<HTML>
<head><TITLE>PRIVACY Forum Archive Document - (priv.09.22) </TITLE></head>
<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#660099" alink="#ff0000">
<table border=0 cellpadding=0 cellspacing=0 width=100%>
<tr>
<td width=15%>
<center>
<table border=0 cellspacing=0 cellpadding=0 width=100%>
<tr>
<td>
<table border=1 cellspacing=0 cellpadding=0>
<tr>
<td bgcolor="#ffffcc">
<center>
<font face="Arial, Helvetica, sans-serif">
<a href="http://www.pfir.org"><b>PFIR</b></a> <b>Perspective</b>
</font>
</center>
</td>
</tr>
<tr>
<td bgcolor="#ccffff">
<img src="/ipissues1.jpg" border=0>
<center>
<font size=-1 face="Arial, Helvetica, sans-serif">
<b>"CRIME or FAIR USE?"</b>
</font>
</center>
<table border=0 cellspacing=0 cellpadding=2 width=100%>
<tr>
<td bgcolor="#ffffff">
<table border=1 width=100%>
<tr>
<td>
<table border=0 cellpadding=0 cellspacing=0 width=100%>
<tr>
<td>
<a href="/pfir-p.ram"><img src="/spkr1.gif" border=0></a>
</td>
<td>
<center>
<font size=-1>
<a href="/pfir-p.ram">Listen<br>RealAudio</a>
</font>
</center>
</td>
</tr>
</table>
</td>
<td>
<table border=0 cellpadding=1 cellspacing=0 width=100%>
<tr>
<td>
<a href="/pfir-p.mp3"><img src="/spkr1.gif" border=0></a>
</td>
<td>
<center>
<font size=-1>
<a href="/pfir-p.mp3">Listen<br>MP3</a>
</font>
</center>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</center>
</td>
<td align=center>
<table border=1 cellpadding=0 cellspacing=0>
<tr>
<td bgcolor="#ffffcc">
<table border=0 cellpadding=0 cellspacing=4>
<tr>
<td>
<center>
<font face="Arial, Helvetica, sans-serif">
"<a href="/reality">REALITY RESET</a>"
</font>
</td>
<td>
<table border=1 cellpadding=1 cellspacing=2 width=100%>
<tr>
<td bgcolor="#ffffff">
Today: <a href="/reality/2001-03-27">"Spraying the TV Screen"</a>
</td>
</tr>
</table>
</center>
</td>
</tr>
</table>
</td>
</tr>
</table>
<p>
<font size=+2><b>PRIVACY Forum Archive Document</b></font>
<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A>
<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="http://www.pfir.org"><b>PFIR - "People For Internet Responsibility" Home Page</b></A>
</font>
<p>
<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="http://www.vortex.com"><b>Vortex Technology Home Page</b></A>
</font>
<p>
<font size=-1 face="Arial, Helvetica, sans-serif">
<A href="/privmedia"><b>Radio, Television, and Press Contact Information</b></A>
</font>
<p>
</td>
</tr>
</table>
<hr>
<PRE>
PRIVACY Forum Digest Saturday, 28 October 2000 Volume 09 : Issue 22
(<A HREF="http://www.vortex.com/privacy/priv.09.22">http://www.vortex.com/privacy/priv.09.22</A>)
Moderated by Lauren Weinstein (<A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>)
Vortex Technology, Woodland Hills, CA, U.S.A.
<A HREF="http://www.vortex.com">http://www.vortex.com</A>
===== PRIVACY FORUM =====
-------------------------------------------------------------------
The PRIVACY Forum is supported in part by
the ACM (Association for Computing Machinery)
Committee on Computers and Public Policy,
Cable & Wireless USA, Cisco Systems, Inc.,
and Telos Systems.
- - -
These organizations do not operate or control the
PRIVACY Forum in any manner, and their support does not
imply agreement on their part with nor responsibility
for any materials posted on or related to the PRIVACY Forum.
-------------------------------------------------------------------
CONTENTS
"Pssst! Wanna Protect Your Privacy?"
(Lauren Weinstein; PRIVACY Forum Moderator)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
All submissions should be addressed to "<A HREF="mailto:privacy@vortex.com">privacy@vortex.com</A>" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"<A HREF="mailto:privacy-request@vortex.com">privacy-request@vortex.com</A>". Mailing list problems should be reported to
"<A HREF="mailto:list-maint@vortex.com">list-maint@vortex.com</A>".
All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp <A HREF="ftp://ftp.vortex.com/">ftp.vortex.com</A>",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system. Please follow the instructions above
for getting the list server "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.
All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "<A HREF="http://gopher.vortex.com">gopher.vortex.com</A>/". Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "<A HREF="http://www.vortex.com">http://www.vortex.com</A>";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------
VOLUME 09, ISSUE 22
Quote for the day:
"Fasten your seatbelts -- it's going to be a bumpy night!"
-- Margo Channing (Bette Davis)
"All About Eve" (Fox; 1950)
----------------------------------------------------------------------
Date: Sat, 28 Oct 2000 11:04 PDT
From: <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: "Pssst! Wanna Protect Your Privacy?"
= = = = = = = = =
"Pssst! Buddy! Come over here for a second ..."
Oh, great. A guy in a gray raincoat over a tattered leisure suit
trying to get my attention. It's late. I don't need this.
"Hey, buster -- I wanna tell you about somethin' important ..."
Why the blazes did Paul's Spark Plug and Punchcard Emporium have to be
located in this sleazy part of town?
"You care about your privacy and your credit rating, don't ya'?"
Hmmm. That got my attention. Glancing around to be sure that there
were some witnesses in case of an altercation, I took a step in the
stranger's direction. The interloper pulled out a heavily worn Palm
Pilot as I approached. I resisted the urge to inquire about the
noxious-looking green goo dripping from its case.
"We've made a deal with the big credit reporting agencies, and if you'll sign
up with us, we'll watch your credit reports and let you know if anything
negative shows up or if there are indications of identity fraud."
Interesting concept, though realistically not too exciting. Perhaps
such a thing would be marginally useful for some folks in very special
situations. But most people could handle this by themselves without
the need of this guy. Still, I might as well find out more ...
"How does it work?"
"Simple! I just need a few little pieces of information to sign you up."
"Such as?"
"Well, your name, your address, your previous address if you moved in the
last couple of years. Your date of birth. Your Social Security Number.
Your ..."
"Whoaa! Just a minute, now. That's a lot of rather valuable
personal information! Hell, it's all anybody needs to
<B>commit</B> identity fraud if it fell into the wrong hands!"
"Hey! Who ya' calling a crook?"
"Well, nobody, but how do I know I can trust you?"
"Look, buddy, you gotta trust someone, or what kind of world
are we left with? Do I look like someone who would abuse your
personal data? Look at my puppy dog face! Can't we all
just get along and work together?"
"Er, well, for the sake of the argument, let's say I trust you. How do
I know you'll protect my personal data from outside abuse, hackers,
and the like?"
"You've got nuttin' to worry about there, brother!" (He paused to wipe some
of the green slime from his Palm Pilot, which was now beginning to emit an
ominous whining sound ...) "We use industry standard security systems -- you
know -- Secure Socket Layers, encryption, all that kind of good whiz-bang
technical stuff. Super-secure Web sites. Like they said at Westworld,
nothing can go wrong!"
"Uh, that's all well and good, but it seems like every other day I
hear about so-called secure Web sites being hacked, or accidentally
exposing their databases on the Web through misconfigurations and
errors and such. Wouldn't a site like yours with so many personal
goodies on it be a natural target for hackers?"
"Hackers, slackers! You think we're running scared from a bunch of
snotty-nosed kids trying to log-in through modified video games? Look,
we're professionals!" (At the word "professionals" he pulled out a small
orange bottle of nose spray and inhaled it noisily into each nostril.)
"And with whom do you share the personal data that you
collect from your subscribers in the course of your services?"
"Share? Hell, nobody! Well, almost nobody. Uh, let me put it this way, we
only share your individual personal data with the credit reporting agencies
so you can be positively identified and we can get your credit reports.
And, uh, we share your personal data with the outside third parties doing
work and providing services for us. And we release aggregated data too, of
course. But all the folks who get your individual personal data are really
swell guys! And they all gotta abide by our privacy policies! I vouch for
them personally!"
"Somehow that's not completely reassuring. How can you really enforce
this? If your third party partners screw up with my personal data,
what's my recourse? Can they use their <B>own</B> third party suppliers as
well? This seems like a house of cards to me!"
"You interested in cards? What's your game? Er, never mind. Are you
suggesting that the people we work with can't be trusted or might make
mistakes that would affect your personal data? Hey, if any of the outfits
working for us mess up with personal data, they won't be getting a single
penny additional from us! They might as well send their invoices to
Howdy Doody or Dan Quayle!"
"Wooden-headed potato jokes notwithstanding, that doesn't sound like
it really helps me much if there's human or technical error, even with
the best of intentions. But that aside, how do I know that your
privacy policies won't be altered somewhere down the line? Will they
never change in ways that could affect my personal data?"
"Never say never! Who do I look like -- Criswell? Ha, ha! Seriously bro,
it's pretty silly to worry about the future, just live for today and you'll
be a lot happier for it! Make love, not war. I'm a lover, not a fighter.
Ya' think we'd bushwhack you or something?"
"Hmmm. So if you go bankrupt or sell out you won't provide my
personal data to someone else?"
"Huh? I never said that. Of course if we decide to sell out most of our
assets or merge with someone else or something like that, your personal
data is part of the pot! Personal data is money and money is honey! But
when we transfer your personal data to someone, they still have to agree to
abide by our privacy policies."
"And again, just how do you enforce that?"
"Man, you have a real attitude problem. What are you, some sort of privacy
<B>freak</B> or something? I suppose you're also opposed to mandatory Internet
filters, drug company pricing policies, and tax cuts for Bill Gates!
What's this country coming to? Ya' know, if you're so concerned about
privacy that you won't play the game, maybe you should just take care of
your own privacy by yourself and not be wasting your time with me!"
Before I could reply, he glanced down at his Palm Pilot screen, muttered
incomprehensibly, and ran off, no doubt in search of a new potential
mark for his "privacy" pitch. I turned away and headed back up the
street. Mercifully, I never saw "raincoat man" again. But I know he's
still out there.
Somewhere.
= = = = = = = = =
Greetings. Our friend "raincoat man" above is of course purely fictional,
and doesn't represent any real person or organization. But the basic issues
brought out in the course of the dialogue are quite real, and should be of
serious concern to us all.
"Privacy-related services" are now being viewed in some quarters as big
businesses and potentially lucrative profit centers. We're now seeing the
creation of all manners of enterprises who assert that they will help
individuals or firms maintain or enhance their personal or corporate
privacy.
One example that has gotten a good deal of recent press is "Privista"
(<A HREF="http://www.privista.com">http://www.privista.com</A>) whose slogan is "Your privacy is our concern."
Privista tracks activity on your credit reports, and says that they let you
know if anything "odd" turns up. To do so, they require an array of your
personal information, which they assert is protected through "industry
standard" security systems. Their privacy policy
(<A HREF="http://app1.privista.com/information/privacy_policy.html">http://app1.privista.com/information/privacy_policy.html</A>) points out that:
"The information requested may include your name, e-mail, your
current address, previous address (if you have lived at your
current address for less than two years), date of birth, social
security number, and other personal information."
This data may be provided to third parties in the normal course of
their business:
"We transfer personal information about you to third parties in
order to provide you with the services you have specifically
requested to receive."
...
"We may use third party suppliers and service providers to
facilitate our services. For example, we may outsource the
operations of one or more aspects of our Web site to a supplier
or service provider who performs services according to our
requirements. In all cases, those parties will be bound by our
privacy policies."
Your personal data may also be handed over to other parties as
part of company assets:
"We may also disclose such information to third parties as we, in
our sole discretion, believe necessary or appropriate, in
connection with our merger or consolidation with, or sale of
substantially all of our assets to such third party, provided
that such third party agrees to comply with the privacy policy
that applies to your personal information."
Is there anything particularly unusual about these sorts of attitudes
and clauses in today's business world? Unfortunately, the answer
is clearly no. It's all very much standard operating procedure
-- completely legitimate and lawful in most cases.
That does not mean we should find such procedures to be acceptable,
however. We must expect our political leaders, representatives, and
judicial systems to be willing to <B>balance</B> the needs of industry and
commerce with the privacy and information rights of individuals. The
business interests' side cannot be allowed to unreasonably dominate the
equation indefinitely, especially in the face of continuing mega-mergers and
monopolistic practices that increasingly aggregate personal information
amongst fewer and fewer corporate players. Achieving a real and fair balance
is critical!
In the meantime, individuals might be well served by considering carefully
before involving third-party services in the management of personal
information or other privacy matters, however well-motivated and honest
those services might turn out to be in some cases.
Sometimes "doing it yourself" really is the only safe choice! Take care.
And watch out for raincoat man!
--Lauren--
Lauren Weinstein
<A HREF="mailto:lauren@pfir.org">lauren@pfir.org</A> or <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> or <A HREF="mailto:lauren@privacyforum.org">lauren@privacyforum.org</A>
Co-Founder, PFIR: People For Internet Responsibility - <A HREF="http://www.pfir.org">http://www.pfir.org</A>
Moderator, PRIVACY Forum - <A HREF="http://www.vortex.com">http://www.vortex.com</A>
Member, ACM Committee on Computers and Public Policy
------------------------------
End of PRIVACY Forum Digest 09.22
************************
</PRE>
<hr>
<center>
<A href="/privacy"><h3>PRIVACY Forum Home Page</h3></A><p>
<A href="http://www.vortex.com"><h4><i>Vortex Technology Home Page</i></h4></A><p>
<A href="/privmedia"><h4>Radio, Television, and Press Contact Information</h4></A><p>
</center>
<p>
<font size=-2>Copyright © 2001 Vortex Technology. All Rights Reserved.</font>
</BODY>
</HTML>
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
