----------------------------------------------------------------------
Privacynotes Digest
Security Protecting Privacy is Good for Business
This Issue Is Brought To You By WebPosition Gold
Best Search Engine Positioning Tool
http://www.privacynotes.com/advertisers/wpg.html
----------------------------------------------------------------------
Published by: Mike Banks Valentine
Privacynotes privacy@privacynotes.com www.privacynotes.com
----------------------------------------------------------------------
July 25, 2002 Issue # 019
----------------------------------------------------------------------
WebPosition Gold - The Industry Standard
What on-line advertising method has been proven by NPD Group,
ActiveMedia Research, and others to be vastly more effective than
banner ads? Search Engine Positioning!
Web Marketing Today calls WebPosition Gold the best search engine
positioning tool bar none. Go beyond simply submitting or creating
meta tags and start generating sales for your Web site today:
http://www.privacynotes.com/advertisers/wpg.html
----------------------------------------------------------------------
.....IN THIS DIGEST.....
// -- SPYWARE FIGHTING TOOLS -- //
// -- NEW DISCUSSION -- //
"P3P Confusing" ~ Bob Chambers
// -- CONTINUING DISCUSSION -- //
"Privacy for the Poor" ~ Terri Robinson
"Privacy Fee?" ~ John Gabree ~ Frank Siraguso
"Privacy Advocacy" ~ Eric Norlin
// -- PRIVACY NEWS -- //
"The Latest in Privacy Issues"
----------------------------------------------------------------------
// -- SPYWARE FIGHTING TOOLS -- //
SpywareInfo http://www.spywareinfo.com/
Articles, links, resources and other useful information to protect
yourself from spyware or remove it if your computer is already
infected.
Spychecker http://www.spychecker.com/
Check before you download: Spychecker is a database that indexes
almost a thousand software titles using spyware or adware.
Bugnosis http://www.bugnosis.org/
A free utility from the Privacy Foundation that detects "web bugs,"
code that can be attached to "invisible" web graphics on a web
page and used to track your browsing activity.
Free Popup Killer Tools http://www.webattack.com/Freeware/misctools/fwpopblock.shtml
Reviews and free downloads for a wide range of pop-up killer tools.
// -- NEW DISCUSSION -- //
===> TOPIC: P3P CONFUSING
From: Bob Chambers
I am very confused about P3P (Platform for Privacy Preferences)
and how it works in practice.
Following is text from the Center for Democracy and Technology's
site concerning P3P ( http://www.cdt.org/privacy/pet/
):
"P3P is designed to provide Internet users with a clear understanding
of how personal information will be used by a particular Web site.
Web site operators will be able to use the P3P language to explain
their privacy practices to visitors. Users will be able to configure
their browsers or other software tools to provide notifications
about whether Web site privacy policies match their preferences.
Parents will also be able to set privacy rules that govern their
children's activities online. Once Web sites and Internet users
can better communicate about privacy, consumers will be able to
make better judgments about which Web sites respect their privacy
concerns.
On a P3P enabled Web site, a company's privacy policy is translated
into a machine-readable format that a browser decodes in order
to figure out what the policy says. That information can be relayed
to the user and the user can then decide whether they would like
to continue into the site or not. While this does not offer privacy
protection, if implemented, it could greatly advance transparency
and be used to support efforts to improve privacy protection."
Supposedly IE 6.0 can read P3P statements, but the only settings
I can see on IE 6.0 are the "Advanced" settings under the "Privacy"
tab which allows customization of cookie settings. I don't see
anything that would provide the level of information specified
on the P3P page of the World Wide Web Consortium's site (http://www.w3.org/P3P/brochure.html):
"Nine aspects of online privacy are covered by P3P. Five topics
detail the data being tracked by the site.
Who is collecting this data? Exactly what information is being
collected? For what purposes? Which information is being shared
with others? And who are these data recipients?
The remaining four topics explain the site's internal privacy
policies.
Can users make changes in how their data is used? How are disputes
resolved? What is the policy for retaining data? And finally,
where can the detailed policies be found in 'human readable' form?"
Help! Is P3P still a work in progress? Should I do anything
to develop a P3P statement now, or should I wait until the standard
is further-developed?
Thanks for any information you can provide.
E-Commerce Manager Unitrin Direct Auto Insurance httpwww.unitrindirect.com
// -- CONTINUING DISCUSSION -- //
===> TOPIC: PRIVACY FOR THE POOR
From: Terri Robinson
Nancy Ryan said: >> Obviously the government and the corporate
world will now be able to keep track of where you spend every
cent of your food stamps, and most of your cash assistance. Do
we want this? True, it's taxpayer money. But what about privacy?
Dignity? You can't make me believe Citicorp won't be doing something
with all the info they get. And what happens when the computer
goes down? <<
The same people who get foodstamps and AFDC probably already
have a bank account with a debit card, so the EBT won't be anything
different in that respect. Their privacy is already "compromised"
in today's high tech world.
From a taxpayer's point of view, the amount of savings from
food stamps that are stolen and must be replaced, not to mention
food stamp fraud, is in the millions of dollars. From the recipient's
point of view, they will no longer have to worry about being mugged
or robbed on the day they get their paper food stamps or paper
check in the mail.
Most mom and pop stores accept ATM cards (in Phoenix, anyway),
and they are surely not the best place to do grocery shopping
pricewise!
The other "privacy" plus is that others standing in line behind
those people who do need to use food stamps will have no idea
that they are doing so.
It seems to me to be a win/win for everyone!
Best regards,
Hiring Broker - specializing in Sales and Marketing Executive
search 602-233-8410 (direct line) http://www.recruit2hire.com
===> TOPIC: PRIVACY FEE?
From: John Gabree
People already sacrifice their privacy for a "fee." Corporations
don't have to offer cash. In exchange for convenience, consumers
allow themselves to be tracked so that they can save the names
of albums in their shopping carts until they next visit or be
greeted by name when they return to countless news, retail and
service sites. And then there is the information they offer up
to get an astronomically long shot at that $11 million. And didn't
those who participated in the paid-to-surf fad eons ago give up
a whole lot of information about themselves to make pennies as
they surfed? $5 a month? Seems steep.
John Gabree
GotWebHosting.com Reliability Affordability Functionality http://www.gotwebhosting.com/?8474642400
===> PRIVACY FEE?
From: Frank Siraguso
Eric Schwartzman said: >> According to tech consultancy
Forrester Research, which published a report this week about online
privacy, consumers would be willing to sacrifice their privacy
for a fee. <<
Forrester's been wrong before. Seems like it ought to be "enhance"
privacy for a fee. Jeez, we're all "sacrificing" it for free now!
How much more can we give away?
Frank Siraguso Content Specialist Digital Evergreen
===> TOPIC: PRIVACY ADVOCACY
From: Eric Norlin
Mike Valentine said:
>> When you say that the idea of government "knowing everything
doesn't bother me because they already do", does that mean that
they already know everything about you or about all of us? If
it's just you that government already knows everything about,
was that just up to the point you ceased to work "in the world
of intelligence" or do they continue to? <<
hey mike.....to answer some of your questions:
1. i meant they know everything about me (not all of us) --
though i'm not sure to the extent to which they still track me,
i'm sure that they do.
2. as for a SSO for gov systems, see this recent news item:
http://makeashorterlink.com/?A3A212751
3. as for the us gov spying on its own citizens: there are (were?)
very strict internal rules about this (against this, i should
say), that were very very strictly enforced internally -- much
to the disappointment of all of you x-filers out there. beyond
that i can't say much....and i certainly have no knowledge of
how the homeland security plan might be changing some of that.
4. LOTS of interesting stuff that at least *relates* to privacy
came out of the Burton Group's Catalyst Conference -- release
of the liberty spec 1.0, microsoft's announcement about SAML interop
-- things that affect the adoption of identity technologies.
5. Not meaning to sound like i'm just here to talk about our
site, but if you want more info, you can find it there (i'd lay
it all out in this email, but i'm leaving on vacation in about
10 minutes) -- www.digitalidworld.com
6. To that end, you left an event off -- Digital ID World Conference
2002 http://www.digitalidworld.com/conference/2002/
-- companies like Microsoft, Sun, Verifone, ActivCard, Visa; speakers
from places like OASIS, the State of Utah and ICANN; a Venture
Capital working group that will be exploring identity investment
opportunities; just a damn interesting time.
tks much. ejn
Senior Editor, Digital ID World http://www.digitalidworld.com
// -- PRIVACY NEWS -- //
Moderator note: There are two ways to access previously listed
privacy news stories. One is to visit Privacynotes archives, the
other (simpler) way is to visit
http://privacynotes.com/privacy_news.html
where I also keep a privacy news archive.
Michael Ramirez LA Times editorial cartoon on privacy from Sunday
July 23. (free registration required)
http://makeashorterlink.com/?J5D212751
Preserving a juries privacy. Letter to the editor from attorney,
law professor at Stanford. (free registration required)
http://www.nytimes.com/2002/07/24/opinion/24BABC.html
Banish Your Unbidden Spyware Some web sites and many seemingly
innocent shareware programs install spyware on your computer,
silently tracking your online movements. Here's how to find and
eradicate these pernicious e-snoops. From time to time, I recommend
sites or software that I later learn use some sort of spyware
to keep tabs on people without first getting their permission.
Spyware takes two forms: surveillance software, which tracks your
behavior while you use your computer, and adware, which barrages
you with advertisements when you least expect them.
http://searchenginewatch.com/searchday/02/sd0722-spyware.html
The widespread fingerprinting of UK primary school children
has been roundly condemned by watchdog Privacy International.
The human rights watchdog today warned that tens of thousands
of UK school children are being fingerprinted by schools, often
without the knowledge or consent of their parents. This under-reported
electronic finger printing is being conducted as part of a cost
cutting "automation" of school libraries. Privacy International
has condemned the procedure, branding it "dangerous, illegal and
unnecessary".
http://www.theregister.co.uk/content/4/26305.html
With consumer-privacy efforts stalled in Congress, one expert
is arguing that those who fear that intimate details of their
private lives could be exposed already have plenty of protection
through existing common law. More than one hundred years of civil
lawsuits in courtrooms around the country have provided a broad
understanding of privacy rights, allowing consumers to sue for
damages and encouraging companies to refrain from invasive practices,
said Jim Harper, editor of the conservative think tank Privacilla.org.
http://makeashorterlink.com/?J34213451
Bill Gates spams the world on Trustworthy Computing Today you
will probably have already read that Bill Gates says that the
famous Microsoft security review of this year took twice as long
as expected, and cost £100 million. These are the obvious bullet
points from an unsolicited email His Billness sent to large numbers
of unsuspecting subscribers to Microsoft newsletters, but don't
be to hard on the lad. This is a one-time mailing only, and if
you don't ever want to hear from him again you can just do nothing.
Otherwise, you need to go here if you want to hear from Bill and
other execs in the future, so it's opt-in, right?
http://www.theregister.co.uk/content/4/26292.html
WHAT'S your age? Your salary? Online merchants who ask nosy
questions like that on surveys at their Web sites have learned
what usually honest visitors will do. Fib, most likely. People
give false answers to protect their privacy. Then, because the
data is so unreliable, companies can't use it to help them run
their businesses.I.B.M. researchers have devised a data-mining
program that would cloak individual truthful answers that people
might enter once their trust was won but still recover important
characteristics of the overall group. For instance, instead of
recording the answer "41" to a nosy question like "How old are
you?" the software automatically adds a random number of years
within a specified range, say minus 30 to plus 30, to the answer.
No record of initial answers is kept.
http://www.nytimes.com/2002/07/18/technology/circuits/18NEXT.html
Jim Harris of Harris Technical Services says that 1996 or later
GM cars and trucks contain another on-board computer that can't
be read by normal diagnostic means. The Event Data Recorder (EDR)
is analogous to a black-box data recorder found on commercial
aircraft. Harris writes: "EDRs record specific data from various
vehicle sensors. Things like vehicle speed, throttle position,
brake status, driver seat belt status, and much more can be recorded
for up to 5 seconds preceding a collisionÑin 1-second increments.
In the event of a collision where the air bags deploy, this data
is permanently written in EEPROM in the Service Diagnostic Module.
You won't find the EDR on a parts list for the car. Your local
dealer won't know it is there.
http://www.pcmag.com/article2/0,4149,367792,00.asp
Test runs of the Visionics (now Identix) magical face-recognition
terrorist finder at Boston's Logan Airport have failed miserably,
as expected. According to a story by the Boston Globe, the security
firm which conducted the tests was unable to calibrate the equipment
without running into one of two rather serious problems. When
it's set to a sensitive level, it 'catches' world + dog. When
it's set to a looser level, pretty much any idiot can escape detection
by tilting his head or wearing eyeglasses. According to the outside
reviewer, difficulties with the kit proved exasperating and literally
exhausting for airport staff. Nevertheless, Identix CEO 'Doctor'
Joseph Atick insists that his photographic Ouija board will defeat
the Forces of Evil.
http://www.theregister.co.uk/content/55/26298.html
