The Coming Internet Privacy Scrum.

Judging from the press offices of various congressmen on both sides of the aisle, 2001 is going to be the year for Internet privacy. It seems everyone in Washington is floating some proposal to protect Internet users from the federal government, from big corporations, or just from their own ignorance about this new medium. More than 50 bills were introduced in Congress in 2000 alone.

Most recently, Senators John McCain (R-Ariz.), John Kerry (D-Mass.), Spencer Abraham (R-Mich.), and Barbara Boxer (D-Calif.) have unveiled the Consumer Internet Privacy Enhancement Act. "Our bill," explains Abraham, "does not regulate the Internet. It empowers consumers." Who could be against that?

Over the next year or so, congressmen will face enough Internet regulation proposals to wallpaper the Capitol. Rob Taylor, counsel for the Senate Commerce Committee, notes there is bipartisan support for "some type of legislation." Indeed a recent poll that asked Americans about their "greatest concerns about the next century" found "a loss of personal privacy" ranks number one, above both terrorism and global warming.

There are bases for such fear. Late in 1999, 20-year-old college student Amy Boyer was murdered in New Hampshire by a stalker who tracked her down after buying her Social Security number from an Internet information broker for $45. Earlier, actress Rebecca Schaeffer was killed by a crazed fan who traced her through driver's license records sold by the state of California. These sorts of basic safety issues are now on their way to being solved by congressional bans on Internet traffic in such data.

But numerous prickly and more subtle privacy issues remain unresolved. There are, for instance, many questions about the security of financial, health, and other information consumers entrust to the Internet. In 2000, hackers managed to enter a number of prominent, supposedly secure, Web sites containing sensitive private information. The attacks left many consumers wondering how deep cybercriminals have been able to burrow, and how much personal data about various companies' customers they could access.

And people aren't worried only about hackers. Recently, the FBI set off a firestorm when it unleashed an Internet surveillance program called Carnivore, which can be set up on any Internet service provider (ISP) and be used to search every message that passes through the system for a given bit of information. The details of the program are still quite vague, and a federal court has ordered that Carnivore be examined by a group of independent experts, most likely at a university.

While the FBI must first have an official warrant to read a suspect's e-mail with Carnivore, once the program is installed it can read every other user's mail--somewhat like the police obtaining a search warrant for one residence, but having the option to turn every house in the neighborhood upside down. And it's not just ordinary users who are scared. "Every ISP worries about how Carnivore may cause them to violate their legal obligations" to protect their users' privacy, explains Andrew Shen, a policy analyst at the Electronic Privacy Information Center.