TUCoPS :: Privacy :: priv_611.txt

Privacy Digest 6.11 8/10/97

The following document is from the PRIVACY Forum Archive at 
Vortex Technology, Woodland Hills, California, U.S.A.

For direct web access to the PRIVACY Forum and PRIVACY Forum Radio,
including detailed information, archives, keyword searching, and 
related facilities, please visit the PRIVACY Forum via the web URL:



PRIVACY Forum Digest      Sunday, 10 August 1997      Volume 06 : Issue 11

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
                    the ACM (Association for Computing)     
	         Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
      of MCI Telecommunications Corporation), and Cisco Systems, Inc.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

	Spamming has forced some domain/address blocking to vortex.com
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	AOL backs down -- But new problems loom
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	Trojan phonecards / Internet opinion surveys
	   (Lauren Weinstein; PRIVACY Forum Moderator)
 	Re: TRUSTe (Roger Clarke)
	CFP '98 Request for Proposals (Ecavazos)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic list handling system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list handling system.  Please follow the instructions above
for getting the "help" information, which includes details regarding the 
"index" and "get" commands, which are used to access the PRIVACY Forum 
archive via the list handling system.

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


   Quote for the day:

	"Oh say,
	 Can you see,
	 My eyes?
	 If you can,
	 Then my hair's too short!"

		-- The Tribe 
		   "Hair" (United Artists; 1979)


Date:    Sun, 10 Aug 97 12:29 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Spamming has forced some domain/address blocking to vortex.com

Greetings.  I wanted to let the readership know that due to the continually
increasing quantities of "spam" (unsolicited e-mail advertising, scams, and
related trash), I have been reluctantly forced to begin blocking significant
numbers of domains/IP addresses from inbound e-mail (SMTP) access to the
vortex.com domain.  This includes all PRIVACY Forum inbound addresses,
list maintenance addresses, my personal mailboxes, and so forth.

My policy currently is to only block domains or addresses which appear to
exist primarily or completely for the purpose of spam transmission.  This
unfortunately allows significant numbers of spams to continue arriving via
major ISPs who also have large numbers of non-spamming subscribers, and via
third party SMTP abuse, but I'm not at this time blocking unless I've
determined that spam is apparently the primary function of the site in

Even doing this turns out to be non-trivial, since many spammers have
disfunctional DNS servers, forge domain names, or have other attributes
that often make it necessary to block by specific IP numbers rather than
domain names.  Also, non-spamming domains also often have DNS problems,
making the simple failure of a DNS name lookup an insufficient condition for
detecting an attempted spam transmission.

While I'm at this time being fairly conservative in my blocking, it
is not impossible that at some point a legitimate submission to the
PRIVACY Forum might be blocked by these measures.  I apologize in
advance in case of this eventuality.  In such a situation, please contact
me via a third party and I'll do my best to re-enable appropriate
e-mail access for that case.

It is a sad commentary that these steps have become necessary.  Even
stronger steps may be necessary in the future.  It seems increasingly clear
that technical procedures alone will not be sufficient to control the spam
flood, and that legislative action in this area is increasingly necessary.
Clearly no legislation addressing this topic will be perfect, and there are
risks of side-effects as a result.  But unless some reasonable rules and
controls regarding spam are established soon, we all run the risk of being
buried under electronic piles of ads for live sex sites, vast arrays of
scams, and a wide range of dubious products and services in which most of us
have not one iota of interest.  

Anyone interested in more details about these spam blocking procedures
are invited to contact me directly.

Moderator, PRIVACY Forum


Date:    Sun, 10 Aug 97 12:40 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: AOL backs down -- But new problems loom

After a flurry of criticism by AOL subscribers and privacy advocates,
America Online has canceled a controversial plan to provide subscriber
telephone numbers to "partner" telemarketing firms.  In a news release and
notice to members from AOL Chairman and CEO Steve Case, AOL apologized for
not more directly notifying subscribers of the plan in advance, and
announced that the plan had been abandoned.  However, AOL subscribers may
still receive telemarketing calls from AOL itself on behalf of its "marketing
partners," and AOL says it will continue the "standard industry practice" of
renting addresses of subscribers to other firms for direct mail marketing

The controversy began when it was disclosed that AOL had made a change in
their rarely read "terms of service" for subscribers, describing that
starting July 31, subscriber phone numbers could be released to firms (such
as marketer "CUC International," reportedly the first firm to have been
involved in the project), unless subscribers took specific steps to indicate
their desire not to have their information released.  The deal with CUC was
reported to have been worth tens of millions of dollars. 

Concerns were raised quickly by persons upset that AOL had not announced
this plan in a manner likely to be seen by all subscribers, and by those who
felt that they have provided their address and phone information to online
services for the services' direct use only, not as a bonus marketing income
stream to be rented or sold as a commodity. 

However, just as this controversy died down, a new concern has appeared.
AOL is reported to be on the verge of announcing yet another round of
changes to their "terms of service," explaining their policy regarding
release of subscriber usage information, e.g., user selections, information
access histories, and so on--in other words, who clicks what, and when.  
An AOL spokesperson has suggested that such information would only
be made available to outside entities in "aggregate" form for marketing
purposes.  The privacy community awaits the details of this plan
with considerable interest.

Moderator, PRIVACY Forum


Date:    Sun, 10 Aug 97 13:31 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Trojan phonecards / Internet opinion surveys

Greetings.  I wanted to bring two items to your attention of potential
importance that recently came within sensor range, about which I'm still
researching details.

First, the concept of "trojan phonecards" appears to have materialized. 
OK, get your mind out of the gutter--this isn't about a prophylactic debit
card.  But, it could be a real concern.  I've received reports of a firm
selling pre-paid telephone debit cards designed to be given as gifts.  So
far so good.  But the twist is that they reportedly provide the call detail
for all usage of the card to the party who *purchased* the card, allowing
them to track your calling patterns.  

Interestingly, under current law, which provides very little protection for
call detail data, this *may* be completely legal.  I'm attempting to get more
information about this, but in the meantime it might be a good idea to be
highly skeptical of any "free" phone debit cards which might appear, unless
you know for sure where the call detail is going and under what
conditions it will be released to outside parties!


On another note, I've received mailings from a new web service promoting
itself as an Internet "opinion gathering" site, through which persons would
be invited to make their opinions known to the powers-that-be on various
issues, with the apparent intent of influencing legislation and other
decision-making processes.

I had a number of polite exchanges with these folks, and I have to admit I
am singularly unimpressed.  They seemed unfamiliar with basic statistical
theory or practice, not even realizing the fundamental problems with
"self-selected" polls (which are notoriously inaccurate in terms of
extrapolation to larger populations).  They apparently plan to require fax
or physical mail verifications of opinion submissions, to try avoid the
problems of forged e-mail.  But they also seem to be planning to *release*
name and address information of respondents in mailing list form to
contracting outside entities.  

The whole situation is confusing at best.  Until there are reasonable
confirmable standards for such operations, I'd urge using a great deal of
caution dealing with any Internet-based opinion gathering service, both in
terms of giving any weight to their results, or in terms of providing any
name, address, or other personal information as part of the poll or other
opinion gathering system.

Moderator, PRIVACY Forum


Date: Tue, 5 Aug 1997 16:37:55 +1000
From: Roger Clarke <Roger.Clarke@anu.edu.au>
Subject: Re: TRUSTe

Roger Debreceny said:
>I don't recall discussion of TRUSTe (http://www.etrust.com/) on Link.
>TRUSTe  was launched in June. This is an outgrowth of the EFF .. it
>takes an interesting approach to the relationship between commerce and

>From the home-page:
"The principles behind TRUSTe are disclosure and informed consent: when
consumers visit a site, they will be informed of what information the site
is gathering about them, what the site is doing with that information, and
with whom that information is being shared".

I've been refraining from saying anything, hoping that I'd feel more
positive as time went on.

I don't.

The reasons are:

- - It's based on the principles that transactions need to be identified,
    that sellers *will* collect and use data, and that all that's necessary
    is that the consumers be informed.  The starting point has to be that
    electronic transactions should be just like conventional ones, i.e.
    anonymous except where anonymity won't work;  then preferably
    pseudonymous;  and only identified if there's genuine justification;

- - The protections for identified transaction data are very slim, and
    cover only a fraction of the conventional privacy protections that are
    needed to generate public trust in people's delaings with

- - It's a peculiarly American way of doing things ("*trust* us;  *we've*
    got a logo up on our web-site!");

- - There are no teeth behind it.  We've seen what self-regulation is like
    in the absence of legislative sanctions behind it, i.e. empty.  The
    simple fact that freedom-from-big-government Americans just can't get
    into their heads is that there is imbalance of power between large
    organisations and little consumers, and that steps are necessary to
    address that imbalance (call it a 'market failure' if you like).

In short, I think eTrust (sorry, I see they've changed it to sound like a
guard-dog - very cute) is a sell-out by EFF to the big corporations;  and
is a very minor contribution to privacy protection on the Internet.

Talking of which, see:

Roger Clarke              http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 6 288 1472, and 288 6916     mailto:Roger.Clarke@anu.edu.au
Visiting Fellow,   Faculty of Engineering and Information Technology
The Australian National University     Canberra  ACT  0200 AUSTRALIA
Information Sciences Building Room 211        Tel:  +61  6  249 3666


Date: Wed, 16 Jul 1997 15:47:28 -0500
From: ecavazos <ecavazos@interliant.com>
Subject: CFP '98 Request for Proposals


(proposals must be received by August 15, 1997 to be considered)

February 18-20, 1998 * Hyatt Regency Austin at Town Lake * Austin, TX

The Eighth Annual Conference on Computers, Freedom, and Privacy (CFP98) is
scheduled for Wednesday February 18 to Friday February 20, 1998 in Austin,
Texas, at the Hyatt Regency Austin Hotel on Town Lake.

The Computers, Freedom, and Privacy Conferences serve as an internationally
recognized forum and gathering place for the key members of the technical,
government, hacker, legal, security and journalistic communities to address
cutting edge technical, business, legal and cultural issues.

Topics and speakers from prior years' CFP conferences can be found at the
CFP web site,  http://www.cfp.org.

For the 1998 CFP conference, The 1998 Program Committee (members listed
below) is particularly interested in receiving proposals that deal with:

1) emerging issues relating to privacy and data ownership, such as the use
of infrared tracking of supermarket shopping carts to monitor search and
purchasing patterns of customers; developments with medical databases,
library filtering, GPS tracking systems, etc.

2) controversial issues;

3) conflict,  e.g., debates where presenters have sharply defined and
differing points of view, technolibertarian vs. anti-tech "humanist; " or
have different training/disciplines, e.g., cyberactivists on virtual
communities vs. sociologist/philosopher/writer discussing nature of the
"physical world."

4) innovative and alterantive formats such as moot courts, case studies,
reverse role playing, etc., to enliven some of CFP's recurring topics that
are increasingly found at other conferences.

The 1998 Program Committee strongly encourages proposals that involve one
or two speakers, as well as panel presentations. A single or two person
presentation is often better focused than a panel and it is the goal of The
1998 Program Committee to provide a mix of panels and single/dual speaker
presentations during the General Session.  Ideally, panels will be limited
to no more than four persons whose views are not duplicative of each other.

In addition to the two and one-half days of General Session, which starts
the afternoon of Wednesday February 18, CFP98 will offer tutorials. Five or
six three hour tutorial sessions will be offered on the morning of
Wednesday February 18. CFP98 will also continue the practice of breakout
topic presentations during the Thursday and Friday luncheons.  The Program
Committee is seeing proposals for both tutorials and the luncheon sessions.

It is the goal of the CFP98 Program Committee to be able to offer some
travel money to speakers; however the amount or allocation of travel funds
depends heavily on success in obtaining sponsors, which will not be known
until early September.

The CFP98 Program Committee will meet the week of August 18 to finalize
selection of proposals; consequently all proposals must be received * by
August 15, 1997  * to assure consideration by the Program Committee.
Please follow the submission guidelines below.


CFP98 is being organized and hosted this February under the auspices of The
University of Texas School of Law.  Mark Lemley, Professor at The Law
School, serves as Chair of the Program Committee.  He may be reached by
e-mail at:  mlemley@mail.law.utexas.edu

Proposals should include the following information.

1) Presentation Topic Title:

2) Presentation Type:

     [    ]  General Session       [     ]  Luncheon       [     ] Tutorial

3) Proposed Length of Presentation*

* Presentations during the General Session can range from .5 to 1.5 hours.
Breakout luncheon presentations are 1.0 hr.  Tutorial presentations run 3.0

4) Name(s) of Speaker(s), plus BRIEF background description about each
speaker. For presentations with more than one speaker, please indicate and
provide contact information for the primary panel

5) A one to two paragraph description of the Topic and Format, suitable for
conference brochure and press release.

6) Additional information regarding topic, format (including special
presentation or A/V needs), possible but not yet confirmed speakers, or
speaker substitutes -- or any other information that you think would be
useful to The Program Committee in evaluating your proposal.

For more information on the Computers, Freedom, and Privacy Conferences,
please visit our Web page at: http://www.cfp.org.

Proposals should be sent as soon as possible to CFP98 Program Chair
Mark Lemley at: mlemley@mail.law.utexas.edu

or by mail to:

Mark Lemley
The University of Texas School of Law
727 East 26th Street
Austin, TX 78705

*Proposals must be received no later than August 15, 1997 *



Mark A. Lemley, CHAIR
Assistant Professor of Law
The University of Texas School of Law

Matt Blaze
Senior Research Scientist
AT&T Bell Research

Edward A. Cavazos
Senior Vice President, General Counsel
Interliant, Inc.

Gary B. Chapman
Director, The 21st Century Project
LBJ School of Public Affairs
The University of Texas at Austin

David Chaum
DigiCash bv
Amsterdam, The Netherlands

Dave Del Torto
Pretty Good Privacy, Inc.

Michael Esposito
The University of Texas School of Law

A. Michael Froomkin
Associate Professor of Law
University of Miami School of Law

Katie Hafner
Newsweek Technology Correspondent
Newsweek Magazine

Donna L. Hoffman
Owen Graduate School of Management
Vanderbilt University

Deborah Hurley
Director, Information Infrastructure Project
John F. Kennedy School of Government
Harvard University

Bruce R. Koball
Technical Consultant

Jon Lebkowsky
President, EFF-Austin

Teresa Peters
Organisation for Economic Co-Operation and Development
Paris, France

Ned Ramage
The Freedom Forum First Amendment Center

Shabbir J. Safdar
The Voters Telecommunications Watch

Jonah Seiger
Communications Director
Center for Democracy and Technology

Sharon Strover
Director, Texas Telecommunications Policy Institute
The University of Texas at Austin

Peter Toren
United States Department of Justice


End of PRIVACY Forum Digest 06.11

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH