----------------------------------------------------------------------
PRIVACYnotes Digest
Security Protecting Privacy is Good for Business
----------------------------------------------------------------------
Published by: Mike Banks Valentine website101
privacy@website101.com
www.website101.com
----------------------------------------------------------------------
March 21, 2002 Issue # 002
----------------------------------------------------------------------
.....IN THIS DIGEST.....
// -- MODERATOR COMMENT -- //
"Innovative Spying" ~ Mike Banks Valentine
// -- NEW DISCUSSION -- //
"Introductions" ~ Mike Banks Valentine
"Privacy Opt-Out" ~ anonymous
// -- CONTINUING DISCUSSION -- //
"Who Reads Privacy Policies?" ~ anonymous
// -- PRIVACY NEWS -- //
"The Latest in Privacy Issues"
----------------------------------------------------------------------
// -- MODERATOR COMMENT -- //
I've been a long-time fan of a forward-looking technology newsletter,
The Harrow Technology Report. This week I noted that the publisher,
Jeff Harrow of http://www.theharrowgroup.com
brought up some privacy and security issues that few have considered
important before. Harrow often likes to say, "Don't Blink!" after
commenting on the speed of technological innovation and change
that we are currently experiencing. In this case, I'd like to
add, "Don't forget to look behind you!"
Harrow follows and discusses the bleeding edge of technology
and often fuels my imagination before late-night ruminations that
make it to my own newsletter every week. This week he exposes
some innovative spying that could open your business up to massive
privacy and security leaks.
Articles referred to by Harrow are linked below in "Privacy
News" but you can see his own full newsletter at this address:
http://www.theharrowgroup.com/articles/20020318/20020318.htm
~ Mike
Mike Banks Valentine PRIVACYnotes Discussion List Privacy
is Good for Business http://www.privacynotes.com/lists/iprivacy/summary.html
// -- NEW DISCUSSION -- //
===> TOPIC: INTRODUCTIONS
From: Mike Banks Valentine
Last week in our first issue I neglected to introduce myself
to list members, so I'll make up for it by telling you a bit about
myself and invite everyone to do the same. No lurking allowed
on a brand new discussion list or we'll be awful slow to get started!
My interest in online privacy came when I began marketing a
database developer to promote their solution online. ( I do search
engine optimization and online marketing for small business )
The software was developed as a way to secure information on a
shared server. I implemented that software on my own site to begin
testing and so that I might promote it effectively and understand
it thoroughly.
Then after about a year of following privacy and security measures
with a sort of detached professional attitude, it suddenly became
much more personal when I became the victim of identity theft
and my bank gave away a big chunk of my money to a scammer with
a fake ID bearing my name.
My credit record was destroyed and I spent nearly a month making
reports to the FBI for bank fraud, the FTC for identity theft,
the local police in the town where the bank fraud took place,
my bank to get reimbursed for the money they gave to the crooks
and to my dear mother, whose account is linked to mine!
I'll spare you the details, but I know that the bad guys got
my information online. I know that through some of my own detective
work, but none of those agencies to whom I spent all my time talking
about the crime ever resolved the case. The bank was out the money
(not me) because it was their fault for accepting a fake ID and
giving money to a scammer who had no withdrawal slip or checks!
So much for my interest in privacy and security. I admit to
being a technology enthusiast and love this industry enough to
have given up a fifteen-year career in photography to enthusiastically
dive into the web! I've never looked back and I'm still excited
by the web after four years of all-consuming interest in a great
medium. I've been involved in publishing in one form or another
for over twenty years and this feels like a logical extension.
I publish my own weekly newsletter for small business entrepreneurs
expanding to the web through my site http://website101.com
and invite everyone to subscribe to my own weekly newsletter,
the WebSite101 Reading List at http://website101.com/arch/
I've developed a privacy tutorial for beginners at http://www.website101.com/Privacy/Privacy_tutorial.html
And a privacy links page at http://www.website101.com/Privacy/Privacy_links.html
But enough about me. Jump in here and tell us about your interest
in privacy and security online. Just for kicks, if you have your
own web site, tell us if you have a posted privacy policy and
if that policy is monitored or enforced by a third party!
~ Mike
// -- CONTINUING DISCUSSION -- //
===> TOPIC: WHO READS PRIVACY POLICIES?
From: anonymous
In Digest #001, Mike Valentine said,
>> "Privacy has been a growing topic of concern among
the US public since 11 September. Harris found that 91% of US
consumers say they would be more likely to do business with a
company that verified its privacy practices with a third party."
<<
I'd be interested in learning how many of the 91 percent say
they would be likely to spend even five seconds reading the privacy
policies of companies with which they are considering doing business.
My experience is that the vast majority of users say that they
are concerned about privacy, but their actions are completely
inconsistent with those concerns.
===> TOPIC: PRIVACY OPT-OUT
From: anonymous
Greetings -
I'd like to share a "privacy opt-out" I received from Bank of
America recently. You may have heard that US companies are required
now to notify their customers how they share their information
with their affiliates and third-party companies, and give them
a chance to "opt-out" of such sharing.
Important note: I have received no bulletins or choices before
this law was signed.
Some companies were pretty straightforward with the information.
Most required me to spend my own postage to return the forms (some
had toll-free numbers to call or web sites to fill in).
BofA sent out a mini 6-page form with a current statement that
I could have easily trashed as I usually do with that type of
"bill advertisement" stuff. Luckily I caught it. They spent the
better part of six pages explaining how important it is to me,
the customer, that they share my information. If I had not known
better I would have come to the conclusion that there was no way
I could ever build a credit history nor get a loan if I didn't
allow them to share the information. I finally could opt-out of
several information sharing options. Finally, I stuck it into
an envelope and sent it away to a processing center, on my own
money for postage and envelope. The pamphlet was, of course, printed
in 2-point type and contained abundant legalese, and was folded
in such a way that I would have to work to find the return form.
So in conclusion, I expect this is what the industry has in
mind when they are crafting "opt-out" email policies - make it
as difficult as possible to actually opt-out. You may not see
it today, but after several years I expect it to evolve to being
close to the BofA level.
Regards,
// -- PRIVACY NEWS -- //
On March 4, 2002, Privacy International presented the 4th annual
UK "Big Brother" awards to the government and private sector organisations
that have done the most to invade personal privacy in Britain.
http://www.privacyinternational.org/bigbrother/uk2002/
Best place for a break-in? The front door! Professional hacker
Daniel Lewkovitz says if you look like you belong, employees will
hold the doors open for you.
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2856367,00.html
Modem LED's transmit data stream optically and can be intercepted
optically if your modem is visible through a window, regardless
of your stringent internal security measures.
http://www.usatoday.com/life/cyber/tech/2002/03/07/computer-spy-methods.htm
RIM Blackberry Internet edition openly transmits your unencrypted
email to anyone who wants to intercept it across wide geographic
areas within the Mobitex network.
http://www.eweek.com/article/0,3658,s=712&a=23806,00.asp
-----------------------------------------------------------------
