|
<HTML> <head><TITLE>PRIVACY Forum Archive Document - (priv.09.22) </TITLE></head> <body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#660099" alink="#ff0000"> <table border=0 cellpadding=0 cellspacing=0 width=100%> <tr> <td width=15%> <center> <table border=0 cellspacing=0 cellpadding=0 width=100%> <tr> <td> <table border=1 cellspacing=0 cellpadding=0> <tr> <td bgcolor="#ffffcc"> <center> <font face="Arial, Helvetica, sans-serif"> <a href="http://www.pfir.org"><b>PFIR</b></a> <b>Perspective</b> </font> </center> </td> </tr> <tr> <td bgcolor="#ccffff"> <img src="/ipissues1.jpg" border=0> <center> <font size=-1 face="Arial, Helvetica, sans-serif"> <b>"CRIME or FAIR USE?"</b> </font> </center> <table border=0 cellspacing=0 cellpadding=2 width=100%> <tr> <td bgcolor="#ffffff"> <table border=1 width=100%> <tr> <td> <table border=0 cellpadding=0 cellspacing=0 width=100%> <tr> <td> <a href="/pfir-p.ram"><img src="/spkr1.gif" border=0></a> </td> <td> <center> <font size=-1> <a href="/pfir-p.ram">Listen<br>RealAudio</a> </font> </center> </td> </tr> </table> </td> <td> <table border=0 cellpadding=1 cellspacing=0 width=100%> <tr> <td> <a href="/pfir-p.mp3"><img src="/spkr1.gif" border=0></a> </td> <td> <center> <font size=-1> <a href="/pfir-p.mp3">Listen<br>MP3</a> </font> </center> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </center> </td> <td align=center> <table border=1 cellpadding=0 cellspacing=0> <tr> <td bgcolor="#ffffcc"> <table border=0 cellpadding=0 cellspacing=4> <tr> <td> <center> <font face="Arial, Helvetica, sans-serif"> "<a href="/reality">REALITY RESET</a>" </font> </td> <td> <table border=1 cellpadding=1 cellspacing=2 width=100%> <tr> <td bgcolor="#ffffff"> Today: <a href="/reality/2001-03-27">"Spraying the TV Screen"</a> </td> </tr> </table> </center> </td> </tr> </table> </td> </tr> </table> <p> <font size=+2><b>PRIVACY Forum Archive Document</b></font> <A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A> <font size=-1 face="Arial, Helvetica, sans-serif"> <A href="http://www.pfir.org"><b>PFIR - "People For Internet Responsibility" Home Page</b></A> </font> <p> <font size=-1 face="Arial, Helvetica, sans-serif"> <A href="http://www.vortex.com"><b>Vortex Technology Home Page</b></A> </font> <p> <font size=-1 face="Arial, Helvetica, sans-serif"> <A href="/privmedia"><b>Radio, Television, and Press Contact Information</b></A> </font> <p> </td> </tr> </table> <hr> <PRE> PRIVACY Forum Digest Saturday, 28 October 2000 Volume 09 : Issue 22 (<A HREF="http://www.vortex.com/privacy/priv.09.22">http://www.vortex.com/privacy/priv.09.22</A>) Moderated by Lauren Weinstein (<A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>) Vortex Technology, Woodland Hills, CA, U.S.A. <A HREF="http://www.vortex.com">http://www.vortex.com</A> ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS "Pssst! Wanna Protect Your Privacy?" (Lauren Weinstein; PRIVACY Forum Moderator) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "<A HREF="mailto:privacy@vortex.com">privacy@vortex.com</A>" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "<A HREF="mailto:privacy-request@vortex.com">privacy-request@vortex.com</A>". Mailing list problems should be reported to "<A HREF="mailto:list-maint@vortex.com">list-maint@vortex.com</A>". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp <A HREF="ftp://ftp.vortex.com/">ftp.vortex.com</A>", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "<A HREF="http://gopher.vortex.com">gopher.vortex.com</A>/". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "<A HREF="http://www.vortex.com">http://www.vortex.com</A>"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 09, ISSUE 22 Quote for the day: "Fasten your seatbelts -- it's going to be a bumpy night!" -- Margo Channing (Bette Davis) "All About Eve" (Fox; 1950) ---------------------------------------------------------------------- Date: Sat, 28 Oct 2000 11:04 PDT From: <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> (Lauren Weinstein; PRIVACY Forum Moderator) Subject: "Pssst! Wanna Protect Your Privacy?" = = = = = = = = = "Pssst! Buddy! Come over here for a second ..." Oh, great. A guy in a gray raincoat over a tattered leisure suit trying to get my attention. It's late. I don't need this. "Hey, buster -- I wanna tell you about somethin' important ..." Why the blazes did Paul's Spark Plug and Punchcard Emporium have to be located in this sleazy part of town? "You care about your privacy and your credit rating, don't ya'?" Hmmm. That got my attention. Glancing around to be sure that there were some witnesses in case of an altercation, I took a step in the stranger's direction. The interloper pulled out a heavily worn Palm Pilot as I approached. I resisted the urge to inquire about the noxious-looking green goo dripping from its case. "We've made a deal with the big credit reporting agencies, and if you'll sign up with us, we'll watch your credit reports and let you know if anything negative shows up or if there are indications of identity fraud." Interesting concept, though realistically not too exciting. Perhaps such a thing would be marginally useful for some folks in very special situations. But most people could handle this by themselves without the need of this guy. Still, I might as well find out more ... "How does it work?" "Simple! I just need a few little pieces of information to sign you up." "Such as?" "Well, your name, your address, your previous address if you moved in the last couple of years. Your date of birth. Your Social Security Number. Your ..." "Whoaa! Just a minute, now. That's a lot of rather valuable personal information! Hell, it's all anybody needs to <B>commit</B> identity fraud if it fell into the wrong hands!" "Hey! Who ya' calling a crook?" "Well, nobody, but how do I know I can trust you?" "Look, buddy, you gotta trust someone, or what kind of world are we left with? Do I look like someone who would abuse your personal data? Look at my puppy dog face! Can't we all just get along and work together?" "Er, well, for the sake of the argument, let's say I trust you. How do I know you'll protect my personal data from outside abuse, hackers, and the like?" "You've got nuttin' to worry about there, brother!" (He paused to wipe some of the green slime from his Palm Pilot, which was now beginning to emit an ominous whining sound ...) "We use industry standard security systems -- you know -- Secure Socket Layers, encryption, all that kind of good whiz-bang technical stuff. Super-secure Web sites. Like they said at Westworld, nothing can go wrong!" "Uh, that's all well and good, but it seems like every other day I hear about so-called secure Web sites being hacked, or accidentally exposing their databases on the Web through misconfigurations and errors and such. Wouldn't a site like yours with so many personal goodies on it be a natural target for hackers?" "Hackers, slackers! You think we're running scared from a bunch of snotty-nosed kids trying to log-in through modified video games? Look, we're professionals!" (At the word "professionals" he pulled out a small orange bottle of nose spray and inhaled it noisily into each nostril.) "And with whom do you share the personal data that you collect from your subscribers in the course of your services?" "Share? Hell, nobody! Well, almost nobody. Uh, let me put it this way, we only share your individual personal data with the credit reporting agencies so you can be positively identified and we can get your credit reports. And, uh, we share your personal data with the outside third parties doing work and providing services for us. And we release aggregated data too, of course. But all the folks who get your individual personal data are really swell guys! And they all gotta abide by our privacy policies! I vouch for them personally!" "Somehow that's not completely reassuring. How can you really enforce this? If your third party partners screw up with my personal data, what's my recourse? Can they use their <B>own</B> third party suppliers as well? This seems like a house of cards to me!" "You interested in cards? What's your game? Er, never mind. Are you suggesting that the people we work with can't be trusted or might make mistakes that would affect your personal data? Hey, if any of the outfits working for us mess up with personal data, they won't be getting a single penny additional from us! They might as well send their invoices to Howdy Doody or Dan Quayle!" "Wooden-headed potato jokes notwithstanding, that doesn't sound like it really helps me much if there's human or technical error, even with the best of intentions. But that aside, how do I know that your privacy policies won't be altered somewhere down the line? Will they never change in ways that could affect my personal data?" "Never say never! Who do I look like -- Criswell? Ha, ha! Seriously bro, it's pretty silly to worry about the future, just live for today and you'll be a lot happier for it! Make love, not war. I'm a lover, not a fighter. Ya' think we'd bushwhack you or something?" "Hmmm. So if you go bankrupt or sell out you won't provide my personal data to someone else?" "Huh? I never said that. Of course if we decide to sell out most of our assets or merge with someone else or something like that, your personal data is part of the pot! Personal data is money and money is honey! But when we transfer your personal data to someone, they still have to agree to abide by our privacy policies." "And again, just how do you enforce that?" "Man, you have a real attitude problem. What are you, some sort of privacy <B>freak</B> or something? I suppose you're also opposed to mandatory Internet filters, drug company pricing policies, and tax cuts for Bill Gates! What's this country coming to? Ya' know, if you're so concerned about privacy that you won't play the game, maybe you should just take care of your own privacy by yourself and not be wasting your time with me!" Before I could reply, he glanced down at his Palm Pilot screen, muttered incomprehensibly, and ran off, no doubt in search of a new potential mark for his "privacy" pitch. I turned away and headed back up the street. Mercifully, I never saw "raincoat man" again. But I know he's still out there. Somewhere. = = = = = = = = = Greetings. Our friend "raincoat man" above is of course purely fictional, and doesn't represent any real person or organization. But the basic issues brought out in the course of the dialogue are quite real, and should be of serious concern to us all. "Privacy-related services" are now being viewed in some quarters as big businesses and potentially lucrative profit centers. We're now seeing the creation of all manners of enterprises who assert that they will help individuals or firms maintain or enhance their personal or corporate privacy. One example that has gotten a good deal of recent press is "Privista" (<A HREF="http://www.privista.com">http://www.privista.com</A>) whose slogan is "Your privacy is our concern." Privista tracks activity on your credit reports, and says that they let you know if anything "odd" turns up. To do so, they require an array of your personal information, which they assert is protected through "industry standard" security systems. Their privacy policy (<A HREF="http://app1.privista.com/information/privacy_policy.html">http://app1.privista.com/information/privacy_policy.html</A>) points out that: "The information requested may include your name, e-mail, your current address, previous address (if you have lived at your current address for less than two years), date of birth, social security number, and other personal information." This data may be provided to third parties in the normal course of their business: "We transfer personal information about you to third parties in order to provide you with the services you have specifically requested to receive." ... "We may use third party suppliers and service providers to facilitate our services. For example, we may outsource the operations of one or more aspects of our Web site to a supplier or service provider who performs services according to our requirements. In all cases, those parties will be bound by our privacy policies." Your personal data may also be handed over to other parties as part of company assets: "We may also disclose such information to third parties as we, in our sole discretion, believe necessary or appropriate, in connection with our merger or consolidation with, or sale of substantially all of our assets to such third party, provided that such third party agrees to comply with the privacy policy that applies to your personal information." Is there anything particularly unusual about these sorts of attitudes and clauses in today's business world? Unfortunately, the answer is clearly no. It's all very much standard operating procedure -- completely legitimate and lawful in most cases. That does not mean we should find such procedures to be acceptable, however. We must expect our political leaders, representatives, and judicial systems to be willing to <B>balance</B> the needs of industry and commerce with the privacy and information rights of individuals. The business interests' side cannot be allowed to unreasonably dominate the equation indefinitely, especially in the face of continuing mega-mergers and monopolistic practices that increasingly aggregate personal information amongst fewer and fewer corporate players. Achieving a real and fair balance is critical! In the meantime, individuals might be well served by considering carefully before involving third-party services in the management of personal information or other privacy matters, however well-motivated and honest those services might turn out to be in some cases. Sometimes "doing it yourself" really is the only safe choice! Take care. And watch out for raincoat man! --Lauren-- Lauren Weinstein <A HREF="mailto:lauren@pfir.org">lauren@pfir.org</A> or <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> or <A HREF="mailto:lauren@privacyforum.org">lauren@privacyforum.org</A> Co-Founder, PFIR: People For Internet Responsibility - <A HREF="http://www.pfir.org">http://www.pfir.org</A> Moderator, PRIVACY Forum - <A HREF="http://www.vortex.com">http://www.vortex.com</A> Member, ACM Committee on Computers and Public Policy ------------------------------ End of PRIVACY Forum Digest 09.22 ************************ </PRE> <hr> <center> <A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p> <A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p> <A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p> </center> <p> <font size=-2>Copyright © 2001 Vortex Technology. All Rights Reserved.</font> </BODY> </HTML>