SAN FRANCISCO - Imagine having a computer chip implanted in your fingertip, able to transfer all your vital information - name, birthdate, social security number - to another person with only a handshake.
That kind of instant access to personal information is one concern being raised about an electronic signature bill that breezed through Congress last week. If President Clinton signs it, as expected, the digital authentication law would give electronic signatures the same legal status as scribbling your name on a paper document.
Digital handshakes identifying the user could make doing business on the Internet quicker and easier, eliminating mountains of paperwork.
But privacy advocates warn that they also could make collecting a great deal of information on the same users just as quick and easy.
''A digital signature is like having one key to open all the doors to your life,'' said Ari Schwartz, policy analyst for the Washington-based consumer advocacy Center for Democracy and Technology. ''If you lose that key, your only option is to change all the locks.''
A panel of experts speaking in April at a security conference in Toronto expressed concerns about some unanswered questions in the legislation, which would take effect Oct. 1 if signed.
Lawmakers are leaving it up to others to spell out exactly how the online transactions will take place. The parties involved could reach agreement on a contract format, or they could go through a growing number of third parties offering software that verifies the authenticity of electronic signatures.
That means companies could collect information they don't need and combine it with their customer habits' database to better target people for sales. And hackers might see such databases as inviting targets.
About 80 percent of Internet users cite the potential loss of privacy as the leading concern of doing business on the Web, according to independent polls. Companies, therefore, must be diligent about assuring consumer protections, said Margot Freeman Saunders, managing attorney for the National Consumer Law Center.
''This is one of the most unclear pieces of legislation that I've been a part of,'' Saunders said. ''It will tremendously increase the opportunity for identity theft. It will leave many consumers in a position where they may be forced to accept electronic disclosures in order to obtain a particular product or service.
''There's also a question of whether states maintain the right to set up their own consumer protections,'' she said. ''A lot of these questions might not be answered except in a court of law.''
Some consumer protections have been built into the legislation.
It mandates that businesses using digital signatures must require buyers to make at least two clicks of a computer mouse to complete a deal.
The first mouse click would be to test the electronic link between business and buyer and ensure that the digital signature technology works, much like the process in current Web browsers that displays a little icon of a padlock to show that a secure connection has been established. Then, at least one other mouse click would be required to close a deal.
But consumers also might face the burden of having to prove fraud. In the off-line world, credit card companies generally absorb most of the cost of fraud, but those protections don't exist online.
''We know from things like the 'ILOVEYOU' virus how easy it is in systems for an attacker to break in and get the machine to do something you don't really want it to do,'' said Carl Ellison, chief security architect for chipmaker Intel Corp. ''This kind of legislation is wonderful stuff, but I'm worried about applying it in a blanket fashion.''
---
The bill number is S. 761.
On the Net:
House Commerce Committee: http://www.house.gov/commerce
Center for Democracy and Technology: http://www.cdt.org
Electronic Privacy Information Center: http://www.epic.org
Comments
Use the comment form below to begin a discussion about this content.
Sign in to comment