And now it is my pleasure to introduce our next speaker. Ira Magaziner. And I have a very long introduction because Ira has accomplished so much in his long career.

Last year Ira led the effort, he was the administration's chief spokesman and policy maker on the issue of electronic commerce and completed an excellent document outlining the US government strategy for promoting the development of global electronic commerce on the Internet. Since 1995 Ira has been chairing a joint national economic council and national security council initiative to increase US exports.

Before that he worked in the administration in a variety of policy areas like healthcare. Prior to his heartwise appointment, Ira earned respect as one of America's most successful corporate strategists in a variety of businesses. Ira has had a long career as a consultant, as an entrepreneur, and he also has a very imminent academic record. Graduated 1969 as Valedictorian from Brown. And attended Balliol College in Oxford as a Rhodes scholar.

So, without continuing an infringement of our time, I have the pleasure now of welcoming Ira Magaziner, Ira.

IRA MAGAZINER

Thank you very much. I appreciate the opportunity to be here with you. Perhaps I can start by giving you a little background of the way in which the president and the administration see this whole new area of information technology and electronic commerce. And then talk specifically about privacy.

As you know, since 1992 we have had a good economy in the United States. Depending upon your political persuasion you may or may not give this administration much credit for that. But at the very least we didn't screw it up. It's been a reasonably good economy. We can't disagree with that.

And we believe that over the next few years, the kind of fiscal restraint that has been exercised in the budget deal, and the promotion of freer trade which we are trying to do, will continue the good economy for a few more years.

But about two years ago when you were all tired of hearing about what the president was talking about in his campaign as the bridge to the next century, he was serious about it. And he asked me to undertake an effort to try to identify a couple of major initiatives that he could undertake were he to be re-elected. Which would try to extend the good economy into the next decades and the next century.

And initially I went through a list of issues. And came up ultimately with three of what I thought would be the most important drivers of the economy for the next quarter century. Only one of which had been on my original list.

And as we moved through it, one which I'll talk to you about today which was not on my original list, we now believe to be the most important. That is the building out of the Internet, the conduct of the electronic commerce on the Internet and everything associated with that. We think it will probably be the most fundamental driver of economic growth for the next quarter century. If we can set the right framework for it.

Just so your curiosity doesn't keep going, the other two were with about a five year lag, we think the results of the human genome project and the spin offs that come from that economically will be a second major driver. And then the third major driver is, despite the most recent problems, the growth of the east Asian developing economies and the growth and imports that they are going to have which can then drive the growth and exports from the United States, Europe and Japan.

But we think those three issues are probably the primary structural issues that will drive economic growth.

Now, the information technology industries are already doing that. We recently released a report a few weeks ago, from the commerce department, that show that information technology industries, by which we mean computer software and communication, for the past three years have driven over a third of the real growth in the US economy. Together they make up over eight percent of the economy. Up from four percent a decade earlier. But they are driving a third of the real growth in the economy.

Information technology occupations now employ over seven million people. And the average wage of those jobs is about $46,000 a year, which is two thirds higher than the $28,000 average for the rest of the private economy. About 45 percent of all business equipment investment now is in information technology equipment, up from three percent 20 years ago.

And so you can see that the information technology industries themselves are already playing a major driving role in the economy. One other indicator, we have very good growth in the economy as you know last year despite the fact that inflation stayed low. And if you look at the inflation rate, it was about 2.1 percent. Which given the growth we had was quite remarkable.

The computer industry alone, if you took computer prices out, the inflation rate would have been 3.2 percent instead of 2.1. So the computer industry alone accounted for a third reduction in the inflation area.

So overall information technology industries is driving it and what is driving information technology industries is the building out of the Internet. As you know, we've grown in the past four years from having four million people on the Internet to over a 100 million. And we anticipate by the year 2005 we'll have about a billion people on the Internet worldwide.

And when I speak of the Internet, I'm including intranets, extranets and so on, the general range of networked economy.

What is most remarkable in this, is that if we have experienced this amount of growth, that is one third of our real growth, coming when we went from four million to a 100 million people, that can only accelerate as we go from a 100 million to a billion people. So we are just at the beginning of these developments.

In addition to that, starting about two years ago, we now have the development of electronic commerce on the Internet. Which is still very much in it's infancy but is very clearly going to expand at a very, very rapid rate.

Business to business electronic commerce, where companies are putting their purchasing, supply chain management, inventory management, logistics, customer relations and so on, up on the Internet, that was about $6 billion by estimate last year. And we agree with a number of other forecasters that it will be over $300 billion by the year 2002. That's a remarkable growth rate, about a 250 percent growth rate a year. But one that's being driven by the kinds of cost savings and productivity improvements that companies are experiencing across all sectors of the economy, as they make these kinds of investments. In our commerce department report, we give examples of companies like General Electric and Federal Express and Cisco and Granger and others who are realizing significant cost savings by making these investments. And that is driving others to continue to do so.

In addition to the business to business electronic commerce, the area that is just beginning but will eventually be the largest area we believe in electronic commerce, is the digital delivery of products and services. These are cases where everything from music to video games to eventually movies and software to financial services, news services, professional consulting services, medical diagnostic services, and educational services, will be sold and delivered on the Internet. Already by next year about seven percent of all airline tickets sold in the United States will be sold and delivered on the Internet, up from zero two years ago. And financial services, about 10 million people this year will bank on the Internet. And there will be about a billion dollars of insurance sold and delivered on the Internet. And it's just beginning.

In addition to that, we have the retailing of physical goods. Which you're all familiar with. We think it quite possible that almost 20 percent of all books sold in the United States next year will be sold on the Internet. In addition, flowers and automobiles and clothing and a whole variety of other products are beginning to be sold on the Internet and growth rates are quite significant.

And finally, there are new businesses developing around direct marketing and advertising. Where the collecting together of affinity groups on the Internet can create a very highly targeted way, with a high hit rate for direct marketing and for advertising and therefore there's a significant shift in those services. And where the ability to gather information and to use that information on behalf of the consumer is creating the potential for significant new businesses to grow.

Now, all of these things taken together, the building out of the infra-structure for information technology, the business to business applications, digital delivery of services and products, retailing, direct marketing, and so on, we believe will have the same kind of transforming effect on the economy that the industrial revolution did a few hundred years ago.

Now, we like hyperbole in Washington but we don't think it's hyperbole to say that. Because the developments are affecting productivity improvements in all sectors of the economy, changing work organization and changing consumption patterns.

Now as a result of this view of the importance of this, we pulled together a team within the US government and tried to develop a coherent strategy for how best to set a framework for electronic commerce and information technology industries to flourish.

And there were two major concerns that investors had who were working in these industries. One was the lack of a predictable global legal environment for doing business electronically. That is, if a digital signature means a 150 different things in a 150 different countries, it can be difficult to do business electronically. Or also if intellectual property is not protected.

The second major concern was that governments were going to come in and over tax and over censor and over regulate the Internet and strangle it. And indeed, there was good evidence that governments including the US government were beginning to do that. And so we developed a strategy which addresses a whole series of areas I'm going to focus just on one today.

It ranges from issues dealing with tariffs and taxations where we are trying to have cyber space be a duty free environment. And with any luck the president, in a couple hours, will announce an agreement in the world trade organization along those lines in Geneva.

We're also supporting legislation to prevent any discriminatory taxation against the Internet and to call for a moratorium in state and local government taxation of the Internet so we can assured be that the Internet doesn't get over taxed.

We're supporting ratification of copy right treaties that will protect copy right and a whole range of other areas from development of uniform commercial code to issues with respect to promoting industry development and self regulation in areas of similar content and so on.

And the major principles that are guiding this effort, across all of the areas, are that the private sector should lead in this whole new arena. And the reason for that is not ideological. We're Democrats. We don't hate government.

But we do believe that in an area moving as fast as this digital economy, that governments inherently are too inflexible and slow moving. And therefore, even where collective action is necessary, we think industry self regulation is preferable to government action. Because industry self regulation can move faster, can be more flexible and less bureaucratic, and more in tune with the needs of the digital economy.

As a second principal we think that this should be a market driven environment, not a regulated environment. Most governments, including our own, began to view the Internet as an extension of telecommunications policy. And as you know, telecommunications and broadcast has been regulated all around the world.

What we are saying is the opposite. We are saying that buyers and sellers should be able to come together freely on the Internet and do their business free of government interference and government regulation. And that the role of government is simply to help set a predictable uniform commercial code so that if the buyers and sellers wish to engage in a contract that has legal protection, they can do so. They don't have to, but they can. So that you support an environment of contracts rather than an environment of FCC regulation.

That's particularly significant because as broadcast television, the Internet and telephony converge, which as you all know, they will over the next couple of years, instead of regulating the Internet, we should thoroughly de-regulate broadcast and telecommunication so that the whole environment becomes a market driven environment.

The third principle is that where government does have to act, for example, to protect intellectual property or help set uniform commercial code, that the actions ought to be minimal, targeted, specific, transparent and uniform. Rather than passing omnibus legislation or anticipatory legislation. We should act only in very precise ways when it's "clear" that that action is necessary.

The fourth principle, and it bears on the question of privacy, which I'm going to talk about today, is that whatever we do needs to respect the nature of the medium. For example, this medium is one where technology will change very rapidly and therefore any governmental action which is tied to a particular technology will be outmoded before it's enacted.

Similarly, the medium is inherently de-centralized. And therefore, any attempt to centrally control it, even if that were desirable, which I argue it's not, but even if it were, is impossible. And life is too short to spend too much time doing things that are impossible. And so we need to respect the de-centralized nature of the medium.

And finally, whatever we do needs to be set in a global framework. Because this is the first marketplace that is truly being born global. So that the way we used to do things where industries grew up within countries and then countries negotiated how to make them work together, doesn't work for the Internet. We need a global framework, for the beginning, from the beginning.

Now, let me zero in on the question of privacy. It is one of the 12 issues that we are working with to try to set a framework. And in most of the areas, what we're doing is calling upon governments to do something which is very hard for governments, which is not to act. And rather to allow the private sector to act.

But that means the private sector does have to act because problems have to be addressed. Now, the question of privacy, I think, is one of those foremost problems. And it is one where there is the most political pressure on the government to act right now. And what we are hoping is that there will be effective industry self regulation put in place soon. So that we're not forced into or led into government action which might be irrational and sub-optimal.

But the public is very concerned about privacy protection. And well over 80 percent of the public is initially looking to the government to protect them. To protect their privacy in this new digital age.

And the difficulty we have is that we believe privacy protection is very important for two reasons. One, we believe that it is a fundamental American value. For people to be able to control and protect their own privacy. And secondly, because survey after survey shows, I think most recently a Business Week survey, that the major impediment to consumers really embracing purchasing on the Internet, is a fear of the loss of privacy. And therefore, if we want the digital economy to take off as we do, we need to overcome this question of privacy and the fears about privacy so that people feel comfortable that their privacy can be protected.

Now, one of the difficulties from the government's point of view, is that with respect to the Internet, there are certain areas like medical records protection, whereas the Vice President said last week we're advocating a legislator approach because we think it can be done and enforced. And it's a particularly sensitive area.

But with the Internet as a whole, we think that even if we were to pass legislation and write all kinds of regulations to protect privacy, we think we'd be making a false promise to people because we don't know how we'd enforce it. Because on the Internet you're going to have tens of thousands of Websites forming every week. Many of those Websites will be outside the United States. It would be impossible for any government agency to monitor them all. And even if we did catch one that happened to be based outside the United States, it might have a server in the Seychelles one week and then be using a server in Bermuda the next week or whatever. And it would be very difficult to conduct the right kind of prosecution.

So instead what we're looking for in the first instance, is to have industry develop codes of conduct. And those codes of conduct should be based on what are widely accepted, OECD principles. The privacy principle is developed by the OECD.

And simply put what they say is that a seller should notify a buyer of what's going to be done with any information that is collected. In other words, the seller should say I'm going to collect this kind of information from you and here's what I'm gong to do with it. And the buyer should have the ability to say, okay. Or no, I don't want to do business with you on that basis. I want to opt out of that.

And effectively, that gives the buyer a control over their personal information. And when the buyer and seller agree on what can be collected and what can be done with it, and this can all be done online in a fairly simple way, then basically it's like a contract that's been formed between buyer and seller.

And then the buyer should have the ability to check for accuracy of the information and update the information. Now, that should be the basis of the code of conduct. The code of conduct may also specify that, you know, the notification has to be given in letters that are a certain size or the opt out from the consumer be given in a certain way or whatever. But that would be determined by the industry code of conduct.

And then the industry group forming the code of conduct would have three fundamental pieces that would enforce that code of conduct. First there would be a seal that could be posted by Websites that we're members of the organization. And that seal would be a simple way to indicate to consumers your privacy is protected on this site. The guidelines are followed. And that would also mean that if some Website that had joined the organization failed to follow the rules, the seal could be removed as a first order enforcement.

Second, the enforcement ought to include some periodic auditing. To ensure that policies are being followed. So this might, in the first instance involved, you know, hiring college students to surf the Web for people that are displaying the seals and sort of check and make sure that the privacy policies are being followed or whatever.

And the third piece is that there should be some consumer redress mechanism. So that if a consumer is concerned that a Website did not follow what should be the privacy policies, that they have some place to go to appeal. And that should be simple, clicking on the seal. There should be something which comes up and says that if you've got a problem or complaint call one of these phone numbers or whatever. But some simple mechanism.

Now, if that were in place, what it would then allow is for that industry organization or some umbrella organization over a couple of those enforcement groups, as well as the government, to conduct a consumer education campaign. Which we think is an appropriate role for government.

To go to consumers and say, look, the Internet is a free place. You can go wherever you want. The government's not going to censor where you go. We don't think it's a good idea to do it and we couldn't do it anyway even if we did think it was a good idea. So we're not going to try.

But be careful. If you go some place that doesn't have one of these seals, your privacy may not be protected. It's your choice. But be careful. So that what you're doing then is creating a safe zone on the Internet, that is easy for consumers to understand. Because if they see one of these seals they know their privacy is going to be protected.

And having an individual privacy policy is not enough. Because the average consumer is not going to be able to read through three or four pages of a privacy policy and distinguish one that's real from one that's not. So there needs to be some simple way for the consumer to interact with this system.

The other thing this does, is the thing creates a market incentive for companies or Websites to want to seek out a seal. Because there will be a certain number of consumers that won't go to Websites that don't have one. And therefore, it creates an incentive to get one if you want to maximize your market.

So we set up market incentives. We keep the Internet free. But we also create a safe areas for people to be able to protect their privacy.

Now, once this was up and going. There is still a federal trade commission that can be backing up that enforcement under existing anti-fraud laws. So that if somebody, you know, fraudulently displayed a seal or somebody displayed a seal that almost looked like one of the seals or whatever, the federal trade commission can come down on them to help support this self regulatory regime.

Or if there were some people doing things that were unethical outside of this safe zone, that clearly had to be prosecuted in some way or another, that could happen. But basically the companies joining the seal organization would know they're in a safe place, in terms of the FTC, a safe harbor, if you will. And the consumer would know they're in a safe place. As Irving said, hopefully, most companies, or at least those doing most of their business on the Internet will try to seek out one of these and participate.

Now, one final piece of this has to do with children. And what I described works well with adults. Because the adults can form contracts. But I know with my children, my 14 year old, 13 year old, if you offer them a gift for some information on the Internet, and then said are you 21? I'm sure they'd type in sure, you know, send me the gift.

So there needs to be some way to authenticate that there's an adult. And initially this may not be foolproof, there are ways that are possible to do it, but you could at least raise the barrier to collecting information from children, particularly young children, as part of the code of conduct. And hopefully develop technologies that will allow for authentication of parental permission in ways that will eventually be, if not foolproof, pretty close to it. Because we do need to protect children and that's the greatest concern that people have.

Now, let me just finish my remarks by saying that we have been talking about this type of system for almost a year now. And we are very concerned that something get up and going soon that is real, demonstrable, brings confidence to people, and can protect their privacy.

There is, as you know, a European union directive, which is going to come into effect in October. With the European union at least out of the box is taking a much more governmental and regulatory approach towards these issues.

We agree with the Europeans in substance about the nature of privacy protection. That is, we base our approaches on the OECD privacy principles. Where we disagree is on the methods of enforcement. They are looking to set up government privacy boards, government regulations, and government legislation to do the enforcement. We think that would be too bureaucratic. That it'll stifle the growth of electronic commerce on the one hand, and as I explained earlier, we also don't think that it will be as effective as what we're proposing in protecting privacy.

But never the less, we have been having a running dispute with the European union. Because their directive says that country that does not have in place a privacy regime of the sort that they are proposing cannot be the recipient of data from Europe. So they would actually cut data flows from Europe to that country.

We have indicated that we will not accept that and that the self regulatory solutions that we are looking towards, we think, ought to be acceptable to them. And that we will not permit a breakdown of data flows. We think that we can prevail in that discussion. But only if we have the self regulatory regimes up and going. Because the latest comments they have been making to us is, "Magaziner, you've been talking about self regulation for a year. Fine. Where is it?"

And at some point you can't fight something with nothing. So there is that. And then there is also, I think, a great deal of concern in Washington and in the Congress. There have been over 80 bills which introduced some kind of legislative approach on privacy and the Internet. And I think this is all going to come to a head some time in the coming months.

And so if self regulation is going to be given a chance to work, it really needs to come forward soon. And that's why I'm so pleased that you're having this conference today. Because we think that there is a window in time and that window will close. And basically, I think the privacy issue is going to be sort of one of those wedge issues. And you know, we stand at what I like to call a Robert Frost moment here where we've got two different paths we can take with respect to the Internet.

Either it's going to become a regulated medium. Or the kind of philosophy we have been pushing which says it should be a market driven medium, is going to hold. And I think the privacy issue may well be the wedge issue around which that is decided. And for the good of the Internet, the good of our economies, we think it is very important that we follow the market in that approach.

Internationally, the president on Friday announced an agreement we've reached with the Japanese government where they are supporting our approach, a market oriented approach and a whole variety of issues including the privacy issue. Which we think is a big step forward.

Also, European industry through the Transatlantic business dialogue, has endorsed our approach towards privacy rather than the more regulatory approach of the European government. And we believe that if US industry can step forward with an effective self regulatory approach, that organizations, industry organizations, in Europe, Japan and elsewhere, Canada, Australia and so on, would welcome the opportunity to join together so that we can essentially have international private sector cooperation.

Which would mean that you might have the same visual seals worldwide. Since the Internet is a worldwide medium. Although they might be enforced by US industry groups here, whether it's Better Business Bureau or a trustee or whatever. And enforced by the Kadon Ren in Japan or some other group in Europe or whatever. But it would be a common cooperative system. Which we think would be a good paradigm for the future, private sector cooperative international leadership.

Let me finish by saying that when I first took this assignment from the president, first identified this area, one of the first things I did was to read some histories of the Industrial Revolution. And it was very interesting because when the Industrial Revolution came, there were fundamental changes in commercial, legal, and economic paradigms that occurred.

And some countries embraced them and they were the ones that moved ahead and led the world in the Industrial Revolution. Others tried to hold on to their old ways of doing things and inevitably feel backwards.

We have a similar situation now, we are convinced. There are new paradigms needed. To be honest, none of us fully understand what they are. And that's why we have to be cautious because government's actions might act to do more harm than good. Because we don't fully understand where everything is headed.

But we do know that this model of de-centralized private sector led collective action is likely to be the most effective for the digital age. And that is why we feel it is so important that you come forward and solve this problem.

I can assure you that this issue is going to be dealt with one way or another. There will be privacy protection on the Internet. There is too much public concern about it for that not to happen. And I know that some lawyers and companies, when the seal system was described to them said, "Well, wait a second, if we put a privacy policy on and join one of these and put up this seal, that means we're libel for carrying out the privacy policy."

And as my 13 and 14 year old say, duh. I mean, that's the whole point. And what I want to assure you of is that, a year from now you're going to be libel. Now, whether that's because you've set up a good and rational and flexible private sector led self regulatory regime, or whether it's because we get legislation and you have to comply with that legislation and regulation. One way or another you're going to be libel.

As former business strategist for 20 years, we often evaluated cost benefit on alternate investment strategies. It will be, I can assure you, far more expensive to try to lobby to fight bad legislation in Congress. Lose that battle, which you will, because there's too much public push for this. And then try to challenge it in court. And then try to comply with it. And then try to deal with what will be, regulatory regimes of various sorts who's philosophy will change from administration to administration.

That will be a far more expensive path. It will be a less effective path for the economy as well as for your companies than if you take the time now to work and participate with those trying to design a rational, good, self regulatory scheme that can be minimize bureaucracy and at the same time be effective in protecting privacy.

So, please, consider carefully and make the investment ahead. Think ahead a bit. And I think the result for the country will be far better. Thank you very much. I can take a couple of questions or comments if anybody has them. Yes.

QUESTION

Where do you think the Congress is with respect to the question of private sector led initiative?

IRA MAGAZINER

The question was where do I think the Congress is with respect to this question of private sector led initiative? And I was saying we've worked very hard for almost two years now since we started this whole initiative to keep a bi-partisan support for the whole electronic commerce initiative.

And I'm proud to say that we've been able to do that so far. If you look at the copy right treaty issues which are coming up now or the Cox Widen text, the Internet Text Freedom Act or these privatization of the domain name system, all of which we're engaging in. And they all have bi-partisan support and we've worked hard at that.

And I think it's fair to say that there is broad bi-partisan support. There has been for the past year on the issue of trying to lead with industry self regulation on privacy.

However, I think that will crumble if industry self regulation doesn't become real fairly soon. Because the pressures are enormous right now on the privacy issue in Washington. It is the public's number one issue with respect to the Internet and the Information Age and so on.

And I think unless action is taken soon by the private sector to show that industry self regulation is real and that the private sector will do it, then I think the whole consensus will move in a different place.

QUESTION

Ira, you mentioned Friday's announcement about Japan and their support, et cetera. Is the administration working with any other governments expect other governments to chime in with a point of view on that issue?

IRA MAGAZINER

We're hopeful, yes. We are working with a number of other governments. We also have been working with a number of individual governments within Europe. To try to create a greater flexibility there and we've had some good result there, too. I don't want to pre-maturely announce something before it's ready.

But since last summer I've been to 25 countries, working on these issues. And I think we've made good progress in most cases on most of the issues. And I think the Japanese agreement is particularly significant, though, because I think people, you know, instinctually respect the Japanese take a more regulatory approach. And I think it was a very far sighted position.

We negotiated with 12 different Japanese government agencies, for them to sign on. And they have agreed to, really, a very unregulated approach with respect to this whole new arena. And it goes across a whole series of areas from supporting free flow of information with no restrictions to the private sector led efforts on privacy to allowing markets to develop on authentication and digital signatures. So you're not going to have government licensure or anything like that on authentication. And a variety of other areas. So we see that as very hopeful.

But yes, we are working with other governments. But, what it's all going to come down is do we have something or not? I mean, we're convincing them on the theoretical level. That this is a better approach. But at some point if we can't point to something and say here's how it works, there it is, it's up and working, then it'll crumble. I mean, our credibility will crumble.

QUESTION

Just to follow up that point, are there any industries that either have put together the right kind of seal that you would think is moving in the right direction? Are industries close to that?

IRA MAGAZINER

There are a number of efforts that are coming together now. And the question is whether they'll sort of get over the goal line if you'll pardon the sports analogy. I mean, I think, IBM has been involved in an effort to put together an alliance of groups. The Better Business Bureau, Trustee, the Direct Marketing Association, Bankers Roundtable and a number of others have been working the issue.

But nobody's there yet. Putting the pieces together and actually having something to demonstrate. And what we need to see by this summer is, you know, a couple of enforcement organizations up and going. We need to see some kind of alliance formed on the consumer education side among those organizations. And then a significant number of companies that are the major players on the Internet sort of saying, "I'm going to be part of one of these groups by this date. And, I commit that. Or I'm joining this alliance" or whatever. So that there's something credible out there. That has significant enough support.

And there are a number of organizations that have been working all year. But we need to see something concrete, I think, soon. That we can point to because what, you know, what I want to do with the European union and others this summer is to be able to say, okay, you've been asking what this looks like. Here it is.

And it doesn't have to be fully up and going. Fully operational and every T crossed and I dotted by July. Because even what we argue to the Europeans is just because you pass a law doesn't mean you're enforcing it and it's working.

But at least there's got to be something concrete and the commitment's concrete. And have a clear ability, if you will, to prototype or demo what it looks like. So people can say, oh, that's what it's going to be like. Okay. That's comfortable for me.

Because right now people are nervous about it. And they don't see anything that sort of they can feel or touch.

QUESTION

I wonder if you might be able to tell us what level of corporate compliance or corporate implementation would satisfy your sense that self regulation is working in industry? If simply five companies implement something, I'm assuming that would probably not be sufficient. And then the second part of that is you've identified the timeline as soon. I wonder if you might be able to elaborate, if there's a more specific deadline.

IRA MAGAZINER

Well, to the first question, you start a snowball and then snowflakes can more easily adhere to it. I think what we want to see initially is you can have 50 or 75 companies or 100 companies, and a couple of industry associations that make up the majority of activity going on in the Internet right now.

And if the vast majority of those companies form something, and announced it, that's a good start. And then others can adhere to it once they see it. So I don't think we anticipate that you can get 10,000 companies to sign up to something day one. But if we could see a good start like that. A good solid snowball that others could adhere to, we'd feel a lot better about it.

In terms of deadlines, last July when the president released the electronic commerce strategy, there were a series of specific charges in that across 12 different issues. And specific dates for each of them. In the case of privacy, the Secretary of Commerce is responsible to report back to the president by July first on the progress. And so somewhere around then we're going to have to indicate whether there's real progress or not. And that's what we're looking towards.

And I think a lot of people in Washington are waiting for that report. And if the results of that are not very favorable, then I think that's going to spur a lot of action to go to a different plan so I don't mean to say there's a hard and fixed date but I think that's an important date anyway.

QUESTION

Good morning. If we aren't able to mobilize ourselves as quickly as is necessary, do you have any suggestions as to how we might educate Capital Hill a little bit more about what it is we do for a living?

IRA MAGAZINER

I think you should always be doing that. But I think it's going to just sound like words unless there's something really happening along with that. And I guess, when you say mobilize that quickly I mean if you can see substantial progress towards something, it doesn't have to be all in place. But at least then you know that people are serious.

And if people will stand up and commit to some deadlines and stand up and say here's what it's going to look like and by this date, my company will be there and I'm going to commit these kinds of resources to it or something that can make a difference.

So I'm not suggesting that everything has to be, as I said, all the T's crossed and the I's dotted. But there's got to be some substantial sense that something's really going to happen. Other than that we try all the time and I think you should try to educate both everybody in Washington around the administration and Capital Hill as well as in all the governments of the economic significance of what is occurring. Because there are still far too many people who don't understand how significant and positive this can be for the economy and in fact, is already being. And that will always be helpful.

But that won't be a substitute for meeting this other challenge.

QUESTION

You mentioned a legislative approach to medical records privacy. Can you tell us any more about what you expect to come out of that and what the administration's preferred method would be.

IRA MAGAZINER

We've proposed legislation which is already up on the Hill, for protection of medical records. And this is not an Internet problem, specifically, but there are a couple of things that make it different than the broader questions of privacy.

One is that essentially the medical industry is a domestic industry, if you will, by in large. And so it's and there are a limited number of actors. You know, hospitals, doctors and so on. And so it's easier to set up something and then enforce it.

Secondly it's a particularly sensitive area in terms of people's concerns. And something where there has been a tremendous amount of abuse. And so what we're mainly concerned about is things which are personally identifiable. We want to allow information to be used for medical research and for other purposes.

But whenever something is personally identifiable to you, it should be the same principle. That you should have control over who sees and who knows about your medical condition. And that's the import of the legislation.

QUESTION

Is there any expectation that as expectations grow with the Internet privacy that that will filter back to the non-Internet domain as well?

IRA MAGAZINER

Definitely. Yes. I mean, I think the Internet is, in a sense, the area that is of most concern and most difficult to deal with. So if we can get solutions that work there I think they'll work easily across the whole range of privacy. And that's what we're looking for.

We don't want to limit it just to the Internet. We would like to have privacy policies that essentially can hold in general. And once a company puts something in place internally, and has mechanisms internally to work those, it should work just as well for the Internet as it does for telephone or whatever else they do to collect information that makes sense.

QUESTION

Given the huge number of businesses that are going to be on the Internet globally by 2005, do you think that it's really feasible to conduct any kind of efficient monitoring against the seal system? And how would you put teeth in it for the businesses that are going to located outside of our boundaries?

IRA MAGAZINER

Well, I'll say two things. One is that I think for those that will have and display a seal, I think there can be effective monitoring. And I think that monitoring could be done in part in a de-centralized way by different organizations.

So, if Japanese industry sets up a couple of organizations in Japan that are doing the monitoring and there will be some differences by sector. You may do it by sector you may not.

In the United States we may have a couple of different organizations doing the monitoring as well. And companies would be able to sign up with one or another they might sign up with a trustee or a Better Business Bureau or whatever.

I think that can work effectively. And there is a tremendous amount of interest, I can tell you, among industries in Europe, Australia, Japan, Canada, working with US industry on setting up systems like this and then enforcing them, in their own countries. And so I think that's the way it would work in other countries.

And I think, if for some reason the creating of a safe zone like this was not sufficient, that is there were people staying outside of it, doing bad things, you could always then move to do some kind of FTC action that created a safe harbor for all those that had seals. And try to deal with bad actors outside of it as a second step if you needed to.

But I think the important thing for most companies, in my view and my experience in industry is that 99 percent of the companies want to do the right thing, I mean, they're not looking to invade somebody's privacy. They're not looking to defraud somebody. If anything, they want the bad actors policed because they don't want the whole industry given a bad name because of bad actors.

And that's what the rise of organizations like the Better Business Bureau to begin with. And if you go by that supposition, I think you'll have a lot of companies, the vast majority of them, joining these organizations and complying with them and just setting up internal procedures that have become second nature in the company.

And I think that will work. And then for the other one percent, if we have to do something beyond that for them, then we'll do it. But that goes back to the question I said earlier, as a principle, that the government action should be minimal and only when necessary. So instead of saying one tenth of one percent of the companies in the world are going to do bad things and therefore I'm going to put shackles on a 100 percent of the companies, by passing omnibus legislation. That's not the way to do it.

Let's let the 90 plus percent who want or 99 percent who want to do things right have the opportunity to create a safe harbor away from the shackles to create an organization that works. Or organizations that work to carry out the social purpose. And then for those that are outside of it and remain abusers, if you need to, you can go after them separately without shackling the rest.

And I think particularly in the Internet age, that's an important philosophy to have. Because the notion, I mean, one thing also I worry about from the consumer point of view, is that in the Industrial Age we became used to, when I talk about paradigm shifts, the notion that government sort of in some central fashion, tried to protect consumers.

And what I don't want to do is be in a position where the government sort of says to consumers, don't worry, we've passed this privacy law, you're fine. And then we can't enforce it. And we've given sort of false assurances to people.