Articles

---

Let's begin with a story.

When my husband, Roger, and I immigrated to New Zealand in 1971, people told us that New Zealand's way of life was 20 years behind the United States, and that I would feel as though I stepped into a time machine and landed in 1951. In many ways, they were correct. After arriving in the antipodes, what we call "Down Under," Roger and I traveled around the countryside and finally decided not only to settle, but also to play the only game in town, farming.

We pooled our money and bought a sheep and cropping farm. The farm sat in a shady Waikakaho Valley near the town of Blenheim, on the north end of the South Island. We were buying 520 acres, 2 houses, 858 sheep, 2 tractors, 11 outbuildings including sheds and barns -- they called our purchase a "going concern." The price? $60,000 US.

On the day of the land transaction, we glowed with excitement, as we were leaving the world of "employee" and "tenant," moving into maturity, gaining a home and our own business. We couldn't wait to get into the lawyer's office to sign the final contract.

The lawyer put the contract in front of me and asked me to sign, and it read

Roger Woodbury, Farmer
Marsha Woodbury, His Wife

I felt numb. Roger didn't know anything more about farming than I did. What was this label all about? Moving to New Zealand meant giving up my family, my friends, my dog, fried onion rings, and frozen orange juice. However, there are some places, in the modern parlance, I would not go, some losses that would be too hard to take. I felt that if I signed that document the way it read, I would lose my identity.

My identity was not Marsha Woodbury, someone's wife, but Marsha Woodbury, farmer, and I should be treated the same as my husband. I refused to sign.

In those days, secretaries used manual typewriters, and making a small change meant retyping the contract. That's exactly what happened. Note that I could correct the problem right there in the lawyer's office. My business partner and I smiled and signed the altered contract, and someday I will write a book about the ensuing 18 years in New Zealand.

As the audience has probably guessed, I am going to make a point about identity here. Having been born and raised in the United States, my sense of identity and pride about being a whole person was and is fairly strong. In the early 70s (perhaps the early 50s in New Zealand), no one was going to strip it from me. Preserving who we are is one of the most challenging tasks we face. Ask anyone who has lived under a totalitarian regime how privacy and identity can be stripped away. Mine is a miniscule story, yet it illustrates how meaningful the whole issue of control of information and identity is.

Predicting the Future

That was 30 years ago. Today we can barely keep up with the online world, with viruses, copyright, patents, trademarks, fraud, cell phone etiquette, IPOs, and identity theft. The speed of change and my growing unease led me to the presumptuous title, "The Bout of the Century? Information Ethics vs. E-Commerce."

The title humorously (I hope) refers to the 1971 Frazier-Ali boxing match that some writers called the best bout of the last century. From what I can see, information ethics is taking a hammering from e-commerce, and unless we all become involved, the fight is a first-round knockout, over before it begins.

Before we leap to the future, let's take a glance at one thing that was going on a century ago in America. Lynchings occurred so commonly that people could buy and send "lynching post cards." Today, we find it hard to believe that people sent post cards showing a dead person hanging from a tree with a message saying, "I was here." Nevertheless, people did. They mailed the cards until 1908, when the U.S. Postal Service decided that such material ought not be sent openly, and after embarrassing racial incidents several states were shamed into outlawing the postcards' sale.[1] Note how these battles rage today, with discussions of community standards, online censorship, and cultural pollution.

Who could have foretold in 1900 that we'd have unleashed the atomic bomb, put a man on the moon, or owned a PalmPilot? Women in the United States could vote at the start of the century; by the end of the 1900's only a small fraction of the people vote at all. We never can tell what's going to happen. However, some trends leap out at us, and we'd be blind to miss them. I think we can foretell in 2000 that what happens with privacy and data mining and national ID cards and biometrics will change our sense of who we are as people. The big players in this revolution are the same people forming start-ups and dealing in e-commerce all over the globe. Our future is in their hands.

Ethics

When I told the story about "Marsha Woodbury, His Wife" in another keynote address, a student approached me afterwards and very seriously asked me how he could ever know who he really was. As we all do, he filled one role at work, another role at home, another at leisure, another at school. He changed his behavior and lowered or raised his defenses, depending on where he was. Something about him made me alert, as though my answer would be of enormous consequence.

I replied that your ethical self shouldn't vary from one situation to another. When you change your surroundings, you always bring you with you. Thus, if you aren't consistent -- if you behave one way at work and a different way elsewhere -- then you are in danger of losing "you." Your values are the integral part of you, and through your values you know yourself.

Ethics is moral decision making. When a mother grabs her child and flees a burning building, she doesn't have a spare second to contemplate her choice; she acts on instinct. That isn't an ethical choice; it's a reaction.

Given time to think about what we are doing (provided that we don't have a gun pointing at our head), we usually try to select the most moral option among many. We may choose to ignore the niggling voices of our conscience, and perhaps do something we are not proud of. When I see what is happening online, I worry that some programmers and businesspeople appear to have no "niggling voice" in their ear, that their choices aren't based on any ethical standard that I can recognize.

Last Thanksgiving, I spoke with a young Amherst graduate now living in New York. He works in Silicon Alley, creating the banner ads that rake in personal information about Web surfers. I asked him if he worried about ethics, and he said "No." He added, "We need that advertising money to finance the Internet." In this fellow's mind, his work supported my use of the Internet, as though the Internet never existed until the browser came along. History began in 1995.

What we must remember is that a society has to have its mores and trust among its members. Part of our current problem is that traditional ethical values are situated in the physical world, where the ultimate measure of an action is how that action affects the people we live with. One constraint on physical behavior is that others can observe what we do, and the results of our moral decisions are "out there" for all to judge.

As an aside, here is one of my favorite examples of physical world immorality. In 1985, French military frogmen came to New Zealand and bombed the Greenpeace boat moored in Auckland harbor. Somehow, the French agents thought they could buy petrol and groceries and rent a motel room without the local population noticing. I can tell you for sure, New Zealanders notice everything their neighbors do, let alone the actions of exotic operatives who drive around in a rental car and speak with distinct accents. The French agents were as clever at disguise as the Lone Ranger was with his black mask.

At any rate, in the online world, we sit in front of a computer, away from the public eye, and we write flaming email messages, creep into other people's servers, and do all sorts of things we wouldn't do in a face-to-face situation.

My specialization is computer and information ethics, a field that deals with a more difficult ethical concept to grasp, that is, the sacredness of information itself. In the Information Age, one of our duties ought to be preserving the privacy, security, and integrity of information. We have to ensure access to it and maintain ownership of it, and the battle is constant and unrelenting.

The other day as I searched the Web for materials on programming, I clicked a link and suddenly a pornographic page popped up. I immediately hit the close button, only to have a new pornography site appear. Every time I clicked the window shut, another page popped up. I felt like Mickey Mouse in Fantasia, with the broomsticks proliferating. The entrepreneurs who ran the porn sites had literally hijacked me. What if I had been using a browser at work, and my boss monitored my Web usage? I could be fired for accessing pornography on the job. Hijacking destroys that most important element in information ethics, trust in the reliability and accuracy of information. If you want to learn more about this practice, read the FTC complaint at http://techlawjournal.com/courts/ftcvpereira/19990914com.htm.

Pornography and gambling are leading the way in online commerce, and I cannot tell how soon others will follow. Don't imagine that page hijacking is something that only pornographers do. One example of "hijacking" involves trademarks. Trademarks such as Pepsi and Playboy are very highly valued by their owners. Companies spend years developing brand recognition and the good faith of the customer. A questionable practice of some companies is to embed in their Web pages, invisible to the visitor, the names of very popular products and sites. Calvin Designer Label Company incorporated the words "Playboy" and "Playmate" into the invisible coding on its adult-oriented Websites. Likewise, National Envirotech Group, a pipeline-reconstruction company, embedded the names of a larger competitor, Insituform Technologies Inc.

This trick diverted traffic from Playboy and Insituform to their competitors. Such practices also diminish the value of search engines as a way for people to find accurate information about companies. Diverting people on the Internet is like slapping a sign on a freeway that says "Shell," and when you pull up in front, you are at Exxon.

To maintain trust and a common morality, we protect information, as we would guard jewels. The danger with counterfeit money is a devaluing of all currency; the same concept applies to the integrity of information.

The Main Areas of Concern about Information

The following example contains critical information issues: privacy, accuracy, security/access, and ownership[2]

If I speed down the highway, and the police stop me, the resulting traffic ticket contains true but potentially harmful information about me, for my driver's insurance policy premium may increase, and other friends and relatives may lose confidence in my driving judgment.

What would happen if I was also behind on child support payments, and the computer puts my name together with this infraction? Government officials might track me down and make me start paying my monthly contribution. If I were drinking alcohol, matters get worse, for I might not be hired for certain jobs due to this evidence of drunk driving.

Now, what if I were not going too fast and did not get a ticket, but someone mistyped the information, and my name is in the records for speeding or driving under the influence of alcohol? Moreover, what if a prospective employer uses computers to learn everything it can about me and finds out about the phantom ticket? Although I did not do anything wrong, I could forfeit a prospective job.

This scenario brings up key questions: What aspects of traffic tickets or any other piece of information should be private? How can we ensure the accuracy of information stored about us? Who can and should have access to that information? Who owns information about us?

If ethics is about moral decision-making, then what ethical guidelines do people have? Where did they learn them and how widespread are they? What laws are best to deal with information? Will we obey these laws? Who can enforce the laws? If an offshore gambling site breaks the mores of Minnesota, how does Minnesota preserve its mores?

E-Commerce

Let's take a detour to the various Silicon Valleys, from New York to Austin to Palo Alto. What is happening? Who are these business people? What are their values? Do they use moral reasoning to arrive at decisions? What are their priorities?

Recently, an author said that he was struck, while doing a recent series of interviews with e-commerce CEOs, on the "low quality of the Dot Com CEOs when compared with the traditionalists." He characterized the Dot Com CEOs as "lacking in depth, experience and common business sense, driven primarily by jealously and greed in a race to go public as quickly as possible and rake in those stock options. 'Hey, why get rich slowly with a lot of work when I can get rich quickly with not much work?' is the general thinking."[3]

That author predicted a stock market "shake out," one that we are witnessing today. He wrote that the Dot.Coms will fail, and take with them "a sinful amount of venture and day trader capital." The toll on human capital will be even worse: "An entire generation of business leaders will be corrupted. They will have great skills in designing obtuse ad campaigns, doing barter deals, negotiating with investment banks and venture capitalists, and doing secondary road shows. But this generation will have no skills in marshaling sales forces, hiring executive teams, working out fair business contracts with customers, and building employee morale and culture that is sustainable beyond a two-year period." [4]

Here's one example worth mentioning. Not long ago, a company called RealNetworks released software called RealJukebox that let people listen to CDs and digital music while working on a computer. People simply downloaded the software from the Internet and installed it on their hard drives. RealJukebox sent back the unique ID number generated by each installation of the RealNetworks software on each PC, together with the names of all the CDs played, the number of songs recorded on the hard disk, the brand of MP3 player owned, and the music genre listened to most. The unique ID number could be mapped to a person's e-mail address via the registration database.[5]

Information stored on my hard disk in cookies is hard to control as well. Either I go to the inconvenience of approving all cookies, install cookie cutter software, or live with ongoing monitoring. In sum, I am a deer in the woods, trying to hide from hunters, yet wearing a GPS chip clipped onto my ear.

Think back to my introductory remarks about the importance of identity, because the Internet is making identity theft one of the signature crimes of the digital era. Identity theft is the pilfering of people's personal information for use in obtaining credit cards, loans and other goods. Any visitor to cyberspace can find Websites selling all kinds of personal information and, with that information in hand, thieves can acquire credit, make purchases, and even secure residences in someone else's name.

The Social Security Administration reported that it received more than 30,000 complaints about the misuse of Social Security numbers in 1999, most of which had to do with identity theft. That was up from about 11,000 complaints in 1998 and 7,868 complaints in 1997.[6]

How is identity theft tied to the Internet? The evidence is clear. For example, GeoCities, a Web portal that claims nearly 20 million visitors a month, sold information solicited during its registration process, despite an explicit online assurance it would not do so. The data included income, education, marital status, occupation, and personal interests. In January, 2000, the Federal Trade Commission charged eight California businesses with billing consumers for unordered and fictitious Internet services, using their credit-card account numbers.[7]

Identity theft, as any victim can attest, can destroy a personal credit rating and potentially lead to very expensive litigation that may take years or perhaps decades to fully correct. The victim cannot rent an apartment, obtain credit, or even hook up to phone service. Identity theft and related computer crimes supported over to the Internet may become an unparalleled destabilizing force for 21st century.[8]

Practices of E-Commerce Companies

There is one and only one social responsibility of business-to use its resources and engage in activities designed to increase its profits so long as it stays within the rules of the game, which is to say, engages in open and free competition without deception or fraud. - Milton Friedman[9]

I can buy Viagra online because regulators cannot keep up with the proliferating Websites. As soon as one site closes down, another takes its place. Who are the doctors prescribing drugs online? Who facilitates their work?

Recently, Amazon.com entered the spotlight for featuring books posing as editorial picks. In fact, publishers paid for books to be featured on Amazon.com's home page. While product placements are commonplace, the issue is one of ethics. The readers thought that Amazon selected the books on merit.

The Better Business Bureau is my favorite source of information about e-commerce practices, and I urge you to read their material at http://www.bbb.org/.

People need to be aware of exactly what they are revealing and to whom when giving out information, however inadvertently. Online services know not only their members' social security and credit card numbers, but may also hold entire profiles on people, including what bulletin boards they join--discussion groups for cancer survivors, for instance, a potential danger for a job applicant. On that thought, here is an email message that I recently received:

Date: Sat, 29 Jan 2000 23:30:00 PDT
From: "Customer Service at itn.net"
Subject: An important announcement from Internet Travel Network
� Sender: "Customer Service at itn.net"
� To: [email protected]
Reply-To: "Customer Service at itn.net"

This is a special post only email. Please do not reply.

Dear Internet Travel Network subscriber:

�� We are pleased to announce that ITN.net has combined forces with American Express� Travel and Entertainment to bring you a new and enhanced online travel site. The creation of this powerful site provides new capabilities and benefits for all of your travel needs. By typing in the URL, www.itn.net, you'll be able to continue to make all of your travel plans online.

What you gain with our new relationship with American Express is continued access to ITN's airline booking system which provides competitive airfares and schedule information.

To make this transition as easy as possible, your profile and password information will be transferred to the new reservation system. Past booking information will continue to be available. Now you'll get to explore these travel services from one of the world's largest travel agencies, American Express.

We look forward to welcoming you to the new American Express Travel Home Page.

� Sincerely,

� Gadi Maier President & CEO, GetThere.com

The email message above told of a recent merger of two travel firms, ITN and American Express. My files automatically went to American Express, and I had no power to stop it. ITN evidently owned my information and used it as an asset in the business merger.

A few years ago, such an occurrence would seem less threatening. After all, banks and stockbrokerages merge all the time and transfer personal records. However, today, with massive and easily searchable databases, the transfer of data about us without our consent is frightening. Yet that was the company's main asset, its customer database, with my name and travel preferences.

Some companies also gather data merely for the purpose of selling it. Few protections against these practices have been established, though some have been proposed in Congress. I attended a Washington hearing between the top administrators and business representatives, and the overwhelming message from the capitol is that self-regulation is going to be the only choice we have of the ethical handling of our information by e-commerce businesses.

Privacy of Information You already have zero privacy -- get over it." Scott McNealy, chairman and chief executive of Sun Microsystems[10]

One of the worst aspects of credit cards and computers and digital information is that I cannot even hide from myself, let alone from the rest of the world. The Visa card readout tells me more than I want to know. Formerly, when we dealt in cash and checks, we had little idea how we spent our money. With credit cards and electronic money, the bank not so kindly itemizes my expenses for me so I can see where I spend it -- hotels, travel, meals, and entertainment -- not a pretty sight.

In a textbook that I am working on, to make students think about privacy I use this scenario:

Today there are Websites that provide roadmaps of most cities. These sites assist in finding particular addresses and provide zooming capabilities for viewing the layout of small neighborhoods. Starting with this reality, consider the following fictitious sequence. Suppose these map sites were enhanced with satellite photographs with similar zooming capabilities. Suppose these zooming capabilities were increased to give a more detailed image of individual buildings and surrounding landscape. Suppose these images were enhanced to include real-time video. Suppose these video images were enhanced with infrared technology. At your own home 24-hours-a-day. At what point in this progression were your privacy rights first violated?[11]

Marketers say that consumers give out their information "willingly" in exchange for services, but cookies from banner ads are invasive. A friend of mine wrote this email message:

� I was looking at www.cnn.com this morning when I got a cookie alert. It said something like, "To increase your viewing experience we would like to install a small file 'cookie' on your system."

Upon clicking on "more info," the cookie was from a banner ad, for Nicorette[a product to help you stop smoking].

Seems like the phrase should have said, "To provide info to the advertiser..."[12]

Likewise, when we open up email containing a Web page, another cookie could be left on our drive, and this time, because it arrived through email, our exact email address can be linked to data about sites that we previously visited.

Prominent companies are associated with privacy invasion. After a lawsuit, the Chase Manhattan Bank and the Internet company InfoBeat will no longer be sharing customer data with telemarketers. Chase had violated its own privacy policy when it divulged personal and financial information about as many as 18 million credit card and mortgage holders across the country, while InfoBeat inadvertently provided customer email addresses to advertisers because of a software problem that has since been corrected.[13]

For years, people in many countries have worried about national databases and national identity (ID) cards. In one very public case, a New Hampshire company began planning to create a national identity database for the United State federal government. The company would have begun by putting driver's license and other personal data into one giant database.[14] The company officials believed their system could be used to combat terrorism, immigration abuses, and other identity crimes, and the company received $1.5 million in federal funding and technical assistance from the Secret Service. This piqued the interest of foreign governments who inquired about whether technology could be used to verify the identities of voters.[15]

Privacy advocates complained loudly about the plans to scan in license photos, and states stopped their plans to sell the information. However, the company intends to offer a revamped version of its system that will gather photos and personal information from one customer at a time at retailers, banks, and other participating companies. By collecting photographs individually, the company hopes to head off complaints that it is violating drivers' privacy by gathering the images without their consent.[16] Just as supermarkets gather data about our shopping habits, slowly this company will compile data linked to a picture, eventually building a huge database capable of identifying all of us.

As for government information, recall that government agencies are publicly owned, and they are required by law to give open access to the information they hold. The government cannot copyright information. With the data produced by global positioning systems, GIS, businesses can create entirely new data out of old information, and that may then indirectly reveal information that is supposed to be private.

The Future

A computer scientist summed up the battle this way:

In this age of information, we, the professionals who are entrusted with this data, are increasingly being looked at as people who are no better than a drug dealer who stalks out an elementary school looking for future clients. We possess something much more powerful than drugs, though, we have at our control the information stores that control the world and most of the people who inhabit it.[17]

I began by talking about identity, information ethics, and trust. Just last night I discovered classmates.com. This Website allows me to locate old chums from the Ukiah High School class of 1964. If I want to email them, I pay $25 for that privilege for the coming two years. I didn't hesitate to join, to give them my email address, Visa card number, and all the information that anyone needs to track me down. The site owners will be instantly rich, even though the site could disappear in three months. I have no guarantee, no assurance whatsoever. What they sold me was irresistible, the chance to find old friends. Compare $25 with the effort it would take to locate these people -- it's a bargain. Or is it?

After several million of us have suffered identity theft, people will call for a technological fix. We can imagine being forced to accept national IDs, implanted chips, and retinal scans. How else can we trust that people are who they say they are? Yet, does a match on a retinal scan really tell us anything? Couldn't someone switch the master database, so the scan is linked to another identity? Information is only as good as the integrity of the database underneath it.

As far as the national identity card issue goes, the government will not lead the way, but business will. The brave new world envisioned by the Hewlett-Packard Company gives me pause. They predicted that in the future, a doctor will pick up a context-aware badge when entering a hospital. The badge will recognize the doctor through biometrics (fingerprint, iris, face or voice recognition). A global positioning system device in the badge will physically locate the doctor. The badge will know what's going on around the physician because servers will be embedded throughout the facility, and everyone else will also be wearing context-aware badges.

When the doctor enters a room, the system will recognize the doctor, confirm that he or she is seeing the right patient and the relevant charts will automatically come up on a computer screen. If someone approaches the screen who isn't authorized to see the patient information, it will go blank.

Is that so far away from where we are now? The technology is in the hands of people acquiring instant wealth, and whose children expect to be rich by the age of 25. Reports from Silicon Valley truly concern me.

I would look at the activists today to see what hope we have for the future. A century ago we had radicals fighting for equal rights for women, and the government stepped in and stopped the mailing of lynching post cards. Today we have organizations like CPSR(Computer Professionals for Social Responsibility) and EPIC (Electronic Privacy Information Center) and the ALA (American Library Association) espousing information ethics. Who knows? Maybe when enough people are touched personally, there will a shift in thinking.

Until that time comes, fasten your seatbelts. We are in for quite a ride.

---

Marsha Woodbury (http://www.cpsr.org/~marsha-w/) is a lecturer in the Department of Computer Science, College of Engineering, University of Illinois at Urbana-Champaign. She is a curriculum developer and faculty member of the Information Group of the Women's International University (IFU) in Germany in 2000 and the former chair of the Computer Professionals for Social Responsibility. This paper was presented at The Institute for Legal and Ethical Issues in the New Information Era: Challenges for Libraries, Museums, and Archives conference.

�[1] Clayton, Jace (2000) "Without Sanctuary": A Display of Lynching Photography http://www.africana.com/index_20000323.htm as seen May 12, 2000

[2].Mason, Richard O. (1986) Four ethical issues of the information age, Management Information Systems Quarterly, Vol. 10, Number 1, http://www.misq.org/archivist/vol/no10/issue1/vol10no1mason.html

[3] Forrester, George (Apr 2000) My View: Hollow.Com http://www.forrester.com/ER/Marketing/0,1503,183,FF.html

[4] Ibid. [5]Weinberg, Jonathan (1999) Hardware-Based ID, Trusted Systems, and Rights Management, 52 Stanford Law Review, (forthcoming 2000). http://www.law.wayne.edu/weinberg/trusted.1201.PDF

[6] O�Brien, Timothy(2000) Aided by internet, identity theft soars New York Times On The Web, April 3 http://www.nytimes.com/library/tech/00/04/biztech/articles/03theft.html as seen May 12, 2000

[7] Ibid.

[8] Berghel, Hal (2000) Identity theft, social security numbers, and the Web, Communications of the ACM, Vol. 43 No 2, pp. 17-21

[9] Friedman, Milton (1991 The social responsibility of business to increase its profits, Ethics, Leadership, and the Bottom Line, eds. Charles Nelson and Robert Caveny (Croton-on-Hudson, New York: North River Press), p. 245

[10]Markoff, John (1999). A growing compatibility issue in the digital age: computers and their users' privacy. New York Times on the Web. March 2. http://www.nytimes.com

[11] Brookshear, J. Glenn, Computer Science: An Overview, 6th Edition, Addison-Wesley, 1997, p.5340

[12] Teicher, Steve (2000) personal communication, February.

[13] New York Times,(2000) Jan. 26 http://www.nytimes.com/aponline/f/AP-Internet-Privacy.html

[14] McCullagh, Declan (1999) http://www.wired.com/news/news/politics/story/21607.html as seen May 12, 2000 Smile for the US Secret Service, Wired News, 7 Sep 1999

[15] O'Harrow, Robert Jr. (1999) Firm changes plan to acquire photos drivers' pictures ignited privacy furor, Washington Post, Friday, November 12, Page E03.

[16]Ibid.

[17] Robert Stinnett (1999) Ethics in the Age of Information http://www.theultimateos.com/editorials/oct99/ethics.asp May 12, 2000