|
PRIVACY Forum Archive Document
|
PRIVACY Forum Digest Friday, 27 August 1999 Volume 08 : Issue 12
(http://www.vortex.com/privacy/priv.08.12)
Moderated by Lauren Weinstein (lauren@vortex.com)
Vortex Technology, Woodland Hills, CA, U.S.A.
http://www.vortex.com
===== PRIVACY FORUM =====
-------------------------------------------------------------------
The PRIVACY Forum is supported in part by
the ACM (Association for Computing Machinery)
Committee on Computers and Public Policy,
Cable & Wireless USA, Cisco Systems, Inc.,
and Telos Systems.
- - -
These organizations do not operate or control the
PRIVACY Forum in any manner, and their support does not
imply agreement on their part with nor responsibility
for any materials posted on or related to the PRIVACY Forum.
-------------------------------------------------------------------
CONTENTS
Cyberspace Electronic Security Act
(Lauren Weinstein; PRIVACY Forum Moderator)
SBC/PacBell Ties Employee Perks to Home Caller ID Blocking Choices
(Lauren Weinstein; PRIVACY Forum Moderator)
FCC Appealing Customer Calling Data Decision
(Lauren Weinstein; PRIVACY Forum Moderator)
Aggregated Data Does Matter: Amazon.com
(Lauren Weinstein; PRIVACY Forum Moderator)
DoubleClick knows what you are searching for (Chris Brenton)
1999-08-05 Executive Order on Unlawful Conduct on the Internet
(Monty Solomon)
CPSR Conference, Stanford, Oct. 2-3 (Susan Evoy)
*** Please include a RELEVANT "Subject:" line on all submissions! ***
*** Submissions without them may be ignored! ***
-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond. The
moderator will choose submissions for inclusion based on their relevance and
content. Submissions will not be routinely acknowledged.
All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored. Excessive "signatures" on submissions are
subject to editing. Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com". Mailing list problems should be reported to
"list-maint@vortex.com".
All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password. The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access. PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system. Please follow the instructions above
for getting the list server "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.
All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com/". Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------
VOLUME 08, ISSUE 12
Quote for the day:
"Most everyone's mad here."
-- The Cheshire Cat (Sterling Holloway)
"Alice in Wonderland" (Disney; 1951)
----------------------------------------------------------------------
Date: Tue, 24 Aug 99 21:57 PDT
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Cyberspace Electronic Security Act
Greetings. Since much has been written in the mainstream press
about the Department of Justice draft regarding access to encrypted
computer data, tagged the "Cyberspace Electronic Security Act,"
I won't rehash the details here, except to add a few points.
First, a particularly interesting analysis of the draft appeared in the
British publication "The Register" (see:
http://www.theregister.co.uk/990824-000001.html). Their analysis notes that
the "black bag" aspects of the plan, which would permit surreptitious
entries to "modify" computers, for the purpose of bypassing encryption
systems, has been receiving most of the attention. But they also point out
that this is possibly the most problematic aspect of the proposal, which
would likely be usable only in very limited circumstances and probably with
a very low likelihood of success. They also note that the sorts of
dramatic, critical situations being used as primary examples by the proposal's
proponents (kidnappings, etc.) are unlikely to benefit from such procedures.
Of more interest, The Register suggests, is the probability that a more
important purpose of the proposal is to create an environment where specific
information ceased from computers under warrants could be usable in court
without authorities having to obtain carte blanche access to everything on
the seized machine. In any case, I recommend reading over their piece.
One point I'd like to make about this proposal is that it would seem on its
face that situations where PCs were compromised by "clandestine" operations
to disable encryption, might create serious problems when it came to
evaluating any data evidence later seized from such a system. Once a system
has been so "penetrated," it would seem likely that defense attorneys would
tend to suggest that the data evidence could no longer be trusted. "Who
knows what they really did while they were monkeying around with that
computer?"--they'll say. This could be a significant problem in court.
And finally, it seems very unlikely that the portions of the proposal
relating to the surreptitious entries and such will pass both houses of
Congress to become law, especially after the lashing it has received in the
press as of late.
The government's concerns about encryption relating to serious crimes are
very real. It's easy to forget that there really are genuinely "bad"
people out there who can abuse such technologies. But this proposal is on
the wrong track in a free society.
--Lauren--
Lauren Weinstein
lauren@vortex.com
Moderator, PRIVACY Forum --- http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Host, "Vortex Reality Report & Unreality Trivia Quiz"
--- http://www.vortex.com/reality
------------------------------
Date: Thu, 19 Aug 99 22:05 PDT
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: SBC/PacBell Ties Employee Perks to Home Caller ID Blocking Choices
Greetings. In a move that demonstrates just how aggressively they're
pushing the use of Calling Number ID services, Texas-based SBC
Communications, which owns telephone companies Pacific Bell and Southwestern
Bell, as well as Cellular One and other telecommunications firms (with more
large acquisitions on the way), has tied popular employee "perks" to
employees' choice of caller ID blocking options at home.
Apparently this effort, aimed at discouraging employee's choice of per-line
caller ID blocking, is related to SBC concerns that the large numbers of
subscribers choosing this blocking have "devalued" the high-profit caller ID
service. Caller ID receives significantly lower subscribership rates where
per-line blocking is widely chosen (naturally enough). SBC has in the past
implemented other steps to try discourage the use of per-line caller ID
blocking. On the Pacific Bell automated features system, for example,
subscribers can choose to remove per-line blocking from their line for free
through the system. They apparently cannot, however, choose to add
per-line blocking through that same system!
SBC employees have indicated that they are instructed to suggest caller ID
services whenever possible, and to assert how much "easier" it supposedly is
to use your phone when you don't have per-line blocking. Little mention is
ever made of the per-call unblocking function available for free to all
per-line blocking subscribers, of course.
SBC has decreed that since January 1, 1999, employees will not receive
"vertical service concessions" on their home phones if they choose per-line
caller ID blocking on those lines (where it is available). Traditionally,
concessions are discounts (typically 10-15% or so, though they can be higher
in some cases) that many regular telephone company employees have received
on their home phone service, as an employee benefit. Employees with these
sorts of traditional "dialtone" concessions were grandfathered on Jan. 1,
and can continue to receive them. Newer employees who are offered
concessions can choose from various custom calling features (e.g. call
waiting, 3-way calling, etc.), but they'll receive these on a discounted
concession basis only if they choose not to avail themselves of any
per-line caller ID blocking options. In other words, they must depend on
per-call blocking, or they'll receive no vertical service concessions.
SBC should of course be free to negotiate employee compensations as they
wish, as per applicable laws and regulations. And apparently this rule was
established as part of employee bargaining agreements. It's also apparently
the case that traditional concessions have often been tied to employees
not choosing to have non-published (unlisted) numbers for those lines.
But SBC's linkage of benefits (or perks, depending on your definitions) to
employees' personal choices of privacy options on their home phones seems
worthy of at least a few raised eyebrows. Is it really necessary to go to
this sort of extreme to promote caller ID, if the service is really so
valuable to customers?
--Lauren--
Lauren Weinstein
lauren@vortex.com
Moderator, PRIVACY Forum --- http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Host, "Vortex Reality Report & Unreality Trivia Quiz"
--- http://www.vortex.com/reality
------------------------------
Date: Tue, 24 Aug 99 22:14 PDT
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: FCC Appealing Customer Calling Data Decision
Greetings. The Federal Communications Commission is appealing to the full
10th U.S. Circuit Court of Appeals a decision by a three judge panel of the
Court, to strike down last year's toughening of rules regarding telephone
company use or release of customer calling data or other related information
for marketing purposes.
The FCC's rule changes had made it necessary for telephone customers to
"opt-in" to such releases or marketing plans. You may have noticed bill
inserts or forms regarding this issue, or you might be hearing recordings
when you call your local telco, asking you to "press 1 if we can use your
data to discuss services with you," "press 2 if you have questions," or so
on. (Interestingly, Pacific Bell here in California originally had option 2
as "press 2 if you don't want to give us permission, or if you have any
questions." Currently it no longer mentions the "don't want to give us
permission" part...
Admittedly, this area has become very complicated, for both the telephone
companies and consumers alike, with some telephone companies interpreting
the rules to apply to practically anything you might call to ask them, while
others have mainly been concerned with marketing issues relating to outside
firms who wanted access to the data for (mainly) telecommunications-related
services. The company and consumer confusion suggests that at the very
least the FCC rules needed clarification, and in fact the FCC had actually
just loosened them somewhat, apparently to address some of these issues,
just before the court panel's decision.
The panel's decision promotes the view that the ownership of the data is
invested in the telcos, who have first amendment rights that were
superseded by the FCC's rules. This conflict between "free speech" rights
of businesses and individual privacy rights is a recurring one in all manner
of industries and has yet to be decided or addressed in other than a very
piecemeal fashion. Also as usual, the issues of "opt-in" vs. "opt-out"
relating to marketing programs are at the heart of many of these concerns,
as we've discussed previously here in the PRIVACY Forum.
Since the FCC is appealing this decision upward, we'll just have to wait and
see what the next step is as this complex question, which may potentially
have impacts on other industries, plays itself out.
--Lauren--
Lauren Weinstein
lauren@vortex.com
Moderator, PRIVACY Forum --- http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Host, "Vortex Reality Report & Unreality Trivia Quiz"
--- http://www.vortex.com/reality
------------------------------
Date: Fri, 27 Aug 99 11:05 PDT
From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Aggregated Data Does Matter: Amazon.com
Greetings. As you may have heard, Amazon.com has generated surprise and
shock in many quarters by posting on their web site the names of popular
books ordered by persons located at various companies, listed by company
name! So immediately, people started drawing inferences about why so many
people at this firm or that firm bought particular books, some of which are
of a highly personal nature or related to particular competitive business
topics.
What's apparently going on is that Amazon is using their activity log data to
generate these lists--so they're not saying that a particular company paid
for a given book, just that the people who did so accessed Amazon from that
company. Amazon says that this was just supposed to be "fun"--that they
don't release the names of individual purchasers. It's not clear to me that
this should make you feel a whole lot better...
In response to a tirade of protests, Amazon will now permit individual
purchasers to opt-out of these aggregated listings--assuming they notice how
to do so, and entire companies supposedly can be completely removed by
sending a fax. Obviously the individual opt-out option renders any
remaining data about "popular" books at a given company meaningless, since
you'd never know how many people at that firm had already chosen to remove
their purchasing data from the database. So the stats have even less
scientific validity than originally (which wasn't much to start with).
You can read all of the sordid details about this in the mainstream press,
but there is one primary point I want to make. Amazon is taking an approach
that is increasingly being heard amongst web-based and other firms with
access to large amounts of transactional data. They all claim that so
long as they only release "aggregate" data, nobody's privacy is impacted.
But of course, before you can aggregate data, you have to collect specific
data, and as we see, such data does matter. It does reveal information
that many persons would prefer--and incorrectly assume--is private between
them and the entity with whom they're dealing. Most people are shocked when
they learn how much transactional data is collected about them in the
course of business, and how little control they have over it.
Freedom of speech can not (or at least should not) mean that whenever you
provide someone with a piece of personal information, that data then becomes
their private property to exploit without limit or recourse. There needs to
be a balance struck, but right now the scales are out of kilter, based on
19th Century attitudes towards what can be done with business-related data.
--Lauren--
Lauren Weinstein
lauren@vortex.com
Moderator, PRIVACY Forum --- http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Host, "Vortex Reality Report & Unreality Trivia Quiz"
--- http://www.vortex.com/reality
------------------------------
Date: Mon, 09 Aug 1999 09:45:40 -0400
From: Chris Brenton <cbrenton@sover.net>
Subject: DoubleClick knows what you are searching for
Greetings all,
Be aware that even if you take precautions to lock down your browser's
cookie settings (you can check out http://www.cookiecentral.com/ for
some good info on what can be done with cookies), DoubleClick has come
up alternate means of compiling user profile information.
try the following:
1) Go to http://www.altavista.com
2) Enter a search string
3) Sniff your outbound connection
What you will see is your local system creating a connection to:
http://ad.doubleclick.net/adi/altivista.digital.com/
in order to send the following string:
result_front;kw=all+search+words+you+entered;ord=nine_digit_ID_number
In other words, Altavista is reporting to DoubleClick the type of
information you are searching for on the Web. I have yet to determine
what the "ord" value is. It does not appear to be tied to a specific
cookie value but I have not done enough investigation work to be sure.
If anyone has additional info on this, it would be greatly appreciated.
If you don't have a sniffer, you can do a "netstat" on your local system
to see the connection to ad.doubleclick.net/. You have to hit it just
right though and this will not show you the info string you are sending
them.
If you read through Altavista's privacy statement
(http://www.altavista.com/av/content/privacy.htm ) it mentions using
cookies, but makes no mention that they are submitting user search
string data to DoubleClick.
Note that I have not seen this type of activity with any of the other
major search engines, but have had people tell me they have seen this
with a couple of the major news wires.
The only effective means I've found to prevent all of DoubleClick's
profiling attempts is to block all outbound traffic headed for their
domain. Obviously this is not an option for many people who connect via
dial-up to a local ISP.
Cheers,
Chris
[ The ad practice you describe is very common, and in fact
I've discussed the issue of AltaVista and Doubleclick a
number of times here in the PRIVACY Forum in the past.
Note that whether or not you see an "extra" connection
being created, such information can be passed through
"invisible" connections directly between the search engine
and the ad provider as well. Also, it is typical for
search engines to pass user search strings onward as part
of the URL information to the server that sends you the
actual item you've chosen from a search engine results
list.
-- PRIVACY Forum Moderator ]
------------------------------
Date: Mon, 9 Aug 1999 22:28:33 -0400
From: Monty Solomon <monty@roscom.com>
Subject: 1999-08-05 Executive Order on Unlawful Conduct on the Internet
THE WHITE HOUSE
Office of the Press Secretary
(Little Rock, Arkansas)
______________________________________________________________________
For Immediate Release August 6, 1999
EXECUTIVE ORDER
- - - - - - -
WORKING GROUP ON UNLAWFUL CONDUCT ON THE INTERNET
By the authority vested in me as President by the Constitution and
the laws of the United States of America, and in order to address
unlawful conduct that involves the use of the Internet, it is hereby
ordered as follows:
Section 1. Establishment and Purpose. (a) There is hereby
established a working group to address unlawful conduct that involves
the use of the Internet ("Working Group"). The purpose of the Working
Group shall be to prepare a report and recommendations concerning:
(1) The extent to which existing Federal laws provide a sufficient
basis for effective investigation and prosecution of unlawful
conduct that involves the use of the Internet, such as the
illegal sale of guns, explosives, controlled substances, and
prescription drugs, as well as fraud and child pornography.
(2) The extent to which new technology tools, capabilities, or
legal authorities may be required for effective investigation
and prosecution of unlawful conduct that involves the use of
the Internet; and
(3) The potential for new or existing tools and capabilities to
educate and empower parents, teachers, and others to prevent
or to minimize the risks from unlawful conduct that involves
the use of the Internet.
(b) The Working Group shall undertake this review in the context of
current Administration Internet policy, which includes support for
industry self-regulation where possible, technology-neutral laws and
regulations, and an appreciation of the Internet as an important medium
both domestically and internationally for commerce and free speech.
Sec. 2. Schedule. The Working Group shall complete its work to the
greatest extent possible and present its report and recommendations to
the President and Vice President within 120 days of the date of this
order. Prior to such presentation, the report and recommendations shall
be circulated through the Office of Management and Budget for review and
comment by all appropriate Federal agencies.
Sec. 3. Membership.
(a) The Working Group shall be composed of the following members:
(1) The Attorney General (who shall serve as Chair of the
Working Group).
(2) The Director of the Office of Management and Budget.
(3) The Secretary of the Treasury.
(4) The Secretary of Commerce.
(5) The Secretary of Education.
(6) The Director of the Federal Bureau of Investigation.
(7) The Director of the Bureau of Alcohol, Tobacco and
Firearms.
(8) The Administrator of the Drug Enforcement Administration.
(9) The Chair of the Federal Trade Commission.
(10) The Commissioner of the Food and Drug Administration; and
(11) Other Federal officials deemed appropriate by the Chair
of the Working Group.
(b) The co-chairs of the Interagency Working Group on Electronic
Commerce shall serve as liaison to and attend meetings of the Working
Group. Members of the Working Group may serve on the Working Group
through designees.
WILLIAM J. CLINTON
THE WHITE HOUSE,
August 5, 1999.
# # #
------------------------------
Date: 24 Aug 1999 17:20:32 -0000
From: sevoy@quark.cpsr.org (Susan Evoy)
Subject: CPSR Conference, Stanford, Oct. 2-3
Computer Professionals for Social Responsibility presents:
THE INTERNET GOLD RUSH OF '99:
CAN WE PAN FOR GOLD WHILE SERVING THE GOOD?
THE PURSUIT OF WEALTH AND EQUITY IN CYBERSPACE
OCTOBER 2-3, 1999, STANFORD UNIVERSITY
NORBERT WIENER AWARD FEATURED SPEAKERS
Eric Raymond & Larry Wall
accepting on behalf of the open-source software movement
SATURDAY, OCTOBER 2, 9:00AM-6:00PM
KEYNOTE: HISTORICAL AMNESIA IN THE SILICON GOLD RUSH
The chance to get rich in new communications technology has led
many to liken it to the California Gold Rush. A more apt metaphor
would be the Comstock Lode and its intimate embrace with the San
Francisco Stock Market. Dr. Gray Brechin will examine the forgotten
social and environmental costs of the Comstock speculative frenzy
and its parallels with Silicon Valley today.
PANELS AND INTERACTIONS
SOCIAL RESPONSIBILITY AND FINANCIAL SUCCESS - OXYMORON?
Panelists discuss their experiences in pursuing financial success while
supporting the public good. Topics include socially-responsible
venture capital financing, the evolution of public-interest enterprises
into commercial firms, and public-interest start-ups that suffered
financial failure. Are social responsibility and financial success
mutually exclusive, or do new ventures provide models that can be
applied elsewhere?
THE DIGITAL DIVIDE: IS THE INTERNET AS
GREAT EQUALIZER LOSING GROUND?
Despite dropping computer costs and a wide range of online
providers, recent reports show that the digital divide still exists, both
for economic and social reasons. These panelists all have experience
with trying to bridge the digital divide. Are we really providing
enough opportunity to those who are still not connected? To what
extent have our efforts been successful? Does the commercial FreePC
movement help or hurt these efforts?
SOFTWARE AT THE CROSSROADS: OPEN-SOURCE
SOFTWARE AND THE UNIFORM COMPUTER INFORMATION
TRANSACTIONS ACT (UCITA)>
Tomorrow's computing may well be determined by its choice of
software development methods. The proposed UCITA would enhance
the proprietary approach of private industry while reducing the rights
of software consumers. The open-source Movement, recently
discovered and highly acclaimed by the public and press, thrives using
a very different mode of software development. This panel will
explore the potential effects both of these initiatives will have on
computing in the future.
SATURDAY, OCTOBER 2, 6:30-8:30PM
RECEPTION AND WIENER AWARD CEREMONY
CPSR's prestigious Norbert Wiener Award for Social Responsibility in
Computing Technology is being awarded to the open-source software
movement. This movement profoundly challenges the belief that
market mechanisms are always best-suited for unleashing
technological innovation. This voluntary and collaborative model for
software development is providing a true alternative to proprietary,
closed software.
Eric Raymond, author of "The Cathedral and the Bazaar;" Larry Wall,
creator of Perl; and O'Reilly and Associates, publishers of open-source
documentation; will be accepting on behalf of the movement.
TICKETS FOR THE RECEPTION MAY BE PURCHASED WITHOUT
REGISTERING FOR THE CONFERENCE.
SUNDAY, OCTOBER 3
CPSR ANNUAL MEETING
We'll form groups and discuss Saturday's issues, the Net, DNS, and
whatever else we want to talk about.
This will be followed by the CPSR annual business meeting.
Sunday's annual meeting is free and open to everyone.
--------------------------------
Conference Committee Karen Coyle, Paul Czyzewski, Jeff Johnson,
Coralee Whitcomb, Susan Evoy
Stanford Visitor Information http://www.stanford.edu/home/visitors
Check in at http://www.cpsr.org/ for updates
Registration (Space is limited, so register early.)
Name ____________________________________________
(as it should appear on nametag)
Address __________________________________________
City_______________State ____Country ______ Zip ______
Telephone ( )_____________Email _____________________
Company/School Name _______________________________
Payment method: Check__ Visa __ MasterCard __
Card# __________________________ Exp Date _____
Early (RECEIVED BY 9/17) Later or On-Site
Member of CPSR $ 60 $ 75
Non-member $ 85 $100
New or Reactivating CPSR member and registration $ 95 ($10 more) $110
Low income participant or Student with ID $ 20 $ 25
Low income participant or Student member and reg $ 40 ($10 more) $ 45
Media Representative
from _____________________ - -
Wiener Award Reception
with conference registration $ 20 $ 30
without conference registration $ 40 $ 60
Donation to further CPSR's work $____
TOTAL ENCLOSED $ ____
Send completed registration form with payment to:
CPSR, PO Box 717, Palo Alto, CA 94302.
Or register soon on the World-Wide Web at
http://www.cpsr.org
CHECK IN AT HTTP://WWW.CPSR.ORG/ FOR DETAILS AND UPDATES SOON.
--
Susan Evoy * Deputy Director
http://www.cpsr.org/home.html
Computer Professionals for Social Responsibility
P.O. Box 717 * Palo Alto * CA * 94302
Phone: (650) 322-3778 * Fax: (650) 322-4748 *
Email: evoy@cpsr.org
------------------------------
End of PRIVACY Forum Digest 08.12
************************
Copyright © 2005 Vortex Technology. All Rights Reserved.