Fun_People Archive
27 Jan
Don't ask, don't AOL


Content-Type: text/plain
Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
From: Peter Langston <psl>
Date: Tue, 27 Jan 98 19:30:36 -0800
To: Fun_People
Precedence: bulk
Subject: Don't ask, don't AOL

Forwarded-by: "Ford Prefect" <weed@bucket.pp.ualr.edu>
Forwarded-by: Bart Dorsey <bdorsey@bhs1.dsc.k12.ar.us>

http://www.news.com/Perspectives/Column/0,176,110,00.html?st.ne.per.gif.a

	Don't ask, don't AOL
	Signal2Noise - By Margie Wylie
	NEWS.COM
	January 21, 1998, 4 a.m. PT
	URL: http://www.news.com/Perspectives/Column/0,176,110,00.html

Little lapses in electronic privacy can hurt a lot. Ask Navy sailor Timothy
R. McVeigh.

At midnight on Friday, McVeigh's 17-year Naval career is slated to end
because the Navy believes he entered the word "gay" in his America Online
profile. Unlike the other Tim McVeigh--the one convicted of bombing the
Oklahoma City federal building--this highly decorated senior chief petty
officer has enjoyed a distinguished military career with a spotless record
until now.

It all started in December when a civilian employee received an email from
someone she thought might be McVeigh. Unsure of the sender, she checked his
online profile, where she found someone described only as "Tim" of Honolulu.
In the marital status box was typed "gay." She forwarded the information to
the Navy, which held a hearing and promptly discharged McVeigh in response.

What made the Navy so sure this Tim is one and the same as its top enlisted
man on the nuclear attack submarine Chicago? Simple. It rang up AOL and
asked.

Anyone who subscribes to an online service should be rattled by McVeigh's
plight. Not only did AOL apparently ignore its own privacy policy in his
case, but both AOL and the Navy appear to have flagrantly violated a federal
privacy law.

The Electronic Communications Privacy Act of 1986 (ECPA) requires government
agents to identify themselves and present a court order to get online
subscriber information. It also requires that online providers demand a
court order before releasing subscriber info. In McVeigh's case, neither
happened. A Navy investigator simply called AOL customer service and spoke
to an "Owen" who allegedly linked the member profile to McVeigh.

Yet, because this privacy law is so weak, neither the Navy nor AOL is
clearly responsible for quite possibly ruining the 36-year-old's military
career. The career Navy man is just three years short of collecting a
pension.

McVeigh is suing the Navy for violating the ECPA and his constitutional
rights to due process and freedom from unlawful search and seizure. In an
11 a.m. hearing in Washington today, he asked federal Judge Stanley Sporkin
to counter the Navy's ouster order originally scheduled to be executed
today.  At today's hearing, the Navy delayed the order until Friday.

Even if McVeigh can prove that the Navy and AOL knowingly violated the ECPA,
there's no prescribed penalty for either party. "It's what we call in the
law a 'wrong without a remedy,'" said David Sobel, counsel for the
Electronic Privacy Information Center, who has been assisting the
Servicemen's Legal Defense Network in McVeigh's case.

In fact, Sobel believes that such privacy violations occur regularly in the
private sector, but are rarely detected (much less punished) because the
ECPA only limits governmental officials. It puts no curbs on private
parties. "Most of those cases are invisible, not only to the public but to
most of the victims," said Sobel. "You could have exactly the same scenario
outside the military," but the employee could be fired without ever knowing
why. McVeigh's case is unique because the details have been recorded in
sworn testimony.

If the Navy in its wisdom (or desperation) takes as fact something written
in an AOL profile, then what's to stop a private employer from doing the
same? Tim of Honolulu could just as easily have claimed to be Wonder Woman
or a unicorn as he could claim to be gay or in the Navy. Being written in
a profile doesn't make it true.

If today's electronic privacy laws are so weak, then the voluntary privacy
guidelines proposed by the Clinton administration are sure to be weaker.
AOL has demonstrated clearly that when push comes to shove, we cannot expect
that private industry will voluntarily protect anyone but itself.

As if to illustrate this point, AOL's behavior has been unswervingly
self-serving. With a man's career in the balance, the online service
provider squawked it had done nothing wrong, this without first conducting
an investigation. The next week, as the case started getting press
attention, AOL decided it would, in fact, look into the matter. But it
refused to answer questions about when and how it intended to do so. Today,
the company admitted it had violated its privacy policy but attempted to
deflect most of the blame onto the Navy.

Throughout the denials, the online service was consistent about one thing:
AOL steadfastly insisted that it can't be at fault because it has a privacy
policy. (Yeah, and Brinks policy frowns on an armored truck guard shooting
his partner and stealing millions of dollars, too.) As if that weren't
enough, AOL canceled McVeigh's account. His email appeals for help were
deemed, ironically, a violation of AOL's policy against spam, or unsolicited
emails.

But I'm not just tarring the entire electronic information-gathering
business with the broad brush of one AOL failure. Over the years, personal
electronic records have been abused again and again. Remember those IRS
employees who surfed through celebrity tax returns for fun or enemies'
returns for revenge? What about Department of Motor Vehicle employees who
sold addresses? Remember P-Trak, the Lexis-Nexis service that sold Social
Security numbers? AOL itself only recently relented to demands that it not
sell subscriber telephone numbers to some telemarketers.

Senior White House adviser Ira Magaziner recently told an industry gathering
that if companies don't curb themselves, they'll soon face privacy
regulations. But why wait? The difference between passing privacy laws now
and later is only a matter of so many more personal tragedies, like
McVeigh's.

At the very least, existing electronic privacy law needs to be amended with
a set of dentures--some penalties that will put a little bite in its bark.
And it needs to extend to private parties the same burden of due process it
now requires of government.

If the Navy succeeds in drumming out McVeigh based on an electronic fishing
expedition, it should rename its policy "Don't ask, don't AOL." In this
legal climate, entrusting your online service provider with personal
information is tantamount to "telling."

___________________________________________________________________________
Margie Wylie tells it like it is about the culture, laws, and customs of
the Information Age in this space on Wednesdays.



prev [=] prev © 1998 Peter Langston []