June 2, 1997
Privacy profiles should ease the path to commerce
By Bob O'Donnell
Standards are the grease on the wheels of electronic commerce, and last week's
announcement of a personal ID standard may be the single most important Internet
announcement of the year. The Open Profiling Standard (OPS) announced by Netscape, Verisign
and Firefly (See "Proposed
profiling standard aims to protect privacy on Internet") was lauded by many in
the Internet industry as an important step toward improving privacy on the 'net. The fact
that it's supported by organizations as diverse as the Electronic
Frontier Foundation, a representative of the Federal
Trade Commission and numerous industry vendors is undoubtedly a good sign. The absence
of Microsoft from the initial list of vendors, however, is not. Still, it seems there's a
lot of industry good will developing around the proposal.
The basic idea behind OPS is simple and extremely useful. Each individual who ventures
onto the 'net will be able to create a user profile of him or herself. When visiting sites
that request information using OPS standards, the user will be able to decide what, if
any, information from the profile should be sent back to the site. To ensure privacy, the
data will be encrypted both on the user's disk, where it's stored, and in transit to the
site they're visiting. Even more important, in my opinion, you'll only have to fill out
the user profiling information once. The days of constantly filling out registration forms
that keep asking for the same information over and over may finally go away if the World Wide Web Consortium gives a formal nod to the proposal.
The tangible results of this are critical to electronic commerce because, as stupid as
it may sound, having to constantly fill out online forms has turned me off from making
purchases online. And I don't think I'm the only who feels this way. I'd rather pick up
the phone, dial an 800 number and have somebody else fill in all that information for me,
especially if the only benefit of ordering online is the satisfaction of knowing that I'm
technologically hip.
Of course, there's a lot more to OPS than just avoiding the drudgery of filling out
online forms. Other simple, but really practical, benefits include the ability to
automatically remember passwords to all the different password-restricted sites you visit.
Some browsers already have similar features, but none offer the encryption and security
promised by OPS.
Also, it seems OPS could make the controversial "cookie" files obsolete,
since the user profiles can provide all the information that's commonly stored in cookies,
such as personal preferences, passwords, etc. And unlike cookies, OPS would allow the user
to see and control what type of information is sent. According to a recent study by the Boston Consulting Group on
electronic commerce, this could lead to an increase in online transactions of $6 billion.
OPS profiles should also spur the development and usage of custom profiles for such
things as personalized news delivery and other types of information. In fact, if OPS works
as promised, it may finally spur the development of a real, profitable industry in
personalized information.
As impressive as the capabilities of OPS may be, however, it isn't free of problematic
issues or concerns. Most important, the personal profiles that are created and used as a
core part of OPS could consolidate an incredible amount of personal information in one
place. Currently, personal information may be scattered around on different files on an
individual's hard drive (or may not even be there at all), whereas the OPS profile creates
a highly detailed digital ID that could paint a disturbingly accurate picture of your
life. Those profiles are bound to be an incredibly juicy target for information bandits
and other rogue characters. As long as the encryption is rock solid, your privacy should
be protected, but for many people this will be the first real test of how far they will
trust digital security technology.
Fortunately or unfortunately, depending on your viewpoint, you won't be put to the test
for a while; widespread OPS approval and implementation is expected to take one to three
years. In the mean time, we'll be forced to deal with endless, repetitive online forms,
cookie files and all the other trappings now associated with World Wide Web commerce and
personalized information. If and when OPS does become a reality, however, we'll all be
taking a big step closer to a science fiction-like world of online digital commerce,
information, and identity, with all the benefits and pitfalls that it entails.
©
Copyright 1997, by InfoWorld Publishing Corp., a
subsidiary of IDG Communications, Inc. Reprinted from InfoWorld,
155 Bovet Road, San Mateo, CA 94402. Further reproduction is prohibited.
