PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest      Thursday, 13 January 2000      Volume 09 : Issue 05

                (http://www.vortex.com/privacy/priv.09.05)

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                         http://www.vortex.com 
        
                       ===== PRIVACY FORUM =====              

    -------------------------------------------------------------------
                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
                 Committee on Computers and Public Policy,      
                 Cable & Wireless USA, Cisco Systems, Inc., 
                           and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.
    -------------------------------------------------------------------


CONTENTS 
        Direct Marketing Association's "Spam Solution"--Useless, or Worse!
           (Lauren Weinstein; PRIVACY Forum Moderator)
        Supreme Court Rules Unanimously For Driver's License Privacy
           (Lauren Weinstein; PRIVACY Forum Moderator)
        Re: Web Tracking and Data Matching Hit the Campaign Trail
           (Aahz Maruch)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions above
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com/".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "http://www.vortex.com";
full keyword searching of all PRIVACY Forum files is available via
WWW access.
-----------------------------------------------------------------------------

VOLUME 09, ISSUE 05

     Quote for the day:

        "Machines don't fix themselves!"

                -- Spoor (Bob Hoskins)
                   "Brazil" (Universal; 1985)

----------------------------------------------------------------------

Date:    Wed, 12 Jan 2000 22:37 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Direct Marketing Association's "Spam Solution"--Useless, or Worse!

Greetings.  The Direct Marketing Association (DMA), which has long championed
the notion that self-regulation and "opt-out" programs are the main
solutions to consumer privacy concerns and commercial information gathering,
have just announced their idea of a major step towards cutting back on
unsolicited e-mail spam--their "e-Mail Preference Service"
(http://www.e-mps.org).  This site allows users to provide the DMA with
their e-mail address, which DMA says will then be used to purge DMA member
organizations' e-mail mailing lists of those addresses (unless you already
have an existing online business relationship with a member firm, it
seems...)  This preference must be renewed at intervals or it will expire.

The reasons why this whole thing is a bad idea are almost too numerous to
list, but let's briefly look at a few of them, shall we?

-- The concept puts the burden on individuals to "opt-out" of receiving
   unwanted materials filling their e-mailboxes.  Why doesn't the DMA
   support "opt-in" programs instead, where users would affirmatively
   indicate that they want to receive particular materials?  I think we
   all know why--most people don't want to see the kind of garbage that
   shows up as spam, and the opt-in rate would probably be pretty
   darn low...

-- The DMA has a long-standing similar opt-out list for physical mail
   advertising.  If you've signed up for it in the past, did you notice a
   significant decrease in the junk, er, I mean unsolicited mail you
   received?  No?  

   The reason the physical mail opt-out list doesn't have much impact for
   the average individual is that so much junk mail is generated from
   organizations who are not members of the DMA.  This is but one fallacy
   of many self-regulation proponents' arguments.  Self-regulation only
   impacts those who choose to play by those guidelines, for everyone
   else it's open season.

   In the case of spam, the impact of such an opt-out list is likely to be
   even less.  Most reputable firms and organizations already know (or learn
   very quickly!) that sending out unsolicited e-mail spam is one of the
   surest ways to create upset or angry recipients, who consider spam an
   invasion of their privacy and a waste of their resources.  Sending spam
   is also a sure-fire method to get any associated sites onto the various
   public spam e-mail block lists, which are referenced by vast numbers of
   ISPs and individual servers to determine which e-mails they are willing to
   accept.  No legitimate organization or firm wants to be on those block
   lists.  (By the way, my own public e-mail block list is always available
   via the link at http://www.vortex.com.)

   So, most large, established firms, the very ones most likely to be DMA
   members, already know better than to send out spam.

   You know where this is going...  A very large percentage of spam, often
   sent through hijacked open e-mail relay servers, promotes illicit pyramid
   schemes, multi-level marketing frauds, hardcore pornography, and other
   similar "products"--from the sorts of folks who are the least likely to
   be DMA members or have any desire to purge addresses that are on the
   DMA's list.  But they might still have an underhanded use for the DMA's
   service!  See the next item...

-- For $100/year, the DMA will let non-members upload their e-mail mailing
   lists, after which the lists will be returned to them "cleansed" of
   addresses on the opt-out list (the actual DMA opt-out list itself is not
   made available).  Unscrupulous spammers (are there really other kinds?)
   could use such a procedure to determine which addresses on their
   original lists are likely to be valid.  If an address is purged from
   the returned list by the DMA processing, that means it existed on the
   DMA opt-out list.  By feeding vast quantities of addresses through this
   system, spammers could end up with "higher quality" spam lists to use for
   mailings and to sell to other spammers.  Oh boy!  The DMA opt-out list
   usage agreement would seem to prohibit such a use.  Will most spammers
   care about that prohibition?  Unlikely.  

-- The very existence of such an opt-out list could have the effect of
   "legitimizing" spam to many observers.  "After all, if an address isn't on
   the DMA spam opt-out list," they might think, "it must mean that they
   want to receive spam!"  Right?  So by that sort of twisted logic, it's
   OK to send them as much garbage as the machines can generate, since
   they're not on the list.  

   But as I've noted, being on the list carries risks as well, and is
   unlikely to accomplish much beyond advancing the DMA's public relations
   agenda.

Overall, the whole concept seems to be misguided at best.  I'd urge
individuals to think very carefully about whether they really want to add
their e-mail addresses to the DMA's opt-out list database.  By participating
in the expansion of the list, you're likely to be contributing to the DMA's
"self-regulation" and "opt-out" arguments, while spam will still be flowing
unabated and as disruptive as ever...

--Lauren--
lauren@vortex.com
Lauren Weinstein
Moderator, PRIVACY Forum - http://www.vortex.com
Co-Founder, PFIR: People For Internet Responsibility - http://www.pfir.org
Member, ACM Committee on Computers and Public Policy

------------------------------

Date:    Wed, 12 Jan 2000 10:00 PST
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Supreme Court Rules Unanimously For Driver's License Privacy

Greetings.  How about a bit of good news for a change?  The U.S. Supreme
Court has ruled unanimously for the validity of the federal 1994 Driver's
Privacy Protection Act, which bars the release of personal data from
driver's licenses except to law enforcement, government agencies, private
investigators, and the like.  While the potential for abuse of such data
still exists (particularly within the broad scope of "private investigator"),
the act was designed to stop the practice in the majority of states of
releasing and/or selling driver's license data such as names, photos, social
security numbers, and other related information.

South Carolina had challenged the law, claiming it was an unreasonable
intrusion into states' rights.  An appeals court decision in 1998 had
blocked the law's enforcement in a number of states.  With the Supreme Court
decision, the way is now clear for the law to take effect throughout the
country.

Unfortunately, there's no obvious way to recall all of the data already
released from licenses over the years, that already fill a wide variety of
commercial databases...

--Lauren--
lauren@vortex.com
Lauren Weinstein
Moderator, PRIVACY Forum - http://www.vortex.com
Co-Founder, PFIR: People For Internet Responsibility - http://www.pfir.org
Member, ACM Committee on Computers and Public Policy

------------------------------

Date:    Sun, 9 Jan 2000 07:37:35 -0800 (PST)
From:    Aahz Maruch <aahz@netcom.com>
Subject: Re: Web Tracking and Data Matching Hit the Campaign Trail

I'm responding to the message by Oleg Gurvits in PRIVACY V08 #24:

What concerns me (and I think this concern is shared by most PRIVACY
readers, based on the messages I've seen over the years) isn't so much
the targeted marketing to interested people but the potential following
consequences implied by the necessary gathering of data to support that
marketing, some of which have already been seen in the past and can be
taken to new lows with more sophisticated targeting techniques.

For a useful fictional example, see the recent movie _Gattaca_, where
the job interview consists solely of a DNA test.

In other words, I think that there's a valid concern that various types
of "red-lining" (*) are likely to be applied inappropriately.  There's
also the separate concern about choice; in the past we have each had the
choice of how much privacy we'd prefer (i.e., the default was privacy
but anyone could choose to live their life in public), but that choice is
now being taken away from us.

On the one hand, I feel somewhat helpless against the continual tide of
eroding privacy and agree that barking about every individual case does
little good.  OTOH, I think that only by continually publicizing the
problem do we have any chance to correct it.

(*) For readers who may be unfamiliar with the term, "red-lining"
refers to the practice of discriminating against people solely by
geographic location (i.e. using ZIP code to mark poor, urban locations),
denying (usually) mortgages and insurance to people who would otherwise
qualify.

------------------------------

End of PRIVACY Forum Digest 09.05
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.