PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest      Saturday, 29 May 1999      Volume 08 : Issue 08

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                         http://www.vortex.com 
        
                       ===== PRIVACY FORUM =====              

    -------------------------------------------------------------------
                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
                 Committee on Computers and Public Policy,      
                 Cable & Wireless USA, Cisco Systems, Inc., 
                           and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.
    -------------------------------------------------------------------

              **********************************************
              * PRIVACY Forum Seven Year Anniversary Issue *
              **********************************************


CONTENTS 
        "Vortex Daily Reality Report & Unreality Trivia Quiz" ARCHIVE
           (Lauren Weinstein; PRIVACY Forum Moderator)
        New USPS Regulations for "Private Mailboxes"
           (Lauren Weinstein; PRIVACY Forum Moderator)
        Email IDs & Email privacy (Dan Yurman)
        "Decoding Developments in Iceland" [forwarded excerpt]
           (Peter Marshall)
        Euthanasia / Kevorkian (Charles Tompkins)
        Re: Euthanasia / Kevorkian (Mark Hull-Richter)
        Privacy comments in Bernstein decision (Jon Paul Nollmann)
        "Beyond Concern: Understanding Net Users' Attitudes 
           About Online Privacy" (Lorrie Faith Cranor)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions above
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com/".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------

VOLUME 08, ISSUE 08

     Quote for the day:
         
        "I'm a man who likes talking to a man who likes to talk."

           -- Kasper Gutman ["The Fat Man"] (Sydney Greenstreet)
              "The Maltese Falcon" (Warner Bros.; 1941)

----------------------------------------------------------------------

Date:    Sat, 29 May 99 10:41 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: "Vortex Daily Reality Report & Unreality Trivia Quiz" ARCHIVE

Greetings.  In response to numerous requests, I've now established
a permanent archive for the "Vortex Daily Reality Report & Unreality
Trivia Quiz" segments which I announced in the previous PRIVACY
Forum Digest.  All segments are available for (RealAudio) playback
at any time via this archive, which is organized by date with
the topic of each past report also listed.  The new main page for both
the current day's report and the archive of past segments is:

    http://www.vortex.com/reality

Just a few of the recent topics have included:

    Bank "Check Card" Risks (5/28)
    Australia's Internet Censorship (5/27)
    Espionage vs. High-Tech (5/26) 
    Media/Police Ride-Alongs (5/25)
    Y2K Paranoia (5/24)
    Internet Psychics (5/19)
    Tracked by your DNA (5/17)
    Contrail Conspiracy Theories (5/11)
    Telephone Taping (5/10)

A link for the submission of comments, questions, topic ideas, etc. has
also been established at http://www.vortex.com/reality -- and your
comments would be appreciated.  Thanks very much.

--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com

------------------------------

Date:    Sat, 29 May 99 10:30 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: New USPS Regulations for "Private Mailboxes" 

Greetings.  I've received a considerable number of messages regarding new
U.S. Postal Service regulations concerning the use of so-called "private"
mailboxes (PMBs).  These mailboxes are provided by private commercial
operations, such as "Mailboxes Etc." and countless independent providers
(many very small and ephemeral).  The basic new regulations are:

                --------------------

        On 24 April 1999, USPS is requiring changes for those who use and
        operate Commerical Mail Receiving Agencies (CMRA).

        1. NEW FORM 1583:  Requires that everyone who receives mail sign and
        provide ID. New form must be on file by May 15, 1999.  

        2. NEW ADDRESS DESIGNATION:  You MUST begin using this new form of
        address:

           NAME
           PMB xxx   (PMB=Private Mail Box)
           123 Main Street
           Anytown, NY 10019

        After 1 Nov. 1999, USPS WILL NOT DELIVER ANY MAIL THAT DOES NOT HAVE
        THE PMB DESIGNATION.  They will mark the mail undeliverable, and
        return it to the sender.

        These policies can be found in the Domestic Mail Manual, Sections
        Do42 and Fo20.

                --------------------

Most of the messages that I received on this topic have expressed concerns
that persons would no longer be able to use a PMB in a form that made it look
like a street address.  

This is a classic example of the double-edged nature of many privacy-related
issues.  While there are certainly legitimate privacy concerns that might
lead someone to use a PMB, it's also the case that they've become the
mechanism of choice for frauds, scams, and privacy-violating identity frauds
of all kinds (a tremendous proportion of SPAMs operate from PMBs as well).
Since they're heavily used to create the appearance of a legitimate street
address, one which can be abandoned instantly with little or no
accountability, a fertile mechanism for the unscrupulous had been created.

It appears that the new regulations basically bring the PMB operators into
line with the level of accountability present with standard Postal Service
P.O. Boxes.  Such USPS P.O. Boxes have been successfully used by both
businesses and individuals, for commercial and/or privacy reasons, for many
decades. 

It's unfortunate that the "bad apples" have forced this situation upon all
PMB users, but overall I think it's clear that the previously existing state
of affairs was no longer tenable and that some additional protections for
persons corresponding with PMB users had indeed become necessary.

Your opinions on this topic are welcome, of course.

--Lauren--
Lauren Weinstein
Moderator, PRIVACY Forum
http://www.vortex.com

------------------------------

Date: Mon, 10 May 1999 08:45:33 -0700 (PDT)
From: Dan Yurman <mdoidaho@yahoo.com>
Subject: Email IDs & Email privacy

The Risk of Three Letter User IDs in Free Email Accounts
by: Dan Yurman   mdoidaho@yahoo.com

Online privacy means your email address is yours alone, not interfered
with by Spam, lurkers, or people who think you are someone else because
of your user ID.

The proliferation of free email services available from a 'portal' sites
raises the question of how to insure your user ID is unique among
millions of other current and especially prior users of these services.

For instance, a quick tour of the major portals indicate free email is
available from the following locations. This is necessarily a
representative sample of sites chosen more or less for convenience, and
not for any commercial purpose.  Perhaps as many as 20 million people
have or have had free email accounts these or other sites.

http://www.hotmail.com/ 
http://www.hotbot.com/ 
http://www.yahoo.com/ 
http://www.lycos.com/ 
http://www.excite.com/ 
http://www.bigfoot.com/ 
http://www.switchboard.com/
http://www.zdnet.com/

For those of you who are considering signing up for a free hotmail
email account, or for any of the others, consider this lesson learned
from a friend.  Don't sign up for a user ID on Hotmail, or any other
free email service, using the three letters of your initials.  There
may be someone out there, in fact count on it, who also has those
initials, and who may have had a Hotmail or other free email account
prior to yours.

Hotmail, like other free email services, "recycles" user IDs.  This is
not unlike what the phone company does with your number after you move.

After a suitable period of time, it reissues the number to a new
customer.  Otherwise, it would run out of numbers.  I'm not picking on
Hotmail, just arbitrarily using them in this example since they are one
of the largest of the free email services.

This challenge is that you may not like what the previous "owner" of
your three letter user ID was interested in getting over the Internet. 
For instance, suppose the three letters of your initials are 'ABC'
yielding a Hotmail account of abc(at)hotmail(dot)com.  So, if your name
is 'Anna Belle Cornwall,' (a made up name for this posting with any
resemblance to a real person strictly coincidental) it may be the prior
user of that account name was Archie Bunker Cooper (same disclaimer).
If "Archie" was into less than mainstream interests, or worse, and
signed up for mailing lists on his favorite subjects, now innocent Anne
Belle is going to get that stuff because she now owns the account
abc(at)hotmail(dot)com.

Not only will she get all of 'Archie's' solicited mailing list
material, she will also get every piece of spam still hunting for valid
email addresses known to be linked to his user ID and interests.  If
she's lucky, all she'll get are some get rich quick schemes, the
occasional porno come on, and offers to buy stamp / coin collections or
HO train sets.  It could be a lot worse, especially if "Archie's"
ex-wife, his creditors, or other malcontents think they are still
talking to him over the Internet.  Of course, "Anna Belle" could try
answer them, but usually at this point explanations will not work, and
like trying to teach the proverbial pig to sing, only wastes her time
and annoys the pig.  The replies also tell spammers they have a valid
email address.

There is nothing she is going to be able to do about all that spam, and
the other stuff, except close the account and get a new one.  This
could be very inconvenient if she had already told her friends and
family about her new three letter user ID.

There are several good strategies to avoid this problem.

* Put a number in your hotmail or other free email user ID after the
1st letter, e.g a2bc(at)hotmail(dot)com, or in any position after the
first letter, except the last. Hotmail, unlike some others, requires
the first position to be a letter to avoid having their sites being the
origin of spam.

This strategy eliminates many heritage users IDs based on three
initials. Even with 26 letters in the alphabet, there are still a
finite number of combinations.  The available three letter combinations
go from AAA to ZZZ.  Since Hotmail has millions of users, your
probability of encountering a match using just the three initials of
your name, based on a prior or current user, is very high.  However,
assigning an arbitrary number within the three letter sequence
eliminates "collisions" with all users IDs based solely on three
initials.

* Use at least four letters, e.g. abcd(at)hotmail(dot)com, which will
also eliminate a pretty good percentage of the like instances of
inheriting three letter user IDs that have been recycled.  This
decreases the odds of encountering a match, but still raises the
possibilities of "collisions" with people who have shifted user ID
naming strategies from using their three initials to using their first
names.

If you use four letters and a number, after the 1st position, you have
significantly increased the odds that no one else will have ever had
this user ID before you.  Now you have not only eliminated three letter
user IDs based on initials, but also almost all user IDs based on first
names.  The exception is if you put the number in the last position,
e.g. if "Anna Belle" chooses 'anna5' etc.

* For a maximum strength strategy to avoid duplication with previous
email user ID owners try at least four letters plus mixing in say the
first two or three numbers of your house street address, last few
digits of your zip code, birthday date of your dog, cat, goldfish,
etc.,  or any other numeric sequence that is meaningful. If "Anna's"
zip code is 95472, she could choose a user ID of
A9n5n4a(at)hotmail(dot)com.

So if the mythical "Anne Belle" wants a no hassle user ID, that no one
among the millions of past Hotmail users have held, one of these simple
strategies should do the job for her.  However, don't put these numbers
at the end of the letter sequence.  Mix them in the middle.  It is
common for other online services like AOL and Prodigy to put numbers at
the end of user IDs to avoid duplications.

* Pick an entirely non-obvious combination, say the bar code for your
favorite beer brand, your initials combined with the current
temperature (your choice of indoor or outdoor readings), or, as in my
case, a geographic reference.  I choose the nearest USGS map corner,
but you could look up the lot lines of your home or apartment and get
carried away with surveying coordinates. :-)

The drawback is that these strategies fly in the face of personalizing
your free email account with something that others will remember
easily.  The whole point of the free email accounts is that they are
part of "mass customization" marketing strategies so the portal
companies may not like this advice, or at least not very much.  In fact
this advice may fall in the same category as the story about the
engineer who had to choose between a talking frog and a beautiful
princess.  The choice is an engineer's solution or a pretty user name,
but if you only want to use three letters or your first name, you may
get unwanted email.

I'm assuming you've already done some customization of your own with
your home ISP, and that your use of a free email account is to keep
some communications out of your priority email inbox, or for other
business or personal reasons.  Anyway, an informed choice is better
than no choice.

Enjoy the Internet.  Surf safely.

I am not affiliated with hotmail except as an end user of the service.

--
Dan Yurman  n43w112@hotmail.com  Eagle Rock, Idaho

------------------------------

Date:    Wed, 12 May 1999 15:22:26 -0700
From:    Peter Marshall <techdiff@ix.netcom.com>
Subject: "Decoding Developments in Iceland" [forwarded excerpt]

            --------------------
    
From: J. Erlendsson <joner@hi.is>
Date: Mon, 03 May 1999 12:41:29 +0100

THE ICELANDIC DATABASE CONTROVERSY
Decoding developments in Iceland

Bernhard Palsson and Snorri Thorgeirsson

As we write these comments, a 12-year license, which grants exclusive rights
to Iceland's entire health care database, is about to be given to an
American company, with a majority ownership of American venture capital
funds that also hold a majority on its board of directors. This license
would contain highly controversial conditions such as "presumed consent"
that would allow the company to use the personal data of any individual in
the database without their permission or "informed consent."  Iceland's
sovereignty is effectively at stake.

How did this remarkable turn of events come to pass? In August of 1996,
deCODE Genetics Inc. was founded and incorporated in the state of Delaware.
The company issued 20 million shares and sold 12 million to a group of seven
American venture funds at a $1 per share. A wholly owned Icelandic
subsidiary was established, and with $12 million the company started
operations in Iceland. By the end of 1997 it had 45 employees, a number that
has grown to 250 today. In early 1998, deCODE signed the largest deal at
that time in genomics with Hoffmann-LaRoche, valued at up to $200 million
over a five-year period. This partnership was focused on linkage studies in
12 diseases. deCODE then sold an additional 2 million shares to Icelandic
investors at $5 per share. These shares trade publicly in Iceland, and have
recently been trading at more than $22 per share, bringing the market
capitalization of deCODE to close to $500 million.

By all measures deCODE was a roaring success, and it was initially well
received in Iceland, bringing the benefits of high-paying jobs in a
high-tech industry. Its energetic president and CEO received manifold praise
and recognition for his accomplishments, including a nomination in the
magazine Red Herring in 1998 as one of the world's top 10 entrepreneurs.

However, deCODE's troubles began in March of 1998, when it helped formulate
a bill introduced into the Icelandic Parliament Althingi.... It authorizes
the establishment of a centralized health care database, which includes
detailed health care records and the ability to correlate them with
genealogical and genotypic information(1). One controversial part of the bill
is that it includes the provision that in exchange for paying for the
construction of the database-estimated to cost over $100 million-an
exclusive 12-year license would be granted for its use. The proposed law
included a number of features that were unprecedented, to say the least,
with regard to prior general medical, scientific, and ethical practices in
the conduct of R&D of health care products. Naturally enough, the bill
attracted considerable attention and there was and is a strong opposition to
it both domestically and internationally. Coverage of this issue has been
extensive(2)....

This database will contain genotypic data, and thus the most intimate
information about the individuals who will provide tissue samples for the
database. With advances in human genomics being so rapid, it is hard to tell
how much will be read (correctly or not) into genotypic information obtained
over the coming 12 years. Although we are promised that maximum effort to
maintain privacy will be made, in a small country like Iceland, the
individuals in the database can be identified with as little as three pieces
of readily available information (such as gender, date of birth, parent's
date of birth).

deCODE plans to go public. Thus, all the information in the centralized
database and its intrinsic value will be traded as a commodity on
international markets.  Comprehensive hereditary and health care information
for a whole nation, in a format in which every individual and his/her
characteristics can most likely be identified!  Nothing less than Iceland's
national identity is at stake....

Realizing this, a group of Icelandic physicians in an open letter(3) made a
plea to the board to reconsider its actions just before the passage of the
bill, in which they cited severe criticisms of all or parts of the bill by
no less than 30 Icelandic ethical and scientific associations. Their effort
was predictably to no avail-perhaps understandably, as it is the venture
funds that stand to gain the most, well over $200 million if the current
share price holds up. Their capital gains, if and when realized, will not
even be taxed in Iceland, and it is unclear what long-term benefit if any
the Icelandic nation will receive from this process. Since Iceland is only a
thousandth the size of the US, 250 high-paying jobs there are equivalent to
250,000 high-paying jobs in the US....

Needless to say, human genetic research can be conducted in Iceland as
elsewhere without implementation of controversial issues. Interestingly,
such research can be performed without the creation of such a centralized
database and an infringement on the exclusive license. Many genealogical
databases exist in private hands, as do patients' registries (and some are
explicitly excluded in the bill) and disease-specific physician-patient
groups and societies....

REFERENCES

1. English version of the legislation is found on
brunnur.stjr.is/interpro/htr/htr.nsf/pages/gagnagr-ensk
2. Hodgson, J. Nat. Biotechnol. 16, 896-897 and 16, 1017-1021 (1998);
see also Nat.  Genet. 20(2), 99-101 (1998), Science 280,
890-891(1998), Sci. Am. February 1998, p.  24.
3. See www.mannvernd.is/english/index.html, item 12.12.98.


Bernhard Palsson is professor of bioengineering and adjunct
professor of medicine, University of California, San Diego, La Jolla,
CA.

Snorri Thorgeirsson is laboratory chief, experimental
carcinogenesis, National Cancer Institute, Bethesda, MD.

The views expressed here are the authors' own, and do not reflect the
opinions of their home institutions.

e-mail: bpallson@be-research.ucsc.edu.

--
Thomas A. Poe, M.D., Director
The World Center For Clinical Research
2500 Dickerson Rd, H-124 Reno, NV 89503-4801
admin@worldccr.org   http://www.worldccr.org

------------------------------

Date:    Wed, 05 May 1999 16:47:15 -0500
From:    Charles Tompkins <TOMPKINSC@NDU.EDU>
Subject: Euthanasia / Kevorkian

James Cayz writes:

"I find that today's society has the greatest case of "societal selfishness"
with regards to euthanasia."

Difficult to disagree with this assertion when Mr. Cayz' message appears to
equate euthanizing pets and throwing away food with assisted suicide.
Permitting assisted suicide is both a more serious issue than he appears to
suggest and much too serious to be dismissed as "merely" an issue of
privacy.  Without dismissing the theological issues (which are inappropriate
for discussion on this list), the nature of the legal and sociological
safeguards against abuse of the "right" of suicide requires very careful
consideration.

Charles E. Tompkins III, J.D.
Professor of Systems Management
National Defense University
(202) 685-2069

------------------------------

Date:    Tue, 04 May 1999 12:26:09 -0700
From:    Mark Hull-Richter <markh@procom.com>
Subject: Re: Euthanasia / Kevorkian

This is exactly one of the biggest problems with the so-called
"Pro-Life" movement and the attitude of all of its adherents.  They
claim the right to dictate to others (us, women in particular) that all
"conceptions" be protected all the way through birth, and not for one
second thereafter, even at the expense of the life of the mother.

The other side, the "Pro-Choice" movement, seeks solely to protect the
privacy of the mother and her right to choose whether or not to give
birth to an unwanted child.

While I do not approve of abortion per se, I believe that the state of
child abuse and molestation in this country is totally unacceptable. 
Until we are prepared to ensure that all births are "wanted," and that
even those which start out as wanted but degenerate into the unwanted
category will be fostered and cared for in a loving, nurturing home, it
is the absolute and overriding burden on our legislative bodies to
abstain from the process altogether.  Until legislation can be adopted
to ensure the safe and secure raising of all of society's children into
mature adults, legislation restricting the rights of mothers to decide
whether to bear children or not is at least abhorrent, if not
unthinkable.

We need to destroy the cycle of abuse and/or neglect that leads to
tragedies involving children, whether by accident or design.

What does this have to do with privacy?  Read Griswold vs. Connecticut
(which established an inherent right to privacy in the U.S.
Constitution) and Roe vs. Wade (which derived the right to abortion from
the right to privacy) - it has EVERYTHING to do with privacy.

Perhaps it is time we pushed Congress to pass an explicit Right to
Privacy amendment to the Constitution.  It's certainly more important an
issue than whether or not we have the right to burn a piece of cloth in
public, just because it happens to be striped and starred appropriately.

------------------------------

Date:    Thu, 6 May 1999 18:35:02 -0700 (PDT)
From:    sinster@darkwater.com
Subject: Privacy comments in Bernstein decision

The following text is present in the comments section of the majority
decision in Bernstein v. USDOJ (US 9th circuit court of appeals,
97-16686 at 4242).

         Second, we note that the government's efforts to
         regulate and control the spread of knowledge relating to
         encryption may implicate more than the First Amendment rights
         of cryptographers. In this increasingly electronic age, we
         are all required in our everyday lives to rely on modern
         technology to communicate with one another. This reliance on
         electronic communication, however, has brought with it a
         dramatic diminution in our ability to communicate
         privately. Cellular phones are subject to monitoring, email
         is easily intercepted, and transactions over the internet are
         often less than secure.  Something as commonplace as
         furnishing our credit card number, social security number, or
         bank account number puts each of us at risk. Moreover, when
         we employ electronic methods of communication, we often leave
         electronic "fingerprints" behind, fingerprints that can be
         traced back to us. Whether we are surveilled by our
         government, by criminals, or by our neighbors, it is fair to
         say that never has our ability to shield our affairs from
         prying eyes been at such a low ebb. The availability and use
         of secure encryption may offer an opportunity to reclaim some
         portion of the privacy we have lost. Government efforts to
         control encryption thus may well implicate not only the First
         Amendment rights of cryptographers intent on pushing the
         boundaries of their science, but also the constitutional
         rights of each of us as potential recipients of encryption's
         bounty. Viewed from this perspective, the government's
         efforts to retard progress in cryptography may implicate the
         Fourth Amendment, as well as the right to speak anonymously,
         see McIntyre v. Ohio Elections Comm'n, 115 S. Ct. 1511, 1524
         (1995) , the right against compelled speech, see Wooley
         v. Maynard, 430 U.S. 705, 714 (1977), and the right to
         informational privacy, see Whalen v. Roe, 429 U.S. 589,
         599-600 (1977). While we leave for another day the resolution
         of these difficult issues, it is important to point out that
         Bernstein's is a suit not merely concerning a small group of
         scientists laboring in an esoteric field, but also touches on
         the public interest broadly defined.

It's very gratifying to see that at least some courts are sensitive to
our slowly draining privacy, even if they haven't actually issued many
judgments on the issue.

-- 
Jon Paul Nollmann ne' Darren Senn                      sinster@balltech.net

------------------------------

Date:     Wed, 14 Apr 1999 11:20:19 -0400
From:    "Lorrie Faith Cranor" <lorrie@research.att.com>
Subject: "Beyond Concern: Understanding Net Users' Attitudes 
          About Online Privacy"

My colleagues and I have released an AT&T Labs-Research Technical
Report on our study of Net users' attitudes about online privacy. I
have attached the executive summary below. The full report is
available online at:

http://www.research.att.com/projects/privacystudy/

Feel free to forward this.

Lorrie


Beyond Concern: Understanding Net Users' Attitudes About Online Privacy

by Lorrie Faith Cranor, Joseph Reagle, and Mark S. Ackerman

14 April 1999

Executive Summary

People are concerned about privacy, particularly on the
Internet. While many studies have provided evidence of this concern,
few have explored the nature of the concern in detail, especially for
the online environment. With this study, we have tried to better
understand the nature of online privacy concerns; we look beyond the
fact that people are concerned and attempt to understand how they are
concerned. We hope our results will help inform both policy decisions
as well as the development of technology tools that can assist
Internet users in protecting their privacy.

We present results here from the analysis of 381 questionnaires
completed between November 6 and November 13, 1998 by American
Internet users. The sample was drawn from the FamilyPC
magazine/Digital Research, Inc. Family Panel. While this is not a
statistically representative sample of US Internet users, our
respondents are heavy Internet users, and quite possibly lead
innovators. As such, we believe that this sample is important for
understanding the future Internet user population.

Major Findings

Internet users are more likely to provide information when they are
not identified. When presented with scenarios involving the provision
of personal data to Web sites, our respondents were much less willing
to provide information when personally identifiable information was
requested.

Some types of data are more sensitive than others. Our respondents
were generally comfortable providing preference information to Web
sites. However, they were often very uncomfortable providing credit
card numbers and social security numbers. We also observed significant
differences in sensitivity to seemingly similar kinds of data. For
example, while postal mail address, phone number, and email address
can all be used to contact someone, most of our respondents said they
would never or rarely feel comfortable providing their phone number
but would usually or always feel comfortable providing their email
address. The comfort level for postal mail address fell somewhere in
between.

Many factors are important in decisions about information
disclosure. When deciding whether to provide information to Web sites,
our respondents report that the most important factor is whether or
not information will be shared with other companies and
organizations. Other highly important factors include whether
information is used in an identifiable way, the kind of information
collected, and the purpose for which the information is
collected. Whether a site posts a privacy policy, whether a site has a
privacy seal of approval, and whether a site discloses a data
retention policy were viewed as important, but considerably less so
than the other factors we asked about.

Acceptance of the use of persistent identifiers varies according to
their purpose. Fifty-two percent of our respondents indicated they
were concerned about Web cookies, and another 12% said they were
uncertain about what a cookie is. Of those who knew what cookies were,
56% said they had changed their cookie settings to something other
than accepting all cookies without warning. However, 78% of
respondents said they would definitely or probably agree to Web sites
using persistent identifiers (possibly implemented using cookies) to
provide a customized service. Fewer (60%) would agree to the use of
such an identifier to provide customized advertising, and fewer still
(44%) would agree to using the identifier to provide customized
advertising across many Web sites.

Internet users dislike automatic data transfer. While our respondents
said they are interested in tools that make using the Web more
convenient, most do not want these tools to transfer information about
them to Web sites automatically. When asked about several possible
browser features that would make it easier to provide information to
Web sites, 86% of respondents reported no interest in features that
would automatically transfer their data to Web sites without any user
intervention.

Internet users dislike unsolicited communications. Respondents
indicated a strong desire to avoid unsolicited communications
resulting from providing information to Web sites. For example, 61% of
respondents who said they would be willing to provide their name and
postal mail address to a site in order to receive free pamphlets and
coupons said they would be less likely to provide the information if
it would be shared with other companies and used to send them
additional marketing materials.

A joint program of privacy policies and privacy seals seemingly
provides a comparable level of user confidence as that provided by
privacy laws. We described a scenario in which a Web site with
interesting information related to a favorite hobby asks for a
visitor's name and postal address in order to provide free pamphlets
and coupons. Of the respondents who were unsure or said they would not
provide the requested information:

- 48% said they would be more likely to provide it if there was a law
that prevented the site from using the information for any purpose
other than processing the request,

- 28% said they would be more likely to provide it if the site had a
privacy policy,

- and 58% said they would be more likely to provide it if the site had
both a privacy policy and a seal of approval from a well-known
organization such as the Better Business Bureau or the AAA.

On the other hand, when we asked respondents about online privacy seal
programs without mentioning any specific brand names, their responses
suggest that they do not yet understand how Internet seal programs
work.

We are continuing to analyze our survey data and plan to collect more
data to further explore these and other issues. We expect to provide
more detailed analyses in future reports.

Implications

Finally, we believe that a few technical and policy implications can
be drawn from our work. As the software engineering community attempts
to implement the Platform for Privacy Preferences (P3P) and similar
privacy protocols, one of the major issues will be designing suitable
user interfaces for these systems. Such systems need to inform users
when user privacy might be at risk. However, not only must a user
interface present an extremely complex information and decision space,
it must do so seamlessly and unobtrusively (Ackerman and Cranor
1999). Our results suggest that for users who either have strong
feelings about privacy or who are marginally concerned about privacy,
very simple interfaces would likely be useful and usable. However, for
the majority of users who take a pragmatic approach to privacy issues,
it seems likely that a variety of mechanisms will be needed.

While the vast majority of our respondents were concerned about
privacy (only 13% said they were "not very" or "not at all" concerned
about privacy threats), their reactions to scenarios involving online
data collection were extremely varied. Some respondents reported that
they would rarely be willing to provide personal data online, others
showed some willingness to provide data depending on the situation,
and others were quite willing to provide data -- regardless of whether
or not they reported a high level of concern about privacy. Thus it
seems unlikely that a one-size-fits-all approach to online privacy is
likely to succeed.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lorrie Faith Cranor <lorrie@research.att.com>
AT&T Labs-Research, Shannon Laboratory
180 Park Ave. Room A241, Florham Park, NJ 07932
Phone: 973-360-8607  FAX: 973-360-8970
http://www.research.att.com/~lorrie/

------------------------------

End of PRIVACY Forum Digest 08.08
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.