he recent furor over the Toysmart.com attempt to auction some customer information highlighted the privacy issues in Internet and other commerce. Specifically, some people believe that information regarding their personal shopping and purchasing habits is strictly private and will always be private. They are sorely mistaken.

Let's start with the basics. Computers are designed to capture, store and manipulate data. They do this very well and have been getting better at it each year. Never overlook the fundamental purpose of the computer.

Whenever you "surf the 'net," you leave a trail of where you were, what you saw and what you did there. Computers capture, store and manipulate data. Surfing creates electronic footprints just like the dinosaurs did when they walked through prehistoric marshes. Some of their footprints are still visible today. Why people believe that electronic footprints vanish more quickly is a mystery.

There are plenty of ways to gather data in ordinary businesses and with e-tailers.¹ What is truly surprising is how willingly people surrender this data about themselves. It all began at least 30 years ago when retailers started getting serious about mailing catalogs, fliers and other advertising materials to customers. (Does anyone remember receiving lots of junk mail in the 1960's?) Much of this information was gathered from sales slips or from the addresses on customers' checks. This information was provided by the customers. It was intrinsically valuable and provided extra revenue when it was sold to complementary merchants, since they did not have to pay for the initial data entry.

Customer information advanced to new levels with frequent flier and frequent shopper programs providing certain benefits in exchange for surrendering this information. People sign up for these programs at amazing rates. If customers were asked if they want their grocery store to track every single item they purchase every time they walk through the door so it could be stored, analyzed, compared with other customers and dealt with anyway the merchant sees fit, they might never sign up. There are millions of "frequent fliers" voluntarily allowing airlines to record and track their flights and credit card usage. Either we do not recognize what is happening or we do not care that these records are being created.

Simply surfing the 'net and buying online do exactly the same thing. By logging onto a company's computer (its Web site), you act as the data-entry person to hand over this data to the merchants. You are giving it away—they are not taking it from you—because you chose how to contact them. The information you give them, at a minimum, identifies you, which computer server you came through and where they can send you e-mail.

---

Whenever you "surf the 'net," you leave a trail of where you were, what you saw and what you did there.

---

If the e-tailer uses "cookies"² to "personalize your shopping experience," you make the tracking process even easier because you let them use your own computer to track what you are doing.³ It is the same as an ordinary retailer videotaping your every move among its merchandise. We conceded retailers the right to video surveillance long ago. The Internet advances that a step further because the computers know who you are even if you never buy anything.

How can someone assure confidentiality knowing that simply surfing divulges lots of information? Not easily. However, there are a few things you can do to limit the information you give away.

The easiest way is to never purchase online or choose carefully and wisely to whom you give that purchase information. You should also check your "cookies" settings to see if your browser's default setting of "accept all cookies" has been changed. You can change it to accept only cookies from sites you choose to visit or to prompt you before accepting any cookies. This will at least give you control over who puts cookies on your computer. It also lets you decide whether you want to accept the cookie placed by the annoying banner ads you see interfering with the real information you want at a particular site. Yes, you can get cookies from sites you never actually visit.

Other steps you can take include using software to block the personal information your computer surrenders when asked by a web server. Most people forget that they told their computer who they were when they set it up right out of the box. Servers frequently request this information and dutifully follow the command to provide that information (whether you initiated that command directly or by visiting a site that asks for it). Software exists to override the server's command to release this information.

This brings us back to where we started. In its bankruptcy case, Toysmart.com proposed to sell its customer list and information. As a "dot.com" case, the data was possibly the only significant asset in its bankruptcy estate. That's when the excitement began. The company's "privacy policy" provided that it would not share customer information and it was recognized as a site providing good privacy protection.

Creative advocates might analogize this to a "self-settled trust" where someone creates and manages a trust for one's own benefit. Why should that "agreement" be any more sacred than the obligations to pay one's creditors? Privacy mavens argued about the sanctity of the right of privacy. The debate in this arena is only beginning.

Lost in the debate is the fact that customer lists and other information provided by customers have been bought and sold for decades. Where were these issues before the Internet became such a vehicle of commerce? Should a bankruptcy trustee be prohibited from selling this extremely important asset?

Clearly, there are two competing interests on their way to repeated "head-on collisions" as more dot-coms find their way into bankruptcy. Until the issues are sorted out by Congress or the courts, you must decide what information you will give away. Surfing and shopping online gives away this information,⁴ and once you give it away, you may never know where it will go or who may end up with it.

Footnotes

¹ This article is limited to legitimate actions. Nefariously gathering information (including hacking, wire-tapping and other activities) is an entirely separate issue. Return to article

² Cookies are short pieces of data used by web servers to help identify web users that return to their sites. Return to article

³ Toysmart.com's Web site required you to permit cookies on your computer to even access its site. This is somewhat of a conflict with its strict privacy statement, since you must give them access to your computer to shop online. Return to article

⁴ Remember, computers are designed to capture, store and manipulate data, and you interact with the e-tailer's computer when you surf. Return to article