TUCoPS :: Privacy :: priv0922.txt

Privacy Digest 09.22

<head><TITLE>PRIVACY Forum Archive Document - (priv.09.22) </TITLE></head>
<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#660099" alink="#ff0000">

<table border=0 cellpadding=0 cellspacing=0 width=100%>

<td width=15%>


<table border=0 cellspacing=0 cellpadding=0 width=100%>

<table border=1 cellspacing=0 cellpadding=0>
<td bgcolor="#ffffcc">

<font face="Arial, Helvetica, sans-serif">
<a href="http://www.pfir.org"><b>PFIR</b></a> <b>Perspective</b>



<td bgcolor="#ccffff">
<img src="/ipissues1.jpg" border=0>

<font size=-1 face="Arial, Helvetica, sans-serif">
<b>"CRIME or FAIR USE?"</b>

<table border=0 cellspacing=0 cellpadding=2 width=100%>

<td bgcolor="#ffffff">

<table border=1 width=100%>

<table border=0 cellpadding=0 cellspacing=0 width=100%>
<a href="/pfir-p.ram"><img src="/spkr1.gif" border=0></a>
<font size=-1>
<a href="/pfir-p.ram">Listen<br>RealAudio</a>



<table border=0 cellpadding=1 cellspacing=0 width=100%>
<a href="/pfir-p.mp3"><img src="/spkr1.gif" border=0></a>
<font size=-1>
<a href="/pfir-p.mp3">Listen<br>MP3</a>








<td align=center>

<table border=1 cellpadding=0 cellspacing=0>
<td bgcolor="#ffffcc">

<table border=0 cellpadding=0 cellspacing=4>


<font face="Arial, Helvetica, sans-serif">
"<a href="/reality">REALITY RESET</a>"


<table border=1 cellpadding=1 cellspacing=2 width=100%>
<td bgcolor="#ffffff">
&nbsp;Today: <a href="/reality/2001-03-27">"Spraying the TV Screen"</a>




<font size=+2><b>PRIVACY Forum Archive Document</b></font>

<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A>

<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="http://www.pfir.org"><b>PFIR - "People For Internet Responsibility" Home Page</b></A>

<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="http://www.vortex.com"><b>Vortex Technology Home Page</b></A>

<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="/privmedia"><b>Radio, Television, and Press Contact Information</b></A>


PRIVACY Forum Digest     Saturday, 28 October 2000     Volume 09 : Issue 22

                (<A HREF="http://www.vortex.com/privacy/priv.09.22">http://www.vortex.com/privacy/priv.09.22</A>)

            Moderated by Lauren Weinstein (<A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                         <A HREF="http://www.vortex.com">http://www.vortex.com</A> 
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
                 Committee on Computers and Public Policy,      
                 Cable &amp; Wireless USA, Cisco Systems, Inc., 
                           and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

        "Pssst!  Wanna Protect Your Privacy?"
           (Lauren Weinstein; PRIVACY Forum Moderator)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "<A HREF="mailto:privacy@vortex.com">privacy@vortex.com</A>" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"<A HREF="mailto:privacy-request@vortex.com">privacy-request@vortex.com</A>".  Mailing list problems should be reported to
"<A HREF="mailto:list-maint@vortex.com">list-maint@vortex.com</A>". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp <A HREF="ftp://ftp.vortex.com/">ftp.vortex.com</A>",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions above
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "<A HREF="http://gopher.vortex.com">gopher.vortex.com</A>/".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "<A HREF="http://www.vortex.com">http://www.vortex.com</A>";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


     Quote for the day:

        "Fasten your seatbelts -- it's going to be a bumpy night!"

                -- Margo Channing (Bette Davis)
                   "All About Eve" (Fox; 1950)


Date:    Sat, 28 Oct 2000 11:04 PDT
From:    <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: "Pssst!  Wanna Protect Your Privacy?"

                        = = = = = = = = =

"Pssst!  Buddy!  Come over here for a second ..."

     Oh, great.  A guy in a gray raincoat over a tattered leisure suit
     trying to get my attention.  It's late.  I don't need this.

"Hey, buster -- I wanna tell you about somethin' important ..."

     Why the blazes did Paul's Spark Plug and Punchcard Emporium have to be
     located in this sleazy part of town?  

"You care about your privacy and your credit rating, don't ya'?"

     Hmmm.  That got my attention.  Glancing around to be sure that there
     were some witnesses in case of an altercation, I took a step in the
     stranger's direction.  The interloper pulled out a heavily worn Palm
     Pilot as I approached.  I resisted the urge to inquire about the 
     noxious-looking green goo dripping from its case.

"We've made a deal with the big credit reporting agencies, and if you'll sign
 up with us, we'll watch your credit reports and let you know if anything
 negative shows up or if there are indications of identity fraud."

     Interesting concept, though realistically not too exciting.  Perhaps
     such a thing would be marginally useful for some folks in very special
     situations.  But most people could handle this by themselves without
     the need of this guy.  Still, I might as well find out more ...

     "How does it work?"

"Simple!  I just need a few little pieces of information to sign you up."

     "Such as?"

"Well, your name, your address, your previous address if you moved in the
 last couple of years.  Your date of birth.  Your Social Security Number.
 Your ..."

     "Whoaa!  Just a minute, now.  That's a lot of rather valuable
      personal information!  Hell, it's all anybody needs to
      <B>commit</B> identity fraud if it fell into the wrong hands!"

"Hey!  Who ya' calling a crook?"

     "Well, nobody, but how do I know I can trust you?"

"Look, buddy, you gotta trust someone, or what kind of world
 are we left with?  Do I look like someone who would abuse your
 personal data?  Look at my puppy dog face!  Can't we all
 just get along and work together?"

     "Er, well, for the sake of the argument, let's say I trust you.  How do
      I know you'll protect my personal data from outside abuse, hackers,
      and the like?"

"You've got nuttin' to worry about there, brother!"  (He paused to wipe some
 of the green slime from his Palm Pilot, which was now beginning to emit an
 ominous whining sound ...)  "We use industry standard security systems -- you
 know -- Secure Socket Layers, encryption, all that kind of good whiz-bang
 technical stuff.  Super-secure Web sites.  Like they said at Westworld,
 nothing can go wrong!"

     "Uh, that's all well and good, but it seems like every other day I
      hear about so-called secure Web sites being hacked, or accidentally
      exposing their databases on the Web through misconfigurations and
      errors and such.  Wouldn't a site like yours with so many personal
      goodies on it be a natural target for hackers?"

"Hackers, slackers!  You think we're running scared from a bunch of
 snotty-nosed kids trying to log-in through modified video games?  Look,
 we're professionals!"  (At the word "professionals" he pulled out a small
 orange bottle of nose spray and inhaled it noisily into each nostril.)

     "And with whom do you share the personal data that you
      collect from your subscribers in the course of your services?"

"Share?  Hell, nobody!  Well, almost nobody.  Uh, let me put it this way, we
 only share your individual personal data with the credit reporting agencies
 so you can be positively identified and we can get your credit reports.
 And, uh, we share your personal data with the outside third parties doing
 work and providing services for us.  And we release aggregated data too, of
 course.  But all the folks who get your individual personal data are really
 swell guys!  And they all gotta abide by our privacy policies!  I vouch for
 them personally!"

     "Somehow that's not completely reassuring.  How can you really enforce
      this?  If your third party partners screw up with my personal data,
      what's my recourse?  Can they use their <B>own</B> third party suppliers as
      well?  This seems like a house of cards to me!"

"You interested in cards?  What's your game?  Er, never mind.  Are you
 suggesting that the people we work with can't be trusted or might make
 mistakes that would affect your personal data?  Hey, if any of the outfits
 working for us mess up with personal data, they won't be getting a single
 penny additional from us!  They might as well send their invoices to 
 Howdy Doody or Dan Quayle!"

     "Wooden-headed potato jokes notwithstanding, that doesn't sound like
      it really helps me much if there's human or technical error, even with
      the best of intentions.  But that aside, how do I know that your
      privacy policies won't be altered somewhere down the line?  Will they
      never change in ways that could affect my personal data?"

"Never say never!  Who do I look like -- Criswell?  Ha, ha!  Seriously bro,
 it's pretty silly to worry about the future, just live for today and you'll
 be a lot happier for it!  Make love, not war.  I'm a lover, not a fighter.
 Ya' think we'd bushwhack you or something?"

     "Hmmm.  So if you go bankrupt or sell out you won't provide my
      personal data to someone else?"

"Huh?  I never said that.  Of course if we decide to sell out most of our
 assets or merge with someone else or something like that, your personal
 data is part of the pot!  Personal data is money and money is honey!  But
 when we transfer your personal data to someone, they still have to agree to
 abide by our privacy policies."
     "And again, just how do you enforce that?"

"Man, you have a real attitude problem.  What are you, some sort of privacy
 <B>freak</B> or something?  I suppose you're also opposed to mandatory Internet
 filters, drug company pricing policies, and tax cuts for Bill Gates!
 What's this country coming to?  Ya' know, if you're so concerned about
 privacy that you won't play the game, maybe you should just take care of
 your own privacy by yourself and not be wasting your time with me!"

     Before I could reply, he glanced down at his Palm Pilot screen, muttered
     incomprehensibly, and ran off, no doubt in search of a new potential
     mark for his "privacy" pitch.  I turned away and headed back up the
     street.  Mercifully, I never saw "raincoat man" again.  But I know he's
     still out there.


                        = = = = = = = = =

Greetings.  Our friend "raincoat man" above is of course purely fictional,
and doesn't represent any real person or organization.  But the basic issues
brought out in the course of the dialogue are quite real, and should be of
serious concern to us all.

"Privacy-related services" are now being viewed in some quarters as big
businesses and potentially lucrative profit centers.  We're now seeing the
creation of all manners of enterprises who assert that they will help
individuals or firms maintain or enhance their personal or corporate

One example that has gotten a good deal of recent press is "Privista"
(<A HREF="http://www.privista.com">http://www.privista.com</A>) whose slogan is "Your privacy is our concern."
Privista tracks activity on your credit reports, and says that they let you
know if anything "odd" turns up.  To do so, they require an array of your
personal information, which they assert is protected through "industry
standard" security systems.  Their privacy policy
(<A HREF="http://app1.privista.com/information/privacy_policy.html">http://app1.privista.com/information/privacy_policy.html</A>) points out that:

         "The information requested may include your name, e-mail, your
          current address, previous address (if you have lived at your
          current address for less than two years), date of birth, social
          security number, and other personal information."

This data may be provided to third parties in the normal course of
their business:

         "We transfer personal information about you to third parties in
          order to provide you with the services you have specifically
          requested to receive."


         "We may use third party suppliers and service providers to
          facilitate our services. For example, we may outsource the
          operations of one or more aspects of our Web site to a supplier
          or service provider who performs services according to our
          requirements. In all cases, those parties will be bound by our
          privacy policies."

Your personal data may also be handed over to other parties as
part of company assets:

         "We may also disclose such information to third parties as we, in
          our sole discretion, believe necessary or appropriate, in
          connection with our merger or consolidation with, or sale of
          substantially all of our assets to such third party, provided
          that such third party agrees to comply with the privacy policy
          that applies to your personal information."

Is there anything particularly unusual about these sorts of attitudes
and clauses in today's business world?  Unfortunately, the answer
is clearly no.  It's all very much standard operating procedure
-- completely legitimate and lawful in most cases.

That does not mean we should find such procedures to be acceptable,
however.  We must expect our political leaders, representatives, and
judicial systems to be willing to <B>balance</B> the needs of industry and
commerce with the privacy and information rights of individuals.  The
business interests' side cannot be allowed to unreasonably dominate the
equation indefinitely, especially in the face of continuing mega-mergers and
monopolistic practices that increasingly aggregate personal information
amongst fewer and fewer corporate players.  Achieving a real and fair balance
is critical!

In the meantime, individuals might be well served by considering carefully
before involving third-party services in the management of personal
information or other privacy matters, however well-motivated and honest
those services might turn out to be in some cases.

Sometimes "doing it yourself" really is the only safe choice!  Take care.
And watch out for raincoat man!

Lauren Weinstein
<A HREF="mailto:lauren@pfir.org">lauren@pfir.org</A> or <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> or <A HREF="mailto:lauren@privacyforum.org">lauren@privacyforum.org</A>
Co-Founder, PFIR: People For Internet Responsibility - <A HREF="http://www.pfir.org">http://www.pfir.org</A>
Moderator, PRIVACY Forum - <A HREF="http://www.vortex.com">http://www.vortex.com</A>
Member, ACM Committee on Computers and Public Policy


End of PRIVACY Forum Digest 09.22

<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p>
<A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p>
<A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p>

<font size=-2>Copyright &copy; 2001 Vortex Technology.  All Rights Reserved.</font> 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH