Wireless e-commerce viewed as both devil and saint

Wireless e-commerce was portrayed as both a devil and a saint at a workshop held here this week by the U.S. Federal Trade Commission (FTC), with some attendees saying the technology is capable of delivering pinpointed data and others warning that it also could be used by companies to build Big Brother-like profiles of individual users.

“There are huge, looming privacy issues in the wireless space because of the collection and aggregation of new information,” said Alan Davidson, staff counsel at the Center for Democracy and Technology, a Washington-based advocacy group that focuses on privacy. Location-specific information provided over a period of time to users and then kept by wireless services could create “a very detailed and invasive dossier of a person’s movements,” Davidson claimed.

Such concerns have emerged as a hot-button issue in recent months. But Lawrence Ponemon, a partner at New York-based consulting firm PriceWaterhouseCoopers LLC, said service providers need to offer users “very significant personalization to have success in the wireless environment.” Without localized information, Ponemon said, a wireless device “becomes meaningless” in the hands of a mobile user.

The FTC’s wireless workshop began Monday and concluded yesterday. The commission’s intent was to get a sense of the privacy, security and consumer protection issues raised by the advent of “m-commerce,” which is shorthand for mobile commerce.

Joel Winston, an associate director at the FTC’s Bureau of Consumer Protection, indicated yesterday that the commission would like to see companies in the wireless services business take steps toward self-regulation. “We at the FTC are very big fans of self-regulation,” Winston said. “It makes our lives easier.”

As an example, Winston pointed to an agreement the FTC reached last summer with a group of companies that collectively control more than 90 percent of the online advertising market. Under that deal, the companies promised to follow a set of self-regulatory guidelines governing the collection of personal information from Internet users.

Providers of wireless services are making a similar self-regulatory effort. But unlike the self-imposed standards being sought for the wired world, wireless trade groups – such as the Cellular Telecommunications Industry Association – appear to be advocating a more rigorous privacy standard requiring end users to “opt in” by agreeing to let their personal information be collected. Opt-out approaches, in which users have to remove a default setting that would let their data be gathered, are used by many e-commerce Web sites now.

“We seem to be moving toward an agreement in [the wireless] space that the standard should be opt-in,” said David Sobel, general counsel of the Electronic Privacy Information Center, another Washington-based privacy group. “I think there’s a lot of common ground that has been expressed.”

Wireless communications are already heavily regulated to some extent, but some workshop attendees voiced fears about what happens to location-specific data gathered from users when the information is shared with third parties such as online content providers.

Wireless technology doesn’t just tell online advertisers where an individual user is at any given time — it also lets them try to determine a user’s “velocity,” meaning the direction in which he is traveling. Ads targeted at wireless devices with that much specificity could start “moving into the spam zone,” Ponemon said.

But John Pollard, director of business travel and mobile services at online travel agency Expedia Inc. in Bellevue, Wash., said location-based information helps the company’s customers feel that they’re getting more personalized service.

Expedia uses an opt-in approach, but its Web site works better when users provide more information about themselves, Pollard said. For services that users want to be personalized, “anonymity doesn’t get you there,” he added.