26 September 2000

Text: Commerce Dept.'s Mineta on Inadequate E-Commerce Privacy

Secretary of Commerce Norman Mineta has warned industries that they must further protect customers' privacy in electronic-commerce transactions or face further government regulation.

In September 26 remarks to the Global Business Dialogue on e-commerce (GBDe) in Miami, Mineta said most Internet users still express anxiety about their personal information going to strangers.

"This administration strongly believes that industry should lead when it comes to problem solving in e-commerce," Mineta said. "But I can tell you as a former lawmaker, governments will respond to public pressure .... If sufficient industry action is not taken, government action is inevitable."

He said industry should give consumers a choice on whether personal data are transferred to third parties, implement privacy guidelines and monitor that implementation.

Mineta also said industry and government should cooperate on improving Internet security from attack and on providing Internet access to more people.

Following is the text of Mineta's remarks as prepared for delivery and made available in Washington:

(Note: In the text "billion" equals 1,000 million.)

(begin text)

REMARKS BY NORMAN Y. MINETA U.S. SECRETARY OF COMMERCE

GBDe KEYNOTE ADDRESS

INTER-CONTINENTAL MIAMI

SEPTEMBER 26, 2000

I am honored to be here today. And while I am delighted to be among my many colleagues in government, I am especially honored to be here among so many leaders from the digital economy.

Much has changed since Secretary Daley addressed the GBDe a year ago at your inaugural meeting. The number of web pages has soared to over a billion, and, by some estimates, as many as 7 million pages are added every day. E-tailing of products in just the U.S. will swell to over $20 billion by year-end. DoCoMo has added 11 million wireless Web users, a ten-fold increase in a single year. And Intel predicts that peer-to-peer computing will create the next Internet revolution. The pace of change is astounding.

Yet, in a way, addressing the GBDe is a kind of homecoming for me. As the former Mayor of San Jose and Silicon Valley's congressional representative for 21 years, I have personally watched and supported the rapid growth of information technology and the digital economy. Most recently, I myself was part of the information technology sector, serving as a managing director of a high-growth subsidiary of Lockheed Martin.

From that perspective, based on government and private sector, legislative and executive branch experience, I want to talk about three key issues that must be addressed by you in order to realize the full potential of e-commerce. Those issues are privacy, security, and digital inclusion.

Before I address those issues, I want to congratulate you on the tremendous progress you have made in just one year. GBDe has managed to bridge the differences on a wide range of difficult issues. And in some areas, such as the guidelines for trust-marks and alternative dispute resolution, you have come an enormous way.

But I have to say I am disappointed that you have not been able to achieve the same success on the issue of privacy. If the digital economy is to keep growing rapidly, customers must feel comfortable that their personal data will be protected on-line.

Right now, there is a growing public sense that individual privacy is at risk. Only 20 percent of Internet sites surveyed by the Federal Trade Commission fully complied with the OECD's [Organization for Economic Cooperation and Development] Fair Information Principles. This occurred despite years of debate in coming up with them. In addition, most Internet users in the U.S. say that they are very concerned about strangers getting ahold of their personal data.

Privacy concerns can slow customer growth -- and that is a problem. This administration strongly believes that industry should lead when it comes to problem solving in e-commerce. But I can tell you as a former lawmaker, governments will respond to public pressure. Here in the U.S., Congress already has bills before it; and several federal agencies are considering regulations or new investigations.

I know how difficult this issue is. A key benefit of the Internet is the ability to collect, compile, and disseminate an enormous amount of information. However, this ability is also the legitimate source of privacy concerns. The way to move forward is to give consumers more control over how their personal information is used.

That is why I believe your privacy statement, as discussed this morning, falls short. The GBDe privacy guidelines must give consumers a choice on whether personal data are transferred to third parties. You also need to make a commitment to implement the guidelines. In addition, the public will expect you to monitor implementation and report back on the progress you are making.

And I urge you to reach out to other companies outside the GBDe and persuade them to adopt these guidelines. This outreach includes consulting with other stakeholders, such as small businesses and consumer advocates, to make sure that what you have come up can work from a number of vantage points.

In an industry evolving so rapidly, industry standards are always the preferred choice. Statues and regulatory regimes are far less adaptable to quick change, but the public demand for action is growing. If sufficient industry action is not taken, government action is inevitable.

A second issue we need to make more progress on is security. The attacks on e-Bay and Yahoo earlier this year, and the spread of viruses such the "Love Bug" caused hundreds of millions of dollars in damages. And the risks are not just from hackers or cyber-blackmailers. Recently, electrical outages put Continental Airlines' operations center out of service. Most of their flights in the U.S. had to be canceled.

This Administration has committed to you -- the Internet industry -- that we will seek to avoid regulation as the way to achieve security. As the owners and operators of much of the Net, you have primary responsibility for getting the job done. But any security system is only as strong as its weakest link. Everyone must do his or her part.

Last week, I met with some business people on B2B [business-to-business] security. And while they obviously are very much aware of the problems, we agreed that they are in need of a plan of action, especially to develop industry-defined standards for security and reliability. So we will work with them through our Critical Infrastructure Assurance Office to define the issues, and see how government can help industry, and vice versa.

We can also work with you to fill the education gap for cyber-security experts. We have, in fact, taken a first step. President Clinton is asking Congress for funds to begin a special "scholarship for service" program at leading U.S. universities to train more cyber-security experts. We can also help with R&D [research and development], and I hope that the Congress will fund our proposal to create a new Institute for Information Infrastructure Assurance at NIST [the department's National Institute of Standards and Technology].

We need to find new ways to cooperate on information sharing and cyber-threat response while recognizing the legitimate concerns of businesses about government access to their networks and to their information.

I look forward to the report that Dick Brown talked about this morning on barriers to information sharing and solutions to the problems. I know one thing: Much of industry is looking for guarantees that cyber-security information shared with the government will not be disclosed under the Freedom of Information Act. Legislation providing that protection was passed for Y2K. I will work to ensure that this Administration supports similar protections for cyber-security information.

A related issue I have an interest in is the challenge of quantifying the risks and the consequences of security breaches. This is something that the insurance industry has had to grapple with in other settings. I have worked with this industry for many years. I am now considering a formal meeting to sit down with e-businesses and insurers to see how the risk management skills of the insurance industry might be able to help find marketplace-solutions to improve e-commerce security and reliability.

The third and final thing I want to discuss is inclusion.

While over 360 million people have Internet access, that is just 5 percent of the world's population. There is no way this industry will continue to grow as rapidly in the future unless all people have access to the technology.

It is not just an American issue. As Commissioner Liikanen says, this is a rare opportunity where social justice and economic interests actually support one another. With all my being I agree with that.

So I am delighted to see that today's first policy session was on building digital bridges to everyone in all countries. And I congratulate those of you who have made commitments following your New York meeting earlier this year and at the G-8 [Group of Seven industrialized countries plus Russia] economic summit in July. Of course, there is still much more for all of us to do. We have, for example, only just begun to address the needs of people with disabilities.

I was with President Clinton last week in Flint, Michigan, where he announced $16 million in federal grants to improve Internet access for the disabled. He also has directed the Cabinet to find ways to allow Medicare and Medicaid pay for technology to enable people with disabilities to live and work independently.

But here too, we need your active engagement. I commend the 45 companies, including GBDe members Hewlett Packard and AOL, who committed themselves to train employees within six months to develop products that give people with disabilities better access to the digital world.

I think you can go even further. According to estimates, only 5 percent of Web pages are fully accessible to the physically challenged. So I ask everyone here today: in the next year, can you make your hundreds of thousands of web pages accessible to people with disabilities around the globe? Tap into the world's software and engineering talent to find solutions. And if we commit to universal access from the beginning of the design process, we can reach more people without increasing the cost.

Including everyone -- regardless of their physical abilities, where they live, how old they are, or how much money they make -- puts new customers on-line for you. But it also gives you the chance to inspire. You will be empowering millions of people. Yours are the technologies of freedom that will let people participate more fully in the social and economic lives of their communities around the globe.

Let me make this one last point. In America, 30 percent of our economic growth comes from the digital economy. And this will be the case for more and more other nations. So we absolutely must have a global e-commerce system that is as effective as the global trading system has been these past 50 years.

As international companies, you have developed policy proposals and business plans with this view. You have also provided a global forum for dialogue about them. We need this kind of forum because there are so many players, so many competing interests, so many technical questions.

Your involvement has had an impact. From the United States to Mexico, Brazil, and Japan, countries around the world are changing their laws to allow the use of electronic contracts and electronic signatures. To date, 19 countries have adopted the WIPO [World Intellectual Property Organization] treaties that protect intellectual property -- well on the way to the 30 needed for these agreements to take effect.

The European Union and the United States recently avoided a trade war by agreeing on the Safe Harbor accord that will make our privacy regimes interoperable. We believe this agreement is one model for global e-commerce policy. It recognizes that every country has its own unique legal system, and that it is unlikely any nation will adopt exactly the same rules or the same way of implementing those rules.

Together, I believe we can continue to make progress in crafting policies that keep the global economy growing, that bring more people into the circle of opportunity, and that advance the democratic values of privacy and security that we all hold so dear.

Thank you very much.

(end text)

Distributed by the Office of International Information Programs, U.S. Department of State.
Web site: http://usinfo.state.gov

This site is produced and maintained by the U.S. Department of State. Links to other Internet sites should not be construed as an endorsement of the views contained therein.