|
<HTML> <head><TITLE>PRIVACY Forum Archive Document - (priv.09.13) </TITLE></head> <body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#660099" alink="#ff0000"> <table border=0 cellpadding=0 cellspacing=0 width=100%> <tr> <td width=15%> <center> <table border=0 cellspacing=0 cellpadding=0 width=100%> <tr> <td> <table border=1 cellspacing=0 cellpadding=0> <tr> <td bgcolor="#ffffcc"> <center> <font face="Arial, Helvetica, sans-serif"> <a href="http://www.pfir.org"><b>PFIR</b></a> <b>Perspective</b> </font> </center> </td> </tr> <tr> <td bgcolor="#ccffff"> <img src="/ipissues1.jpg" border=0> <center> <font size=-1 face="Arial, Helvetica, sans-serif"> <b>"CRIME or FAIR USE?"</b> </font> </center> <table border=0 cellspacing=0 cellpadding=2 width=100%> <tr> <td bgcolor="#ffffff"> <table border=1 width=100%> <tr> <td> <table border=0 cellpadding=0 cellspacing=0 width=100%> <tr> <td> <a href="/pfir-p.ram"><img src="/spkr1.gif" border=0></a> </td> <td> <center> <font size=-1> <a href="/pfir-p.ram">Listen<br>RealAudio</a> </font> </center> </td> </tr> </table> </td> <td> <table border=0 cellpadding=1 cellspacing=0 width=100%> <tr> <td> <a href="/pfir-p.mp3"><img src="/spkr1.gif" border=0></a> </td> <td> <center> <font size=-1> <a href="/pfir-p.mp3">Listen<br>MP3</a> </font> </center> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </center> </td> <td align=center> <table border=1 cellpadding=0 cellspacing=0> <tr> <td bgcolor="#ffffcc"> <table border=0 cellpadding=0 cellspacing=4> <tr> <td> <center> <font face="Arial, Helvetica, sans-serif"> "<a href="/reality">REALITY RESET</a>" </font> </td> <td> <table border=1 cellpadding=1 cellspacing=2 width=100%> <tr> <td bgcolor="#ffffff"> Today: <a href="/reality/2001-03-27">"Spraying the TV Screen"</a> </td> </tr> </table> </center> </td> </tr> </table> </td> </tr> </table> <p> <font size=+2><b>PRIVACY Forum Archive Document</b></font> <A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A> <font size=-1 face="Arial, Helvetica, sans-serif"> <A href="http://www.pfir.org"><b>PFIR - "People For Internet Responsibility" Home Page</b></A> </font> <p> <font size=-1 face="Arial, Helvetica, sans-serif"> <A href="http://www.vortex.com"><b>Vortex Technology Home Page</b></A> </font> <p> <font size=-1 face="Arial, Helvetica, sans-serif"> <A href="/privmedia"><b>Radio, Television, and Press Contact Information</b></A> </font> <p> </td> </tr> </table> <hr> <PRE> PRIVACY Forum Digest Thursday, 20 April 2000 Volume 09 : Issue 13 (<A HREF="http://www.vortex.com/privacy/priv.09.13">http://www.vortex.com/privacy/priv.09.13</A>) Moderated by Lauren Weinstein (<A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>) Vortex Technology, Woodland Hills, CA, U.S.A. <A HREF="http://www.vortex.com">http://www.vortex.com</A> ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Massive Tracking of Web Users Planned -- Via ISPs! (Lauren Weinstein; PRIVACY Forum Moderator) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "<A HREF="mailto:privacy@vortex.com">privacy@vortex.com</A>" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "<A HREF="mailto:privacy-request@vortex.com">privacy-request@vortex.com</A>". Mailing list problems should be reported to "<A HREF="mailto:list-maint@vortex.com">list-maint@vortex.com</A>". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp <A HREF="ftp://ftp.vortex.com/">ftp.vortex.com</A>", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "<A HREF="http://gopher.vortex.com">gopher.vortex.com</A>/". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "<A HREF="http://www.vortex.com">http://www.vortex.com</A>"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 09, ISSUE 13 Quote for the day: "Have marshmallows got pits?" -- Shemp (Shemp Howard) "All Gummed Up" (Columbia; 1947) ---------------------------------------------------------------------- Date: Thu, 20 Apr 2000 18:04:08 -0700 (PDT) From: <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Massive Tracking of Web Users Planned -- Via ISPs! Greetings. This is not a delayed April Fools' Day joke. It's all too real, and I assume that you're already sitting down. Picture a world where information about your every move on the Web, including the sites that you visit, the keywords that you enter into search engines, and so on, are all shipped off to a third party, with the willing cooperation of your Internet Service Provider (ISP). None of those pesky cookies to disable, no outside Web sites to put on block lists--just a direct flow of data from your ISP to the unseen folks with the dollar signs (or pound, yen, euro, or whatever signs) gleaming brightly in their eyes behind the scenes. You'll of course be told that your information is "anonymous" and that you can trust everyone involved, that you'll derive immense benefits from such tracking, and that you have an (at least theoretical) opt-in or opt-out choice. But just for some frosting on the cake, also picture that if you avail yourself of the opportunity not to participate in such tracking (via opt-out or opt-in choices), that you either cannot use the associated ISPs at all, or will be faced with paying significantly higher fees than persons who are willing to play along with tracking. As you have no doubt guessed by now, this is not a theoretical scenario. We're on the verge of starting down the slippery slope to this end right now, with the imminent operations of Predictive Networks (<A HREF="http://www.predictivenetworks.com">http://www.predictivenetworks.com</A>) and other similar businesses also in the works. When I recently learned about Predictive (which has apparently been established for some time and seems to be well funded), I naturally visited their Web site, which was sadly lacking in obvious specifics such as an actual posted privacy policy. (I've since been told that this is a temporary condition which will shortly be remedied.) I spoke briefly with the firm's president and had a much more detailed chat with his V.P. for Business Development, and received an e-mailed copy of their privacy privacy. Both of these fellows were polite, cordial, and willing to provide me with the information I desired about their plans. Unfortunately, the more that I learned from these sources, the increasingly concerned I became. In brief, Predictive's business is to engage ISPs (not just "free" ISPs where usage tracking has become typical, but conventional fee-based ISPs as well) in arrangements where the ISP will directly feed Web usage data to Predictive. The firm also claims to be working with Internet backbone providers. To quote from Predictive's privacy policy: "Predictive Networks uses Digital Silhouettes to match Internet content and advertising with appropriate subscriber recipients. As a result, subscribers receive information that appeals to their current needs and interests. To develop a Digital Silhouette, The Predictive Network analyzes URL click-stream data, such as web pages visited, and date and time of visit. URLs are then evaluated against more than 120 affinity and demographic categories, and assigned a score between zero and one. The resulting Digital Silhouette is simply an anonymous set of numerical probabilities inferred from subscriber behavior. URL histories are not permanently stored and the data in the Digital Silhouette is not personally identifiable." and: "To provide subscribers with content most relevant to their current interests, The Predictive Network may retain key words from Internet searches. These key words are attached to the subscriber's anonymous Digital Silhouette and, like the Digital Silhouette itself, are not personally identifiable. The Predictive Network also gathers data about a subscribers' response to messages and content, which is used to fine-tune future messages and message format." It is Predictive's contention that they do not maintain an ongoing history of sites visited (URLs), and that the Digital Silhouettes are maintained in an "anonymous" fashion--so they feel that there is no violation of users' privacy. But outside of the fact that keyword search terms <B>themselves</B> can often contain personally-identifiable or other sensitive data, also note from the Predictive privacy policy that: "To optimize the format of the content delivered to subscribers, the anonymous Digital Silhouette may include specifications about the subscriber's computer, such as processor type, browser plug-ins and available memory. For some of our ISP partners, Predictive Networks may provide a built-in dialer system. Should an ISP select this option, The Predictive Network may require subscribers to furnish their ISP user name and password. This information will be used strictly for account authentication purposes and will not be associated with the subscriber's anonymous Digital Silhouette. Our ISP partners can also the leverage the power of The Predictive Network for customer service purposes. Should a subscriber's ISP select this option, the ISP user name may be matched with the Digital Silhouette ID number. This will allow The Predictive Network to send specific individuals important customer service information. In addition, some subscribers may elect to have email service from their ISP. Subscribers on The Predictive Network that choose this option may be required to supply Predictive Networks with their email address. This information is used for email notification only." In other words, there is a variety of personally-identifiable information that you may need to provide to Predictive at various times, and you are expected to trust Predictive not to purposely or accidentally misuse this data. You also must trust that Predictive will not associate this information with your "Digital Silhouette" in any manner--nor let anyone else make such an association. One wonders what would happen in the face of a court order to provide associated data for a civil or criminal proceeding or investigation. Most of the familiar problems we've seen in the past with so-called "anonymous" tracking systems are present in this case. Privacy policies can be changed at any time (e.g., the recent DoubleClick fiasco). Detailed data that is theoretically discarded in the process of building "anonymous" profiles could be preserved at any time, simply through software alterations. The very <B>existence</B> of these sorts of data collection and tracking infrastructures is of great concern. Even with the best of intentions, the possibility for abuse is impossible to ignore--and as we know there is a vacuum of laws to provide consumers with useful protections in these areas. Predictive claims that all of this effort is to bring better services to Web users. Their apparent view is that tracking people's usage to figure out what sorts of ads to send them is far better than simply <B>asking</B> people to select the sorts of materials that they might wish to receive. Of course, whenever you use automated techniques to try figure out what people want based on the Web sites they happen to visit, there is the possibility of embarrassing errors. For example, people may be suckered into pornography sites by misleading banner ads, and not be at all interested in receiving adult-oriented advertising. Similar errors relating to other topic areas can occur from any number of the inadvertent Web sites that all of us hit in the process of typical Web browsing. Predictive will let people see the profiles that have been built about them--but sometimes you'll have to <B>pay</B> for the privilege! There are other interesting catches as well: "In developing our anonymous subscriber Digital Silhouettes, Predictive Networks captures, analyzes and then discards URL click-stream data. While we do not permanently retain a record of each subscriber's usage, we can, upon request, make their Digital Silhouette available to them for review. Any subscriber on The Predictive Network has the right to view their Digital Silhouette free of charge twice during the calendar year. Subscribers will be charged $50.00 per request thereafter. Subscribers can obtain a copy of their Digital Silhouette by emailing Predictive Networks at <A HREF="mailto:silhouette@predictivenetworks.com">silhouette@predictivenetworks.com</A>. The email request must contain the subscriber's anonymous ID number, which can be found on their computer by holding down the shift key and right-clicking on about. The corresponding Digital Silhouette will be emailed back to the subscriber within approximately ten business days. Subscriber should note that by emailing Predictive Networks, they may be "identifying" themselves to the Company. While we do not incorporate this information into our Digital Silhouettes, we do maintain a separate record of Digital Silhouette requests for accounting and billing purposes. Should a subscriber object to any or all of the information contained in their Digital Silhouette, they can opt-out of The Predictive Network permanently, or opt-out and re-register, which will erase the existing Digital Silhouette and begin a new one. Again, Predictive Networks urges subscribers to consult their Internet service provider before opting-out as doing so may affect their Internet service and/or their Internet service rate." The last sentence above is of <B>special</B> interest to the question of how "optional" this tracking really would be. It is apparently Predictive's intention to encourage ISPs, both free and the conventional fee-based types, to partner with them to create new revenue streams for the ISPs (and for Predictive, of course). It would appear to be the plan that in most cases any use of free ISPs who have associated themselves with Predictive would be predicated on your acceptance of the tracking. You can opt-out, or refuse to opt-in, but then you can't use the ISP. Not much of an option! The details about the tracking may also be buried within an ISP's own privacy or other policy statements, making it even less likely that most people will ever bother reading or understanding all of the detailed ramifications of their using these systems. It also appears to be Predictive's intention to encourage fee-based ISPs to offer lower rates to users willing to be tracked. This can rapidly degrade into a coercive situation where users who do not wish to participate in such tracking will be forced to pay ever higher rates simply to maintain the same level of privacy and non-tracking that they had in the first place (as the immortal Alice learned, "running faster and faster to stay in the same place"...) Can ISPs resist this temptation? If not, the <B>fundamental</B> structure of the Internet and Web will be permanently changed in a manner that could make reasonably-priced, non-tracked Internet access a rapidly fading memory, and make all of the abuse potentials of these tracking technologies the status quo engrained within the Internet infrastructure. After Predictive gets their privacy policy online at their Web site, I urge everyone interested in these issues to read the entire text. There are many other interesting sections, such as how they're dealing with the issue of tracking children under the age of 13 (vis-a-vis the new Federal Trade Commission regulations on this topic). Basically, Predictive says that you either must keep such children away from the computer, or must agree that it's OK for the children to be tracked. It's all or nothing. Predictive of course says that they are very concerned about privacy. They told me that they're forming a "privacy advisory board"--and so on. I have a different suggestion. How about if the users of the Internet and World Wide Web, the millions and soon billions of individuals, take a stand while we still have the opportunity? We still have the chance to say that our personal information is our own and that our Web browsing behavior is private. We may yet be able to successfully assert that we won't be manipulated, coerced, or otherwise "bribed" into allowing our Web activities to (as "The Prisoner" put it) be "pushed, filed, stamped, indexed, briefed, debriefed, or numbered!" The Internet and Web have tremendous commercial potential. But it can be achieved ethically and without the use of obnoxious technologies that are being shoved down our throats like feed for animals destined for the dinner table. The firms who view the Internet as little more than a "cash cow" are already placing the software rings in our noses in an effort to see us made easier to manipulate and control. The stink of the slaughterhouse may not be far away. --Lauren-- Lauren Weinstein <A HREF="mailto:lauren@pfir.org">lauren@pfir.org</A> or <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> Co-Founder, PFIR: People for Internet Responsibility - <A HREF="http://www.pfir.org">http://www.pfir.org</A> Moderator, PRIVACY Forum - <A HREF="http://www.vortex.com">http://www.vortex.com</A> Member, ACM Committee on Computers and Public Policy ------------------------------ End of PRIVACY Forum Digest 09.13 ************************ </PRE> <hr> <center> <A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p> <A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p> <A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p> </center> <p> <font size=-2>Copyright © 2001 Vortex Technology. All Rights Reserved.</font> </BODY> </HTML>