Thank you for inviting me today to talk about TRUSTe and our experience with the WHOIS sys

STATEMENT

OF LORI FENA

CHAIRMAN OF THE BOARD

TRUSTE

BEFORE THE

SUBCOMMITTEE ON COURTS, THE INTERNET

AND INTELLECTUAL PROPERTY

HOUSE JUDICIARY COMMITTEE

CONCERNING

"PRIVACY AND INTELLECTUAL PROPERTY ISSUES"

JULY 12, 2001

Mr. Chairman and Members of the Subcommittee:

My name is Lori Fena. I am the Co-Founder and Chairman of the Board of Directors for TRUSTe. I would like to thank you for the invitation to testify today about TRUSTe's experience with the WHOIS database.

As many of you know, TRUSTe is a non-profit organization dedicated to enabling individuals and organizations to establish trusting online relationships based on respect for personal identity and information. Four years ago, we created the TRUSTe Privacy Seal Program to serve as a guidepost for consumers so that they could safely navigate the Internet.

Under our seal program, Web sites must abide by a set of fair information privacy practices developed by the private sector and endorsed by the Federal Trade Commission (FTC) and the Department of Commerce. Organizations that participate in our program also agree to abide by TRUSTe's Watchdog dispute resolution mechanism in which consumers can turn to TRUSTe to resolve their privacy related disputes.

The backbone of the TRUSTe program is the legally binding contract that each Web site must sign with us. This contract gives TRUSTe the power to ensure that companies abide by their posted privacy statements.

Today TRUSTe:

· Maintains the largest privacy seal program with more than 2,000 Web sites world-wide that have met our rigorous certification process.
· Oversees the privacy practices of 8 of the top 10 Web properties, all of the Internet portal sites, and 50 of the top 100 most trafficked Web sites.

· Acts as an FTC-approved Children's Online Privacy Protection Act (COPPA) Safe Harbor.

· Was the first organization to join the Department of Commerce's European Union (EU) safe harbor.

· Provides verification and dispute resolution for the EU safe harbor.

· Maintains the most prominent symbol on the Web for nearly two years according to an ongoing survey by the measurement firm Nielson//NetRatings.

· Resolved over 1,200 consumer disputes in 2000 alone.

Research indicates that privacy, accountability, and transparency increase trust on the Internet. A recent study by Cheskin Research identified the TRUSTe Privacy Seal as the most trust-invoking symbol online. In its survey entitled "Trust in the Wired Americas," Cheskin indicated that more than half of the respondents (55 %) displayed higher levels of trust in a site that posted the TRUSTe Privacy Seal.

Research like this demonstrates two key points. First, consumers have come to rely on the TRUSTe Privacy Seal as a guidepost in determining which sites deserve their business and, more importantly, which do not. Secondly, businesses will voluntarily subject themselves to the fair information principles, third party oversight, and dispute resolution because it helps them build trust. Simply put, the business community understands that good privacy is good business.

Therefore you can understand why maintaining the integrity of our privacy seal is paramount to the general public's privacy protection and safety on the Web.

I am testifying today, Mr. Chairman, not as an expert on the WHOIS databases; rather, I am here to deliver a case study of how the WHOIS database has helped our efforts to ensure that consumers find only legitimate TRUSTe seals. Based on our experience implementing and enforcing the fair information practices over the last four years, I am also here to discuss how these practices can be used in the WHOIS database to create a system of trust, accountability, and accuracy.

It is within the context of building a safe Web community and protecting privacy that TRUSTe uses the WHOIS database. From the beginning, TRUSTe anticipated that some companies would seek to take advantage of consumers by falsely alleging participation in our program. Therefore, we have taken precautions to safeguard against the inappropriate use of our privacy seal.

On a regular basis TRUSTe depends upon the information provided in the WHOIS database to find and contact Web sites that are illegally or improperly posting the TRUSTe seals. When information about a Web site owner is accurate and accessible, TRUSTe can contact offenders and arrive at a speedy resolution.

However, there are a few sites that illegally display our seal and, not surprisingly, do not post accurate contact information on their Web site. It is these fly-by-night operations that create the need to balance the privacy rights of the Web site owner with the safety of the public at-large.

As one example, last October, Americanpolitics.com posted our privacy seal, thereby claiming to participate in our oversight program. It was only after we used the WHOIS database to find the Web site owner that we were able to get the site to remove the illegally posted TRUSTe privacy seal.

In this way, the WHOIS database has been and continues to be instrumental in enabling TRUSTe to have fraudulent TRUSTe privacy seals removed from Web sites.

Consumers also use the WHOIS database as a resource for determining where a company is located and how to contact them. Accurate contact information from a reliable source provides consumers with the assurance that the company can be held accountable and gives them the means for pursuing recourse.

In order for this database to be efficient and effective for both consumers and businesses, the public information needs to be accurate and accessible. By following the fair information practices of notice, choice, access and security, the WHOIS database can balance the safety of the public at-large with the privacy of Web site owners.

As it stands today an accredited domain name registrar is not required to allow domain name registrants to opt-out of having their personal information provided to third parties for marketing purposes. This type of an opt-out should be provided to all registrants.

The information in the WHOIS database needs to remain public for the benefits it provides to consumers, individuals and businesses of the Web community. However, individuals and companies registering their domain need to clearly know how this information will be used and how to control it. Providing the database information to mass marketers without providing those in the database even the courtesy of allowing them to opt-out does not create a trusting, transparent and accountable system. This is even more true when there is little practical alternative for those registering. Indeed, some individuals or companies may choose deliberately to falsify their information, since it may be the only effective way to avoid receiving unwanted marketing material.

Clearly, the WHOIS database has been an important tool for consumer safety and, in our experience, has been an irreplaceable means of ensuring the validity of the privacy promises that companies make. This will become even more important moving forward.

In conclusion, we feel the WHOIS database is an important aspect of privacy and accountability in a networked world. It would benefit the system greatly to implement the fair information practices.

Mr. Chairman, I appreciate the invitation to testify here today, and will be happy to answer any questions you may have.

Thank you.