FC: The real reason Hewlett-Packard wants Feds to regulate privacy

[Declan McCullagh <declan () well com>]

[Responses follow. One other politech member who asked not to be identified 
told me that that HP's Scott Cooper said privately that some of the states 
(CA, NY, CT, IA, etc.) will establish a horrid defacto standard that could 
be later adopted by the Feds). So it's a lesser-of-two-evils approach, 
albeit a controversial one. --Declan]

********

> From: James Gattuso <jgattuso () cei org>
> To: "'declan () well com'" <declan () well com>
> Subject: RE: Hewlett-Packard CEO wants Congress to regulate web privacy
> Date: Thu, 24 Aug 2000 16:35:39 -0400
> X-Mailer: Internet Mail Service (5.5.2650.21)
>
> Declan -- this was at the PFF conference.  The entire speech was very warmly
> received, although it had many troubling parts.  The quote here was in
> response to a question from John Wohlstetter of Verizon, who was asking her
> (in response to her general theme that the Internet revolution could lead to
> a new Renaissance), whether the Enlightenment concept of limited government
> was essential to gain the benefits she described.  I think she misunderstood
> the question, but her wild reception by the PFF crowd was puzzling to me.

*********

> From: "James Lucier" <James.Lucier () worldnet att net>
> To: <declan () well com>
> Subject: RE: Hewlett-Packard CEO wants Congress to regulate web privacy
> Date: Thu, 24 Aug 2000 11:18:17 -0700
>
> Having been at the Progress and Freedom Foundation Aspen summit myself, I
> think it more accurate to state that Ms. Fiorina, at one point and and one
> time in a speech and q & a that went over for close to 90 minutes -- a long,
> long time -- she briefly reitereted her company's well known public position
> that is forcefully and intelligently represented by HP's technology policy
> director, Scott Cooper.
>
> Briefly put, that policy is to require upfront notice of information
> practices, allowing consumers to rationally choose what companies they will
> do business with.  Upon posting of notice, normal laws against fraud and
> misrepresentation enforced by the FTC would apply, but otherwise privacy
> disclosures would be no more and no less regulated than any other consumer
> disclosures. HP would also support federal pre-emption of state statutes in
> order to create a uniform national legal environment and perhaps a
> Hutchison-type commission to look at access and security issues.
>
> HP may wish to go faster than some companies would, but it is wrong to say
> they are calling for aggressive regulation, I think, or to say the vast
> majority of tech companies would not consider mandatory notice an
> unacceptable outcome if that in fact is the final outcome.  That's why major
> consumer oriented companies are rushing to post increasingly meaningful,
> increasingly understandable privacy policies already.
>
> There are of course diverse opinions in the industry. Many that would agree
> with HP in principle worry that beginning work on legislation now, in a
> climate of public hysteria, and before the public appreciates what companies
> have already done in the way of self regulation, would lead down a slippery
> slope to much more intrusive regulation than anyone in industry would like.
> But that is a disagreement on tactics, not substance.  Bottom line:  HP is
> no outlier on this issue.  It's an opinion leader, as are IBM and Microsoft
> for their respective positions.
>
> Fiorina's speech struck me as being mostly inspirational in tone, describing
> the importance of humanistic values in leadership, particularly from the
> standpoint of a CEO leading one of America's premier high tech names through
> a period of growth and change that the Wall Street Journal had described in
> glowing terms in a page 1 feature that ran that very morning.  The speech
> was unusual in that it drew on Fiorina's background as a medieval history
> scholar and refreshing in that it came after two solid days of geek-speak
> and wonkery -- high level geek-speak and wonkery to be sure, the sort that
> one encounters only at PFF's Aspen summit to be sure,  but still with a
> certain missing element that Fiorina provided.
>
> The people in the room weren't cheering for privacy regs. They were cheering
> for a terrific end to a great two-day meeting in which a lot of good
> opinions were expresed.


********

> To: declan () well com
> From: edyson () edventure com (Esther Dyson)
> Subject: Re: FC: Hewlett-Packard CEO wants Congress to regulate web
>   privacy
> Cc: politech () politechbot com, geoff_gariepy () hotmail com
> Date: Wed, 23 Aug 2000 20:47:44 -0400
>
> I was surprised to see myself quoted as a fan of HP's approach, especially
> since I (unfortunately) had to leave before Fiorina's talk.
>
> "Government and industry can do a lot more." The quote is so out-of-context
> it's meaningless.  Here's some context:
>
> Industry companies could do more to advertise and disclose its data-control
> and security practices, whatever they are, so consumers could choose.
> Consumers could do more to educate themselves. Investors and insurers could
> do a lot more to evaluate and base investments/ratings/premiums on data
> security/control practices. And government could do a lot more to regulate
> its own data-collection and use practices - and abolish Carnivore.
>
> Esther Dyson (speaking for myself, not for ICANN)
>
>
> Esther Dyson                    Always make new mistakes!
> chairman, EDventure Holdings
> chairman, Internet Corp. for Assigned Names & Numbers
> edyson () edventure com
> 1 (212) 924-8800    --  1 (212) 924-0240 fax
> 104 Fifth Avenue (between 15th and 16th Streets; 20th floor)
> New York, NY 10011 USA
> http://www.edventure.com                   http://www.icann.org

***********

> From: Matthew_G_Saroff () raytheon com
> To: declan () well com
> Subject: Re: FC: Hewlett-Packard CEO wants Congress to regulate web privacy
> Date: Wed, 23 Aug 2000 17:09:59 -0500
>
>         I suspect that part of the motivation is a legitimate concern, and
> that part is enlightened self interest.
>         HP customers tend to be rather technically savvy, and as such,
> they are more likely to do things like using cookie and add blockers and
> entering false data.
>         In a regulated environment, these people are more likely to part
> with their data.
>         The number of times that I have filled out a form with the name
> "Nemo Buttlips", a 78 year old man from Uzbekistan boggles the mind (I've
> gotten junk mail addressed to him too).
>
> --
> Matthew G. Saroff
> The Opinions Expressed are not those Raytheon.
> (972)205-4859

**********

> Date: Wed, 23 Aug 2000 11:56:19 -0700
> From: Eric Murray <ericm () lne com>
> To: Declan McCullagh <declan () well com>
> Subject: Re: FC: Hewlett-Packard CEO wants Congress to regulate web privacy
>
> > HP's Fiorina backs Net regulation
> >
> > Putting her company at odds with other industry leaders, Fiorina calls for
> > regulators to step in with privacy standards.
>
>
> Interesting.
>
> Years ago, HP also bought the government's position on crypto export
> control and key escrow.   They went so far as to develop something called
> "Versecure", which was a framework for crypro which allowed a "Security
> Domain Authority", answerable to the government, to control what types
> and strength of crypto was used in Versecure-enabled hardware or software.
> It could also turn on a requirement for escrowing keys with a TTP.
>
> HP got an export license exception for Versecure, with the understanding
> that all crypto companies who signed up under it would be required to
> implement key escrow... a quid pro quo for the NSA allowing the scheme
> to get an export license, or so an HP rep told me.
>
> All of which makes me wonder what deal did HP make, and with which
> part of the government, in return for suppporting Net privacy laws?
>
> --
>   Eric Murray http://www.lne.com/ericm ericm at lne.com  PGP keyid:E03F65E5
> Security consulting: secure protocols, security reviews, standards, 
> smartcards.

************