PRIVACY Forum Archive Document
PRIVACY Forum Digest Friday, 27 August 1999 Volume 08 : Issue 12 (http://www.vortex.com/privacy/priv.08.12) Moderated by Lauren Weinstein (firstname.lastname@example.org) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Cyberspace Electronic Security Act (Lauren Weinstein; PRIVACY Forum Moderator) SBC/PacBell Ties Employee Perks to Home Caller ID Blocking Choices (Lauren Weinstein; PRIVACY Forum Moderator) FCC Appealing Customer Calling Data Decision (Lauren Weinstein; PRIVACY Forum Moderator) Aggregated Data Does Matter: Amazon.com (Lauren Weinstein; PRIVACY Forum Moderator) DoubleClick knows what you are searching for (Chris Brenton) 1999-08-05 Executive Order on Unlawful Conduct on the Internet (Monty Solomon) CPSR Conference, Stanford, Oct. 2-3 (Susan Evoy) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "email@example.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "firstname.lastname@example.org". Mailing list problems should be reported to "email@example.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com/". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 08, ISSUE 12 Quote for the day: "Most everyone's mad here." -- The Cheshire Cat (Sterling Holloway) "Alice in Wonderland" (Disney; 1951) ---------------------------------------------------------------------- Date: Tue, 24 Aug 99 21:57 PDT From: firstname.lastname@example.org (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Cyberspace Electronic Security Act Greetings. Since much has been written in the mainstream press about the Department of Justice draft regarding access to encrypted computer data, tagged the "Cyberspace Electronic Security Act," I won't rehash the details here, except to add a few points. First, a particularly interesting analysis of the draft appeared in the British publication "The Register" (see: http://www.theregister.co.uk/990824-000001.html). Their analysis notes that the "black bag" aspects of the plan, which would permit surreptitious entries to "modify" computers, for the purpose of bypassing encryption systems, has been receiving most of the attention. But they also point out that this is possibly the most problematic aspect of the proposal, which would likely be usable only in very limited circumstances and probably with a very low likelihood of success. They also note that the sorts of dramatic, critical situations being used as primary examples by the proposal's proponents (kidnappings, etc.) are unlikely to benefit from such procedures. Of more interest, The Register suggests, is the probability that a more important purpose of the proposal is to create an environment where specific information ceased from computers under warrants could be usable in court without authorities having to obtain carte blanche access to everything on the seized machine. In any case, I recommend reading over their piece. One point I'd like to make about this proposal is that it would seem on its face that situations where PCs were compromised by "clandestine" operations to disable encryption, might create serious problems when it came to evaluating any data evidence later seized from such a system. Once a system has been so "penetrated," it would seem likely that defense attorneys would tend to suggest that the data evidence could no longer be trusted. "Who knows what they really did while they were monkeying around with that computer?"--they'll say. This could be a significant problem in court. And finally, it seems very unlikely that the portions of the proposal relating to the surreptitious entries and such will pass both houses of Congress to become law, especially after the lashing it has received in the press as of late. The government's concerns about encryption relating to serious crimes are very real. It's easy to forget that there really are genuinely "bad" people out there who can abuse such technologies. But this proposal is on the wrong track in a free society. --Lauren-- Lauren Weinstein email@example.com Moderator, PRIVACY Forum --- http://www.vortex.com Member, ACM Committee on Computers and Public Policy Host, "Vortex Reality Report & Unreality Trivia Quiz" --- http://www.vortex.com/reality ------------------------------ Date: Thu, 19 Aug 99 22:05 PDT From: firstname.lastname@example.org (Lauren Weinstein; PRIVACY Forum Moderator) Subject: SBC/PacBell Ties Employee Perks to Home Caller ID Blocking Choices Greetings. In a move that demonstrates just how aggressively they're pushing the use of Calling Number ID services, Texas-based SBC Communications, which owns telephone companies Pacific Bell and Southwestern Bell, as well as Cellular One and other telecommunications firms (with more large acquisitions on the way), has tied popular employee "perks" to employees' choice of caller ID blocking options at home. Apparently this effort, aimed at discouraging employee's choice of per-line caller ID blocking, is related to SBC concerns that the large numbers of subscribers choosing this blocking have "devalued" the high-profit caller ID service. Caller ID receives significantly lower subscribership rates where per-line blocking is widely chosen (naturally enough). SBC has in the past implemented other steps to try discourage the use of per-line caller ID blocking. On the Pacific Bell automated features system, for example, subscribers can choose to remove per-line blocking from their line for free through the system. They apparently cannot, however, choose to add per-line blocking through that same system! SBC employees have indicated that they are instructed to suggest caller ID services whenever possible, and to assert how much "easier" it supposedly is to use your phone when you don't have per-line blocking. Little mention is ever made of the per-call unblocking function available for free to all per-line blocking subscribers, of course. SBC has decreed that since January 1, 1999, employees will not receive "vertical service concessions" on their home phones if they choose per-line caller ID blocking on those lines (where it is available). Traditionally, concessions are discounts (typically 10-15% or so, though they can be higher in some cases) that many regular telephone company employees have received on their home phone service, as an employee benefit. Employees with these sorts of traditional "dialtone" concessions were grandfathered on Jan. 1, and can continue to receive them. Newer employees who are offered concessions can choose from various custom calling features (e.g. call waiting, 3-way calling, etc.), but they'll receive these on a discounted concession basis only if they choose not to avail themselves of any per-line caller ID blocking options. In other words, they must depend on per-call blocking, or they'll receive no vertical service concessions. SBC should of course be free to negotiate employee compensations as they wish, as per applicable laws and regulations. And apparently this rule was established as part of employee bargaining agreements. It's also apparently the case that traditional concessions have often been tied to employees not choosing to have non-published (unlisted) numbers for those lines. But SBC's linkage of benefits (or perks, depending on your definitions) to employees' personal choices of privacy options on their home phones seems worthy of at least a few raised eyebrows. Is it really necessary to go to this sort of extreme to promote caller ID, if the service is really so valuable to customers? --Lauren-- Lauren Weinstein email@example.com Moderator, PRIVACY Forum --- http://www.vortex.com Member, ACM Committee on Computers and Public Policy Host, "Vortex Reality Report & Unreality Trivia Quiz" --- http://www.vortex.com/reality ------------------------------ Date: Tue, 24 Aug 99 22:14 PDT From: firstname.lastname@example.org (Lauren Weinstein; PRIVACY Forum Moderator) Subject: FCC Appealing Customer Calling Data Decision Greetings. The Federal Communications Commission is appealing to the full 10th U.S. Circuit Court of Appeals a decision by a three judge panel of the Court, to strike down last year's toughening of rules regarding telephone company use or release of customer calling data or other related information for marketing purposes. The FCC's rule changes had made it necessary for telephone customers to "opt-in" to such releases or marketing plans. You may have noticed bill inserts or forms regarding this issue, or you might be hearing recordings when you call your local telco, asking you to "press 1 if we can use your data to discuss services with you," "press 2 if you have questions," or so on. (Interestingly, Pacific Bell here in California originally had option 2 as "press 2 if you don't want to give us permission, or if you have any questions." Currently it no longer mentions the "don't want to give us permission" part... Admittedly, this area has become very complicated, for both the telephone companies and consumers alike, with some telephone companies interpreting the rules to apply to practically anything you might call to ask them, while others have mainly been concerned with marketing issues relating to outside firms who wanted access to the data for (mainly) telecommunications-related services. The company and consumer confusion suggests that at the very least the FCC rules needed clarification, and in fact the FCC had actually just loosened them somewhat, apparently to address some of these issues, just before the court panel's decision. The panel's decision promotes the view that the ownership of the data is invested in the telcos, who have first amendment rights that were superseded by the FCC's rules. This conflict between "free speech" rights of businesses and individual privacy rights is a recurring one in all manner of industries and has yet to be decided or addressed in other than a very piecemeal fashion. Also as usual, the issues of "opt-in" vs. "opt-out" relating to marketing programs are at the heart of many of these concerns, as we've discussed previously here in the PRIVACY Forum. Since the FCC is appealing this decision upward, we'll just have to wait and see what the next step is as this complex question, which may potentially have impacts on other industries, plays itself out. --Lauren-- Lauren Weinstein email@example.com Moderator, PRIVACY Forum --- http://www.vortex.com Member, ACM Committee on Computers and Public Policy Host, "Vortex Reality Report & Unreality Trivia Quiz" --- http://www.vortex.com/reality ------------------------------ Date: Fri, 27 Aug 99 11:05 PDT From: firstname.lastname@example.org (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Aggregated Data Does Matter: Amazon.com Greetings. As you may have heard, Amazon.com has generated surprise and shock in many quarters by posting on their web site the names of popular books ordered by persons located at various companies, listed by company name! So immediately, people started drawing inferences about why so many people at this firm or that firm bought particular books, some of which are of a highly personal nature or related to particular competitive business topics. What's apparently going on is that Amazon is using their activity log data to generate these lists--so they're not saying that a particular company paid for a given book, just that the people who did so accessed Amazon from that company. Amazon says that this was just supposed to be "fun"--that they don't release the names of individual purchasers. It's not clear to me that this should make you feel a whole lot better... In response to a tirade of protests, Amazon will now permit individual purchasers to opt-out of these aggregated listings--assuming they notice how to do so, and entire companies supposedly can be completely removed by sending a fax. Obviously the individual opt-out option renders any remaining data about "popular" books at a given company meaningless, since you'd never know how many people at that firm had already chosen to remove their purchasing data from the database. So the stats have even less scientific validity than originally (which wasn't much to start with). You can read all of the sordid details about this in the mainstream press, but there is one primary point I want to make. Amazon is taking an approach that is increasingly being heard amongst web-based and other firms with access to large amounts of transactional data. They all claim that so long as they only release "aggregate" data, nobody's privacy is impacted. But of course, before you can aggregate data, you have to collect specific data, and as we see, such data does matter. It does reveal information that many persons would prefer--and incorrectly assume--is private between them and the entity with whom they're dealing. Most people are shocked when they learn how much transactional data is collected about them in the course of business, and how little control they have over it. Freedom of speech can not (or at least should not) mean that whenever you provide someone with a piece of personal information, that data then becomes their private property to exploit without limit or recourse. There needs to be a balance struck, but right now the scales are out of kilter, based on 19th Century attitudes towards what can be done with business-related data. --Lauren-- Lauren Weinstein email@example.com Moderator, PRIVACY Forum --- http://www.vortex.com Member, ACM Committee on Computers and Public Policy Host, "Vortex Reality Report & Unreality Trivia Quiz" --- http://www.vortex.com/reality ------------------------------ Date: Mon, 09 Aug 1999 09:45:40 -0400 From: Chris Brenton <firstname.lastname@example.org> Subject: DoubleClick knows what you are searching for Greetings all, Be aware that even if you take precautions to lock down your browser's cookie settings (you can check out http://www.cookiecentral.com/ for some good info on what can be done with cookies), DoubleClick has come up alternate means of compiling user profile information. try the following: 1) Go to http://www.altavista.com 2) Enter a search string 3) Sniff your outbound connection What you will see is your local system creating a connection to: http://ad.doubleclick.net/adi/altivista.digital.com/ in order to send the following string: result_front;kw=all+search+words+you+entered;ord=nine_digit_ID_number In other words, Altavista is reporting to DoubleClick the type of information you are searching for on the Web. I have yet to determine what the "ord" value is. It does not appear to be tied to a specific cookie value but I have not done enough investigation work to be sure. If anyone has additional info on this, it would be greatly appreciated. If you don't have a sniffer, you can do a "netstat" on your local system to see the connection to ad.doubleclick.net/. You have to hit it just right though and this will not show you the info string you are sending them. If you read through Altavista's privacy statement (http://www.altavista.com/av/content/privacy.htm ) it mentions using cookies, but makes no mention that they are submitting user search string data to DoubleClick. Note that I have not seen this type of activity with any of the other major search engines, but have had people tell me they have seen this with a couple of the major news wires. The only effective means I've found to prevent all of DoubleClick's profiling attempts is to block all outbound traffic headed for their domain. Obviously this is not an option for many people who connect via dial-up to a local ISP. Cheers, Chris [ The ad practice you describe is very common, and in fact I've discussed the issue of AltaVista and Doubleclick a number of times here in the PRIVACY Forum in the past. Note that whether or not you see an "extra" connection being created, such information can be passed through "invisible" connections directly between the search engine and the ad provider as well. Also, it is typical for search engines to pass user search strings onward as part of the URL information to the server that sends you the actual item you've chosen from a search engine results list. -- PRIVACY Forum Moderator ] ------------------------------ Date: Mon, 9 Aug 1999 22:28:33 -0400 From: Monty Solomon <email@example.com> Subject: 1999-08-05 Executive Order on Unlawful Conduct on the Internet THE WHITE HOUSE Office of the Press Secretary (Little Rock, Arkansas) ______________________________________________________________________ For Immediate Release August 6, 1999 EXECUTIVE ORDER - - - - - - - WORKING GROUP ON UNLAWFUL CONDUCT ON THE INTERNET By the authority vested in me as President by the Constitution and the laws of the United States of America, and in order to address unlawful conduct that involves the use of the Internet, it is hereby ordered as follows: Section 1. Establishment and Purpose. (a) There is hereby established a working group to address unlawful conduct that involves the use of the Internet ("Working Group"). The purpose of the Working Group shall be to prepare a report and recommendations concerning: (1) The extent to which existing Federal laws provide a sufficient basis for effective investigation and prosecution of unlawful conduct that involves the use of the Internet, such as the illegal sale of guns, explosives, controlled substances, and prescription drugs, as well as fraud and child pornography. (2) The extent to which new technology tools, capabilities, or legal authorities may be required for effective investigation and prosecution of unlawful conduct that involves the use of the Internet; and (3) The potential for new or existing tools and capabilities to educate and empower parents, teachers, and others to prevent or to minimize the risks from unlawful conduct that involves the use of the Internet. (b) The Working Group shall undertake this review in the context of current Administration Internet policy, which includes support for industry self-regulation where possible, technology-neutral laws and regulations, and an appreciation of the Internet as an important medium both domestically and internationally for commerce and free speech. Sec. 2. Schedule. The Working Group shall complete its work to the greatest extent possible and present its report and recommendations to the President and Vice President within 120 days of the date of this order. Prior to such presentation, the report and recommendations shall be circulated through the Office of Management and Budget for review and comment by all appropriate Federal agencies. Sec. 3. Membership. (a) The Working Group shall be composed of the following members: (1) The Attorney General (who shall serve as Chair of the Working Group). (2) The Director of the Office of Management and Budget. (3) The Secretary of the Treasury. (4) The Secretary of Commerce. (5) The Secretary of Education. (6) The Director of the Federal Bureau of Investigation. (7) The Director of the Bureau of Alcohol, Tobacco and Firearms. (8) The Administrator of the Drug Enforcement Administration. (9) The Chair of the Federal Trade Commission. (10) The Commissioner of the Food and Drug Administration; and (11) Other Federal officials deemed appropriate by the Chair of the Working Group. (b) The co-chairs of the Interagency Working Group on Electronic Commerce shall serve as liaison to and attend meetings of the Working Group. Members of the Working Group may serve on the Working Group through designees. WILLIAM J. CLINTON THE WHITE HOUSE, August 5, 1999. # # # ------------------------------ Date: 24 Aug 1999 17:20:32 -0000 From: firstname.lastname@example.org (Susan Evoy) Subject: CPSR Conference, Stanford, Oct. 2-3 Computer Professionals for Social Responsibility presents: THE INTERNET GOLD RUSH OF '99: CAN WE PAN FOR GOLD WHILE SERVING THE GOOD? THE PURSUIT OF WEALTH AND EQUITY IN CYBERSPACE OCTOBER 2-3, 1999, STANFORD UNIVERSITY NORBERT WIENER AWARD FEATURED SPEAKERS Eric Raymond & Larry Wall accepting on behalf of the open-source software movement SATURDAY, OCTOBER 2, 9:00AM-6:00PM KEYNOTE: HISTORICAL AMNESIA IN THE SILICON GOLD RUSH The chance to get rich in new communications technology has led many to liken it to the California Gold Rush. A more apt metaphor would be the Comstock Lode and its intimate embrace with the San Francisco Stock Market. Dr. Gray Brechin will examine the forgotten social and environmental costs of the Comstock speculative frenzy and its parallels with Silicon Valley today. PANELS AND INTERACTIONS SOCIAL RESPONSIBILITY AND FINANCIAL SUCCESS - OXYMORON? Panelists discuss their experiences in pursuing financial success while supporting the public good. Topics include socially-responsible venture capital financing, the evolution of public-interest enterprises into commercial firms, and public-interest start-ups that suffered financial failure. Are social responsibility and financial success mutually exclusive, or do new ventures provide models that can be applied elsewhere? THE DIGITAL DIVIDE: IS THE INTERNET AS GREAT EQUALIZER LOSING GROUND? Despite dropping computer costs and a wide range of online providers, recent reports show that the digital divide still exists, both for economic and social reasons. These panelists all have experience with trying to bridge the digital divide. Are we really providing enough opportunity to those who are still not connected? To what extent have our efforts been successful? Does the commercial FreePC movement help or hurt these efforts? SOFTWARE AT THE CROSSROADS: OPEN-SOURCE SOFTWARE AND THE UNIFORM COMPUTER INFORMATION TRANSACTIONS ACT (UCITA)> Tomorrow's computing may well be determined by its choice of software development methods. The proposed UCITA would enhance the proprietary approach of private industry while reducing the rights of software consumers. The open-source Movement, recently discovered and highly acclaimed by the public and press, thrives using a very different mode of software development. This panel will explore the potential effects both of these initiatives will have on computing in the future. SATURDAY, OCTOBER 2, 6:30-8:30PM RECEPTION AND WIENER AWARD CEREMONY CPSR's prestigious Norbert Wiener Award for Social Responsibility in Computing Technology is being awarded to the open-source software movement. This movement profoundly challenges the belief that market mechanisms are always best-suited for unleashing technological innovation. This voluntary and collaborative model for software development is providing a true alternative to proprietary, closed software. Eric Raymond, author of "The Cathedral and the Bazaar;" Larry Wall, creator of Perl; and O'Reilly and Associates, publishers of open-source documentation; will be accepting on behalf of the movement. TICKETS FOR THE RECEPTION MAY BE PURCHASED WITHOUT REGISTERING FOR THE CONFERENCE. SUNDAY, OCTOBER 3 CPSR ANNUAL MEETING We'll form groups and discuss Saturday's issues, the Net, DNS, and whatever else we want to talk about. This will be followed by the CPSR annual business meeting. Sunday's annual meeting is free and open to everyone. -------------------------------- Conference Committee Karen Coyle, Paul Czyzewski, Jeff Johnson, Coralee Whitcomb, Susan Evoy Stanford Visitor Information http://www.stanford.edu/home/visitors Check in at http://www.cpsr.org/ for updates Registration (Space is limited, so register early.) Name ____________________________________________ (as it should appear on nametag) Address __________________________________________ City_______________State ____Country ______ Zip ______ Telephone ( )_____________Email _____________________ Company/School Name _______________________________ Payment method: Check__ Visa __ MasterCard __ Card# __________________________ Exp Date _____ Early (RECEIVED BY 9/17) Later or On-Site Member of CPSR $ 60 $ 75 Non-member $ 85 $100 New or Reactivating CPSR member and registration $ 95 ($10 more) $110 Low income participant or Student with ID $ 20 $ 25 Low income participant or Student member and reg $ 40 ($10 more) $ 45 Media Representative from _____________________ - - Wiener Award Reception with conference registration $ 20 $ 30 without conference registration $ 40 $ 60 Donation to further CPSR's work $____ TOTAL ENCLOSED $ ____ Send completed registration form with payment to: CPSR, PO Box 717, Palo Alto, CA 94302. Or register soon on the World-Wide Web at http://www.cpsr.org CHECK IN AT HTTP://WWW.CPSR.ORG/ FOR DETAILS AND UPDATES SOON. -- Susan Evoy * Deputy Director http://www.cpsr.org/home.html Computer Professionals for Social Responsibility P.O. Box 717 * Palo Alto * CA * 94302 Phone: (650) 322-3778 * Fax: (650) 322-4748 * Email: email@example.com ------------------------------ End of PRIVACY Forum Digest 08.12 ************************
Vortex Technology Home Page
Copyright © 2005 Vortex Technology. All Rights Reserved.