October 06, 2000 | Sen. John McCain stared down at me, broadcasting his typical uncompromising glare. "Is it a violation of privacy for lists of campaign contributors to be sold?" he asked.

Now let's see, I thought. Distributing lists of campaign contributors is good, right? But distributing lists of people's names, especially for a profit, is bad. What should I say?

"Well, as a democratic society, we've made a decision that it is worth the cost to privacy for campaign financing information to be made publicly available," I finally said. I'm not sure if that's an exact quote or not -- I was pretty shaken up. I couldn't figure out the answer.

McCain, R-Ariz., was clearly peeved. He said, more or less, that he didn't need me to explain to him the purpose of the campaign finance disclosure laws. No, he wanted me to answer the question: Does selling the list of campaign contributors violate privacy?

I was testifying Tuesday morning during a meeting of the Senate Committee on Commerce, Science and Transportation. McCain had invited me to speak before the full committee on three online privacy bills that were being considered -- the Consumer Internet Privacy Enhancement Act, the Consumer Privacy Protection Act and the Online Privacy Protection Act of 1999. But now he was grilling me, turning up the pressure by asking a question that seemed to demonstrate the inherent self-contradiction between my liberal democratic leanings and my pro-privacy beliefs.

The hearings were taking place inside Room 253 of the Russell Office Building. McCain was in the middle of the committee table -- a huge raised desk that inscribed a majestic half-circle inside the northern side of the room. I was sitting at the witness table with three others. On my left was George Vradenburg, AOL's senior vice president for global policy, and Scott Cooper, manager of technology policy for Hewlett-Packard. On my right was Marc Rotenberg, director of the Electronic Privacy Information Center.

When it came to our stances on privacy legislation, the four of us were split down the middle. Both Vradenburg and Cooper had spoken in favor of the Consumer Internet Privacy Enhancement Act and the Consumer Privacy Protection Act -- two bills that do little more than codify today's Internet privacy status quo. Both require only that Web sites post a privacy policy that describes what information they collect, and that companies give consumers a chance to "opt-out" or ask that their personal information not be collected.

The Consumer Internet Privacy Enhancement Act would also have the Federal Trade Commission engage the National Research Council to write another study on online privacy -- a study that wouldn't be finished for more than a year.

Along with Rotenberg, I had spoken in favor of the Online Privacy Protection Act, a bill put forth by Sen. Ernest F. Hollings, D-S.C. Really, it's the only privacy bill of the three being considered. The Online Privacy Protection Act mandates "opt-in" -- that is, it prohibits the transfer of personal information to third parties, or use of personal information for purposes other than that for which it was collected, unless the Web sites explicitly get permission from the consumer. The bill also gives consumers the right to access -- that is, consumers would have a legal right to see the personal information that's collected on them.

Now that's a privacy bill! The Hollings bill would, furthermore, create an Office of Online Privacy within the Federal Trade Commission and give federal protection to whistleblowers within companies that violate the law -- protection that's crucial, since frequently it takes insiders to reveal egregious privacy practices.

Which is why the gentlemen from HP and AOL were so opposed to it.