Top lawyers at Facebook, Google and LinkedIn last week proclaimed very publicly that internet users don’t need the government to protect their privacy online.

The argument coming from these companies – whose only way to make money is, incidentally, to use your personal information to sell advertising – is simple: trust us. They were making their case at hearings held at UC-Berkeley School of Law by the Federal Trade Commission (FTC), which is considering the need for new rules for protecting privacy on the Web.

“Regulation that’s ‘one size fits all’ will fail,” said Erika Rottenberg, general counsel at LinkedIn, echoing the sentiments of the others. “There is self-regulation that is going on.”

But does self-regulation by corporations work when it comes to privacy? Here, with the help of privacy lawyer and author Robert Ellis Smith, is a brief history of foxes and henhouses.

Privacy from the ashes

The late tennis great Arthur Ashe got a gut-punch of a phonecall from a USA Today reporter in April 1992. The question – did Ashe, the first black man to win Wimbledon and the US Open, have AIDS?

According to later media reports, Ashe had most likely contracted HIV from a bad blood transfusion during heart surgery. But few outside the intensely private man’s family and friends knew.

Ashe tried to get USA Today to hold off, without any luck. He held a press conference soon after to tell the world that he was HIV-positive.

The reporter, according to later reports, had been tipped off by an anonymous healthcare worker. Although there were some state regulations in place, the US Government had yet to enact the Health Insurance Portability and Accountability Act (HIPAA), which for the first time really strengthened the confidential treatment of medical records. HIPAA was passed in 1996, three years after Ashe’s death.

Before that time, said privacy historian Smith, doctors and hospitals had impressed upon everyone that they could guard their patients’ privacy without government help.

“Certainly the medical institutions made the case that they could do it themselves because they had a strong ethical code,” said Smith.

HIPAA has “got medical facilities thinking about confidentiality,” he added.

I’m eating dinner

Another great example of self-regulation was the telemarketing industry.

After an outraged populace trying to eat dinner in peace cried out, the industry set up the Direct Marketing Association (DMA) and convinced the FTC that it could police itself in the 1980s.

“They were always very vigorous in pursuing the self-regulation route,” said Smith.

The problem was that it was almost impossible to figure out how to opt out with the association, and only telemarketers that were part of the association had to comply.

By 2002, 17 years after the DMA was formed, just 4.8 million consumers had been able to sign up on its do-not-call list. In stark relief, the FTC set up the National Do Not Call Registry in 2003 and 80 million people signed up in the first two years to have their names taken off telemarketers’ call lists, according to Berkeley Law’s Chris Jay Hoofnagle in his 2005 report, “Privacy Self Regulation: A Decade of Disappointment.”

Smith, a privacy advocate and researcher for decades, said he’s not surprised to hear the familiar self-regulation mantra from internet companies.

“In privacy it always seems to come up, in part because privacy strikes businesspeople as a vague concept,” he said.