|Information technology and the Internet—so the
mantra goes—offer significant cost savings, efficiency improvements, and
substantial social benefits. Such assumptions, however, are increasingly
In particular there are concerns that while the
use of technology to process and manipulate information provides many advantages,
it's much harder to protect that information once it's digitized. Moreover,
attempts to increase the security of digital information are proving costly
in both financial and social terms.
For instance, while there are undeniable benefits
to making corporate information available to customers via the Internet
and to partners via extranets, there are inevitable security implications,
including viruses and hackers. "The more access that companies grant to
their networks, the more vulnerability they create since it increases the
number of entry points for intruders," says Allan Carey, a senior analyst
at research company IDC.
And as demand for wireless access to corporate
networks and remote working grows, the costs of protecting information
will rise. IDC predicts that the worldwide market for information security
services will nearly triple to $21 billion by 2005.
Those who sell digital products—such as the publishing,
media, and software industries—are at even greater risk. Since their business
is founded on intellectual property, their very survival rests on the security
of their data. Yet file-swapping services like Napster have demonstrated
just how vulnerable they are. "The problem is that it is far easier to
copy digital information than it is to protect it," says Richard Chapman,
an IT attorney with London-based law firm Berwin Leighton Paisner.
Consequently, new technologies are being developed
to better secure intellectual property in the digital environment. Known
collectively as digital rights management (DRM), they use encryption, software
keys, and electronic watermarking with the aim of restricting access and
prohibiting unauthorized copying.
In addition, governments are updating intellectual
property protection for cyberspace. In 2000, for instance, the U.S. Digital
Millennium Copyright Act (DMCA) went into effect. Likewise, the European
Union (EU) has issued the Copyright Directive, which will see similar laws
introduced in Europe by the end of this year. And acknowledging that information
is increasingly housed in databases, the EU passed the Database Directive,
which creates a unique database right that's designed to prevent unlawful
extraction of data. This was implemented in the U.K. in 1998 as the Database
Critics argue, however, that while much is being
done to secure corporate information, too little effort is going into protecting
personal data. Worse, they add, protecting corporate information is eroding
traditional consumer rights.
Under copyright law, for instance, individuals
are permitted to exercise fair use rights in which they can make copies
of purchased content for personal use. But once it's sealed behind DRM
padlocks it becomes impossible to copy content, regardless of legal rights.
Equally as controversial, the new laws are sanctioning
these restrictions, thereby altering the traditional balance between the
rights of content owners and the rights of the public in favor of large
media companies. In the U.S., the DMCA has been particularly criticized
for its impact on long-standing consumer privileges. "The DMCA is having
the effect of eviscerating the concept of being able to make fair use of
the material that you legally possess," says Barry Steinhardt, associate
director of the American Civil Liberties Union (ACLU). "Further, it is
not preserving intellectual property rights, but expanding them."
The European Copyright Directive will doubtless
attract similar criticisms. "The situation will vary," says Charles Oppenheim,
professor of information science at the U.K.'s Loughborough University.
"But while in some countries fair dealing [fair use] will remain pretty
much unscathed, in others there will be a drastic reduction in the ability
of users to copy for private purposes."
There are also concerns about the Database Directive.
"The law is very widely drafted indeed," says Hugh Brett, a specialist
intellectual property lawyer in the London office of international law
firm White & Case. "So in effect practically anything you copy from
your computer screen is likely to be an infringement of the Database Right."
Moreover, critics argue, in their efforts to protect
their own data—and maximize sales—companies are riding roughshod over consumer
privacy. DRM technologies, for instance, are designed to capture as much
information about consumers as possible, since knowing the identity of
purchasers helps curb unauthorized copying. But this data also provides
valuable marketing information. "If you pay a digital nickel to listen
to a song from Vivendi, maybe Vivendi finds out who you are and what you
listened to," explains Phil Agre, associate professor of information studies
at UCLA and co-editor of Technology and Privacy: The New Landscape."Maybe
Vivendi then sends you advertising for other music you might like. Many
would consider this an invasion of privacy."
Further, like the invisible software programs
known as "cookies" and "Web bugs" that are used to track and monitor users
as they surf the Web, much of this information is harvested covertly. Since
consumers are unaware that more and more information is being collected
on them, says Mark Littlewood, director of campaigns at Liberty, a U.K.
civil rights organization, "they don't realize that they might be under
some form of threat from technology."
The most obvious threat is data spillage. "The
prevailing level of security used to store data on individuals, and the
care with which it is treated, is far too low in most organizations, leading
to frequent leakage of sensitive data," says Jason Catlett, president of
Junkbusters, a U.S.-based privacy-advocacy company.
The severity of the problem was underlined earlier
this year when the Consumers' Association, one of the main advocates of
online security in the U.K., inadvertently exposed the credit card details
of nearly 3,000 of its customers to unauthorized third parties.
In short, says Chris Hoofnagle, legislative counsel
at the Washington, D.C.-based Electronic Privacy Information Center (EPIC),
when stored electronically, personal information is as vulnerable as corporate
data. Yet companies often take it without permission, and then treat it
with less care than their own data. "One of the interesting dichotomies
we see is that companies are making very vigorous attacks on attempts by
individuals to protect their personal information," he says. "Yet at the
same time they are very forcefully protecting their own privacy—insofar
as by preventing the publication of something, copyright can be viewed
as a form of privacy protection."
And while there are counterweights—such as Europe's
data protection legislation—many are skeptical about the efficacy of legal
protection for consumers. "The problem,"says Littlewood, "is that there
is insufficient manpower to enforce the law."
Some, however, believe that the costs associated
with protecting digital information will eventually prove so burdensome—both
for companies and individuals—that people will simply throw in the towel.
"The time will come when the cost of protecting information is so high,
and computer networks proliferate so widely, that individuals and organizations
will for the most part give up the effort to protect their private data,"
says Niv Ahituv, vice president and director general of Tel Aviv University
and author of A World Without Secrets: On the Open Information Society.
"At that point, electronic information will be accessible to everyone."
Carey, however, is skeptical that companies will
ever relinquish control. "Proprietary information provides them with competitive
advantage, so they will never stop protecting their data."
For consumers, however, there may be little choice,
says Chapman. While companies can use protective technologies to secure
their data, there's currently no effective way to protect personal information.
"So it is going to prove far more difficult to protect privacy than it
is to protect intellectual property."
This, combined with the increasing surveillance
powers that governments have sought in the wake of the September 11 attacks,
suggests that privacy is fast becoming a rare commodity.
At the same time, traditional consumer rights
like fair use may simply disappear. The social cost of our digital future
Richard Poynder is a U.K.-based freelance journalist
who specializes in intellectual property and the information industry.
He writes for a number of information publications and contributes regularly
to the London Financial Times. His e-mail address is firstname.lastname@example.org.