"These issues are more complicated than they appear to be at first glance," said Robert Corn-Revere, a constitutional lawyer at the Washington firm of Hogan & Hartson. "If some rule is going to be applied to all of these different industries, how do you even define the different media?"

At this early stage, it's unclear whether lawmakers eager to push privacy bills through this year have thought through such questions.

"When we talk to them about Internet privacy, they say, 'Oh, I didn't think of that,'" said John Palatoutas, senior vice president of domestic policy at AeA, formerly the American Electronics Association. "They're just now starting to understand that they may not be able to control how far the reach would be. What about all of the information going through set-top boxes? Is that covered? Where does this end?"

Cable operators are still regulated by privacy restrictions in the 1984 Cable Act, but the rollout of cable modems and introduction of interactive-TV services have blurred the definition of a "cable service" as covered by those provisions.

For example, could the industry's argument that cable-modem service is a cable service-intended to avert open-access rules-be taken to mean that such services are covered by privacy restrictions in the 1984 Act? Perhaps. But should non-cable ISPs then be held to a lower standard?

"Cable has some of the most stringent privacy restrictions in any industry," said Effros Communications president Stephen Effros, the former president of the Cable Telecommunications Association (CATA). "There ought to be an equal bar."

CONFLICTING CODES

Of course, equalizing privacy rules for all industries is a difficult task, partly because privacy provisions have been worked into myriad bills over the years, creating a patchwork of restrictions for different sectors.

This past piecemeal approach to privacy has created longstanding conflicts. For example, the 1984 Cable Act requires cable operators to inform subscribers when authorities have requested information about them as part of a criminal investigation. But the Electronic Communications Privacy Act of 1986 offers protections against such disclosure.

Any new Internet-privacy legislation could create similar contradictions.

"It kind of puts cable in an awkward position," said National Cable Television Association president Robert Sachs. "You want to be a good corporate citizen, but you also want to be fair to your subscribers."

In addition, the cable industry and other sectors must cope with state and local privacy laws that often don't address the ubiquitous nature of the Internet (much less the fact that big cable operators have systems across the country).

As a result, Congress may have to consider ways to pre-empt state and local authorities-never an easy task. In fact, the federal pre-emption question could become a major part of any privacy bill.

"It's more a question of whether privacy laws should be uniform," said Sachs.

Still, as Congress wrangles over the budget and other pressing matters, it's unclear how much of a priority there will be on privacy legislation this session.

"We're mostly just tracking legislation right now," said Sachs. "But our industry will need to spend more time on privacy policy issues as legislative measures advance."

Capitol Hill sources said legislation could start to move through committees by this summer or possibly sooner.

"There will be broader privacy legislation at some point," agreed Sachs.

In recent remarks to the United States Telecommunications Association, Sen. Conrad Burns (R-Mont.) predicted, "We will have a privacy bill this year."

Getting there won't be pretty. Committees will have to sift through the several dozen bills all vying for their attention. And each measure offers a varying approach to the Internet-privacy issue.

House Commerce Committee member Rep. Anna Eshoo (D-Calif.) and others have introduced bills that would bar commercial Web sites from collecting personally identifiable data unless they provide notice and a way for consumers to "opt out" of such practices.

In the Senate, Commerce Committee chairman John McCain (R-Ariz.) plans to introduce a similar bill based on his privacy legislation from last session.

A committee spokeswoman said McCain-who's currently embroiled in the debate over his McCain-Feingold campaign-finance bill-will likely reintroduce the bill later this year, after his committee holds held hearings on Internet privacy.

"This issue is a high priority," she said.

COMPUTER LABELS?

Meanwhile, dozens of other privacy bills address everything from stopping data collection on children to requiring disclosure of software that enables data collection from users.

Bills introduced by Rep. Rush Holt (D-N.J.) and Sen. John Edwards (D-N.C.) would even require warning labels for software and devices that enable the collection of personally identifiable data. Depending on how federal agencies interpret the measures, they could potentially cover addressable set-top boxes at some point.

While most of the bills focus on notice and the ability to opt out of data collection, some go further.

Sen. Ernest Hollings (D-S.C.) is expected this session to reintroduce a bill that would require marketers to get permission before collecting data on consumers-a concept known as "opt-in."

A Hollings spokeswoman said the new bill will contain minor changes but stressed that the opt-in provisions-lauded by consumer groups but generally feared by the industry-will stay.

In any event, the opt-in or opt-out question has become a major component of the Internet privacy debate.

The NCTA hasn't taken an official position, but marketers in many industries have complained that strict opt-in provisions would hinder their ability to target customers (and send them only advertising that interests them)-a supposed benefit of Internet and interactive-TV applications.

"The whole philosophy of one-to-one marketing is to send materials to people who are receptive to them," said Cable & Telecommunications Association for Marketing senior vice president of marketing Seth Morrison. "The challenge of opt-in is that it costs a lot of money, which raises prices. Our belief is that you should send people the information and then give them the opportunity to opt out."

He said companies have a disincentive to abuse target marketing because offended customers could easily defect to other merchants-whether with a mouse or a remote control.

"It's to our advantage to respect our customers' wishes," he said.

It's unlikely Congress would pass a bill requiring strict opt-in, considering so many industries haven't even warmed up to the less intrusive opt-out bills yet.

"We feel that all of the bills are overreaching," said Ben Isaacson, executive director of the Association for Interactive Media, the technology arm of the Direct Marketing Association. "There's not a current bill up there that would assist with the development of the industry."

EarthLink Inc. chief privacy officer Les Seagraves, whose company signed a deal to offer broadband cable- modem service to Time Warner Cable customers, said the opt-in/opt-out debate can get complicated. For example, many Web marketers now ask consumers whether they want to get special offers via electronic mail, but may require the consumer to "uncheck" a box to refuse.

"If the box is already checked, is that still opt-in?" Seagraves asked.

Congress also faces the potential for unintended consequences, a common side effect of well-meaning federal legislation.

Brooklyn Law School law professor Paul Schwartz noted that opt-in would have to make exceptions for such emergencies as a bank trying to notify a customer that his credit card has been stolen-whether or not the customer had opted in.

"You really have to look at it and consider the benefits, the costs, and the context," he said. "I would be worried about requiring opt-in on everything."

In other cases, the benefits of giving a company the ability to identify its customers would seem to outweigh any privacy concerns.

"I really want my bank to identify who I am before someone wires my money to the Cayman Islands," noted Bob Pratt, director of product marketing for Verisign, an Internet security firm that has contracted with Cable Television Laboratories Inc. to provide digital-certificate technology for the next generation of cable modems.

SELF-REGULATING CONCERNS

The problem is that Congress has grown increasingly wary of the Internet industry's attempts at self-regulation.

Indeed, the Federal Trade Commission has issued several reports suggesting that many companies don't follow their own voluntary privacy guidelines-even when those policies are posted on their Web sites. Recent cases in which dot-coms have gone bankrupt and then sold customer data to third parties, in violation of their own policies, haven't helped build confidence that the industry at large can police itself.

"It's harder to do in practice than in theory," said Maureen Dorney, an attorney at the law firm of Gray, Cary, Ware & Freidenrich in Palo Alto, Calif.

Just the same, the industry appears to be trying. Already in place are several "seal" programs that allow consumers to see which sites have met industry best-practices standards for posting and adhering to their privacy policies.

Microsoft Corp. just last week unveiled new software-dubbed the Platform for Privacy Preferences-that supposedly allows consumers to set up detailed privacy preferences within their Web browsers. Interactive advertisers are increasingly aware that consumers won't stand for unsolicited e-mail or other intrusions.

"Self-regulation is the way to go," said Robin Webster, CEO of the Internet Advertising Bureau, which plans to include interactive-TV advertisers as members in the future. "The main worry is that this medium is still evolving. [The government] just can't move fast enough to keep up with something that is evolving this rapidly."

At least one thing seems clear: Internet privacy, barely on legislators' minds during the drafting of the 1996 Telecommunications Act, has gained new importance as the Internet explodes and industries converge.

Said Michael Marinello, vice president at GCI Public Affairs and a Capitol Hill staffer during the debate over the 1996 Act: "Nobody is taking privacy lightly or smugly anymore."