Marc Rotenberg is director of the Electronic Privacy Information Center, a Washington-based security and privacy watchdog. Epic has made its presence felt as a policy analyst and "public interest" advocate - usually on the side of stronger personal protections - in such emerging cyberspace controversies as data-base access, data privacy, anonymity, and freedom of speech.
Mr. Rotenberg, a Harvard- and Stanford-educated lawyer who teaches privacy law at Georgetown, was technology counsel to the Senate Judiciary Committee before he founded Epic in 1994. His current concerns include government encryption policies and financial privacy, which he discussed in a recent interview with Jennifer Kingson Bloom.
Is the Internet safe enough for banking and commerce?
At the moment it's not very secure. It's fairly easy to capture credit card numbers that move across the Internet. There's a very high risk of fraud. And in terms of consumer confidence, which is critical to a lot of on-line privacy and banking, it's really not there yet. More will need to be done so that there is that type of confidence for on-line commerce.
What needs to happen to make the Internet secure to do business?
I think one of the very interesting issues concerns the possible use of electronic cash. From a consumer viewpoint, electronic cash - particularly anonymous electronic cash - would be an excellent development. It would really give people the opportunity to travel in cyberspace, be able to buy things and not have to worry that everything they do is going to be recorded and then stored.
From the business viewpoint, it's a good technology as well. It allows businesses to get paid for services they offer.
A lot of the issues related to electronic cash and anonymous payment schemes are similar to those that we've battled surrounding encryption. The government is concerned that anonymous payment schemes could be used for money laundering. But so much of what happens in the real world, in the physical world, is based on anonymous transactions. Even the Treasury Department estimates that 74% of transactions today are done anonymously. These types of factors should lead people to think more seriously about the use of anonymous payment schemes.
One company closely associated with payment anonymity is Digicash Inc. Why do they seem to be having more success in Europe than the United States?
Generally speaking, the Europeans have been more sympathetic to anonymous payment schemes. The U.S. government has been reluctant to let those schemes get into place. It's unfortunate, but it's the way things are.
Could it also be because Europeans are more comfortable dealing in multiple currencies?
That may be. If (Digicash founder) David Chaum's scheme takes hold on the Internet, it will solve a lot of the international problems.
Because it works in multiple currencies?
What do you think of some of the other companies offering payment systems for the Internet?
They all take different approaches. First Virtual, for example, is trying to avoid the problem with credit card transfer by using a number, which I think in some settings could be quite sensible. And a lot of the companies are trying to put the secure payments at the end of the pipe, to make sure that the vendor and the consumer are properly authenticated, which helps solve some other problems.
We think that over the long term the solution that holds the most promise for consumers and business is some form of anonymous payment. We think that's the right way to go.
A few banks are letting people pay bills, transfer funds, and do a few other things on the Internet. Would you try that?
We do try almost everything. I know Wells Fargo ran into some problems when they put customer account information on the Internet and had to drop the project for a while. Obviously, in some of these settings you are concerned about the risk of fraud and identity theft, because it gives others access to information.
We've got a big problem with the growing use of the Social Security number. Some people use it as an identifier or record locator, others treat it as a password. You might call up a bank and they'd say, "Just to make sure you really are who you say you are, tell me your Social Security number." That really doesn't seem very sensible.
How can the many people who know nothing about security decide if these systems are safe?
In the end it's just very hard to make that kind of choice. A person who is buying a car wants to know if there's an air bag, but they're not likely to determine if there's a solenoid connector, for example, to determine the adequacy of the air bag. It just doesn't make sense. Nor would car manufacturers expect people to have that level of knowledge.
There's a similar problem with Internet payment schemes. I don't think consumers can be expected to know whether the encryption is 64-bit or 90-bit or 128-bit, or what any of that would mean. Certainly the companies in the market have to take the time to develop a good product.
Where everyone has a common interest here is in trying to discourage government plans that might prevent the availability of the good security on the Internet that's needed today. That's why the issue of encryption availability becomes so critical.
You're heavily involved in cryptography legislation. What's going on with that?
Legislation has been introduced by Sen. (Conrad) Burns (R-Mont.) to relax export controls. And then there are efforts by the government to impose new restrictions on the use of encryption.
Our view is that encryption is critical for protecting on-line privacy, and for that reason we don't believe restrictions on the use of encryption make much sense. We don't support the efforts of the administration to control encryption.
How do you personally do your banking?
I'm sophisticated about a lot of technology, but when I want money, I go up the street to an ATM. So far I haven't done any on-line banking. It's not so much a concern about privacy - I just don't think it's a convenient service yet. But I'm looking forward to it. I expect it will be a good service.
The other problem is that we Macintosh users are sometimes orphans in the on-line banking world. Things that are available to PC users are not always available to Mac users.
What's your take on smart cards?
Another very interesting technology that has privacy and surveillance implications. To my mind, any smart card system has to give the individual carrying the card the ability to see all the information that's on the card. If you do that, I think there are ways you can improve privacy. You can improve convenience - you can make information about individuals more accessible - but if you don't give people access to their own information, that will create a lot of problems.
Do you worry about the implications of a smart card that holds not only anonymous stored value, but also personal information like medical records?
I try not to use the word concern or worry. A lot of these issues just come down to choices, whether by businesses designing new products or governments considering new policies. My view is that privacy is a very important factor in those decisions and we really do hope the right choices will be made.
On a smart card, I think there's good reason to feel that while your doctor might need access to some medical information and your bank may need some access to financial information, there's no reason that your doctor should have access to your financial information or your bank should have access to your medical information. People really need to retain the ability to make decisions about when that data should be disclosed.
How do you feel about biometric methods of verifying personal identity? Some banks are trying things like voice verification and fingerprints.
You're also talking about genetic data and retinal eye scans and a lot of other techniques. I think they raise significant privacy concerns. One of the big issues is that genetic information has predictive capability. Take someone's fingerprint and you have the ability to determine if you have a match, for forensic purposes. Take someone's DNA and you know something about their genetic makeup. From a privacy viewpoint, it's very intrusive.
We'll just have to wait and see if some regulation is necessary. I think several states have considered regulating privacy of genetic information. At the same time, a lot of states are starting to create genetic data banks for convicted sex offenders, or convicted felons more broadly.
Speaking generally, privacy really has two dimensions. The first, which most people understand, is not disclosing personal information in circumstances where it should not be disclosed. Financial information, after medical information, is possibly the most sensitive personal information there is. Most people understand that banks should not be disclosing the information to others.
Equally important is the principle that people should have access to information about themselves. Banking traditionally has provided that information through monthly account statements. One of the big issues banks face in the on-line world is not only protecting personal information from improper disclosure, but will they continue to give customers all the information they need to make informed decisions?
Do you also look into issues like reducing unwanted telephone solicitations and junk mail?
We haven't done much with that - we're looking at the big picture policy concerns. But a lot of the efforts to reduce junk mail or junk phone calls make good sense. A lot of consumers are frustrated - the polling numbers show that privacy continues to be an important issue for a lot of Americans.
Part of the problem is there's just too much that consumers are expected to do to protect their privacy. That's why we need to build new systems, develop new policies, and establish principles that will protect everyone's privacy.
What do you think about Caller ID?
Caller ID creates a privacy problem for a lot of phone customers. In a sense, it's a one-way mirror, and if you're on the side that gets to look out, it's a benefit. If you're on the other side, your privacy is diminished.
For residential phone users, there are some situations where I imagine Caller ID is useful. But there are a lot of situations where people make calls to businesses or government agencies where I don't think it should be necessary to disclose your identity.
There's also more generally a problem because with Caller ID, the telephone customer is not deciding when to give out her phone number. The telephone company is effectively selling that number to customers who have purchased the service.
Are you unlisted?
No. And I don't have a P.O. box or dark glasses. I don't believe in privacy survivalism.