[Air-l] AoIR member Laura Gurak in Chronicle of Higher Ed.

[Steve Jones]

[Congratulations, Laura, on the prominent notice of your work, and 
the granting of more than a "soundbite" for your ideas! -Sj]

>Tuesday, February 19, 2002
>
>
>http://chronicle.com/free/2002/02/2002021901t.htm
>
>  LOGGING IN WITH . . .
>Laura J. Gurak
>
>
>Minnesota Professor Takes a Critical Look at Online-Privacy Issues
>By DAN CARNEVALE
>
>
>Laura J. Gurak is director of the Internet Studies Center and 
>associate professor in the rhetoric department at the University of 
>Minnesota-Twin Cities. She is the author of a book called 
>Cyberliteracy: Navigating the Internet with Awareness (Yale 
>University Press). In it, she discusses a number of issues, 
>including the erosion of privacy and what state and federal 
>governments should be doing to protect personal information in the 
>digital age.
>
>Q. What are some of the biggest concerns regarding privacy online?
>
>A. In the U.S. one of the biggest concerns is that we don't really 
>have any overarching principles. We just do everything on a really 
>ad-hoc basis. We don't have any laws that are federal except at the 
>most minimal kind of level.
>And in terms of data protection, just as an example, you look at all 
>the conflicts that have come up over the past few years, like the 
>DoubleClick controversy [a plan, ultimately scuttled, in which the 
>company was going to track which Web sites individual Internet users 
>visited so that it could customize advertisements for them] or 
>things where people are innocently shopping or surfing online, and 
>all this stuff is happening in the background with their data being 
>collected and mined. We don't really have any policies in place to 
>deal with that.
>
>Even if you read the privacy statements on most shopping sites, they 
>really don't say much. They just say, like, "Oh yeah, we respect 
>your privacy, and we'll be nice to you, and you can trust us." But 
>they actually don't have a lot of legal weight, and they really 
>don't have a lot of legal backing. So people right now are kind of 
>giving away the store without really knowing it.
>
>And the other thing is that the European Union passed this EU data 
>directive -- it was a couple of years ago. And the idea there is 
>that when you're doing business over the Internet with a citizen of 
>the EU, you're not allowed to collect and use their personal data 
>without their permission.
>
>Q. So is the United States behind the rest of the world with privacy 
>standards?
>
>A. The EU, of course, has an opt-in policy. They have to get 
>people's permission [to collect information about them]. I think the 
>Canadians have been a little more attentive to it. What it looks 
>like in the U.S. is that the Federal Trade Commission under 
>[President] Clinton was starting to think about issuing guidelines, 
>and then under Bush it looks like nothing's going to happen at all. 
>... So as far as privacy on the Internet, it's still a complete 
>laissez-faire situation in the U.S., and the companies really rule.
>
>Q. How does an opt-in policy work compared with the American opt-out?
>
>A. In the U.S. people always tell you that if you don't like getting 
>so much junk mail, you can send your name to one of those companies 
>that will take you off mailing lists -- that's opt-out. You have to 
>do it. The consumer has to do it. In Europe, and particularly under 
>the EU data directive, it's the other way around. Companies have to 
>ask your permission to use your name and address and spending habits 
>and stuff. So we have the exact opposite approach of the EU. And 
>that was fine before the Internet, but now it's really tricky. If 
>people are shopping at Amazon.com or something and they're from 
>different countries, you have to figure out how to deal with that.
>
>Q. Should the U.S. government be doing more to regulate this?
>
>A. They should at least be doing more to talk about it in the U.S., 
>anyway. At a minimum we should have some national discussion on 
>this. But of course, after September 11 that kind of thing doesn't 
>seem really important to people. You know, for obvious reasons, 
>after September 11 we've seen an increase in proposed legislation 
>for the wiretap laws that [U.S. Attorney General John] Ashcroft 
>wants the Senate to pass.
>
>Q. It sounds like the government is trying to become more intrusive, not less.
>
>A. Right, that's the funny turn of events that have happened. It's 
>kind of unfortunate. Like one thing that's being discussed now is 
>this national ID card, which is really not going to do much at all. 
>Because if you can fake your identity well enough, you can fake it 
>with an ID card too.
>
>Q. How does this affect colleges and universities?
>
>A. The University of Minnesota ... just developed an online privacy 
>policy for the whole university because we wanted to take a 
>proactive stance. When students use our online registration system 
>-- it's really nice, it's Web based, and they can register for 
>courses from home -- it sends cookies [bits of computer code that 
>reside on a computer and identify its user over the Web]. Students 
>can't even register for a class without a cookie being sent. So I 
>think one thing universities can do is take an active stance in 
>determining what kind of privacy policies they want to have that are 
>maybe different than the private sector. Universities have a 
>different role to play. We can think these things through 
>thoughtfully. We can think about the balance of the public's rights 
>and the rights of individuals.
>
>Q. So universities should lead by example?
>
>A. Yes, very much so. Universities can do that with copyright, too. 
>We can do that by making sure that we exercise fair use, that we 
>don't follow these excessively restrictive guidelines on course-pack 
>copying. I mean the reason most copy centers on campuses won't copy 
>course packets is that they're afraid to be sued. But part of it is 
>that no university is stepping forward and saying, "Listen, if we do 
>it on our copy facilities at our university, it's fair use. Go ahead 
>and sue us." So universities can certainly lead by example in all 
>those areas.
>
>Q. What should students on campus be most concerned about?
>
>A. Students already have some pretty good protections in the way of 
>federal laws ... and student records. Most universities are pretty 
>open about student data. ... I don't think students have too much to 
>fear at universities. They should be aware, though, that a 
>university Web page or a university home page is really not theirs. 
>It belongs to the university. So whatever they do on there is being 
>backed up every night and tracked. Not really surreptitiously, but 
>just as part of the natural IT process.
>
>So students running any sort of interesting or controversial Web 
>sites on a university server shouldn't feel like they're just 
>completely anonymous. But another thing students could do is get 
>involved with university government, because a lot of our committees 
>... have a student member on the committee. So it's good for 
>students to get involved in the university-wide decisions on these 
>things, too. Because I think a lot of students know more than we do 
>about the real issues.
>
>Q. What sorts of problems have professors run into?
>
>A. One thing for professors to think about is, How much data is too 
>much? Here, [we have] those student evaluations that are due at the 
>end of every term, and you get this quantitative score. Well they 
>want professors to let all their quantitative scores be posted on 
>the Web so when students decide what classes to take, they'll look 
>you up and say, "Oh, she got a 6.9."
>
>... I think professors have to decide whether they really want that. 
>That's not necessarily private information, but it's new in the 
>sense that students can suddenly click on your name and see your 
>ranking. It's kind of like the eBaying of higher education. Is that 
>the kind of thing that's good or not?
>
>There's also another issue, too, which is that a lot of professors 
>use the Internet for research data -- collecting data and working 
>with data. And there's going to have to be more and more protections 
>on that kind of thing so that data that's being used for 
>human-subjects research is safe and protected.
>
>
>------------------------------------------------------------------------
>Copyright © 2002 by The Chronicle of Higher Education