continued But earlier this month, Cottrell unwittingly showed that even encryption-savvy Internet users remain vulnerable to attacks by determined cyber-foes, whether government agencies or would-be identity thieves.
It happened after the New York Times printed a piece about anonymity websites, including Cottrell's. The story caught the attention of a New England programmer, who decided to challenge the claims, probing the services for weaknesses. The result? Every one of the services was undermined in short order, not because of flaws in the sites themselves but because of features quietly built into popular Web browsers like Netscape and Windows Explorer that permitted the programmer to trick computers into revealing more than their owners wanted. Cottrell immediately alerted his customers to the vulnerability, but the lesson was clear: Guarantees of online privacy aren't ironclad.
"If you want real security," Cottrell admits, "get off the Web."
Of course, that's not likely to happen. The Internet may not have replaced the TV just yet, but it is quickly becoming a popular alternative for both entertainment and information. According to a Nielsen survey conducted last summer, 70 million American adults regularly use the Internet, up from just 52 million the year before. But while Web surfing feels, in many ways, a lot like channel surfing, Cottrell and other privacy advocates, like Givens, warn that there are crucial differences that Internet users ignore at their peril.
The channels a viewer clicks through on a TV don't keep a record of the visits. websites do. In fact, they not only record each visit, inserting information on visitors' hard drives so they can be recognized when they return, but the websites can also look back at all the previous sites a visitor has visited. And right now, there are no laws governing what uses the websites can make of that information.
Givens's group has published a fact sheet, available on its website (www.privacyrights.org) that outlines the threats to privacy in cyberspace.
"Imagine if every time you went into a bookstore or a newsstand or a library or a mall somebody was keeping track of what you were picking up and browsing through," Givens says. "That's what's going on. There's an enormous data vacuum out there sucking up a frightening amount of information about you."
The problem has become so obvious and widespread that now even Congress is stirring. A bill called the Online Privacy Protection Act has been introduced in the Senate. If passed, it would force commercial websites to notify visitors if information was collected during their visit and permit them to decline to provide information. Users would also be allowed to access any records companies collected about them.
Senate judiciary hearings on the issue were expected to begin this week. But passage is months, if not years away, and even then, the law is unlikely to begin being enforced for a while. A law that bars commercial Web operators from collecting information from children online (the law that embarrassed Al Gore earlier this month, when reporters discovered his campaign website was soliciting prohibited information from kiddies) was signed into law last October. It doesn't go into effect until 2001.
While the politicians talk, Internet users can either go it alone or take advantage of the handful of services like Cottrell's or some of his competitors, including Aixs Net Privacy (www.aixs.net//aixs/), which, while perhaps not perfect, offer some measure of protection from prying eyes.
"From our perspective," Cottrell says, "the most important thing is education: making people aware of what can be done, what kind of information is being collected, and what ways they are vulnerable."
Cottrell says his parents, both professors at SDSU, are "totally baffled" by the entrepreneurial tack his life has taken. So, to some extent, is he. Although he was immersed in computer culture during his formative years at Gompers, Cottrell says he thought he was going to follow in his dad's footsteps and enter academia.
"From the age of ten, I was sure I was going to be an academic physicist, probably in a space-related field," he says. "I mean, when I was a kid, I worked summers as a facilitator at the Reuben H. Fleet Space Museum.
"It didn't pay well, but I was a geek. I didn't need much money."
After getting his undergraduate degree in physics at UC Santa Cruz in 1991, Cottrell returned to San Diego and enrolled in the Ph.D. program in astrophysics at UCSD. He's still plugging away on his dissertation, which he expects to finish by the end of the summer. He provides the Cliff Notes version of the research.
"Basically, what I'm trying to determine is where the light is coming from that is heating intergalactic clouds in the early universe, back about 5 billion years," he says. "What I've learned is that, unfortunately, the Hubble space telescope doesn't give me the spectral resolution or signal-to-noise that I need. Our instruments aren't good enough to tell what's going on."
He scoffs at the notion that he will have extra free time once the dissertation is submitted and defended.
"Free time? I'm the CEO of a business. I don't have any free time. I've only been devoting a couple of hours a week to the dissertation right now."
Cottrell says his company, which has already received a small infusion of venture capital from an unnamed Australian firm, is looking for another $5 million to $10 million in private investment. The money would help the business hire more developers and begin to do some advertising and marketing. Cottrell says he operates in the black with monthly revenues of about $50,000.
An initial public offering of stock could come as soon as next summer, he says.