PRIVACY Forum Archive Document
|
PRIVACY Forum Digest Saturday, 29 May 1999 Volume 08 : Issue 08 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- ********************************************** * PRIVACY Forum Seven Year Anniversary Issue * ********************************************** CONTENTS "Vortex Daily Reality Report & Unreality Trivia Quiz" ARCHIVE (Lauren Weinstein; PRIVACY Forum Moderator) New USPS Regulations for "Private Mailboxes" (Lauren Weinstein; PRIVACY Forum Moderator) Email IDs & Email privacy (Dan Yurman) "Decoding Developments in Iceland" [forwarded excerpt] (Peter Marshall) Euthanasia / Kevorkian (Charles Tompkins) Re: Euthanasia / Kevorkian (Mark Hull-Richter) Privacy comments in Bernstein decision (Jon Paul Nollmann) "Beyond Concern: Understanding Net Users' Attitudes About Online Privacy" (Lorrie Faith Cranor) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com/". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 08, ISSUE 08 Quote for the day: "I'm a man who likes talking to a man who likes to talk." -- Kasper Gutman ["The Fat Man"] (Sydney Greenstreet) "The Maltese Falcon" (Warner Bros.; 1941) ---------------------------------------------------------------------- Date: Sat, 29 May 99 10:41 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: "Vortex Daily Reality Report & Unreality Trivia Quiz" ARCHIVE Greetings. In response to numerous requests, I've now established a permanent archive for the "Vortex Daily Reality Report & Unreality Trivia Quiz" segments which I announced in the previous PRIVACY Forum Digest. All segments are available for (RealAudio) playback at any time via this archive, which is organized by date with the topic of each past report also listed. The new main page for both the current day's report and the archive of past segments is: http://www.vortex.com/reality Just a few of the recent topics have included: Bank "Check Card" Risks (5/28) Australia's Internet Censorship (5/27) Espionage vs. High-Tech (5/26) Media/Police Ride-Alongs (5/25) Y2K Paranoia (5/24) Internet Psychics (5/19) Tracked by your DNA (5/17) Contrail Conspiracy Theories (5/11) Telephone Taping (5/10) A link for the submission of comments, questions, topic ideas, etc. has also been established at http://www.vortex.com/reality -- and your comments would be appreciated. Thanks very much. --Lauren-- Lauren Weinstein Moderator, PRIVACY Forum http://www.vortex.com ------------------------------ Date: Sat, 29 May 99 10:30 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: New USPS Regulations for "Private Mailboxes" Greetings. I've received a considerable number of messages regarding new U.S. Postal Service regulations concerning the use of so-called "private" mailboxes (PMBs). These mailboxes are provided by private commercial operations, such as "Mailboxes Etc." and countless independent providers (many very small and ephemeral). The basic new regulations are: -------------------- On 24 April 1999, USPS is requiring changes for those who use and operate Commerical Mail Receiving Agencies (CMRA). 1. NEW FORM 1583: Requires that everyone who receives mail sign and provide ID. New form must be on file by May 15, 1999. 2. NEW ADDRESS DESIGNATION: You MUST begin using this new form of address: NAME PMB xxx (PMB=Private Mail Box) 123 Main Street Anytown, NY 10019 After 1 Nov. 1999, USPS WILL NOT DELIVER ANY MAIL THAT DOES NOT HAVE THE PMB DESIGNATION. They will mark the mail undeliverable, and return it to the sender. These policies can be found in the Domestic Mail Manual, Sections Do42 and Fo20. -------------------- Most of the messages that I received on this topic have expressed concerns that persons would no longer be able to use a PMB in a form that made it look like a street address. This is a classic example of the double-edged nature of many privacy-related issues. While there are certainly legitimate privacy concerns that might lead someone to use a PMB, it's also the case that they've become the mechanism of choice for frauds, scams, and privacy-violating identity frauds of all kinds (a tremendous proportion of SPAMs operate from PMBs as well). Since they're heavily used to create the appearance of a legitimate street address, one which can be abandoned instantly with little or no accountability, a fertile mechanism for the unscrupulous had been created. It appears that the new regulations basically bring the PMB operators into line with the level of accountability present with standard Postal Service P.O. Boxes. Such USPS P.O. Boxes have been successfully used by both businesses and individuals, for commercial and/or privacy reasons, for many decades. It's unfortunate that the "bad apples" have forced this situation upon all PMB users, but overall I think it's clear that the previously existing state of affairs was no longer tenable and that some additional protections for persons corresponding with PMB users had indeed become necessary. Your opinions on this topic are welcome, of course. --Lauren-- Lauren Weinstein Moderator, PRIVACY Forum http://www.vortex.com ------------------------------ Date: Mon, 10 May 1999 08:45:33 -0700 (PDT) From: Dan Yurman <mdoidaho@yahoo.com> Subject: Email IDs & Email privacy The Risk of Three Letter User IDs in Free Email Accounts by: Dan Yurman mdoidaho@yahoo.com Online privacy means your email address is yours alone, not interfered with by Spam, lurkers, or people who think you are someone else because of your user ID. The proliferation of free email services available from a 'portal' sites raises the question of how to insure your user ID is unique among millions of other current and especially prior users of these services. For instance, a quick tour of the major portals indicate free email is available from the following locations. This is necessarily a representative sample of sites chosen more or less for convenience, and not for any commercial purpose. Perhaps as many as 20 million people have or have had free email accounts these or other sites. http://www.hotmail.com/ http://www.hotbot.com/ http://www.yahoo.com/ http://www.lycos.com/ http://www.excite.com/ http://www.bigfoot.com/ http://www.switchboard.com/ http://www.zdnet.com/ For those of you who are considering signing up for a free hotmail email account, or for any of the others, consider this lesson learned from a friend. Don't sign up for a user ID on Hotmail, or any other free email service, using the three letters of your initials. There may be someone out there, in fact count on it, who also has those initials, and who may have had a Hotmail or other free email account prior to yours. Hotmail, like other free email services, "recycles" user IDs. This is not unlike what the phone company does with your number after you move. After a suitable period of time, it reissues the number to a new customer. Otherwise, it would run out of numbers. I'm not picking on Hotmail, just arbitrarily using them in this example since they are one of the largest of the free email services. This challenge is that you may not like what the previous "owner" of your three letter user ID was interested in getting over the Internet. For instance, suppose the three letters of your initials are 'ABC' yielding a Hotmail account of abc(at)hotmail(dot)com. So, if your name is 'Anna Belle Cornwall,' (a made up name for this posting with any resemblance to a real person strictly coincidental) it may be the prior user of that account name was Archie Bunker Cooper (same disclaimer). If "Archie" was into less than mainstream interests, or worse, and signed up for mailing lists on his favorite subjects, now innocent Anne Belle is going to get that stuff because she now owns the account abc(at)hotmail(dot)com. Not only will she get all of 'Archie's' solicited mailing list material, she will also get every piece of spam still hunting for valid email addresses known to be linked to his user ID and interests. If she's lucky, all she'll get are some get rich quick schemes, the occasional porno come on, and offers to buy stamp / coin collections or HO train sets. It could be a lot worse, especially if "Archie's" ex-wife, his creditors, or other malcontents think they are still talking to him over the Internet. Of course, "Anna Belle" could try answer them, but usually at this point explanations will not work, and like trying to teach the proverbial pig to sing, only wastes her time and annoys the pig. The replies also tell spammers they have a valid email address. There is nothing she is going to be able to do about all that spam, and the other stuff, except close the account and get a new one. This could be very inconvenient if she had already told her friends and family about her new three letter user ID. There are several good strategies to avoid this problem. * Put a number in your hotmail or other free email user ID after the 1st letter, e.g a2bc(at)hotmail(dot)com, or in any position after the first letter, except the last. Hotmail, unlike some others, requires the first position to be a letter to avoid having their sites being the origin of spam. This strategy eliminates many heritage users IDs based on three initials. Even with 26 letters in the alphabet, there are still a finite number of combinations. The available three letter combinations go from AAA to ZZZ. Since Hotmail has millions of users, your probability of encountering a match using just the three initials of your name, based on a prior or current user, is very high. However, assigning an arbitrary number within the three letter sequence eliminates "collisions" with all users IDs based solely on three initials. * Use at least four letters, e.g. abcd(at)hotmail(dot)com, which will also eliminate a pretty good percentage of the like instances of inheriting three letter user IDs that have been recycled. This decreases the odds of encountering a match, but still raises the possibilities of "collisions" with people who have shifted user ID naming strategies from using their three initials to using their first names. If you use four letters and a number, after the 1st position, you have significantly increased the odds that no one else will have ever had this user ID before you. Now you have not only eliminated three letter user IDs based on initials, but also almost all user IDs based on first names. The exception is if you put the number in the last position, e.g. if "Anna Belle" chooses 'anna5' etc. * For a maximum strength strategy to avoid duplication with previous email user ID owners try at least four letters plus mixing in say the first two or three numbers of your house street address, last few digits of your zip code, birthday date of your dog, cat, goldfish, etc., or any other numeric sequence that is meaningful. If "Anna's" zip code is 95472, she could choose a user ID of A9n5n4a(at)hotmail(dot)com. So if the mythical "Anne Belle" wants a no hassle user ID, that no one among the millions of past Hotmail users have held, one of these simple strategies should do the job for her. However, don't put these numbers at the end of the letter sequence. Mix them in the middle. It is common for other online services like AOL and Prodigy to put numbers at the end of user IDs to avoid duplications. * Pick an entirely non-obvious combination, say the bar code for your favorite beer brand, your initials combined with the current temperature (your choice of indoor or outdoor readings), or, as in my case, a geographic reference. I choose the nearest USGS map corner, but you could look up the lot lines of your home or apartment and get carried away with surveying coordinates. :-) The drawback is that these strategies fly in the face of personalizing your free email account with something that others will remember easily. The whole point of the free email accounts is that they are part of "mass customization" marketing strategies so the portal companies may not like this advice, or at least not very much. In fact this advice may fall in the same category as the story about the engineer who had to choose between a talking frog and a beautiful princess. The choice is an engineer's solution or a pretty user name, but if you only want to use three letters or your first name, you may get unwanted email. I'm assuming you've already done some customization of your own with your home ISP, and that your use of a free email account is to keep some communications out of your priority email inbox, or for other business or personal reasons. Anyway, an informed choice is better than no choice. Enjoy the Internet. Surf safely. I am not affiliated with hotmail except as an end user of the service. -- Dan Yurman n43w112@hotmail.com Eagle Rock, Idaho ------------------------------ Date: Wed, 12 May 1999 15:22:26 -0700 From: Peter Marshall <techdiff@ix.netcom.com> Subject: "Decoding Developments in Iceland" [forwarded excerpt] -------------------- From: J. Erlendsson <joner@hi.is> Date: Mon, 03 May 1999 12:41:29 +0100 THE ICELANDIC DATABASE CONTROVERSY Decoding developments in Iceland Bernhard Palsson and Snorri Thorgeirsson As we write these comments, a 12-year license, which grants exclusive rights to Iceland's entire health care database, is about to be given to an American company, with a majority ownership of American venture capital funds that also hold a majority on its board of directors. This license would contain highly controversial conditions such as "presumed consent" that would allow the company to use the personal data of any individual in the database without their permission or "informed consent." Iceland's sovereignty is effectively at stake. How did this remarkable turn of events come to pass? In August of 1996, deCODE Genetics Inc. was founded and incorporated in the state of Delaware. The company issued 20 million shares and sold 12 million to a group of seven American venture funds at a $1 per share. A wholly owned Icelandic subsidiary was established, and with $12 million the company started operations in Iceland. By the end of 1997 it had 45 employees, a number that has grown to 250 today. In early 1998, deCODE signed the largest deal at that time in genomics with Hoffmann-LaRoche, valued at up to $200 million over a five-year period. This partnership was focused on linkage studies in 12 diseases. deCODE then sold an additional 2 million shares to Icelandic investors at $5 per share. These shares trade publicly in Iceland, and have recently been trading at more than $22 per share, bringing the market capitalization of deCODE to close to $500 million. By all measures deCODE was a roaring success, and it was initially well received in Iceland, bringing the benefits of high-paying jobs in a high-tech industry. Its energetic president and CEO received manifold praise and recognition for his accomplishments, including a nomination in the magazine Red Herring in 1998 as one of the world's top 10 entrepreneurs. However, deCODE's troubles began in March of 1998, when it helped formulate a bill introduced into the Icelandic Parliament Althingi.... It authorizes the establishment of a centralized health care database, which includes detailed health care records and the ability to correlate them with genealogical and genotypic information(1). One controversial part of the bill is that it includes the provision that in exchange for paying for the construction of the database-estimated to cost over $100 million-an exclusive 12-year license would be granted for its use. The proposed law included a number of features that were unprecedented, to say the least, with regard to prior general medical, scientific, and ethical practices in the conduct of R&D of health care products. Naturally enough, the bill attracted considerable attention and there was and is a strong opposition to it both domestically and internationally. Coverage of this issue has been extensive(2).... This database will contain genotypic data, and thus the most intimate information about the individuals who will provide tissue samples for the database. With advances in human genomics being so rapid, it is hard to tell how much will be read (correctly or not) into genotypic information obtained over the coming 12 years. Although we are promised that maximum effort to maintain privacy will be made, in a small country like Iceland, the individuals in the database can be identified with as little as three pieces of readily available information (such as gender, date of birth, parent's date of birth). deCODE plans to go public. Thus, all the information in the centralized database and its intrinsic value will be traded as a commodity on international markets. Comprehensive hereditary and health care information for a whole nation, in a format in which every individual and his/her characteristics can most likely be identified! Nothing less than Iceland's national identity is at stake.... Realizing this, a group of Icelandic physicians in an open letter(3) made a plea to the board to reconsider its actions just before the passage of the bill, in which they cited severe criticisms of all or parts of the bill by no less than 30 Icelandic ethical and scientific associations. Their effort was predictably to no avail-perhaps understandably, as it is the venture funds that stand to gain the most, well over $200 million if the current share price holds up. Their capital gains, if and when realized, will not even be taxed in Iceland, and it is unclear what long-term benefit if any the Icelandic nation will receive from this process. Since Iceland is only a thousandth the size of the US, 250 high-paying jobs there are equivalent to 250,000 high-paying jobs in the US.... Needless to say, human genetic research can be conducted in Iceland as elsewhere without implementation of controversial issues. Interestingly, such research can be performed without the creation of such a centralized database and an infringement on the exclusive license. Many genealogical databases exist in private hands, as do patients' registries (and some are explicitly excluded in the bill) and disease-specific physician-patient groups and societies.... REFERENCES 1. English version of the legislation is found on brunnur.stjr.is/interpro/htr/htr.nsf/pages/gagnagr-ensk 2. Hodgson, J. Nat. Biotechnol. 16, 896-897 and 16, 1017-1021 (1998); see also Nat. Genet. 20(2), 99-101 (1998), Science 280, 890-891(1998), Sci. Am. February 1998, p. 24. 3. See www.mannvernd.is/english/index.html, item 12.12.98. Bernhard Palsson is professor of bioengineering and adjunct professor of medicine, University of California, San Diego, La Jolla, CA. Snorri Thorgeirsson is laboratory chief, experimental carcinogenesis, National Cancer Institute, Bethesda, MD. The views expressed here are the authors' own, and do not reflect the opinions of their home institutions. e-mail: bpallson@be-research.ucsc.edu. -- Thomas A. Poe, M.D., Director The World Center For Clinical Research 2500 Dickerson Rd, H-124 Reno, NV 89503-4801 admin@worldccr.org http://www.worldccr.org ------------------------------ Date: Wed, 05 May 1999 16:47:15 -0500 From: Charles Tompkins <TOMPKINSC@NDU.EDU> Subject: Euthanasia / Kevorkian James Cayz writes: "I find that today's society has the greatest case of "societal selfishness" with regards to euthanasia." Difficult to disagree with this assertion when Mr. Cayz' message appears to equate euthanizing pets and throwing away food with assisted suicide. Permitting assisted suicide is both a more serious issue than he appears to suggest and much too serious to be dismissed as "merely" an issue of privacy. Without dismissing the theological issues (which are inappropriate for discussion on this list), the nature of the legal and sociological safeguards against abuse of the "right" of suicide requires very careful consideration. Charles E. Tompkins III, J.D. Professor of Systems Management National Defense University (202) 685-2069 ------------------------------ Date: Tue, 04 May 1999 12:26:09 -0700 From: Mark Hull-Richter <markh@procom.com> Subject: Re: Euthanasia / Kevorkian This is exactly one of the biggest problems with the so-called "Pro-Life" movement and the attitude of all of its adherents. They claim the right to dictate to others (us, women in particular) that all "conceptions" be protected all the way through birth, and not for one second thereafter, even at the expense of the life of the mother. The other side, the "Pro-Choice" movement, seeks solely to protect the privacy of the mother and her right to choose whether or not to give birth to an unwanted child. While I do not approve of abortion per se, I believe that the state of child abuse and molestation in this country is totally unacceptable. Until we are prepared to ensure that all births are "wanted," and that even those which start out as wanted but degenerate into the unwanted category will be fostered and cared for in a loving, nurturing home, it is the absolute and overriding burden on our legislative bodies to abstain from the process altogether. Until legislation can be adopted to ensure the safe and secure raising of all of society's children into mature adults, legislation restricting the rights of mothers to decide whether to bear children or not is at least abhorrent, if not unthinkable. We need to destroy the cycle of abuse and/or neglect that leads to tragedies involving children, whether by accident or design. What does this have to do with privacy? Read Griswold vs. Connecticut (which established an inherent right to privacy in the U.S. Constitution) and Roe vs. Wade (which derived the right to abortion from the right to privacy) - it has EVERYTHING to do with privacy. Perhaps it is time we pushed Congress to pass an explicit Right to Privacy amendment to the Constitution. It's certainly more important an issue than whether or not we have the right to burn a piece of cloth in public, just because it happens to be striped and starred appropriately. ------------------------------ Date: Thu, 6 May 1999 18:35:02 -0700 (PDT) From: sinster@darkwater.com Subject: Privacy comments in Bernstein decision The following text is present in the comments section of the majority decision in Bernstein v. USDOJ (US 9th circuit court of appeals, 97-16686 at 4242). Second, we note that the government's efforts to regulate and control the spread of knowledge relating to encryption may implicate more than the First Amendment rights of cryptographers. In this increasingly electronic age, we are all required in our everyday lives to rely on modern technology to communicate with one another. This reliance on electronic communication, however, has brought with it a dramatic diminution in our ability to communicate privately. Cellular phones are subject to monitoring, email is easily intercepted, and transactions over the internet are often less than secure. Something as commonplace as furnishing our credit card number, social security number, or bank account number puts each of us at risk. Moreover, when we employ electronic methods of communication, we often leave electronic "fingerprints" behind, fingerprints that can be traced back to us. Whether we are surveilled by our government, by criminals, or by our neighbors, it is fair to say that never has our ability to shield our affairs from prying eyes been at such a low ebb. The availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty. Viewed from this perspective, the government's efforts to retard progress in cryptography may implicate the Fourth Amendment, as well as the right to speak anonymously, see McIntyre v. Ohio Elections Comm'n, 115 S. Ct. 1511, 1524 (1995) , the right against compelled speech, see Wooley v. Maynard, 430 U.S. 705, 714 (1977), and the right to informational privacy, see Whalen v. Roe, 429 U.S. 589, 599-600 (1977). While we leave for another day the resolution of these difficult issues, it is important to point out that Bernstein's is a suit not merely concerning a small group of scientists laboring in an esoteric field, but also touches on the public interest broadly defined. It's very gratifying to see that at least some courts are sensitive to our slowly draining privacy, even if they haven't actually issued many judgments on the issue. -- Jon Paul Nollmann ne' Darren Senn sinster@balltech.net ------------------------------ Date: Wed, 14 Apr 1999 11:20:19 -0400 From: "Lorrie Faith Cranor" <lorrie@research.att.com> Subject: "Beyond Concern: Understanding Net Users' Attitudes About Online Privacy" My colleagues and I have released an AT&T Labs-Research Technical Report on our study of Net users' attitudes about online privacy. I have attached the executive summary below. The full report is available online at: http://www.research.att.com/projects/privacystudy/ Feel free to forward this. Lorrie Beyond Concern: Understanding Net Users' Attitudes About Online Privacy by Lorrie Faith Cranor, Joseph Reagle, and Mark S. Ackerman 14 April 1999 Executive Summary People are concerned about privacy, particularly on the Internet. While many studies have provided evidence of this concern, few have explored the nature of the concern in detail, especially for the online environment. With this study, we have tried to better understand the nature of online privacy concerns; we look beyond the fact that people are concerned and attempt to understand how they are concerned. We hope our results will help inform both policy decisions as well as the development of technology tools that can assist Internet users in protecting their privacy. We present results here from the analysis of 381 questionnaires completed between November 6 and November 13, 1998 by American Internet users. The sample was drawn from the FamilyPC magazine/Digital Research, Inc. Family Panel. While this is not a statistically representative sample of US Internet users, our respondents are heavy Internet users, and quite possibly lead innovators. As such, we believe that this sample is important for understanding the future Internet user population. Major Findings Internet users are more likely to provide information when they are not identified. When presented with scenarios involving the provision of personal data to Web sites, our respondents were much less willing to provide information when personally identifiable information was requested. Some types of data are more sensitive than others. Our respondents were generally comfortable providing preference information to Web sites. However, they were often very uncomfortable providing credit card numbers and social security numbers. We also observed significant differences in sensitivity to seemingly similar kinds of data. For example, while postal mail address, phone number, and email address can all be used to contact someone, most of our respondents said they would never or rarely feel comfortable providing their phone number but would usually or always feel comfortable providing their email address. The comfort level for postal mail address fell somewhere in between. Many factors are important in decisions about information disclosure. When deciding whether to provide information to Web sites, our respondents report that the most important factor is whether or not information will be shared with other companies and organizations. Other highly important factors include whether information is used in an identifiable way, the kind of information collected, and the purpose for which the information is collected. Whether a site posts a privacy policy, whether a site has a privacy seal of approval, and whether a site discloses a data retention policy were viewed as important, but considerably less so than the other factors we asked about. Acceptance of the use of persistent identifiers varies according to their purpose. Fifty-two percent of our respondents indicated they were concerned about Web cookies, and another 12% said they were uncertain about what a cookie is. Of those who knew what cookies were, 56% said they had changed their cookie settings to something other than accepting all cookies without warning. However, 78% of respondents said they would definitely or probably agree to Web sites using persistent identifiers (possibly implemented using cookies) to provide a customized service. Fewer (60%) would agree to the use of such an identifier to provide customized advertising, and fewer still (44%) would agree to using the identifier to provide customized advertising across many Web sites. Internet users dislike automatic data transfer. While our respondents said they are interested in tools that make using the Web more convenient, most do not want these tools to transfer information about them to Web sites automatically. When asked about several possible browser features that would make it easier to provide information to Web sites, 86% of respondents reported no interest in features that would automatically transfer their data to Web sites without any user intervention. Internet users dislike unsolicited communications. Respondents indicated a strong desire to avoid unsolicited communications resulting from providing information to Web sites. For example, 61% of respondents who said they would be willing to provide their name and postal mail address to a site in order to receive free pamphlets and coupons said they would be less likely to provide the information if it would be shared with other companies and used to send them additional marketing materials. A joint program of privacy policies and privacy seals seemingly provides a comparable level of user confidence as that provided by privacy laws. We described a scenario in which a Web site with interesting information related to a favorite hobby asks for a visitor's name and postal address in order to provide free pamphlets and coupons. Of the respondents who were unsure or said they would not provide the requested information: - 48% said they would be more likely to provide it if there was a law that prevented the site from using the information for any purpose other than processing the request, - 28% said they would be more likely to provide it if the site had a privacy policy, - and 58% said they would be more likely to provide it if the site had both a privacy policy and a seal of approval from a well-known organization such as the Better Business Bureau or the AAA. On the other hand, when we asked respondents about online privacy seal programs without mentioning any specific brand names, their responses suggest that they do not yet understand how Internet seal programs work. We are continuing to analyze our survey data and plan to collect more data to further explore these and other issues. We expect to provide more detailed analyses in future reports. Implications Finally, we believe that a few technical and policy implications can be drawn from our work. As the software engineering community attempts to implement the Platform for Privacy Preferences (P3P) and similar privacy protocols, one of the major issues will be designing suitable user interfaces for these systems. Such systems need to inform users when user privacy might be at risk. However, not only must a user interface present an extremely complex information and decision space, it must do so seamlessly and unobtrusively (Ackerman and Cranor 1999). Our results suggest that for users who either have strong feelings about privacy or who are marginally concerned about privacy, very simple interfaces would likely be useful and usable. However, for the majority of users who take a pragmatic approach to privacy issues, it seems likely that a variety of mechanisms will be needed. While the vast majority of our respondents were concerned about privacy (only 13% said they were "not very" or "not at all" concerned about privacy threats), their reactions to scenarios involving online data collection were extremely varied. Some respondents reported that they would rarely be willing to provide personal data online, others showed some willingness to provide data depending on the situation, and others were quite willing to provide data -- regardless of whether or not they reported a high level of concern about privacy. Thus it seems unlikely that a one-size-fits-all approach to online privacy is likely to succeed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lorrie Faith Cranor <lorrie@research.att.com> AT&T Labs-Research, Shannon Laboratory 180 Park Ave. Room A241, Florham Park, NJ 07932 Phone: 973-360-8607 FAX: 973-360-8970 http://www.research.att.com/~lorrie/ ------------------------------ End of PRIVACY Forum Digest 08.08 ************************
Copyright © 2005 Vortex Technology. All Rights Reserved.