1 2 3 4 5 6 7

Americans are particularly vulnerable to this because the country has so few privacy laws. But given the Net's international character, even stiffer laws like the European Community's planned data protection directive may not be able to offer much protection. The directive will cover data collected in or exported from a European country--for example, a German subsidiary office wanting to send marketing data on to its American headquarters may run into problems because of the United States's lack of regulations concerning its use. But no amount of European legislation can cover a Web site based in the Philippines using a .COM address and collecting personal information directly, and that company would be free to sell on that data however it likes. It's not a difficult situation to imagine: the site might be conducting medical or other surveys, where the visitor believes there will be some benefit in filling in the form. And people do supply the most incredible information about themselves online without asking many questions: the Survey.net site, for example, has collected a huge range of personal responses covering everything from drug use to masturbation.[17]

The ready availability of search engines also has its downside. They have aggregated what were thought to be ephemeral communications into great repositories of personal profiles. On the Usenet archiving service Deja News,[18] you can hit a button to display a listing of all the postings made from a particular email address back to March 1995--a time when surely everyone expected their words to be expunged after a few days. A similar service, Reference.com,[19] searches mailing lists, whose members typically expect their comments to be seen only by other members. It can't be long before personnel directors start using these services to check out prospective employees--tomorrow's equivalent of today's failed urine test may be the discovery that you once posted a message to alt.drugs.

Meanwhile, the Net's technical direction poses a different set of problems. The same graphical interfaces that make computers easier to use for the non-technical also demand more powerful computers and make disabled access more difficult. The common denominator of the Net used to be text; older systems such as CIX, the WELL, and most BBSs demand that you interact with them by typing in commands. One of the earliest Web browsers, Lynx, is still used on such systems to access the Web. It's not as easy or pleasant as pointing and clicking, but it does the job. And, more importantly, text can be fed into a text-to-speech processor or displayed on a Braille output device for the blind, or magnified for the partially sighted. Probably about a quarter of the Web's users browse using only text at least some of the time, either because they're limited to a Lynx system or because they turn off the graphics (and therefore the ads) in order to get pages to download faster; try this and you quickly find how many developers don't bother to insert text to display instead of graphics (via the ALT tag in the formatting language for Web pages, HTML, added after campaigning by the Yuri Rubinsky Insight Foundation) so text-based users can navigate.[20] The W3 Consortium, the MIT-based group that manages the Web's future, is well aware of the problems the Net poses for disabled access as audio and video are deployed and is working to form an worldwide coalition to cover this area, but the effort is in its infancy.[21]

In the meantime, a set of professional standards needs to be defined. Few people, when they open an account on an online service or Internet provider, think about what will happen if they decide to close it in order to change services. There are no standards governing ISPs' responsibility for forwarding email after the account is closed. I don't know of any that even offer such a service, even though forwarding is standard in the postal and telephone industries. There isn't even any agreement on what constitutes Internet access. If a provider says it offers a certain speed of connection from its servers to the Internet, should it be required to submit its claim to third-party certification? A situation like this arose in the United Kingdom in 1995, when a small outfit based in the south of England conned even some experienced online users into believing it had large amounts of bandwidth; the truth was it had one small 64K line to a bigger service provider, which eventually shut it off for not paying its bills. Similarly, should a commercial Web site charging fees for access be required to guarantee a certain level of performance for its subscribers? What information about its service standards, protocols, and security measures should an