Hi Senator Feinstein:
I've just read the online article by Valerie Rice, and I applaud your search for a solution to privacy on the Internet. I believe in voluntary controls as in newspapers and other publications, based on ethics and judgement, and less on regulation. Unfortunately, the persons and organizations publishing and editing on the Internet today are not always schooled in ethics or have the experience or cultural context to exhibit good social decision making. This seems to force us to look to regulation for a solution. I'd suggest however that where the ubiquity of Internet publishing and dissemination technology is part of the privacy problem, other Internet technology can provide the mechanism of a solution.
I suggest you consider advocating the use of combined Digital Signature and Network Directory technology to enhance and expanded on the capability and capacity of the newly touted Open Profile Standard (OPS), making it an Open "Privacy" Standard. Let the person's recorded "Profile" control who can see inside their "privacy domain", as well as control what they're interested in seeing in the world at large. Security-enabled profiling can serve a dual purpose: it identifies the "context" of the person, thus identifying what they want to see (their interests), and what they don't want to show (their privacy), while proving who they are.
A Digital Signature is an encryption artifact issued by a Certificate Authority to a person or computer process (like a news-gathering robot). The Certificate Authority who issues the Digital Signature/Certificate, is a "Trusted" party, who operates within what is called a Hierarchy of Trust, usually following organizational lines. An everyday analogy would be of a government agency (Certificate Authority) issuing a Driver's license (Digital Certificate), which correspondingly serves as an Identity Card (Digital Signature). The root of this Trust Hierarchy/Tree can be maintained by either private or public entities (or both). The result of this Tree of Trust is that Certificates can be decentralized to whatever degree is necessary - so long as the Certificate Authorities are able to tangibly validate each others identity and then to technically "Cross-certify" each other's certificates.
While the Trust Hierarchy identifies and controls who can issue certificates of identity, the Network Directory can identify what information or other resources are available for use, under what conditions can by whom, and display that information hierarchically. Essentially a directory is a hierarchical online catalog of objects managed by an enterprise or multiple enterprises. The best analogy to an online directory is the concept of folders, subfolders, filenames, and file contents presented by a program such as Microsft Windows Explorer or File Manager or another "resource browser", or alternately, and more accurately, the hierarchical email address books found in many newer email programs. The Directory shows known resources, organized by classes/folders, subclasses/subfolders, objects/filenames, and attributes/file-contents.
By themselves, the network Certificate and Directory don't do much in the way of protecting privacy while identifying interests, but when combined with advanced profiling technology, we can approach balanced access within a network. The profile essentially says: here's who I am (the certificate), here's what I'm interested in (picked from the Directory of subjects), here's my background/privacy information (both picked from the Directory and entered directly), and here's who can see what pieces of my profile (picking other people's/process' certificates from the Directory). Note also that this developed profile can now be used to increase or constain the access of the person or process to the Directory information and its links to resources/content (profile=requirement, profile+certificate=permission, profile+certificate+directory=secure access). This is an obvious simplification, so I hope it conveys the capability of the combined certificate/directory/profile approach. It would enable new levels of capability in managing what information we're presented with (our interests), and in what information we show (our privacy).
The terms of the technologies described above are X.500 Directories (with extended Directory Information Tree -DIT and supplemental databases to encompass more real-world objects), and X.509 Digital Certificates.
Roy Roebuck
One World Information System