WASHINGTON-EarthLink Inc. is set this week to respond to privacy concerns raised about its bid with Google Inc. to build a municipal Wi-Fi system in San Francisco.
The American Civil Liberties Union of Northern California, The Electronic Privacy Information Center and the Electronic Frontier Foundation raised concerns last October about how any Internet service provider chosen by San Francisco would protect its customers’ privacy.
“San Franciscans have the right to a network that respects privacy and autonomy, allowing users to explore what the Internet has to offer, including information about medical conditions and the use of online banking, without fear of surveillance or intrusions,” said the groups. “A main goal of municipal wireless is to bridge the digital divide. Much of the population affected by the divide cannot exercise choice in the marketplace and choose a privacy-sensitive provider. We therefore think it especially important that the city not bargain away privacy by choosing a service provider that commercializes users’ data. … We are skeptical of claims that systems that use transactional logs to target advertising are truly anonymous.”
The groups turned up the heat after it was announced that EarthLink and Google would partner to build the system. Last year, EarthLink and Google submitted separate proposals for San Francisco’s Wi-Fi network. Then, in February, the companies submitted a proposal that suggested a Google-managed, ad-supported free network alongside an EarthLink-managed, fee-based service. In April, San Francisco chose Google and EarthLink to build its municipal Wi-Fi network jointly.
The privacy groups specifically want to know how EarthLink and Google plan to protect the privacy of the users and secure the network. The privacy groups were concerned when initial responses focused more on security and less on the individual privacy.
It is not enough to just have a privacy policy, said the groups. “Privacy notices are not enough. The short history of e-commerce has shown that companies often issue privacy policies that are substantially weak and extend to users few legal rights to redress privacy violations. Minimum standards are necessary.”
Users of the EarthLink/Google system annually must be able to opt in to have their personally identifiable information commercialized, said the groups.
“Opt in refers to affirmative consent, a situation where the user can employ the network for basic services, and affirmatively choose to enroll in additional services. That is, a user does not `opt-in’ to the service by simply using the network,” said the groups. “An expression of affirmative consent should only be effective for one year.”
The privacy groups also want a guarantee that EarthLink and Google will not store personally identifiable information. But that may be a tough one since reports last week suggest the Department of Justice is asking Internet service providers and search companies to keep that data for up to two years to assist in child pornography and terrorism investigations.
Google has already tussled with the Justice Department about giving it search information so it is unclear how receptive it is to these new overtures.
RCR Wireless News Reporter Joni Morse contributed to this report.