The following text is copyright 1998 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

Traveling down the road to exposure

By Scott Bradner

Network World, 7/27/98

A t first the news was astonishing: Sabre Group Holdings, the
company that runs the Sabre system that deals with airline and other
reservations for a good chunk of the travel industry, announced it was
going to sell your travel plans.

On July 6, two days after Independence Day, PC Week online
reported that Sabre was planning a service by which customers could
find out where travelers were going even before they traveled. Sabre
CEO Michael Durham was quoted as having said, "Think about how
much companies would pay for [the names of] people who have
reservations to go to specific places at specific dates and times."

Think of the advantages. You could be inundated with offers from
tour guides, limousine companies, restaurants, streetwalkers and
purveyors of tickets to shows and concerts even before you leave
your house. As one who travels far too much, I can hardly wait. By
the way, nowhere in the PC Week article was the word privacy
mentioned.

Two days later, the Sabre Group issued a statement saying that they
"do not sell passenger names or other private information without the
consent of the passenger and have no intention of doing so in the
future."

So there seems to have been some misunderstanding that led to the
original story. In fact, a Sabre spokesperson said the company never
planned any such thing and thinks the reporter was just confused
somehow by a theoretical discussion of the data.

What makes me particularly sad is that the first report was so
believable because plans of this type do fit right into the norm for
U.S. business. The privacy of the individual is seen as an impediment
to normal business operations. This contrasts starkly with the efforts
now underway in the European Union (EU).

Starting in October 1998, new regulations come into effect in the EU
that place strong limits on what businesses can do with data they
collect from their customers. Many of the most routine operations of
U.S. banks in dealing with the credit cards they issue would be illegal
under these regulations. Sabre's statement specifically notes that the
company complies with EU privacy regulations.

The U.S. government is now engaged in a series of discussions with
the EU with the apparent goal of preserving the freedom of U.S.
corporations to do as they see fit in the privacy area.

The hope is that U.S. corporations will decide to do the right thing to
protect the privacy of your data by publicly saying what they will do
and sticking to their orignial statement. The idea is that if you do not
like their policy, you don't do business with them. That is easy to do
in theory unless the company provides your electricity or some other
hard to duplicate service.

Our government has a number of good reasons to say that laws
requiring the protection of private information are not a panacea. But I
will say that I'd sure like to be able to point the cops at a U.S.-based
corporation that violates my privacy rather than hope that some private
consortium will slap its hand.

Disclaimer: Harvard has been suspicious of panaceas for a rather
long time, but the above wish for cops is my own opinion.