----------------------------------------------------------------------
PRIVACYnotes Digest
Protecting Privacy is Good for Business
----------------------------------------------------------------------
Published by: Mike Banks Valentine website101
privacy@website101.com
www.website101.com
----------------------------------------------------------------------
June 20, 2002 Issue # 015
----------------------------------------------------------------------
.....IN THIS DIGEST.....
// -- MODERATOR COMMENT -- //
"FBI Web Trail Tracking" ~ Mike Banks Valentine
// -- NEW DISCUSSION -- //
"EFF Privacy Advocacy" ~ moderator comment ~ Press Release
// -- CONTINUING DISCUSSION -- //
"Explorer 6 & P3P" ~ Lynn Bernstein
"Spam Sandwich" ~ George Oliver
"Email Appending" ~ Rick Graef
// -- PRIVACY NEWS -- //
"The Latest in Privacy Issues"
----------------------------------------------------------------------
// -- MODERATOR COMMENT -- //
Reading the headline "FBI Wants To Track Your Web Trail" at
ZDNet (linked in news stories at bottom of page), I thought -
What ever for? The government wants the legal right to gather
more information, when what they should be paying more attention
to is How To Interpret The Data They Already Have! That point
has been made repeatedly here and elsewhere.
I thought some more about what the FBI might do with my "Web
Trail" and came to the conclusion that, as a privacy advocate,
I would be suspect of some criminal activity precisely because
I oppose the Larry Ellison National ID database and the Tom Siebel
"Homeland Security Product".
I read and archive stories on Data Aggregation, Email Appending,
Data Mining, Privacy, Security, Hacking, Echelon, Carnivore, Biometrics
Technology (iris scans, fingerprint readers, facial recognition
software) and moderate a public discussion list on Privacy issues
online. The FBI must conclude that I am a suspect!
Of what? Privacy Advocacy.
If I eliminate my travels to news sites reading about privacy
and technology matters, then my surfing points directly at small
business web marketing, so it accurately reflects my own business
activity. No problem there. Small business retailing online certainly
not suspect, is it?
The issue is how data is interpreted, first and foremost and
that is where the FBI is falling down. Not access, but assessment.
I'm not afraid of what they learn, but what they think it means
scares me.
Mike Banks Valentine
// -- NEW DISCUSSION -- //
The following is a news release from the Electronic Frontier
Foundation.
While I don't want to make it a practice to publish press releases,
this is definitely of interest to those involved in discussing,
implementing and prioritizing privacy matters for themselves or
their organizations.
Mike Valentine
_____________
Biometrics, Surveillance, National ID Threats to Privacy
Electronic Frontier Foundation Releases Reports
Electronic Frontier Foundation Media Release For Immediate Release:
Thursday, June 13, 2002
San Francisco - The Electronic Frontier Foundation (EFF) today
released a series of reports on the shortcomings of large-scale
civilian biometrics systems, the invasive nature of public surveillance,
and the inherent dangers of a national identification system.
After September 11, the U.S. government enacted sweeping legislation
that diminished privacy rights in the name of domestic security.
In response to bills like the USA Patriot Act, the Enhanced Border
Security and Visa Entry Reform Act, and the proposed Driver's
License Modernization Act, EFF is providing the public with factual
data on these laws and the technologies they employ.
"High-tech systems are not a quick fix for terrorism," said
EFF Senior Staff Attorney Lee Tien. "For the most part, these
technologies are dangerously unreliable, and even the best of
them are highly invasive."
"Governments justify overreaching surveillance on vulnerable
targets such as aliens and dissenters, then inevitably try to
extend its use to the rest of society," Tien added.
The EFF "Biometrics," "National ID System," and "Surveillance
Monitor" documents describe in detail the technologies being deployed
by the U.S. and other governments in an effort to tighten security.
The reports provide an overview of the technologies and a comprehensive
analysis of the privacy concerns they raise.
EFF also recently released an updated version of "EFF's Top
12 Ways to Protect Your Online Privacy," a detailed account of
the best methods of maintaining one's privacy on the Internet,
including use of encryption and cookie management software.
Links:
For this release: http://www.eff.org/Privacy/20020613_eff_privacy_pr.html
EFF's Privacy Now Campaign: http://www.eff.org/privnow/
EFF's Top 12 Ways to Protect Your Online Privacy: http://www.eff.org/Privacy/eff_privacy_top_12.html
Biometrics page: http://www.eff.org/Privacy/Surveillance/biometrics.html
National ID page: http://www.eff.org/Privacy/Surveillance/nationalidsystem.html
Surveillance Monitor page: http://www.eff.org/Privacy/Surveillance/surveillancemonitor.html
Contact:
Lee Tien Senior Staff Attorney Electronic Frontier Foundation
tien@eff.org +1 415 436-9333 x102 (office), +1 510 290-7131
(cell)
Comment? mailto:privacy@website101.com
===> TOPIC: EXPLORER 6 AND P3P
From: Lynn Bernstein
Richard Lowe, Jr wrote:
>> If you downloaded Internet Explorer 6 recently (or
it came pre-installed on your machine) you may have noticed something
a little different. Look under the "Internet Options" selection
of the "Tools" menu. You will see a new tab titled "Privacy".
<<
Microsoft must have decided there is a benefit for Microsoft
in this. For whatever reason, it is a decent first step. However,
all of us Netscape people have been doing this and more for years.
I can totally disable cookies, enable accept cookies that go to
the originating server only or all cookies, I can decide for each
cookie whether to accept or reject. I can disable java, javascript,
and css, all with the click of a radio button. In Mozilla, and
I would assume NS 6, I can do the same and more.
I can accept or disable cookies *also* based on privacy policies,
I can limit the max lifetime of a cookie, I can view the cookies.
I can omit images by site, all image, or accept images by site,
I can accept images from the originating server only, have an
alert before downloading images, control animation on images (once,
never, as specified on the page), I can save data in an encrypted
form on my drive, I have a password to change some choices in
my preferences, I set alerts for the exact type of SSL, I can
do lots with certificates and revocation lists. Isn't it nice
for Microsoft they are doing just one part of this?
Oh, all the NS and Mozilla settings also apply to email.
As for P3P, if the company is sleezy, do you really thing they
will adhere to any standards? Will they keep their word? Do you
trust them to do that? Do you trust Microsoft to decide for you?
Personally, I'd rather have as much as possible under my control.
I know there are valid uses for cookies. They can be replaced
by other non-invasive things that omits anyone from writing on
my drive.
I am personally very tired of companies trying to track me.
Consider this: I am shopping for say, paper. I need paper in colors
but don't know what is available. If I go to any brick store,
I can look at my leisure without anyone asking me any questions.
I can wonder around looking at other items that may catch my interest.
Last night I wanted to look online as the brick stores were closed
(it was very late). All the major office supply places would not
let me look without accepting cookies. They all lost my business.
A couple of them had easy to find phone numbers to get the info
via voice (on the same page advising you of cookie requirements).
Where would you rather shop? Would you put up with someone standing
at a store entrance asking for info just so you could look around?
What is the difference?
This situation will not change unless most net users refuse
cookies, and avoid sites that use cookies for no apparent reason.
Lynn Bernstein ECG Consulting
===> TOPIC: SPAM SANDWICH
From: George Oliver
Mike,
I don't have a problem spam. I just adopt a technique such as
this to get around the hassle or to at least redirect the hassle.
First, I must state that I get NO junk mail at my house at my
home address and I'm very proud of that fact. How? You may be
asking yourself. Well, I have multiple e-mail accounts that I
use to filter the junk through.
I have one account at home for friends and family and they're
all very well schooled about etiquette with the 'bcc' (blind carbon
copy for the uninitiated) function which is used to hide my address
should the need arise. If they start to abuse my address by forwarding
me every funny e-mail they've ever gotten with my e-mail exposed
to the world, I write them and tell them that the e-mail address
that they are using is no longer any good and I point them one
of my online e-mail accounts. I have three of those. What I've
done is pick a free service online that offers e-mail and open
up a couple of accounts; then start some good habits.
My three online accounts are checked daily and used as follows.
1. This one is for friends and basic communication with people
with whom I wish to do business.
2. This one is for hate mail and complaints to companies with
which I have something to say.
3. This one is for any form or site that requires an address
to send notification or password to. *side note (for the sake
of added privacy, I always enter bogus information in the sign
up forms)
I have all three accounts with the same provider so it is easy
to log in and out of each account to check them daily. When I
get home, I can answer my friends and family very easily without
the worry of any junk mail polluting my machine/inbox. It's worked
for me for the past two years plus and if it helps one person,
then I'm happy. Had to share.
Peace and may you all end your spam mail battles in the not
too distant future,
g.
--george oliver
ps: please don't list my address, it's my work address. thanks
much.
===> TOPIC: EMAIL APPENDING
From: Rick Graef
Hi!
IMHO, I see very little wrong or invasive with e-appending ...
as long as it is done carefully, through a reliable vendor and
uses ONLY opt-in or (preferably) double opt-in lists that are
focused on a particular client's specific, needs-related offering(s).
My company has had notable success, with very few negative e-backs,
in the areas of "high-end developmental real estate for sale (prospective
buyer AND broker e-campaigns) as well as test-marketing for a
new, high-end weight-loss franchise and a "Bahamian Out Island
getaway vacation" product. This success is due to our client (or
agency) compiled e-lists (opt-in) and appending (and geo-targeting)
of same. The in-house compiled lists were, according to Claritas
and our database consultant, statistically valid: approx. 2800
for real estate/brokers; 5200 for weight-loss and 2700 for island
vacation.
If I own an Aardvaark (and really love the weird little critter),
why would I not want to receive valid information on the care
and feeding of my moderately bizarre, very niche-market, pet?
Bluewater Marketing Services, Inc. Communications, strategic
marketing and advertising services
// -- PRIVACY NEWS -- //
Moderator note: There are two ways to access previously listed
privacy news stories. One is to visit PRIVACYnotes archives,
the other (simpler) way is to visit
http://privacynotes.com/privacy_news.html
where I also keep a privacy news archive.
Eye scans, satellite tracking and digital video surveillance
are among the technologies that Silicon Valley officials recommended
Monday to bolster the San Jose airport's security and make travel
more efficient for passengers. Conscious of questions about an
erosion of civil rights, the group argued that its recommendations
would not infringe upon privacy rights. ``None of the recommended
technology applications have the potential (as face recognition
software would, for example) to radically change the amount of
private information that airports, airlines or the government
gathers about the public,'' the report stated.
http://www.siliconvalley.com/mld/siliconvalley/3491108.htm
From the Bill Gates e-mails unveiled during the Microsoft trial
to the Enron debacle, the digital trails people leave have provided
stunning insight into their beliefs and habits. Now the FBI is
hoping to capture and corral more of our digital detritus in the
name of fighting terrorism. The Senate Judiciary Committee on
Thursday will examine proposed Justice Department guidelines that
would give federal investigators new license to mine publicly
available databases and monitor Web use. The changes, which come
after a major FBI shakeup last week, have sparked intense debate
over the merits of expanding government surveillance powers as
the country faces ongoing threats of terrorist attacks.
http://zdnet.com.com/2100-1105-933202.html
Researchers Nathaniel S. Good and Aaron Krekelberg have found
that users of Kazaa and other P2P file sharing networks often
share files that they would probably rather keep private. "We
discover[ed]," said the HP researchers, "that the majority of
the users in our study were unable to tell what files they were
sharing, and sometimes incorrectly assumed they were not sharing
any files when in fact they were sharing all files on their hard
drive."
http://makeashorterlink.com/?Q3E121E01
What you are about to read is a solution to spam that requires
no reengineering of e-mail, the Web or any other systems. It could
be set up to guarantee spam blocking using simple, existing technologies.
I've dealt with corporate intranets in the past, which have completely
blocked e-mail from the outside unless one is on an approved list.
Contact must always go through the network administration. Individuals
working within these institutions receive absolutely NO spam inside
their network because they have turned the filtering problem on
its head. In typical spam filtering, you filter information from
select addresses or with select content. In reverse filtering,
you only permit information from select addresses or with select
content.
http://www.osopinion.com/perl/story/18180.html
North Dakotans voted overwhelmingly last Tuesday to require
banks and credit unions to get customers' permission before selling
data on them, and privacy advocates say the vote will send a message
across the country. The result of the statewide referendum, in
which 72 percent of those casting ballots favored a tightening
of privacy law, "shows that when given a chance, the voters of
a conservative Plains state will vote to protect their privacy,
It gives the lie to the idea that privacy is either a liberal
idea or out of the mainstream." The editor of Privacy Journal,
published in Providence, R.I., said the vote would encourage other
groups working on privacy issues, and added, "It might deter some
legislators from going with corporate interests."
http://www.nytimes.com/2002/06/13/national/13PRIV.html
Mike Banks Valentine is a champion of the true small online business.
He advocates a do-it-yourself approach to e-commerce through online
learning for the small office, home office (SOHO) or emerging entrepreneur
who lacks major venture capital funding or corporate marketing budgets.