|
PRIVACY Forum Archive Document
|
PRIVACY Forum Digest Saturday, 10 October 1998 Volume 07 : Issue 17
Moderated by Lauren Weinstein (lauren@vortex.com)
Vortex Technology, Woodland Hills, CA, U.S.A.
http://www.vortex.com
===== PRIVACY FORUM =====
-------------------------------------------------------------------
The PRIVACY Forum is supported in part by
the ACM (Association for Computing Machinery)
Committee on Computers and Public Policy,
"internetMCI" (a service of the Data Services Division
of MCI Telecommunications Corporation),
Cisco Systems, Inc., and Telos Systems.
- - -
These organizations do not operate or control the
PRIVACY Forum in any manner, and their support does not
imply agreement on their part with nor responsibility
for any materials posted on or related to the PRIVACY Forum.
-------------------------------------------------------------------
CONTENTS
Report on Netscape Communicator Privacy Issues and Problems
(Lauren Weinstein; PRIVACY Forum Moderator)
DoubleClick's "Boomerang" and Cookies
(Lauren Weinstein; PRIVACY Forum Moderator)
Wiretapping News Items (Lauren Weinstein; PRIVACY Forum Moderator)
Ameritech & Privacy Manager (Tom Evert)
Re: Cookies (Jon Paul Nollmann)
FCC Delays CALEA Until June 2000, Big Privacy Fight Ahead
(Ari Schwartz)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com". Mailing list problems should be reported to
"list-maint@vortex.com".
All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system. Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.
All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com/". Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------
VOLUME 07, ISSUE 17
Quote for the day:
"For one who has not lived even a single lifetime,
you are a wise man..."
-- Count Dracula (Bela Lugosi)
"Dracula" (1931; Universal)
----------------------------------------------------------------------
Date: Thu, 8 Oct 98 10:05 PDT
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Report on Netscape Communicator Privacy Issues and Problems
Greetings. In the last several PRIVACY Forum Digests, I've discussed my
efforts to understand and obtain information regarding possible privacy
problems in the new Netscape "What's Related" functionalities, which have
been included in their Communicator 4.0.6/4.0.7 browsers, and in their 4.5
pre-release browser. This functionality is enabled by default, and no
significant information regarding how it operates has been provided within
included Netscape user help materials.
This has been a more complex and time-consuming undertaking than I originally
anticipated, partly due to difficulties in establishing and maintaining
communications with the appropriate persons at Netscape. This situation has
however improved, and I've recently had a lengthy and very cordial
conversation with Netscape's main privacy representative, who clearly seems
to understand the issues involved. Whether this will significantly affect
the course of the problems is a completely separate issue, since she has
told me that she does not have any control over these matters. She has
promised me that some additional information concerning these features will
be placed on the Netscape web site.
Some current events make this whole matter even more important. Netscape's
"global public policy manager" was recently quoted regarding the need for
consumer privacy (in conjunction with TRUSTe publicity announcements), and
Netscape is about to release an add-on for Microsoft's Internet Explorer
which would bring "What's Related" functionality to users of that competing
browser.
Unfortunately, I need to report that the situation regarding the "What's
Related" privacy problems may well be even worse than originally
anticipated. The ability for the infrastructure created by this system to
collect truly massive amounts of information concerning user browsing
habits, which in some cases could also be tied to specific users' names and
other personal information, should be of serious concern. The amount of
information which the browsers can "backchannel" up to Netscape and their
partners, even when "What's Related" has not been selected for a specific
web site URL, can be very great.
For example, it's reported that any link site you select from a "What's
Related" reply list is reported back to Netscape, and that in some
configurations up to 1,000 of the site URLs you visit after pushing the
"What's Related" button may be reported to Netscape as well (an additional
three are apparently reported to Netscape in the default configuration)--and
that this information is tied to the same user cookies used during
registration to download the browser in the first place.
I'd like to make a couple of things clear. First, I definitely do not
impute any "evil" motives to Netscape regarding any of this. Netscape is an
admirable firm with some great products, including their browsers which I
myself frequently use. In my discussions with various managers within their
organization, I've formed the opinion that a main goal for them right now is
to provide useful value-added services to users, which will increase
Netscape's status as a major Internet "portal"--to use the term being
popularized these days. There's certainly nothing inherently wrong with
wanting to do this.
It's my belief that the Communicator privacy problems being reported are a
side-effect of Netscape's very rapid movement toward achieving this goal,
and that they are the result not of a desire to invade privacy, but rather of
an incomplete understanding, at various levels within the company, of the
complexity and sensitivity of these important privacy issues--a common
enough situation that is unfortunately present in a great number of firms
and other organizations.
Netscape says that at this time they are not saving detailed information
gathered via these mechanisms, that they have a privacy policy, and that
users who are concerned can turn off all "What's Related" functionalities.
I'm perfectly willing to accept all of these statements at face value. But
they really miss the key point, in my opinion. It's not what's being done
right now that's the issue, but what can be done with such a powerful and
potentially intrusive infrastructure.
Corporate privacy policies can change--they aren't cast in stone, nor are
they typically enforceable in any general sense. Companies can be bought by
other companies with other views on using such information. Courts and
lawyers could file orders and subpoenas requiring such systems be used to
provide vast amounts of user data for all manner of civil and criminal
investigations and related actions, ranging from frivolous to serious.
Persons' browsing histories on the net could be used, or abused, in any
number of chilling manners. The centralization of this data on a vast
scale, made possible by the "What's Related" system, is orders of magnitude
more vulnerable to abuse than the sorts of data that individual web sites
can collect.
The fact that the functions can be turned off (when they default to on, as in
this case) is only really useful if users are completely informed about
how those functions work and what information is being revealed! As it
stands right now, the vast majority of users would have no reason to suspect
that an innocent little "What's Related" button and functions could result
in much of their private browsing behavior being supplied to Netscape and/or
potentially other parties.
After my earlier reports here in the PRIVACY Forum on this topic, I was
recently contacted by a person who has been involved in researching the
technical ramifications of Netscape's "What's Related." He and his
co-authors have written a relatively brief paper that explains the situation
in detail. While I do not at this time have independent information
regarding its detailed technical accuracy, Netscape has acknowleged reading
the paper, and has not to my knowledge disputed any of the paper's technical
discussion. I have asked Netscape for detailed comments addressing the
specific points in the paper. They have suggested that such a response may
be forthcoming in the future--I will of course keep the PRIVACY Forum
readership apprised regarding this.
I am hopeful that my continuing discussions with the Netscape privacy
representative, and others at Netscape, will be fruitful in terms of moving
these issues forward. For now, I urge everyone interested in Web privacy to
read the paper referenced below, and I'd be interested in your comments for
possible inclusion in the PRIVACY Forum Digest (please send such comments
for the Forum to privacy@vortex.com, not to me personally). While the
authors of the paper have tended toward some rather emotionally "colorful"
language in some respects (e.g., by referring to parts of the "What's
Related" system as "our shadow"), the overall quality of the document is
very good and I feel that it provides a useful source of information
regarding both the technical and some of the more philosophical aspects of
these issues.
Below is the abstract provided by the paper's authors--the URL for the paper
is included within. Again, please send the PRIVACY Forum your comments and
thoughts, on all sides of this matter. I'll report back as warranted.
Thanks much.
--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com
------------ FORWARDED ITEM BEGINS ------------
Date: Wed, 7 Oct 1998 13:10:24 -0400 (EDT)
From: C Matthew Curtin <cmcurtin@interhack.net>
Subject: What's Related?--Everything But Your Privacy
To: PRIVACY Forum <privacy@vortex.com>
Netscape's release of version 4.06 and later versions of its web
client contain a new feature called "smart browsing", as reported
in previous PRIVACY Forum Digests.
Intrigued by the undocumented feature, we watched the browser in
action with a network sniffer and made some worrisome discoveries.
Specifically, in the default configuration, when you press the
"what's related" button, the next three URLs you follow are reported
back to Netscape, even if these are selected from the user's
bookmarks, usenet messages, or private email. And every time you
push the button, the "next three" counter is reset, so if you ask
"what's related" on every fourth URL you visit, every fetch you make
will be reported to Netscape.
This behavior is controlled through the "automatically load what's
related" option in the "smart browsing" preferences. Two other
options are available, "never automatically load what's related", and
"always automatically load what's related", which report only the URL
you're viewing, and the next 1,000 URLs you view, respectively.
With the information sent back to the "what's related server", it is
possible for someone with access to that data to build an extremely
detailed dossier of individual users' browsing habits, and even in
some cases, associate these with the name, address, and telephone
number of the user.
Our complete report is available on the web at
http://www.interhack.net/pubs/whatsrelated/
--
Matt Curtin
cmcurtin@interhack.net http://www.interhack.net/people/cmcurtin/
------------ FORWARDED ITEM ENDS ------------
------------------------------
Date: Fri, 9 Oct 98 09:44 PDT
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: DoubleClick's "Boomerang" and Cookies
Greetings. I've reported here in the PRIVACY Forum previously regarding
privacy issues surrounding the DoubleClick web ad service and my discussions
with their management about these topics. An issue that frequently comes up
regarding DoubleClick is their preferred use of cookies to track users for
ad delivery purposes across multiple sites.
In what can certainly be termed a "logical" development, DoubleClick has
recently announced a service, with the intriguing name of "Boomerang," which
is part of their new "Closed Loop Marketing Solutions." The service
reportedly creates personal profiles on web users, based on cookies, online
product and services sales, and the information users provide at member
sites. Each profile is associated with an ID cookie code, and that code is
provided to advertisers so that they can "target" that user with (for
example) web banner ads related to the assumed topic area. Advertisers are
not told the actual identity of users, according to DoubleClick. Since
DoubleClick carries a very wide variety of ads, including an inventory
of adult-oriented advertising which some persons find objectionable, there
are a considerable number of concerns with this system.
In relation to privacy issues, DoubleClick says that they aren't tracking or
following users, merely "recognizing" them. As regular readers of PRIVACY
Forum know, however, this distinction can be rather complex...
The fundamental problem is that many web users may not be interested in
having their web browsing habits being associated with particular products
or services of any kind, especially without their affirmative permission.
As usual, much of this boils down to notification and choice issues.
DoubleClick's web site includes a rather benign explanation of cookies in
their privacy section, which emphasizes the positive aspects of this
mechanism. It is indeed true that cookies have many positive and useful
attributes, but it's also important that users understand cookies' potential
for abuse as well. It's common for firms to provide cookie explanations
that fail to mention the negatives. Microsoft, for example, requires
cookies to be enabled (and a registration form filed) to access most of their
useful technical Knowledge Base articles. Microsoft's upbeat description of
cookies ends with "Cookies are harmless, occupying just a few bytes on your
hard drive. They also can be a Web site browser's very good friend." This
is at best incomplete, since while cookies can be harmless, they can also
be used in harmful ways.
To its credit, DoubleClick's privacy discussion at their web site does point
out that you can opt-out of their ad profiling system by disabling cookies
in your browser, and they also offer an "opt-out" cookie that they say will
prevent any profiling by DoubleClick but will allow the user to keep their
cookies enabled.
But of course all of this is predicated on the user being aware in the first
place that any of this profiling and passing around of cookies is going on,
and knowing to take those protective actions. It's all based on the rather
common model that you are rather silently "drafted" to participate unless
you explicitly take steps to prevent such participation. Many persons
consider this to be a less than optimal situation--for the users, anyway!
I personally keep cookies turned off except when visiting specific sites
which use cookies in manners I find acceptable (and these do certainly
exist). It would of course be helpful if web browsers allowed the user to
specifically indicate for which sites they wanted to allow cookie access,
rather than having to make these decisions on a global basis affecting all
sites they visit.
For now, it's important that all web users be as diligent as possible
regarding how their browsing habits and other information are being
disseminated and exchanged. If you don't wish to participate in particular
advertising or other programs, by all means take whatever opt-out options
that are available. If such options don't exist and you still don't wish to
participate, let the organizations involved know about it. In some cases,
you may wish to not patronize such sites--it's your choice! As the user,
the power to drive all of this is ultimately in your hands, but only if you
make your feelings known!
--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com
------------------------------
Date: Fri, 9 Oct 98 10:46 PDT
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Wiretapping News Items
Greetings. On October 7th, the joint House/Senate committee reconciling
versions of the intelligence budget, inserted a highly controversial
provision into the Intelligence Authorization Act, authorizing so-called
"roving wiretaps." Long requested by the FBI, this action, taken without
open Congressional debate, permits wiretaps on any phone lines used by or in
the vicinity of targeted individuals, rather than requiring that only
specific designated phone lines be tapped. Opponents are concerned that
this opens up a much larger number of conversations, potentially between
completely uninvolved parties, to interception. Proponents of the
authorization argue that modern telecommunications technologies have
rendered "fixed" tapping ineffectual at tracking targeted individuals, and
that law enforcement capabilities would be seriously diminished without the
roving capability.
In local news, it was recently reported that the Los Angeles Police
Department (LAPD) has been making significant use of judicially-approved
wiretaps, some of them lasting for extended periods. Taps included public
phones where large numbers of uninvolved persons were monitored. In one
case, reportedly five public phones were tapped and over 130,000
conversations were monitored--not a single arrest resulted. Contrary to the
California law that requires notification to everyone who was overheard at
the conclusion of wiretaps, local authorities now admit that due to an
"oversight," in most wiretap cases they didn't notify anybody afterwards.
This revelation has already raised the specter of lawsuits and the potential
for convictions to be overturned.
--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com
------------------------------
Date: Sat, 26 Sep 1998 02:12:43 -0400
From: Tom Evert <evert@uakron.edu>
Subject: Ameritech & Privacy Manager
There have been some recent articles in newspapers, etc. about Ameritech's
roll-out of a new feature called Privacy Manager. Being curious about how it
worked and when it would be available in my area, I got on their web site
(http://www.ameritech.com) for more information. The initial page has an
animated gif that says stop telemarketers, then introducing Privacy Manager.
I clicked on the link for more details. Since this information didn't answer
my questions, I used their feedback feature. I purposely didn't give my
phone number and left my name and e-mail address for an e-mail reply.
They called me to answer my questions. I don't know about you, but it seems
that Ameritech should have enough sense not to call - especially since my
questions were about their Privacy Manager!
When they called, I had only been up for a few minutes and wasn't awake
enough to ask them why they called.
As far as the service itself, there are some problems. In order to have this
feature you must have caller ID with name. When someone calls and their
number is blocked, unavailable, cell phone, etc. Privacy Manager kicks in and
askes the caller to leave their name. No name, the call gets disconnected.
Calling someone that has Privacy Manager can also be a problem. If you have
a line block, you must state your name of the call won't go through.
This new system may help stop some telemarketers from calling but the cost
is outrageous - caller ID with name is $8.50 plus another $3.95 for the
Privacy Manager.
I put an end to almost all my calls by having my number unlisted and removed
from several of the reverse directories used around this area. Cost? $1.10 a
month for an unlisted number and caller ID line block and some paper,
envelopes and stamps to notify the reverse directory companies.
Tom Evert
------------------------------
Date: Wed, 30 Sep 1998 17:59:44 -0700 (PDT)
From: sinster@darkwater.com (Jon Paul Nollmann)
Subject: Re: Cookies
Sprach David Kulp:
> What cookies offer in addition to URLs is the ability to track the
> same user from visit to visit.
[...]
> In summary, cookies offer no major advance in personal information
> monitoring compared to other "server-side" methods that cannot be
> controlled by the user.
Your enumeration of points is correct, but your conclusion is not.
That very ability to track users from visit to visit is precisely
the complaint that I and many others have against cookies. And since
sites can track us within one visit using entirely server-side methods,
the entire concept of cookies is laid bare as being useful only for
the purpose of tracking us across visits, which is to say, for the
purpose of violating our privacy.
Allow me to draw a parallel. Suppose I prick you with a needle. I'm
sure we'll all agree that that is very objectionable, but not particularly
threatening. Now, suppose I remove your ability to heal... Suddenly,
that little needle prick becomes dangerous in the extreme.
You may think this parallel is extreme, but I assure you that this is
precisely how I and those like me view cookies: while I'm looking at your
site, you are constantly assaulting me with little pinpricks, but when
I leave I heal entirely... unless you use cookies.
Of course, you are correct that I can simply delete the cookie file every
time I quit out of my web browser. But that brings us to the opt-in vs.
opt-out argument: any method or technique that requires me to do something
special to preserve my privacy is objectionable.
So in summary: your argument is that cookies only provide a minor
privacy loss over 100% server-side tracking, while our argument is
that cookies provide no function over 100% server-side tracking other
than privacy loss.
--
Jon Paul Nollmann ne' Darren Senn
sinster@balltech.net
------------------------------
Date: Mon, 14 Sep 1998 16:35:41 -0400
From: Ari Schwartz <ari@cdt.org>
Subject: FCC Delays CALEA Until June 2000, Big Privacy Fight Ahead
[ From CDT Policy Post 4.19 -- Excerpted by PRIVACY Forum Moderator ]
(1) FCC Delays CALEA Until June 2000, Big Privacy Fight Ahead
The Federal Communications Commission on Friday, September 11 delayed until
June 30, 2000 the effective date of CALEA, the 1994 law requiring telephone
carriers to modify their equipment to ensure law enforcement agencies can
continue to carry out wiretaps and other surveillances on digital switches.
The law had been scheduled to take effect on October 25 of this year. The
Commission gave carriers an additional 20 months to complete modifications
needed to preserve law enforcement capabilities. The FCC delayed
indefinitely implementation of certain expansions in wiretap capability
sought by the FBI, including the ability to track wireless phone users,
until the Commission could undertake a separate inquiry into the privacy
implications of the FBI's demands.
The Commission's order and supporting documents are on-line in full text at
http://www.cdt.org/digi_tele/FCC911.html
------------------------------
End of PRIVACY Forum Digest 07.17
************************
Copyright © 2005 Vortex Technology. All Rights Reserved.