Consumer protection and privacy groups were encouraged last week when Intel Corp., Santa Clara, CA, changed a feature in its upcoming Pentium III processor amid high-profile calls for a boycott from The Electronic Privacy Information Center, Washington, and Junkbusters Inc., Green Brook, NJ.
The role of privacy groups and their ability to influence policy and events in other arenas raises questions as governments and business leaders worldwide contemplate more technology, the demands of commerce, the European Privacy Directive and the debate over its ongoing implementation.
At stake for Intel was the company's initial plan to incorporate automatic identifying signatures into its next generation of computer chips, a draconian technological move, according to critics who argued that it compromised consumer privacy and potentially allowed the transmitting of serial code numbers on all applications run and Internet sites visited by the user.
The battle was short-lived but included a searing public attack on Intel with characterizations of its new Pentium III chip as “toxic hardware” and a mocking reduction of its branding slogan to “Big Brother Inside.”
Despite cautions from analysts, Intel had played down the notion that the next generation of computers would allow consumers to be tracked as they operate programs or move across the Internet. But at a critical point in the debacle, Rep. Edward J. Markey (D-MA) asked Intel to rethink its plans to unveil the new technology. He also, no doubt, reminded the company that commerce officials were conducting negotiations with European leaders over sensitive privacy issues.
In the end, Intel bowed to the pressure and said it would redesign the chip so it would not automatically transmit a user-identifying signature unless the consumer activated the feature first. Previously, the technology would have required the user to disable the feature each time the computer was restarted.
The upshot is that the technology still will be present in the new Pentium III chip. What has changed is who decides whether the identifying signature option is activated — and in the workplace that decision is not likely to be delegated to each individual computer user.
However, many analysts concede there is a different standard for the workplace, a point somewhat acknowledged by privacy advocates. Others have pointed out that even though Intel has agreed not to automatically program its new chip to transmit a signature at the time of purchase, many large corporations may be attracted to the technology for their own security reasons. And therein lies one of the many issues the Commerce Department still needs to address.
“I think it's a positive sign that Intel is acknowledging problems,” said David Banisar, an attorney and senior policy analyst who works on privacy issues, encryption and new surveillance technologies at the Electronic Privacy Information Center.
But not even a partial victory could be culled from published remarks by Marc Rotenberg, executive director of the center, who said Intel's latest decision constitutes merely a “partial fix” and much more needs to be done.
To be sure, Intel's next generation of processors plays a role in addressing emerging security concerns for governments as well as businesses, but its ability to offer such a feature reflects the paradoxical role it can't help from being cast in — especially in the emerging international tug-of-war over commerce policy.
Whether Intel's willingness to negotiate the technological terms of its products will embolden other action groups to step up their efforts is yet to be seen. But other activities related to the electronic control over business, consumer and employee information have been taking place among human resource and information management leaders in this country in addition to those U.S. commerce officials have been conducting in Europe. Although they have received far less media attention, they say just as much about how urgent global privacy issues are — as well as how high the stakes may be for those who want to control policy implementation and compliance.
However, Intel seemed untroubled by such events before its agreement to alter the Pentium III. Indeed, a temporary embarrassment, the rhetoric that mounted and the public relations assault had occurred just as David Aaron, Undersecretary of State for Commerce, was meeting with Europeans regarding U.S. privacy codes and their relation to the new European Union privacy rules.
Also, senior privacy analysts and speakers presenting information on the European Privacy Directive had finished a benchmark two-day conference in New Jersey with leading human resource professionals representing U.S. corporations with operations in Europe.
At that event, which was sponsored by Privacy & American Business and the International Association for Human Resource Information Management, a significant portion of discussion surrounded the challenges business leaders, human resource professionals and information systems managers are facing. And much attention was focused on employee records, international data transmissions and the general maintenance of sensitive computer information between the European and North American continents. But there also seemed to be varying degrees of opinion and understanding of what the European Directive might ultimately mean for U.S. business interests and how leaders should go about communicating and planning for changes.
Moreover, conference attendees must have been taken back by the Intel flap after having just inculcated themselves on the importance of protecting privacy in business and its relationship to the urgency of meeting the Europeans on common ground.
One attendee later noted, “What constitutes fairness, balance and compliance — indeed, how those words are defined — seems widely varied” among competing technology leaders in Silicon Valley, the Commerce Department and the various privacy protection groups who are sure to continue exercising their muscle.
Making sense of it all was one of the conference's presenters, Charles Prescott, vice president of international business development and government affairs for the Direct Marketing Association, who remarked, “There is a kind of gentlemen's understanding between the Commerce Department and the European Commission.”
Prescott said there has been “real progress in creating mechanisms pertaining to data and the steps that have been taken by American companies who have an interest in making sure that data continues to flow across national boundaries.” He cited Intel's reaction to a boycott threat as part of a process, and said, “If Intel can publicly announce that it will create a product — and then in light of reaction to the product offer that kind of responsiveness to the outpouring against the product, then [some groups] will see it as a counterbalancing source of comfort.”
Even regarding global policy and how little companies like Intel may appear to regard the EU Directive, which covers all aspects of the processing of personal information and how it flows across borders, Prescott said, “Actually, the Directive is probably better known among business leaders here than in Europe, even though there is surprisingly little cross-border commerce by small companies in Europe.”
So how does Prescott think the emerging global privacy picture looks for direct marketers in relation to other U.S. industry professionals?
“We are light years ahead. The HR community has a captive population to deal with, but their data can be managed in a discrete fashion,” he said. “The DM community, on the other hand, has always had a starting point for good [policy] and that is prospects. We know how to handle lists of consumers who are not yet our customers and we know how to handle consumer information even if it's subject to a certain amount of regulation.”
In the meantime, industry analysts continue to warn that precautions need to be taken to avert a possible trade war should businesses be prohibited from transferring computer data with the European Union.
Intel said it will continue working with privacy groups and the company won't maintain a master database of computer product serial numbers that can be matched to consumers.