|
<HTML> <head><TITLE>PRIVACY Forum Archive Document - (priv.08.24) </TITLE></head> <body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#660099" alink="#ff0000"> <table border=0 cellpadding=0 cellspacing=0 width=100%> <tr> <td bgcolor="#ffffcc" width=30%> <table border=0 cellpadding=4 cellspacing=0 width=100%> <tr> <td> <center> <a href="/reality.html"><img src="/spkr1.gif" border=0 align=middle></a> <font size=-1 face="Arial, Helvetica, sans-serif"><b>RealAudio</b></font><br> A Moment of Sanity & Fun!<br> <font size=-1 face="Arial, Helvetica, sans-serif"> <b>VORTEX REALITY REPORT</b><br> <font color="#ff0000"><b>& UNREALITY TRIVIA QUIZ!</b></font> </font><br> <table border=0 cellpadding=0 cellspacing=0 width=100%> <tr> <td> <center> <table border=0 cellpadding=4 cellspacing=0> <tr> <td> <b> <a href="/reality.html"><i>LISTEN</i> or <i>INFO!</i></a></td> </b> </tr> </table> </center> </td> </tr> </table> </center> </td> </tr> </table> </td> <td align=center> <font size=+2><b>PRIVACY Forum Archive Document</b></font><br> <A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p> <A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p> <A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p> </td> </tr> </table> <hr> <pre> PRIVACY Forum Digest Friday, 31 December 1999 Volume 08 : Issue 24 (http://www.vortex.com/privacy/priv.08.24) Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS The Year's Not Quite Over Yet... (Lauren Weinstein; PRIVACY Forum Moderator) Yahoo Sued for $4 Billion in Privacy Policy Battle (Lauren Weinstein; PRIVACY Forum Moderator) Check Processing Surprises (Lauren Weinstein; PRIVACY Forum Moderator) Re: Cell Phones to be Tracked for Traffic (Lauren Weinstein; PRIVACY Forum Moderator) FTC announces Privacy Committee (Craig Partridge) Clarification to issues raised regarding Topica-Esosoft partnership (Ariel Poler) Re: Web Tracking and Data Matching Hit the Campaign Trail (Oleg Gurvits) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 08, ISSUE 24 Quote for the day: "The suspense is terrible... I hope it'll last." Willy Wonka (Gene Wilder) "Willy Wonka & the Chocolate Factory" (Warner Bros.; 1971) ---------------------------------------------------------------------- Date: Wed, 29 Dec 99 19:38 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: The Year's Not Quite Over Yet... Greetings. Well, I had thought that the previous PRIVACY Forum Digest could close out the year, but the press of events has forced me to squeeze in one more issue, and it *will* be the last of 1999. "This time for sure!" Again, all the best for the new year! --Lauren-- lauren@vortex.com Lauren Weinstein Moderator, PRIVACY Forum - http://www.vortex.com Co-Founder, PFIR: People for Internet Responsibility - http://www.pfir.org Member, ACM Committee on Computers and Public Policy ------------------------------ Date: Wed, 29 Dec 99 19:34 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Yahoo Sued for $4 Billion in Privacy Policy Battle Greetings. If anybody doubted that the perceived value of personal data is a key factor in the big-money Web deals, you need doubt it no longer. We've talked here in the PRIVACY Forum in the past about the problems inherent in privacy policies, especially when one company buys out another. Now we have perhaps a textbook illustration of how insane the current situation really is, in the absence of laws mandating that individuals have reasonable control over the personal information they provide during online registrations and the like. Yahoo, Inc. (http://www.yahoo.com) has been sued for $4 billion (that's Billion with a "B") by a firm called Universal Image Inc. (doing business on the net under names such as chalkboardtalk.com), who had a deal to provide educational videos to, and receive user registration data from, Broadcast.com. Keep in mind that Broadcast.com (which recently began terminating their support for Realaudio/Realvideo in favor of Microsoft's Windows-oriented "Media Player" system) was relatively recently bought by Yahoo. The suit reportedly was originally filed some months ago, but was just amended to include the large dollar amounts, along with other requests to the court concerning accusations against Yahoo. The lawsuit, which Yahoo considers to be "opportunistic" in nature, claims that Yahoo is in breach of contract for not running Universal Images' videos as specified in the original contract with Broadcast.com, and for not providing Universal Images with the promised user registration data. Depending upon which side you listen to, the cause of this problem is reported to be either that: a) Yahoo's privacy policy is stricter than Broadcast.com's was, and Yahoo wants to protect its tens of millions of claimed users from the release of personal information. or (from the suit's arguments): b) Yahoo is accused of destroying data against a judge's prior orders, wants the rest of the information all for itself, and is giving users a false sense of security through their privacy policy. The next hearing on this matter is scheduled for Jan. 5, 2000. According to Larry Friedman, a lawyer for Universal Images, the Yahoo privacy policy violates the Broadcast.com contract with Chalkboard.com. He also reportedly has suggested that the reason Yahoo bought Broadcast.com in the first place was only for its user data. A judge in Dallas is reported to have granted a temporary restraining order that prohibits Yahoo from publishing its privacy policy until the suit is resolved. As of right now, however, what appears to be their standard privacy policy is still viewable at their site. With personal information being treated as just another commodity, this sort of event seemed inevitable. And of course, left out in the cold amidst this tug-of-war are the current and past Web users of Yahoo and the former Broadcast.com, who have no idea at all regarding what might end up happening to the data they've provided in the past, or that they might provide in the future. --Lauren-- lauren@vortex.com Lauren Weinstein Moderator, PRIVACY Forum - http://www.vortex.com Co-Founder, PFIR: People for Internet Responsibility - http://www.pfir.org Member, ACM Committee on Computers and Public Policy ------------------------------ Date: Tue, 28 Dec 99 14:58 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Check Processing Surprises Greetings. Most people would agree that it's not outrageous to expect both reasonable privacy and high accuracy in your routine financial transactions, such as paying bills. On the privacy front, some financial institutions continue to be taken to task for their marketing based on the personal information that they possess on their customers. But when even simple sorts of transactions may be error-prone without suitable explanations, there may be a basis for even greater concerns about the overall situation. Do you ever neglect to carefully verify whether checks you write are actually paid for the amounts you write on them? Do you expect your bank to bother even *looking* at what you wrote on your checks when they're paid? If you've answered "yes" to either of these questions, you might want to be a bit more conscientious in the future. For example, in a number of specific cases brought to my direct attention, and in other anecdotal cases, "Discover" (Discover Financial Services) credit card holders have found that payment checks were deposited by Discover for the incorrect amounts. (Discover is a business unit of Morgan Stanley Dean Witter & Co.) In each of these situations, the erroneous amount matched both on the card holder's Discover statement and in their checking account that was used for the payment. In at least one case I know of, checks that were clearly written for particular amounts were incorrectly processed two months in a row--both of them deposited for too large an amount, putting the payer's checking balance at risk of significant problems. The types of errors seen were the sort that might be typically attributed to poor OCR (optical character recognition) scanning, e.g. misplaced decimal points, or a "1" being scanned as a "7". While Discover supervisory personnel openly admitted to me that they were having problems in this area, some of even larger dollar magnitudes than I cited, a Discover Financial Services corporate communications representative whom I contacted denied any such problems beyond "normal" financial institution error rates. She was unwilling to provide any information concerning their check processing procedures and would not disclose whether their check reading is done by humans or OCR, nor even if processing is performed in-house (they apparently consider this to be top secret compartmented information!) What's particularly interesting about all this is what it reveals about the state of quality control by the banks themselves. Once a payee has "coded" a check for a particular amount (the numbers added on the lower right portion of the check), that check apparently will usually fly through the banking system without any additional validation of what was actually written on it by the payer. The coding is accepted as is, and the amount is withdrawn from the payer's account, even if it is completely different than the amount specified by that payer. The banking system view seems to be that any other verifications would be inefficient and would slow down processing unacceptably, and of course from their standpoint it's always easier to try "fix" customer problems after the fact rather than to take pro-active steps to prevent them. So, if you've been laboring under the illusion that the amount you write on your checks necessarily is the same as what will be paid, you might want to make a special effort to verify that the two really do match up. You never know when you might "discover" an error. --Lauren-- lauren@vortex.com Lauren Weinstein Moderator, PRIVACY Forum - http://www.vortex.com Co-Founder, PFIR: People for Internet Responsibility - http://www.pfir.org Member, ACM Committee on Computers and Public Policy ------------------------------ Date: Wed, 29 Dec 99 20:12 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Re: Cell Phones to be Tracked for Traffic Greetings. In the previous PRIVACY Forum Digest (http://www.vortex.com/privacy/priv.08.23), I discussed the irony of a project to use cell phone location information to derive auto traffic speed and related data, while officials at the same time try to discourage the use of cell phones while driving. Several PRIVACY Forum readers have since suggested that perhaps there was no need for the phones to actually be in use, since (as has been discussed here in the PRIVACY Forum Digest in the past) cell phones are routinely in very brief communications with cell base stations at intervals (e.g. a burst every five minutes), whenever they are powered on. Just to clarify, this project is indeed using *active* calls (inbound or outbound) to derive the density of location data that it needs for its automobile traffic data collection. The amount of data available from the "non-call" phone transmissions is not considered adequate for this application. I have confirmed this information directly with one of the main persons working on the project. So, the irony I suggested does appear to stand! --Lauren-- lauren@vortex.com Lauren Weinstein Moderator, PRIVACY Forum - http://www.vortex.com Co-Founder, PFIR: People for Internet Responsibility - http://www.pfir.org Member, ACM Committee on Computers and Public Policy ------------------------------ Date: Wed, 29 Dec 1999 08:01:25 -0500 From: Craig Partridge <craig@bbn.com> Subject: FTC announces Privacy Committee The FTC is asking for nominations by Jan 5th for their advisory committee on online access and security, which is charged with providing "advice and recommendations to the Commission regarding implementation of certain fair information practices by domestic commercial Web sites -- specifically providing online consumers reasonable access to personal information collected from and about them and maintaining adequate security for that information." The committee will have public meetings on Feb 4, Feb 25, Mar 31 and Apr 28 of 2000. More info at http://www.ftc.gov/acoas/index.htm [ There was very short notice given by the FTC of this process. The official announcement calling for the nominations ostensibly seeks a broad range of participants. However, it appears that only persons with significant financial resources need apply, since the positions are unpaid, and participants must physically attend all of the meetings and cover their own travel expenses. -- PRIVACY Forum Moderator ] ------------------------------ Date: Tue, 28 Dec 1999 16:45:02 -0800 From: "Ariel Poler" <ariel@get.topica.com> Subject: Clarification to issues raised regarding Topica-Esosoft partnership I would appreciate the opportunity to address the issues that have been raised in this forum [ http://www.vortex.com/privacy/priv.08.22 -- PRIVACY Forum Moderator ] regarding the recent partnership between Topica and Esosoft - in which Topica will be hosting mailing lists that Esosoft has been servicing to date. Although we attempted to provide clear and timely information regarding the transition, including how to prevent a list from being transferred if someone so desired, in retrospect it is clear that we should have worked more closely with Esosoft to give list owners additional time and more information, particularly given the holidays. We sincerely apologize for any confusion that resulted and will be sure to provide clearer communication and lengthier transition times in the future. In the meantime, our customer support team is giving top priority to addressing any remaining issues resulting from this transition. Additionally, we are facilitating alternatives for Esosoft list owners who prefer to stay with a fee-based hosting provider - including staying on with Esosoft for a period of time. I would like to emphasize that once at Topica, list owners have complete ownership and control of their lists. They control whether the list appears in our directory or not, whether the archives are publicly readable or not, and whether anyone can subscribe to the list or just those approved by the owner. Additionally, if for some reason a list owner no longer wants his/her list hosted at Topica, he/she can easily delete it from our system (including the list's entry in our directory, the archives, and the subscribers). The freezing of list commands during the transition from Esosoft to Topica was done solely for the purpose of keeping the Esosoft and Topica versions of the lists in synch. Once the transition was accomplished, all the list commands were reinstated. Lastly, I would like to address the issue of content ownership. As our terms of service clearly state, "Topica does not claim ownership of the Content you transmit through Topica's Service". We have no intention, nor the right, to use the content in any way other than to provide our services. Our terms and conditions grant Topica a non-exclusive license to the content "solely for the purpose of providing Topica's hosting, archiving, subscription, and promotion services". Without this license, we could not legally offer our services. Additionally, our terms and conditions state that Topica's rights to the content are only in effect as long as the list is hosted at Topica. I hope that the above information helps clarify the issues that were raised in this forum. We are working hard at Topica to service the email list community and eagerly welcome feedback on how we could do a better job. Sincerely, Ariel Poler CEO, Topica Inc. ariel@get.topica.com ------------------------------ Date: Thu, 30 Dec 1999 01:25:13 -0500 From: Leggy <gurvits@idt.net> Subject: Re: Web Tracking and Data Matching Hit the Campaign Trail My name is Oleg Gurvits. I am a subscriber to Dave Farber's IP list and have read the article "Web Tracking and Data Matching Hit the Campaign Trail" there. I completely and totally disagree with all the privacy issues raised in that article, and with many other privacy-related issues usually raised in discussions. I do not think that what Bush and McCain are doing is an intrusion of my privacy. I do not think that when for-profit companies were doing what Bush and McCain are doing that is an intrusion of my privacy. Moreover, I welcome it. The reasons? Plain and simple. As long as all they are doing is making OFFERS, that does not preclude me from choosing to accept them or not. Bush and McCain are not implicitly redirecting me to their websites. They are giving me a banner that I am free to click on and free to ignore. The presence of the banner does not form my opinion. (Most of the hype on their websites won't influence me either, but that's a separate question.) Why is it so disturbing to many people that the banners are not random but tailored according to their past Web behavior? They are presenting an offer to you because they think you will be likely to accept it. But the actual decision is yours and yours only, Bush and McCain are NOT making it for you. Same goes for commercial companies. If they target their offers to me according to my past behavior, I will get better offers from them. I do not want any generic promotions - mostly, generic offers are useless to me. But if a company is smart enough to get my name from a database based on a criteria that I have shopped for computer books before and offer me a discount on a computer part, that's much better than me getting a generic discount on a baby seat for my minivan (I don't have children or own a minivan). And again, it is my choice to whether actually accept the deal. Therefore, I think that anyone who disables their cookies, doesn't view sites with JavaScript code or Java applets and doesn't fill out online forms so that their information cannot be collected is just a little too paranoid. If a person is worried that the mere presence of an offer can prompt her or him to take it, she or he has more general problems than the privacy issue. No one should assume that the best way to deal with temptation is to ban it. The strong-minded still want to have the choice of being marketed to. The regulations the government can pass are the worst way to deal with it. The government has proven, case after case, to know very little of the computer industry. The government in any form cannot move with the speed the computer industry is moving. It does not move fast enough even to catch up. I am afraid that what we will see is regulations passed on the principle "let's ban it for now until we have time to deal with it," or regulations based on the general fear derived from not understanding the subject or getting caught up in it too fast. Finally. Don't get me wrong - I support everyone who is against spam, as long as they are against it because it requires them to perform an action they would not have had to do otherwise (even if it's just deleting a message). I am personally against generic spam and generic junk mail. I do not dislike targeted marketing, though, because I discovered that generally, the offers I get are worth the hassle of dealing with it. I am not speaking for any company or political platform in this note. These are my personal views, which I have held for as long as I've been on the Net. The note is intentionally a little too harsh, and anyone who is offended is welcome to take it up with me - just send me an email at gurvits@idt.net. [ Additional comments from readers would also be welcome here at privacy@vortex.com. -- PRIVACY Forum Moderator ] ------------------------------ End of PRIVACY Forum Digest 08.24 ************************ </pre> <hr> <center> <A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p> <A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p> <A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p> </center> <p> <font size=-2>Copyright © 2000 Vortex Technology. All Rights Reserved.</font> </body> </HTML>