Can banks help keep Big Brother at bay?

The amount of information being gathered on people's Internet habits is out of control, says a former banker who has started a company that sells software to shield people from being identified online.

Ruvan N. Cohen, who was marketing director at Citibank until August 1999, is now president and chief operating officer of iPrivacy, a New York firm whose software blocks the identification of computer users as they surf or buy on the Internet.

The firm, which opened in September with a management team stacked with Citibank alumni, is targeting banks for its software. Mr. Cohen said banks can come across as good guys by giving customers a powerful tool to protect their privacy.

The iPrivacy software shields people from data-tracking systems. To use it, a person could download the software from the Web site of a credit card issuer, then log in to the system through the same site to surf or buy anonymously.

Because the consumer must visit the bank's Web site every time he or she wants to use the shield, Mr. Cohen said, the iPrivacy system would help boost loyalty. Customers, he said, would associate credit card issuers with privacy protection, and their trust in the relationship with their banks would grow.

The software is needed, Mr. Cohen said, because Web data tracking has become invasive. Tracking technology was first used by companies to identify individual users on their Web sites when many users were signing on simultaneously. But later, marketing agencies like DoubleClick Inc. began using the same technology to follow users wherever they went and to keep records of the information, Mr. Cohen said.

The practice of tracking a user at multiple Web sites, he said, led to the creation of databases loaded with information on people's consumer behavior. "Large amounts of your personal information are being bought and sold," he said. "What they're doing is gathering theoretically unnamed people from CNN to Victoria's Secret to God knows what to Amazon, then tracking them to real names and addresses, and a profile is being created."

The iPrivacy software blocks the collection of "click-stream data" and the implementation of data files called "cookies" on a user's hard drive, both of which are used to track a person's movements on the Web. The software can also generate coded identification data for purchase and shipping arrangements to keep companies from obtaining consumers' addresses.

The company recently sold the idea to the U.S. Postal Service, which now has the ability to translate the iPrivacy-coded names and street addresses into real residences to which packages can be delivered. The merchant would have no idea where its customers live or even what their names are (and neither would iPrivacy), but the Postal Service would.

"We had to have a delivery component that could translate proxy information online into information offline. It's a necessary element that closes that last loophole," said Mr. Cohen.

If a customer does not want even the Postal Service to be able to trace a delivery, he or she may arrange depot delivery, in which the package is sent to the local post office or another site. The customer could bring an e-mail message to the depot verifying that he or she is the addressee, then collect the package.

If all this sounds paranoid, Mr. Cohen said, it is because it represents the highest level of marketing phobia iPrivacy can indulge. People who download the software could choose the extent to which they want to go incognito. Most might not mind merchants' knowing where they live. But they won't have to reveal every domain name they've ever visited, he said.

Mr. Cohen said that iPrivacy software differs from recently introduced "anonymizing" solutions that submit temporary credit card numbers to online merchants. Credit card numbers that expire after being used once, such as those offered by American Express Co. (and now MBNA Corp.), he said, cannot accommodate monthly payments such as for utility bills.

Also, he said, the anonymizers do not work at sites where people register preferences, such as Although anony-mizers shield credit card numbers during transactions, they do not protect other kinds of information, such as a person's name, address, and shopping habits. The iPrivacy software, he said, gives users several options: to appear as new customers on each visit to a Web site, to be themselves but without revealing their online habits, or to carry a persistent proxy identification so that they can develop a profile that is not linked to their real identities.

"Amex and a number of other card companies are giving out disposable card numbers," he said. "We do that as well. That's a good - but not necessarily sufficient - way to protect people."

Mr. Cohen said iPrivacy is in negotiations for an imminent pilot test of its product with bank customers. He declined to name which banks had expressed interest.

The company has a strong roster of managers with ties to Citibank. Duncan A. MacDonald, a former general counsel at Citi who created the company's global privacy and data protection policies, is general counsel at iPrivacy. Leonard P. Shaykin, chairman and chief executive officer of iPrivacy, worked at Citicorp Venture Capital Ltd. in the early 1980s. Salvatore Stolfo, iPrivacy's chief scientific adviser, was a technology consultant to Citi. And the list goes on.

Paul Nelson, in-house counsel for $31 billion-asset Northern Trust Co. in Chicago, heard Mr. Cohen describe his company during the Consumer Bankers Association's 2000 Privacy conference in Washington last week. Though he thought the product was interesting, he said, he doubted whether the service was in banks' interest to offer. "His business plan is to work with a bank, and I really don't know whether that would work or not," Mr. Nelson said.

"As a bank, are we interested in helping our consumers to surf the Web anonymously?" Mr. Nelson asked. "Well, that's not our primary thing. That seems like a secondary type of service."

Mr. Nelson said that he sensed an atmosphere of "privacy fever" among banks. If some banks did offer a service like iPrivacy, the rest would probably have to do so as well, he said. "I assume other companies would do it, so there's that issue of competition," he said.

But iPrivacy is also trying to pique the interest of other industries.

One application that could cross industry lines, said Mr. Cohen, is a whistle-blowing program that would let employees report grievances "without fear of retribution." A third party, such as an accounting firm, could use the software to authenticate the person as a valid user of the system, and could submit the complaint under the proxy identification. In cases of legal recourse, the third party would still have access to the person's real identity.

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.