PRIVACY Forum Archive Document
|
PRIVACY Forum Digest Tuesday, 30 November 1999 Volume 08 : Issue 17 (http://www.vortex.com/privacy/priv.08.17) Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Animated Cursors Silently Collecting User Browsing Data (Lauren Weinstein; PRIVACY Forum Moderator) Big Brother Wants Your Medical Records (Dawn Richardson) Group formed to oppose supermarket "loyalty" cards (Katherine Albrecht) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com/". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 08, ISSUE 17 Quote for the day: "You know better than to trust a strange computer!" -- C-3PO (Anthony Daniels) "The Empire Strikes Back" (Lucasfilm/Fox; 1980) ---------------------------------------------------------------------- Date: Tue, 30 Nov 99 12:32 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Animated Cursors Silently Collecting User Browsing Data Greetings. The "Spies in Your Software" saga continues onward, as analysis of various software's network activities in various quarters continue to reveal new (but unfortunately not really unexpected) surprises. In the latest chapter, users of the popular Comet Systems' animated cursors (for Microsoft Windows systems) have learned that the cursors (reportedly in use by many millions of persons) have silently been feeding information concerning the sites they visit back to Comet for the firm's analysis and use. Unlike the more common situations where Global Identifiers and related data are passed only to the particular server to which a user connects, in this case the information is being fed back to Comet itself, whenever the user visits any of the many 10's of 1000's of affiliated sites. The vast array of sites involved include many oriented towards children, as well as popular comic-strip sites (such as "Dilbert" and others). I spoke at length today with Comet's marketing director, who defended their practices. He contends that the information collected is "anonymous" since they do not collect names, e-mail addresses, or other personally-identifiable information, and that the information they do collect is maintained only in aggregate form for their paying clients, and is purged of other data before distribution to those clients. He stated that he feels concerns about possible abuse of collected data in the future (say, after an acquisition, or other policy change) are purely theoretical and are not realistic. One of my main concerns is that it would not seem obvious to most users that an animated cursor should or would be sending any information back to a central point. His reaction to my suggestion that the software clearly inform users that there would be information flowing back to Comet was fascinating. He expressed the opinion that there was no need for this since the information was "anonymous"--and that since most people just "click through" license agreements anyway without reading them, there wasn't any point to bothering people with lots of stuff to read through before installation. He also suggested that forcing vendors or sites to provide such information on a routine basis would create a "police state" (his exact words) environment. He did however agree that the lack of regulation creates a situation where each company has to make these determinations on their own, and admitted that it would be a lot easier if it were clearly spelled out what they could or couldn't do. In response to the current furor, Comet has posted a new privacy policy, with links that appear on the main download pages for the cursors and at other points. However, they have chosen not to provide information on those pages to clue people in to the fact that there is anything about the cursors which might relate specifically to privacy concerns, so how many people will choose to read the privacy links is unclear. Also, depending on Javascript and browser security settings (particularly of concern with Microsoft Internet Explorer), it is possible that the cursors might be downloaded automatically without the user ever seeing the privacy link information. Comet has also posted instructions regarding removal of the cursors from your system. The main information is at: http://www.cometsystems.com/download/cleaner.shtml Microsoft IE users would need to take some additional steps detailed at: http://download.cometsystems.com/no_nag/nonag.asp to avoid having sites continue to bug them about downloading the cursors. Unfortunately and ironically, you apparently must have cookies enabled to activate this latter function, so you may want to think twice before using it. The saga continues... --Lauren-- lauren@vortex.com Lauren Weinstein Moderator, PRIVACY Forum - http://www.vortex.com Co-Founder, PFIR: People For Internet Responsibility - http://www.pfir.org Member, ACM Committee on Computers and Public Policy ------------------------------ Date: Wed, 3 Nov 1999 02:30:37 -0600 From: "Dawn Richardson" <prove@swbell.net> Subject: Big Brother Wants Your Medical Records The Medical Privacy Scam: Big Brother Wants Your Medical Records by Dawn Richardson On Friday, Oct. 29th, President Clinton announced U.S. Department of Health and Human Services Secretary Donna E. Shalala's proposed rules which claim to protect the privacy of Americans' personal health records that are either transmitted or maintained electronically. These rules were published in the Federal Register today, November 3rd. America is being scammed by HHS initiated press releases into thinking that these proposed rules, if adopted, will keep us in control of our intimate medical details. While HHS's rules spell out clear regulatory restrictions for how doctors and health plans use our personal medical data, they also dangerously grant federal, state, and local government health bureaucrats broad unrestricted access and control of our private medical information without our consent for anything that can be linked to the self-defined "national priority purposes" of research, public health, government health data systems, law enforcement and oversight of the health care system. (see summary http://aspe.hhs.gov/admnsimp/pvcsumm.htm ) The section of greatest concern in the rules is "Uses and disclosures permitted without individual authorization." Unconsented disclosures are rationalized for "public health surveillance, investigations and interventions." Immunization and cancer registries are also cited as beneficiaries of this governmental information grab. HHS states in the rules, "We considered requiring individual authorization for certain public health disclosures, but rejected this approach because many important public health activities would not be possible if individual authorization were required." Specific government agencies listed as being granted access to individual identifiable medical records under the pretext of "oversight" include "State insurance commissions, State health professional licensure agencies, Offices of Inspectors General of federal agencies, the Department of Justice, State Medicaid fraud control units, Defense Criminal Investigative Services, the Pension and Welfare Benefit Administration, the HHS Office for Civil Rights, the FDA, the Social Security Administration, the Department of Education, the Occupational Health and Safety Administration and the Environmental Protection Agency." HHS also proposes "to permit covered entities to disclose protected health information to a law enforcement official without individual authorization for the conduct of lawful intelligence activities." HHS will accept public comment on the proposed rules for 60 days from the publication date of November 3rd. Public comments can be submitted electronically to http://aspe.hhs.gov/admnsimp/, and all 631 pages of the proposed rules are posted at this same location. We are working on our formal comments/objections to the proposed rules and will be distributing them to our email lists and posting them on our web site for reference soon. ----------------- Dawn Richardson, President PROVE(Parents Requesting Open Vaccine Education) P.O. Box 1071 Cedar Park, TX 78630-1071 (512) 918-8760 prove@vaccineinfo.net (email) http://vaccineinfo.net (web site) [ I would urge PRIVACY Forum readers with opposing points of view, particularly concerning the public health aspects of this issue, to e-mail submissions expressing the details to the PRIVACY Forum. This is a complex area where meaningful debate would be particularly useful. -- PRIVACY Forum Moderator ] ------------------------------ Date: Wed, 17 Nov 1999 14:20:28 -0500 From: Katherine Albrecht <kma@virtue.org> Subject: Group formed to oppose supermarket "loyalty" cards Hi, I am the founder of CASPIAN, a consumer group dedicated to fighting supermarket "loyalty cards" or "club cards." Since your organization is concerned with consumer privacy issues, I invite you to visit the CAPSIAN website, at www.nocards.org, and to let your readers know of the movement to fight these invasive registration and monitoring programs. The CASPIAN website contains a comprehensive set of arguments against shopper cards and provides evidence that these programs do not save shoppers money. Also, to the best of my knowledge, the CASPIAN site contains the most comprehensive listing of United States grocery retailers on the Web. It lists the URL, locations, and card status of over 400 stores and supermarket chains. In the four weeks since it was publicly released, the CASPIAN website has received thousands of visits from shoppers around the world in addition to being featured on NBC news and the Seattle Times. I applaud you for your efforts to protect consumer privacy. Keep up the good work! Sincerely, Katherine Albrecht Founder/Editor CASPIAN - Consumers Against Supermarket Privacy Invasion and Numbering www.nocards.org ------------------------------ End of PRIVACY Forum Digest 08.17 ************************
Copyright © 2005 Vortex Technology. All Rights Reserved.