PRIVACY Forum Archive Document
|
PRIVACY Forum Digest Thursday, 13 January 2000 Volume 09 : Issue 05 (http://www.vortex.com/privacy/priv.09.05) Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Direct Marketing Association's "Spam Solution"--Useless, or Worse! (Lauren Weinstein; PRIVACY Forum Moderator) Supreme Court Rules Unanimously For Driver's License Privacy (Lauren Weinstein; PRIVACY Forum Moderator) Re: Web Tracking and Data Matching Hit the Campaign Trail (Aahz Maruch) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com/". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 09, ISSUE 05 Quote for the day: "Machines don't fix themselves!" -- Spoor (Bob Hoskins) "Brazil" (Universal; 1985) ---------------------------------------------------------------------- Date: Wed, 12 Jan 2000 22:37 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Direct Marketing Association's "Spam Solution"--Useless, or Worse! Greetings. The Direct Marketing Association (DMA), which has long championed the notion that self-regulation and "opt-out" programs are the main solutions to consumer privacy concerns and commercial information gathering, have just announced their idea of a major step towards cutting back on unsolicited e-mail spam--their "e-Mail Preference Service" (http://www.e-mps.org). This site allows users to provide the DMA with their e-mail address, which DMA says will then be used to purge DMA member organizations' e-mail mailing lists of those addresses (unless you already have an existing online business relationship with a member firm, it seems...) This preference must be renewed at intervals or it will expire. The reasons why this whole thing is a bad idea are almost too numerous to list, but let's briefly look at a few of them, shall we? -- The concept puts the burden on individuals to "opt-out" of receiving unwanted materials filling their e-mailboxes. Why doesn't the DMA support "opt-in" programs instead, where users would affirmatively indicate that they want to receive particular materials? I think we all know why--most people don't want to see the kind of garbage that shows up as spam, and the opt-in rate would probably be pretty darn low... -- The DMA has a long-standing similar opt-out list for physical mail advertising. If you've signed up for it in the past, did you notice a significant decrease in the junk, er, I mean unsolicited mail you received? No? The reason the physical mail opt-out list doesn't have much impact for the average individual is that so much junk mail is generated from organizations who are not members of the DMA. This is but one fallacy of many self-regulation proponents' arguments. Self-regulation only impacts those who choose to play by those guidelines, for everyone else it's open season. In the case of spam, the impact of such an opt-out list is likely to be even less. Most reputable firms and organizations already know (or learn very quickly!) that sending out unsolicited e-mail spam is one of the surest ways to create upset or angry recipients, who consider spam an invasion of their privacy and a waste of their resources. Sending spam is also a sure-fire method to get any associated sites onto the various public spam e-mail block lists, which are referenced by vast numbers of ISPs and individual servers to determine which e-mails they are willing to accept. No legitimate organization or firm wants to be on those block lists. (By the way, my own public e-mail block list is always available via the link at http://www.vortex.com.) So, most large, established firms, the very ones most likely to be DMA members, already know better than to send out spam. You know where this is going... A very large percentage of spam, often sent through hijacked open e-mail relay servers, promotes illicit pyramid schemes, multi-level marketing frauds, hardcore pornography, and other similar "products"--from the sorts of folks who are the least likely to be DMA members or have any desire to purge addresses that are on the DMA's list. But they might still have an underhanded use for the DMA's service! See the next item... -- For $100/year, the DMA will let non-members upload their e-mail mailing lists, after which the lists will be returned to them "cleansed" of addresses on the opt-out list (the actual DMA opt-out list itself is not made available). Unscrupulous spammers (are there really other kinds?) could use such a procedure to determine which addresses on their original lists are likely to be valid. If an address is purged from the returned list by the DMA processing, that means it existed on the DMA opt-out list. By feeding vast quantities of addresses through this system, spammers could end up with "higher quality" spam lists to use for mailings and to sell to other spammers. Oh boy! The DMA opt-out list usage agreement would seem to prohibit such a use. Will most spammers care about that prohibition? Unlikely. -- The very existence of such an opt-out list could have the effect of "legitimizing" spam to many observers. "After all, if an address isn't on the DMA spam opt-out list," they might think, "it must mean that they want to receive spam!" Right? So by that sort of twisted logic, it's OK to send them as much garbage as the machines can generate, since they're not on the list. But as I've noted, being on the list carries risks as well, and is unlikely to accomplish much beyond advancing the DMA's public relations agenda. Overall, the whole concept seems to be misguided at best. I'd urge individuals to think very carefully about whether they really want to add their e-mail addresses to the DMA's opt-out list database. By participating in the expansion of the list, you're likely to be contributing to the DMA's "self-regulation" and "opt-out" arguments, while spam will still be flowing unabated and as disruptive as ever... --Lauren-- lauren@vortex.com Lauren Weinstein Moderator, PRIVACY Forum - http://www.vortex.com Co-Founder, PFIR: People For Internet Responsibility - http://www.pfir.org Member, ACM Committee on Computers and Public Policy ------------------------------ Date: Wed, 12 Jan 2000 10:00 PST From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Supreme Court Rules Unanimously For Driver's License Privacy Greetings. How about a bit of good news for a change? The U.S. Supreme Court has ruled unanimously for the validity of the federal 1994 Driver's Privacy Protection Act, which bars the release of personal data from driver's licenses except to law enforcement, government agencies, private investigators, and the like. While the potential for abuse of such data still exists (particularly within the broad scope of "private investigator"), the act was designed to stop the practice in the majority of states of releasing and/or selling driver's license data such as names, photos, social security numbers, and other related information. South Carolina had challenged the law, claiming it was an unreasonable intrusion into states' rights. An appeals court decision in 1998 had blocked the law's enforcement in a number of states. With the Supreme Court decision, the way is now clear for the law to take effect throughout the country. Unfortunately, there's no obvious way to recall all of the data already released from licenses over the years, that already fill a wide variety of commercial databases... --Lauren-- lauren@vortex.com Lauren Weinstein Moderator, PRIVACY Forum - http://www.vortex.com Co-Founder, PFIR: People For Internet Responsibility - http://www.pfir.org Member, ACM Committee on Computers and Public Policy ------------------------------ Date: Sun, 9 Jan 2000 07:37:35 -0800 (PST) From: Aahz Maruch <aahz@netcom.com> Subject: Re: Web Tracking and Data Matching Hit the Campaign Trail I'm responding to the message by Oleg Gurvits in PRIVACY V08 #24: What concerns me (and I think this concern is shared by most PRIVACY readers, based on the messages I've seen over the years) isn't so much the targeted marketing to interested people but the potential following consequences implied by the necessary gathering of data to support that marketing, some of which have already been seen in the past and can be taken to new lows with more sophisticated targeting techniques. For a useful fictional example, see the recent movie _Gattaca_, where the job interview consists solely of a DNA test. In other words, I think that there's a valid concern that various types of "red-lining" (*) are likely to be applied inappropriately. There's also the separate concern about choice; in the past we have each had the choice of how much privacy we'd prefer (i.e., the default was privacy but anyone could choose to live their life in public), but that choice is now being taken away from us. On the one hand, I feel somewhat helpless against the continual tide of eroding privacy and agree that barking about every individual case does little good. OTOH, I think that only by continually publicizing the problem do we have any chance to correct it. (*) For readers who may be unfamiliar with the term, "red-lining" refers to the practice of discriminating against people solely by geographic location (i.e. using ZIP code to mark poor, urban locations), denying (usually) mortgages and insurance to people who would otherwise qualify. ------------------------------ End of PRIVACY Forum Digest 09.05 ************************
Copyright © 2005 Vortex Technology. All Rights Reserved.