TUCoPS :: Privacy :: priv0812.txt

Privacy Digest 8.12 8/27/99

<head><TITLE>PRIVACY Forum Archive Document - (priv.08.12) </TITLE></head>
<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#660099" alink="#ff0000">

<table border=0 cellpadding=0 cellspacing=0 width=100%>

<td bgcolor="#ffffcc" width=30%>

<table border=0 cellpadding=4 cellspacing=0 width=100%>

<a href="/reality.html"><img src="/spkr1.gif" border=0 align=middle></a>
<font size=-1 face="Arial, Helvetica, sans-serif"><b>RealAudio</b></font><br>
A Moment of Sanity & Fun!<br>

<font size=-1 face="Arial, Helvetica, sans-serif">
<font color="#ff0000"><b>& UNREALITY TRIVIA QUIZ!</b></font>

<table border=0 cellpadding=0 cellspacing=0 width=100%>

<table border=0 cellpadding=4 cellspacing=0>

<a href="/reality.html"><i>LISTEN</i> or <i>INFO!</i></a></td>







<td align=center>

<font size=+2><b>PRIVACY Forum Archive Document</b></font><br>

<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p>
<A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p>
<A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p>



PRIVACY Forum Digest      Friday, 27 August 1999      Volume 08 : Issue 12


            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
	         Committee on Computers and Public Policy,      
		 Cable &amp; Wireless USA, Cisco Systems, Inc., 
                           and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

	Cyberspace Electronic Security Act 
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	SBC/PacBell Ties Employee Perks to Home Caller ID Blocking Choices
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	FCC Appealing Customer Calling Data Decision
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	Aggregated Data *Does* Matter: Amazon.com
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	DoubleClick knows what you are searching for (Chris Brenton)
	1999-08-05 Executive Order on Unlawful Conduct on the Internet
	   (Monty Solomon)
	CPSR Conference, Stanford, Oct. 2-3 (Susan Evoy)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions above
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


     Quote for the day:

	  "Most everyone's mad here."
	       -- The Cheshire Cat (Sterling Holloway)
		  "Alice in Wonderland" (Disney; 1951)


Date:    Tue, 24 Aug 99 21:57 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Cyberspace Electronic Security Act

Greetings.  Since much has been written in the mainstream press
about the Department of Justice draft regarding access to encrypted
computer data, tagged the "Cyberspace Electronic Security Act,"
I won't rehash the details here, except to add a few points.

First, a particularly interesting analysis of the draft appeared in the
British publication "The Register" (see:
http://www.theregister.co.uk/990824-000001.html).  Their analysis notes that
the "black bag" aspects of the plan, which would permit surreptitious
entries to "modify" computers, for the purpose of bypassing encryption
systems, has been receiving most of the attention.  But they also point out
that this is possibly the most problematic aspect of the proposal, which
would likely be usable only in very limited circumstances and probably with
a very low likelihood of success.  They also note that the sorts of
dramatic, critical situations being used as primary examples by the proposal's
proponents (kidnappings, etc.) are unlikely to benefit from such procedures.

Of more interest, The Register suggests, is the probability that a more
important purpose of the proposal is to create an environment where specific
information ceased from computers under warrants could be usable in court
without authorities having to obtain carte blanche access to everything on
the seized machine.  In any case, I recommend reading over their piece.

One point I'd like to make about this proposal is that it would seem on its
face that situations where PCs were compromised by "clandestine" operations
to disable encryption, might create serious problems when it came to
evaluating any data evidence later seized from such a system.  Once a system
has been so "penetrated," it would seem likely that defense attorneys would
tend to suggest that the data evidence could no longer be trusted. "Who
knows what they really did while they were monkeying around with that
computer?"--they'll say.  This could be a significant problem in court.

And finally, it seems very unlikely that the portions of the proposal
relating to the surreptitious entries and such will pass both houses of
Congress to become law, especially after the lashing it has received in the
press as of late.

The government's concerns about encryption relating to serious crimes are
very real.  It's easy to forget that there really *are* genuinely "bad"
people out there who can abuse such technologies.  But this proposal is on
the wrong track in a free society.

Lauren Weinstein
Moderator, PRIVACY Forum --- http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Host, "Vortex Reality Report &amp; Unreality Trivia Quiz"
  --- http://www.vortex.com/reality


Date:    Thu, 19 Aug 99 22:05 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: SBC/PacBell Ties Employee Perks to Home Caller ID Blocking Choices

Greetings.  In a move that demonstrates just how aggressively they're
pushing the use of Calling Number ID services, Texas-based SBC
Communications, which owns telephone companies Pacific Bell and Southwestern
Bell, as well as Cellular One and other telecommunications firms (with more
large acquisitions on the way), has tied popular employee "perks" to
employees' choice of caller ID blocking options at home.

Apparently this effort, aimed at discouraging employee's choice of per-line
caller ID blocking, is related to SBC concerns that the large numbers of
subscribers choosing this blocking have "devalued" the high-profit caller ID
service.  Caller ID receives significantly lower subscribership rates where
per-line blocking is widely chosen (naturally enough).  SBC has in the past
implemented other steps to try discourage the use of per-line caller ID
blocking.  On the Pacific Bell automated features system, for example,
subscribers can choose to remove per-line blocking from their line for free
through the system.  They apparently cannot, however, choose to *add*
per-line blocking through that same system!

SBC employees have indicated that they are instructed to suggest caller ID
services whenever possible, and to assert how much "easier" it supposedly is
to use your phone when you don't have per-line blocking.  Little mention is
ever made of the per-call unblocking function available for free to all
per-line blocking subscribers, of course.

SBC has decreed that since January 1, 1999, employees will not receive
"vertical service concessions" on their home phones if they choose per-line
caller ID blocking on those lines (where it is available).  Traditionally,
concessions are discounts (typically 10-15% or so, though they can be higher
in some cases) that many regular telephone company employees have received
on their home phone service, as an employee benefit.  Employees with these
sorts of traditional "dialtone" concessions were grandfathered on Jan. 1,
and can continue to receive them.  Newer employees who are offered
concessions can choose from various custom calling features (e.g. call
waiting, 3-way calling, etc.), but they'll receive these on a discounted
concession basis *only* if they choose not to avail themselves of any
per-line caller ID blocking options.  In other words, they must depend on
per-call blocking, or they'll receive no vertical service concessions.

SBC should of course be free to negotiate employee compensations as they
wish, as per applicable laws and regulations.  And apparently this rule was
established as part of employee bargaining agreements.  It's also apparently
the case that traditional concessions have often been tied to employees
not choosing to have non-published (unlisted) numbers for those lines.

But SBC's linkage of benefits (or perks, depending on your definitions) to
employees' personal choices of privacy options on their home phones seems
worthy of at least a few raised eyebrows.  Is it really necessary to go to
this sort of extreme to promote caller ID, if the service is really so
valuable to customers?

Lauren Weinstein
Moderator, PRIVACY Forum --- http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Host, "Vortex Reality Report &amp; Unreality Trivia Quiz"
  --- http://www.vortex.com/reality


Date:    Tue, 24 Aug 99 22:14 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: FCC Appealing Customer Calling Data Decision

Greetings.  The Federal Communications Commission is appealing to the full
10th U.S. Circuit Court of Appeals a decision by a three judge panel of the
Court, to strike down last year's toughening of rules regarding telephone
company use or release of customer calling data or other related information
for marketing purposes.  

The FCC's rule changes had made it necessary for telephone customers to
"opt-in" to such releases or marketing plans.  You may have noticed bill
inserts or forms regarding this issue, or you might be hearing recordings
when you call your local telco, asking you to "press 1 if we can use your
data to discuss services with you," "press 2 if you have questions," or so
on.  (Interestingly, Pacific Bell here in California originally had option 2
as "press 2 if you don't want to give us permission, or if you have any
questions."  Currently it no longer mentions the "don't want to give us
permission" part...

Admittedly, this area has become very complicated, for both the telephone
companies and consumers alike, with some telephone companies interpreting
the rules to apply to practically anything you might call to ask them, while
others have mainly been concerned with marketing issues relating to outside
firms who wanted access to the data for (mainly) telecommunications-related
services.  The company and consumer confusion suggests that at the very
least the FCC rules needed clarification, and in fact the FCC had actually
just loosened them somewhat, apparently to address some of these issues,
just before the court panel's decision.

The panel's decision promotes the view that the ownership of the data is
invested in the telcos, who have first amendment rights that were
superseded by the FCC's rules.  This conflict between "free speech" rights
of businesses and individual privacy rights is a recurring one in all manner
of industries and has yet to be decided or addressed in other than a very
piecemeal fashion.  Also as usual, the issues of "opt-in" vs. "opt-out"
relating to marketing programs are at the heart of many of these concerns,
as we've discussed previously here in the PRIVACY Forum.

Since the FCC is appealing this decision upward, we'll just have to wait and
see what the next step is as this complex question, which may potentially
have impacts on other industries, plays itself out.

Lauren Weinstein
Moderator, PRIVACY Forum --- http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Host, "Vortex Reality Report &amp; Unreality Trivia Quiz"
  --- http://www.vortex.com/reality


Date:    Fri, 27 Aug 99 11:05 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Aggregated Data *Does* Matter: Amazon.com

Greetings.  As you may have heard, Amazon.com has generated surprise and
shock in many quarters by posting on their web site the names of popular
books ordered by persons located at various companies, listed by company
name!  So immediately, people started drawing inferences about why so many
people at this firm or that firm bought particular books, some of which are
of a highly personal nature or related to particular competitive business

What's apparently going on is that Amazon is using their activity log data to
generate these lists--so they're not saying that a particular company *paid*
for a given book, just that the people who did so accessed Amazon from that
company.  Amazon says that this was just supposed to be "fun"--that they
don't release the names of individual purchasers.  It's not clear to me that
this should make you feel a whole lot better...

In response to a tirade of protests, Amazon will now permit individual
purchasers to opt-out of these aggregated listings--assuming they notice how
to do so, and entire companies supposedly can be completely removed by
sending a fax.  Obviously the individual opt-out option renders any
remaining data about "popular" books at a given company meaningless, since
you'd never know how many people at that firm had already chosen to remove
their purchasing data from the database.  So the stats have even less
scientific validity than originally (which wasn't much to start with).

You can read all of the sordid details about this in the mainstream press,
but there is one primary point I want to make.  Amazon is taking an approach
that is increasingly being heard amongst web-based and other firms with
access to large amounts of transactional data.  They all claim that so
long as they only release "aggregate" data, nobody's privacy is impacted.
But of course, before you can aggregate data, you have to collect specific
data, and as we see, such data *does* matter.  It does reveal information
that many persons would prefer--and incorrectly assume--is private between
them and the entity with whom they're dealing.  Most people are shocked when
they learn how much transactional data is collected about them in the
course of business, and how little control they have over it.

Freedom of speech can not (or at least should not) mean that whenever you
provide someone with a piece of personal information, that data then becomes
their private property to exploit without limit or recourse.  There needs to
be a balance struck, but right now the scales are out of kilter, based on 
19th Century attitudes towards what can be done with business-related data.

Lauren Weinstein
Moderator, PRIVACY Forum --- http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Host, "Vortex Reality Report &amp; Unreality Trivia Quiz"
  --- http://www.vortex.com/reality


Date:    Mon, 09 Aug 1999 09:45:40 -0400
From:    Chris Brenton &lt;cbrenton@sover.net&gt;
Subject: DoubleClick knows what you are searching for

Greetings all,

Be aware that even if you take precautions to lock down your browser's
cookie settings (you can check out http://www.cookiecentral.com/ for
some good info on what can be done with cookies), DoubleClick has come
up alternate means of compiling user profile information.

try the following:

1) Go to http://www.altavista.com
2) Enter a search string
3) Sniff your outbound connection

What you will see is your local system creating a connection to:

in order to send the following string:

In other words, Altavista is reporting to DoubleClick the type of
information you are searching for on the Web. I have yet to determine
what the "ord" value is. It does not appear to be tied to a specific
cookie value but I have not done enough investigation work to be sure.
If anyone has additional info on this, it would be greatly appreciated. 

If you don't have a sniffer, you can do a "netstat" on your local system
to see the connection to ad.doubleclick.net. You have to hit it just
right though and this will not show you the info string you are sending

If you read through Altavista's privacy statement
(http://www.altavista.com/av/content/privacy.htm ) it mentions using
cookies, but makes no mention that they are submitting user search
string data to DoubleClick.

Note that I have not seen this type of activity with any of the other
major search engines, but have had people tell me they have seen this
with a couple of the major news wires.

The only effective means I've found to prevent all of DoubleClick's
profiling attempts is to block all outbound traffic headed for their
domain. Obviously this is not an option for many people who connect via
dial-up to a local ISP.


		[ The ad practice you describe is very common, and in fact
		  I've discussed the issue of AltaVista and Doubleclick a
		  number of times here in the PRIVACY Forum in the past.
		  Note that whether or not you see an "extra" connection
		  being created, such information can be passed through
		  "invisible" connections directly between the search engine
		  and the ad provider as well.  Also, it is typical for
		  search engines to pass user search strings onward as part
		  of the URL information to the server that sends you the
		  actual item you've chosen from a search engine results

			-- PRIVACY Forum Moderator ]


Date:    Mon, 9 Aug 1999 22:28:33 -0400
From:    Monty Solomon &lt;monty@roscom.com&gt;
Subject: 1999-08-05 Executive Order on Unlawful Conduct on the Internet

                            THE WHITE HOUSE

                     Office of the Press Secretary
                        (Little Rock, Arkansas)
For Immediate Release                                     August 6, 1999

                           EXECUTIVE ORDER

                            - - - - - - -


   By the authority vested in me as President by the Constitution and
the laws of the United States of America, and in order to address
unlawful conduct that involves the use of the Internet, it is hereby
ordered as follows:

   Section 1.  Establishment and Purpose.  (a) There is hereby
established a working group to address unlawful conduct that involves
the use of the Internet ("Working Group").  The purpose of the Working
Group shall be to prepare a report and recommendations concerning:

     (1)  The extent to which existing Federal laws provide a sufficient
          basis for effective investigation and prosecution of unlawful
          conduct that involves the use of the Internet, such as the
          illegal sale of guns, explosives, controlled substances, and
          prescription drugs, as well as fraud and child pornography.

     (2)  The extent to which new technology tools, capabilities, or
          legal authorities may be required for effective investigation
          and prosecution of unlawful conduct that involves the use of
          the Internet; and

     (3)  The potential for new or existing tools and capabilities to
          educate and empower parents, teachers, and others to prevent
          or to minimize the risks from unlawful conduct that involves
          the use of the Internet.

   (b)  The Working Group shall undertake this review in the context of
current Administration Internet policy, which includes support for
industry self-regulation where possible, technology-neutral laws and
regulations, and an appreciation of the Internet as an important medium
both domestically and internationally for commerce and free speech.

   Sec. 2.  Schedule.  The Working Group shall complete its work to the
greatest extent possible and present its report and recommendations to
the President and Vice President within 120 days of the date of this
order.  Prior to such presentation, the report and recommendations shall
be circulated through the Office of Management and Budget for review and
comment by all appropriate Federal agencies.

   Sec. 3.  Membership.

   (a)  The Working Group shall be composed of the following members:

          (1)  The Attorney General (who shall serve as Chair of the
               Working Group).

          (2)  The Director of the Office of Management and Budget.

          (3)  The Secretary of the Treasury.

          (4)  The Secretary of Commerce.

          (5)  The Secretary of Education.

          (6)  The Director of the Federal Bureau of Investigation.

          (7)  The Director of the Bureau of Alcohol, Tobacco and

          (8)  The Administrator of the Drug Enforcement Administration.

          (9)  The Chair of the Federal Trade Commission.

          (10) The Commissioner of the Food and Drug Administration; and

          (11) Other Federal officials deemed appropriate by the Chair
               of the Working Group.

   (b)  The co-chairs of the Interagency Working Group on Electronic
Commerce shall serve as liaison to and attend meetings of the Working
Group.  Members of the Working Group may serve on the Working Group
through designees.

                                 WILLIAM J. CLINTON

                                 THE WHITE HOUSE,
                                 August 5, 1999.

                                 # # #

Date:    24 Aug 1999 17:20:32 -0000
From:    sevoy@quark.cpsr.org (Susan Evoy)
Subject: CPSR Conference, Stanford, Oct. 2-3

Computer Professionals for Social Responsibility presents:



Eric Raymond &amp; Larry Wall
accepting on behalf of the open-source software movement


The chance to get rich in new communications technology has led
many to liken it to the California Gold Rush.  A more apt metaphor 
would be the Comstock Lode and its intimate embrace with the San 
Francisco Stock Market.  Dr. Gray Brechin will examine the forgotten 
social and environmental costs of the Comstock speculative frenzy 
and its parallels with Silicon Valley today.


Panelists discuss their experiences in pursuing financial success while 
supporting the public good.  Topics include socially-responsible 
venture capital financing, the evolution of public-interest enterprises 
into commercial firms, and public-interest start-ups that suffered 
financial failure.  Are social responsibility and financial success 
mutually exclusive, or do new ventures provide models that can be 
applied elsewhere?

Despite dropping computer costs and a wide range of online 
providers, recent reports show that the digital divide still exists, both 
for economic and social reasons.  These panelists all have experience 
with trying to bridge the digital divide.  Are we really providing 
enough opportunity to those who are still not connected?  To what 
extent have our efforts been successful? Does the commercial FreePC 
movement help or hurt these efforts?

Tomorrow's computing may well be determined by its choice of 
software development methods.  The proposed UCITA would enhance 
the proprietary approach of private industry while reducing the rights 
of software consumers. The open-source Movement, recently 
discovered and highly acclaimed by the public and press, thrives using 
a very different mode of software development.  This panel will 
explore the potential effects both of these initiatives will have on 
computing in the future.



CPSR's prestigious Norbert Wiener Award for Social Responsibility in 
Computing Technology is being awarded to the open-source software 
movement. This movement profoundly challenges the belief that 
market mechanisms are always best-suited for unleashing 
technological innovation.  This voluntary and collaborative model for 
software development is providing a true alternative to proprietary,
 closed software. 

Eric Raymond, author of "The Cathedral and the Bazaar;" Larry Wall, 
creator of Perl; and O'Reilly and Associates, publishers of open-source 
documentation; will be accepting on behalf of the movement.




We'll form groups and discuss Saturday's issues, the Net, DNS, and 
whatever else we want to talk about. 
This will be followed by the CPSR annual business meeting.
Sunday's annual meeting is free and open to everyone.

Conference Committee Karen Coyle, Paul Czyzewski, Jeff Johnson, 
	Coralee Whitcomb, Susan Evoy

Stanford Visitor Information  http://www.stanford.edu/home/visitors

Check in at http://www.cpsr.org/ for updates

Registration (Space is limited, so register early.)

Name ______________________________________________
	(as it should appear on nametag)

Address  ____________________________________________

City________________State ____Country ______ Zip _______

Telephone (     )______________Email ______________________

Company/School Name _________________________________

Payment method:  Check__     Visa __     MasterCard  __  

      Card# ___________________________  Exp Date ______

                                Early (RECEIVED BY 9/17)   Later or On-Site
Member of CPSR                                   $ 60            $ 75

Non-member                                       $ 85            $100

New or Reactivating CPSR member and registration $ 95 ($10 more) $110

Low income participant or Student with ID        $ 20            $ 25

Low income participant or Student member and reg $ 40 ($10 more) $ 45

Media Representative
                from _______________________    -           -

Wiener Award Reception 
     with conference registration               $ 20            $ 30
     without conference registration            $ 40            $ 60

Donation to further CPSR's work                         $____

                                        TOTAL ENCLOSED $ ____

Send completed registration form with payment to:  
CPSR, PO Box 717, Palo Alto, CA  94302.

Or register soon on the World-Wide Web at 


 Susan Evoy   *   Deputy Director                     
 Computer Professionals for Social Responsibility
 P.O. Box 717  *  Palo Alto  *  CA *  94302         
 Phone: (650) 322-3778    *   Fax: (650) 322-4748     *   
 Email: evoy@cpsr.org


End of PRIVACY Forum Digest 08.12
<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p>
<A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p>
<A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p>

<font size=-2>Copyright &copy; 2000 Vortex
Technology.  All Rights Reserved.</font> 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH