Brave New World: Online security and privacy after Sept. 11

Editor’s Note: Dana Greenlee’s technology column, which normally appears on Friday, is running today so the editor has more time to work on other stories.
In this day and age, trust, security and privacy are a big deal in this new online world.
Mesh all that into issues of homeland security converging with online privacy and you really do have a New World.
We asked Greg Hampson, corporate privacy manager for Microsoft, to give us his perspective on the status quo of online privacy.
In his eight years at Microsoft, Greg has worked to develop privacy technologies within Microsoft’s products and services.
He is also an employee trainer on consumer privacy and data protection and is part of Microsoft’s Corporate Privacy Group.
Q: Everyone is talking about risks and privacy online. Do you have some key steps people should take to protect their privacy?
Hampson: Generally speaking, I try to limit the number of Web sites with whom I have specific business relationships where I’m asked to give up credit card data.
Oftentimes, I’ll do the research online and just use the 800 phone number they have on the site and place the order that way.
Now that may be a false security because there’s a human being at the other end and you’re typically sending a credit card number over clear text on the phone line anyway.
It just provides me a certain sense that it’s not exposed in clear text out on the Web.
But I limit the number of vendors I do business with.
Even though I have multiple banking relationships, I limit the online transactions to one banking institution and I use an account that has relatively modest funding levels in it so I’m not exposing my retirement account.
I’m also very careful to adjust privacy settings that are available.
I trash cookies after almost every session.
Internet Explorer has good privacy settings based on the P3P protocol and it allows you to manage cookies, so I’m very careful about what’s left behind on my machine after I’ve surfed the Web.
I very carefully blow out history files and downloaded content.
Q: How do the privacy settings in the browser work?
Hampson: Go to “Tools,” then “Internet Options.”
There is a tab called “Privacy” in Internet Explorer.
Generally speaking, the “medium” setting is fairly adequate, but for those people who have higher sensitivities to privacy considerations might ratchet it up to “medium-high” or even the highest level, which would block all cookies.
For those that are less concerned about it, you can drop the settings down even lower.
If you take advantage of site personalization, you can exempt specific sites that you go to regularly so they’re exempt from the cookie-handling mechanism which allows you to enjoy the personalization that that particular site gives you while blocking the cookies of sites that you may not be terribly familiar with.
I’d say managing cookies and looking at privacy statements are probably the two easiest things people can do that can give them a reasonable level of comfort when engaging in online commerce.
Q: What’s your take on the security/privacy tradeoff?
Hampson: I think it’s interesting that about a year ago the hottest topic for the online world – and to a lesser extent, the offline – was consumer privacy. Post-9/11, now we’re more concerned about security.
At least it’s more topical with respect to pending legislation and legislation that has been passed.
It’s a very tricky balance. I’m not quite sure how you would characterize the right balance.
Naturally, we don’t want to give up all our civil liberties because those are the things we’re fighting for and we’re fighting for the very preservation of our system.
And yet the external threats are creating anxiety about the types of threats we’re exposed to.
They’re creating real threats to those civil liberties in terms of the types of legislation that’s being proposed.
Q: Should we be willing to give up some privacy in order to protect our national security?
Hampson: I’m not in favor of a national ID card.
I think that the potential misuse of that offsets the potential benefits.
At the same time, in certain contexts – perhaps for travel or driver’s licensing – there may be some benefit in allowing those systems to be tied together.
But I’m not terribly enthusiastic about a single national ID number that can be shared across multiple government agencies, because I think the potential for misuse of that probably offsets the national security protections that it affords.
Q: Greg, do you do much Web surfing when you’re away from Microsoft?
Hampson: Because I spend so much time online at work, generally I don’t use the Web at home.
At home, I use the Web for pretty traditional activities: researching, my kids soccer and baseball teams.
Q: In effect you don’t shop online?
Hampson: I generally don’t shop online. I limit it to one large vendor because I want to have the capacity to shop online, but at the same time I want to limit my privacy and security vulnerabilities.
I don’t want to leave my credit card all over the Web yet, because I’m not quite sure we’re there yet, with respect to both security and privacy considerations.
Q: While at work at Microsoft, where do you go online?
Hampson: I spend a lot of time at because I find it to be one of the best sources of tech information.
So I go from very broad, general news to a narrower set of tech news to a very specific focus on certain web sites that focus on that narrow niche within tech.
The full audio interview with Greg Hampson is available for listening anytime at
Dana Greenlee is a Web designer and co-host of the WebTalkGuys Radio Show, a Tacoma-based talk show featuring technology news and interviews. WebTalkGuys was just named the top “Hidden Gem” in PCWorld Magazine’s August 2002 issue. It is broadcast locally on KLAY 1180 AM Saturdays at 11 a.m. The show is also on CNET Radio in San Francisco and Boston, on the Web at, and via the XM Satellite Network, on IM Networks’ Sonic Box and on the Mobil Broadcast Network. Past shows and interviews are also Webcast via the Internet at