P1: c-143Braynov-2
Braynov2 WL040/Bidgoli-Vol III-Ch-05 July 11, 2003 11:43 Char Count= 0
PERSONALIZATION ANDPRIVACY 61They also provide profile generation, session and event-
based monitoring.
NetPerceptions (http://www.netperceptions.com) is
another provider of CRM systems, based on collaborative
filtering. NetPerceptions provide tools for one-to-one mar-
keting and for real-time cross-sell and up-sell recommen-
dations. The core technology is the GroupLens software
for generating product recommendations.
Vignette Corporation is another provider of software
for dynamic content management. Their Vignette V6 re-
lationship manager server uses rule-based filtering, user’s
viewing activities, and historical data to generate cus-
tomized recommendations. The system also allows busi-
ness users to define their own rules for content delivery.PERSONALIZATION AND PRIVACY
With personalized online service, concerns about privacy
arise. In general, e-commerce sites must strike a difficult
balance: they must recognize a returning customer with-
out violating his privacy. According to Alan Westin (1997)
privacy is “the claim of individuals, groups, or institutions
to determine for themselves when, how, and to what ex-
tent information about them is communicated to others.”
Many personalized Web sites collect and store personal
information, keep track of user online behavior, or build
individual profiles without the consumer’s consent. On
June 13, 2000, the Federal Trade Commission (FTC) is-
suedOnline Profiling: A Report to Congress. The report
found that many banner ads displayed on Web sites are
selected and delivered by networks of advertising compa-
nies (such as 24/7 Media, AdForce, AdKnowledge, Avenue
A, Burst Media, DoubleClick, Engage, and MatchLogic)
without the consent and knowledge of customers. Adver-
tising networks can track consumer behavior over large
networks of interrelated Web sites and build consumer
profiles. Although the profiles are usually anonymous (i.e.,
they are linked to a cookie or a session ID number), many
advertising networks also have sociodemographic pro-
files (acquired from third parties) that could eventually be
linked to anonymous profiles. For example, in 1999 Dou-
bleClick purchased Abacus, a direct marketing company,
with a database of over 88 million buyers profiles collected
from catalog retailing. DoubleClick planned to merge that
database with its own database containing clickstream
browsing patterns for over 10 million Internet users.
Some privacy advocates believe that even anonymous
profiles permitdigital redlining andweblining. Digital
redlining refers to the ability of a Web site to limit the
information customers want to see to that chosen by mar-
keters. This holds the potential of manipulating the shop-
ping environment to the advantage of the merchant and
influencing customers’ purchasing decisions and buying
habits. The concept of weblining refers to discriminating
between customers based on their profiles and charging
selected customers higher prices.
The FTC report outlined the following fair information
practices:Notice: Web sites collecting data must disclose their
information practices before collecting personal
information from users.Choice: Users must be given choice with respect to
whether and how personal information collected from
them may be used.
Access: Users should be able to access and check the accu-
racy and completeness of information collected about
them.
Security: Web sites collecting personal data must ensure
that these data will not be used without authorization.There are many technology-based solutions for pri-
vacy protection. One expected to have significant impact
is the Platform for Privacy Preferences (P3P) proposed
by the World Wide Web Consortium. P3P is designed to
enable users to exercise preferences over Web sites pri-
vacy practices. It allows users to compare a Web site’s
privacy policy to their own standards prior to visiting a
Web site or disclosing private information. P3P includes
a standard vocabulary for describing privacy policies, a
set of base data elements that Web sites can use in their
policies, and a protocol for requesting privacy policies.
Privacy policies are specified in XML format and can au-
tomatically be fetched and analyzed by a Web browser.
If the Web site’s policies do not agree with the user’s pri-
vacy preferences, the browser can either warn the user or
disable certain functionality. P3P automates privacy state-
ment disclosure and eliminates the tedious and repetitive
process of reading privacy statements.
P3P has received a lot of criticism, mostly because
it does not address the issue of enforcement of privacy
agreements between users and sites. P3P does not es-
tablish specific privacy standards; instead, it provides a
framework on which to build privacy mechanisms.
Another type of privacy protection tools is anonymizers
(Anonymizer.com, Zero Knowledge Systems, safeWeb).
They serve as proxies between browsers and Web sites and
hide the user’s identity. Many of them offer anonymous
browsing, file downloads, e-mail, etc. The main dis-
advantage of anonymizers is that they cannot support
e-commerce transactions, which usually require the trans-
fer of financial and personally identifiable information.
Many personalization advocates believe that the In-
ternet will make a significant leap forward in efficiency
when it will automatically recognize the digital identities
of individual users. Digital identity is the codification and
archiving of personally identifiable information, i.e., in-
formation from which a person can be identified (such as
name, address, SSN, fingerprints, and retinal scan). Cur-
rently there are two prevailing identity services: Liberty
Alliance Project Liberty 1.0 and Microsoft.Net Passport.
Both of them rely on the concept of federated authentica-
tion, which allows a user to visit several Web sites with a
single sign-on. For example, in Microsoft.Net Passport the
user profile is stored on a Microsoft server that (with the
user’s approval) shares the information with participating
Web sites. This raises some doubts as to whether digital
identity services provide sufficient protection of privacy.
Users can easily lose the ability to control how and to what
extent information about them is shared with marketing
firms, governmental agencies, and other third parties.
Liberty Alliance does not centralize personal informa-
tion. Instead, information is distributed across several