Past Releases and Reports
About Privacilla
Privacy Fundamentals
Privacy and Government
Privacy and Business
Online Privacy
Financial Privacy
Medical Privacy
Report your thoughts to Privacilla!
Your Source for Privacy Policy from a Free-market, Pro-technology Perspective

Click to return to list of releases and reports

Home > Past Releases and Reports > Remarks to the National Cable and Telecommunications Association’s Meeting of State and Regional Cable Telecommunications Associations

Prepared Remarks of Jim Harper, Editor of, to the National Cable and Telecommunications Association’s Meeting of State and Regional Cable Telecommunications Associations

October 28, 2003

I see from the agenda that privacy is your last topic today before you adjourn for a reception. So this concludes my remarks. Let’s hit the bar.

Listening to the last panel and having watched your industry for years, I am reminded of a flight I took from St. Louis back to D.C. here a few years ago. When you’re flying into Reagan National airport, if you’re not sitting next to a school kid, you’re probably sitting next to a lobbyist. And on this one flight, I struck up a conversation with a guy who was a lobbyist for the State of Illinois on transportation issues. He had been doing it for about twenty years and his issues had been about the same for the whole twenty years.

At the time, I was representing a dot-com company whose issues were changing week-to-week. And our strategies were changing hour-to-hour, if we had any strategies at all.

So with your membership becoming ISPs, providers of VOIP, Web-based business, and, soon enough, interactive TV providers, you are moving from a world not quite as slow this transportation lobbyist’s to one not quite as fast as mine was.

What I am going to do here is survey the privacy landscape for you, and then go rifle shot through some of the issues that you should watch for. Before I get into that, let me describe Privacilla to you briefly. is a Web-based think-tank devoted to privacy as a public policy issue. We try to cover the entire range of issues, including privacy fundamentals, privacy from government, and privacy in the private sector. Within the private sector, we break it down between financial, medical, and online privacy.

On the site, you’ll find hundreds of pages of material about privacy — including a section on privacy basics, which I think is helpful because a lot of people jump into privacy without ever knowing exactly what they are talking about.

One of the things I constantly do is try to bring definition and organization to the various issues that are often called “privacy.” Things are improving, but in the past, for example, “identity fraud” has been called a privacy problem, even though it’s a serious crime problem.

The terms “privacy” and “security” have been used interchangeably at times. Security is all the things you do to protect your operations, data, trade secrets, and physical plant. You have to have security to protect privacy, but having security is not having privacy and vice versa.

You may have followed the hullabaloo about the federal Do-Not-Call list in the last few weeks. Do-Not-Call is often called a “privacy” program even though it’s not. A reporter was able to query the Do-Not-Call list and discover which direct marketing executives had signed up for it. That’s good exposure of hypocrisy, but it also shows that Do-Not-Call listing is a limited purpose public declaration from people who don’t want to receive telemarketing. That’s about intrusive marketing, not privacy.

It’s important to know what issues are truly about privacy and what issues are about other important concepts. Sometimes law or regulation is put forward as privacy protection, even if it is about something entirely different. Some even undermine privacy in one way or another. But a lot of proposals seem to get a political free pass if enough people believe they’re about “privacy.”

With the changing business models and profit lines for cable, you’re also into a whole new range of issues. So let me run through some of the key privacy issues you have before you or on your horizon and, as I said, let’s get to some Q&A because I know I can learn a lot from you, too. I’ll move from the general to the specific.

A number of laws passed at the end of the Session in California, and they are probably going to be regarded as models for other states to follow in the near future.

As you know, there was a substantial law passed to regulate information-sharing by financial services companies. The definition of financial services has been pretty broadly stretched lately, but I think you can be relatively confident that cable programming and telecommunications are still not a financial service.

That law overshadowed another, very interesting, one. This law requires all businesses in the state to inform consumers who request it about the type of information they share for marketing purposes and who they share it with. All these businesses have to have a defined link on their Web sites leading to information.

It’s an interesting law and the consequences aren’t clear to me yet. It could be another mattress-tag requirement, or it could be a valuable tool for consumers. There’s a decent chance that it will create confusion among consumers. This law helps illustrate that the privacy debate is turning into a debate about marketing. Privacy is much more than that.

Another California law requires a posted privacy policy on Web sites. This, of course, is nothing new. All legitimate Web sites have privacy policies, but making a privacy policy mandatory is a preliminary step to deciding what can be in it.

The future is unknown and committing yourself right now to limits on uses of information may cut of new and improved ways of serving consumers better. That would be a mistake. So you should all jealously guard opportunities to innovate in the future and watch out for mandatory privacy policies. Privacy policies are good business, but not good law.

The California spam law is also something you need to watch. It’s draconian and probably counter-productive. But it’s been called the “toughest in the nation” so you might see copycats. Spam is not a privacy issue at heart. You get spam because e-mailers know precisely nothing about you — not because they know too much.

In fact, some anti-spam proposals are anti-privacy. Do-Not-Spam listing, for example. This idea would put your e-mail address and probably information needed for authentication into a public database, to be shared widely among marketers. Someone out there is going to use the list to build their marketing lists rather than using it to take people off. It only has to happen once before your e-mail is on every spammer's list. Putting your name and e-mail address in a database is not privacy protection. It’s privacy undermining.

More specific to your industry, I think you are continuing to see local regulators try to push privacy issues through franchise agreements. The Cable Communications Policy Act has privacy provisions in it, but state and local regulators are allowed to regulate in any way that is consistent with that.

I’m sure you all know and should point out that, of all the media platforms, cable is the most highly regulated in terms of privacy. You all should not be specially hamstrung in your competition with DBS, broadcast, or overbuilders the way you are by the Cable Act. I think it prevents you from coming to the best terms with consumers in the marketplace over privacy protections versus service levels, price, customization, and so on.

The CPNI issue continues to bubble. A Seattle CPNI rule has been successfully challenged by Verizon. But more states and localities are working on it. It’s one of those new issues that you get with Voice Over Internet Protocal, though I guess some of you have worked it because your companies have provided phone service for some time.

I have commented on the federal CPNI rules with The Progress & Freedom Foundation. The Tenth Circuit Court of Appeals issued a terrific decision a few years back when the FCC said that they were going to prevent use of CPNI because of privacy. The court essentially asked “What do you mean by privacy?” and the FCC did not articulate a real interest to underlie that word.

Finally, there is the possibility of regulation foisted on you by virtue of being an ISP. In Minnesota, privacy legislation was recently passed that was unique because it was aimed at a wrongful use of information that has never happened. Legislators there came up with a phantom concern and made it illegal, even though every ISP has privacy as part of their contractual agreements.

As far as I know, no ISP has ever violated the policies found in their contracts and now Minnesota law. Here’s a law that will encrust existing practices and prevent innovation in the future if your members have to live by it. And there’s no consumer benefit because no one ever did wrong before this law passed.

So that is a smattering of the privacy issues before you. Before we turn to questions and answers, let me remind you that I am a resource to you should you need help with any of these issues or many others. You can reach me through the Web site and I would be glad to hear from you or help you if you ever have questions.

©2000-2003 All content subject to the Privacilla Public License.