PRIVACYnotes

 Computers, Freedom & Privacy 2002
 

Home | Privacy Links | Opt-Out

   



Archive

PRIVACYnotes #1
PRIVACYnotes #2
PRIVACYnotes #3
PRIVACYnotes #4
PRIVACYnotes #5
PRIVACYnotes #6
PRIVACYnotes #7
PRIVACYnotes #8
PRIVACYnotes #9
PRIVACYnotes #10
PRIVACYnotes #11
PRIVACYnotes #12
PRIVACYnotes #13
PRIVACYnotes #14
PRIVACYnotes #15
PRIVACYnotes #16
PRIVACYnotes #17
PRIVACYnotes #18
PRIVACYnotes #19
PRIVACYnotes #20
PRIVACYnotes #21
PRIVACYnotes #22
PRIVACYnotes #23
PRIVACYnotes #24
PRIVACYnotes #25
PRIVACYnotes #26
PRIVACYnotes #27
PRIVACYnotes #28
PRIVACYnotes #29
PRIVACYnotes #30
PRIVACYnotes #31
PRIVACYnotes #32
PRIVACYnotes #33
PRIVACYnotes #34
PRIVACYnotes #35
PRIVACYnotes #36
PRIVACYnotes #37
PRIVACYnotes #38
PRIVACYnotes #39
PRIVACYnotes #40
PRIVACYnotes #41
HIPAA

PRIVACYnotes Discussion List
Security Protecting Privacy is Good for Business

Respecting Privacy on the Web 

----------------------------------------------------------------------
                        PRIVACYnotes Digest
              Protecting Privacy is Good for Business
----------------------------------------------------------------------
Published by:
Mike Banks Valentine                                   PrivacyNotes
privacy@privacynotes.com                              www.privacynotes.com
----------------------------------------------------------------------
April 25, 2002                                        Issue # 007
---------------------------------------------------------------------- 
                .....IN THIS DIGEST.....

// -- MODERATOR COMMENT -- //

"Computers, Freedom & Privacy 2002" ~ Mike Banks Valentine

// -- NEW DISCUSSION -- //

"Digital ID" ~ Eric Norlin

"Define Opt-In" ~ anonymous ~ anonymous ~ anonymous ~ Moderator Comment

"New Meaning for Home Page" ~ Mike Valentine ~ Anonymous

// -- CONTINUING DISCUSSION -- //

"Digital Databases" ~ Anonymous

// -- PRIVACY NEWS -- //

"The Latest in Privacy Issues"

----------------------------------------------------------------------

// -- MODERATOR COMMENT -- //

I just returned from the Computers, Freedom and Privacy (CFP2002) conference where I heard four days worth of discussion and debate from attorneys, corporate leaders, politicians and privacy advocates over issues of civil liberties, privacy and commerce.

I've come away from that very enlightening conference with a rather pessimistic conclusion -- That Sun Microsystems CEO Scott McNealy was correct when he said, "You have zero privacy anyway," to a group of reporters in January of 1999, but I stop FAR short of McNealy's suggestion to . . . "Get over it." On the contrary, I suggest we all consider getting ON it and taking a wild ride to protect what little privacy we have remaining and attempt to regain the ground lost since September 11.

The worst thing for privacy from 9/11 beyond the innocent deaths was the call for a national ID card from our good friend Larry Ellison and less enlightened members of congress. That concept was discussed in great detail at the CFP2002 conference by Andrew Schulman. I highly recommend you visit the following site for more information on the futility of that idea. Schulman is a software litigation consultant.

http://www.undoc.com Check out the top link listed under "recent work" for his National ID paper

California State Senator Jackie Speier spoke at the conference on her legislation SB773, which seeks dramatic curbs on financial institution's efforts to sell private Californians' financial information to other companies. Californians have a fighting chance at preserving privacy since we have Senator Speier working to pass privacy initiatives in the state senate.

But I don't see any serious national privacy advocates within the federal government since most listen when money talks before they listen to public opinion. Although there is lots of activity, there is no clear leader on the issue as described in the following ComputerWorld story.

http://computerworld.com/cwi/story/0,1199,NAV47_STO61707,00.html

The USA Patriot Act had, at it's heart, national security and protection from terrorism as clearly laudable goals, but some unintended consequences leeched on to suck away some freedoms when politicians used emotion above reason to attach some privacy eroding amendments to it.

We do, however have organizations fighting for privacy on the national level. They are the Electronic Privacy Information Center @ http://www.epic.org

Consumer Action @ <http://www.Consumer-action.org/English/library/privacy_rights/index.php>

and the Privacy Rights Clearinghouse @ http://www.privacyrights.org/

Jason Catlett's JunkBusters @ http://www.junkbusters.org/

They are each working hard to protect the public interest to privacy.

I hope that Oracle CEO, Larry Ellison is wrong when he says, "Privacy is already gone."

The conference was fascinating, if a little bit depressing. Look for some new members joining this discussion, starting next issue, as I worked hard to UNdo the privacy of the list to prominent privacy advocates attending. Since many of them are in the odd position of wanting exposure for privacy issues, I hope they'll be vocal participants in our discussions.

For a longer review of the conference visit: http://website101.com/arch/archive132.html

~ Mike Banks Valentine

 

// -- NEW DISCUSSION -- //

===> TOPIC: DIGITAL ID

From: Eric Norlin

I'm fairly new to the list, but very glad to have found it.

I wanted to point you to a new site I'm involved with that I think your readers will find pretty interesting: http://www.digitalidworld.com

The site tries to tackle digital identity and all of the intersections that occur there (distributed computing, web services, privacy standards, etc)....we're starting to get some traction. Getting folks like Esther Dyson becoming involved in the upcoming conference and Charles Fitzgerald [of Microsoft] interview should be out w/in the next 2 weeks or so).

Anyway -- hopefully we can be an additional resource to your readers. keep up the great work.

Eric Norlin Partner, UnCharted Shores, LLC

 

===> TOPIC: DEFINE OPT-IN

From: anonymous

A few days ago, I asked for help in locating a service bureau that could send an email blast on behalf of one of our clients. We are not in that business but have more Internet marketing expertise than they do, so they asked for some advise.

I thought we should continue the debate over whether a purchased list can ever be opt-in. From my vantage point, I think that a purchased list can be but often isn't opt-in.

When I was younger and the world seemed more black and white, I tended to think of issues in terms of absolutes. An example of such an absolute is the statement that an email list purchased from a third party can never be opt-in. I respectfully disagree.

While many and perhaps most lists purchased from third parties are not opt-in, I believe that the issue is whether the third party obtained from its users their consent to receive emails from other organizations. An examination of the posted privacy policy as well as the registration form filled out by the user should provide the answer. If either clearly indicates that information volunteered by the user will be sold to third parties, then hasn't the user consented to receive emails from third parties? If so, then isn't the list opt-in?

I understand that many on this list, including me, are frustrated and often angry at the type and volume of spam that we receive. Nevertheless, if we include in the definition of spam those emails that we receive because we consented to the receipt of the emails, then aren't we weakening our very important argument against the ever increasing amount of spam?

 

===> DEFINE OPT-IN

From: anonymous

anonymous wrote: >> An examination of the privacy policy... should provide the answer. If [it] clearly indicates that information... will be sold to third parties, then...isn't the list opt-in <<

Maybe, but not everyone actually reads the small print when signing up for a list. Even if they do, they are likely to forget they agreed to receive mail from "our partners". So when they get your client's email, a certain proportion of recipients will still consider it to be spam.

Unfortunately, "opt-in" seems to have become an almost meaningless term. The I-Design list's posting address has definitely never opted in to anything since it's not a person. Yet it receives around a dozen spams a day along the lines of "You received this email because you signed up at <spammersdomain.com> or with one of our approved third party marketing partners." When I have the time and the inclination, I report them as spam.

As other contributors to this thread have said, the only 100% safe route is to build up your own opt-in list, or advertise in reputable newsletters (I-Design, for example! <g>).

anonymous,

 

==> DEFINE OPT-IN

From: anonymous

While Anonymous's point about privacy policies, permission to provide information to third parties and such may be technically valid -- we, after all, may have registered to receive information by e-mail -- the parties that collect such information seem to have a very broad view of what in included in the stated scope of interest.

If the truth be told, I don't know if I have ever received information by e-mail from any of the companies with which I have registered that bears any similarity at all to the type of information one would reasonably assume to be in the mind of the person registering. If I request information on up-grades for a specific software application, for example, how is that related to joining a pyramid marketing scheme?

In the real world, things might not be absolutely black and white, but let's not get ridiculous here.

If it was my money, and the reputation of my company at stake, I would never buy an e-mail list, opt-in or otherwise. If the e-mail I receive stating that I requested the information is any indication of what targeted e-mail is all about, it is a sad joke and a sad waste of money for the companies relying on it.

If Anonymous's last point, that if we consent to the receipt of e-mails weakens our argument against spam, is correct, then, it would seem, our only alternative is to opt-out of all mailing lists and never request information on anything again.

anonymous

 

[ Moderator Comment ]:

I've worked very hard to keep my email addresses out of the hands of both spammers and legitimate marketers since both tend to believe that once they have your address, they can sell it to others. This silliness is dubbed "secondary uses" in privacy policies. That term sinks the ship of any privacy claim I read, since it's just a way of masking their intent to resell or "Share" your personal information.

I've got a method of tracking the original source of spam that I thought would protect me, unfortunately some so-called "legitimate list brokers" have purchased many of my tracking addresses originally obtained from spammers and continue to resell them again and again.

Too many email campaigns from "legitimate" marketing lists are using my tracking addresses now for them to have any remaining value. The original offending spammer was using a mail server in Singapore to promote what looked like a "legitimate" email campaign when I first responded about a year ago with that tracking address. I now know that they are NOT legitimate, unfortunately nearly all of the supposedly "legitimate" list brokers are using that address . . . which means they bought it from the spammers!

I think that the privacy seal programs are nearly meaningless after seeing that Truste approved the recent move by YAHOO! to opt-in all of it's millions of customers to spam from it's "partners" by simply changing their privacy policy to allow themselves to do so. I no longer trust http://www.truste.org when they say . . . "When you see the TRUSTe seal, you can be assured that you have full control over the uses of your personal information to protect your privacy."

Hmmmm, I don't think so!

 

===> TOPIC: NEW MEANING FOR HOME PAGE

From: Mike Valentine

I just found my home street address is a domain name! The house I live in (I'm a renter) is for sale and the agent's domain name caught my eye in passing this morning. It is my street address, as in 555MainStreet.com, and I was not told this would occur! As a privacy advocate, I was more than a little alarmed by this little development. Since I don't own the house it really is none of my business either, but doesn't this raise some red flags for people selling their homes who don't know about this?

I'll be asking my landlord about whether they were told or even asked about this when they signed the listing agreement. Isn't it conceivable that, using public records, anyone could find that listing and based on personal property visible in the posted photos or just the look or description of the house, decide they want to know more about the owner? This domain name is posted on all the flyers distributed by the real estate agent and in published listings in newspapers, real estate advertising books and virtually everywhere the house is offered for sale.

I looked up the domain registrant and found that it is a service for real estate agents. They pay $65 and get the (virtual) domain name and three months of hosting with photos and descriptions posted on a framed site that hides the real source of that domain name, which is http://www.listingdomains.com for a company called Properties Online. What a brilliant scheme by that domain owner to profit by purchasing domain names for real estate agents!

I can see the wheels turning among domain investors and speculators with other interests. ;-)

This feels invasive, even though it's not my house, but what if it were? So do I have a right to my own street address? Then what if the house doesn't sell and that domain name is used for unsavory purposes at the end of it's useful life selling the house? I don't have a criminal mind, but it seems that, those who do, have lots of ways of abusing otherwise worthwhile stuff in all manner of evil ways! Am I wrong to feel nervous about this?

 

===> NEW MEANING FOR HOME PAGE

From: Anonymous

Mike,

Interesting points you bring up. Really, Listing Domains is just another way to advertise a home for sale. Unfortunately, most forms of real estate advertising can be a little intrusive because to sell the house - you have to show it. The web sites provide easy access to the property details and are a lot cheaper than newspaper ads. The Domain Riders are useful, because a person driving by the home can get additional information about the listing without having to contact the real estate office. The homeowners like it because prospective buyers can get information about the property without having to go though hundreds of other properties for sale online.

The normal life of a Listing Domain web site is three months. Once the agent marks the property as sold - the price is removed. Once the home closes escrow, the agent removes the property. If the agent doesn't update their property (which is likely) we remove the home after the three month subscription. We are going to offer the new homeowner extended hosting on the site if they want to keep it to show out of town family and friends their new home.

The listing domain web sites do not give any information about the homeowner. Anyone driving by a home can write down the address and call a title company to find out who owns the property, what they paid for it, etc. I can understand how you might find it to be intrusive as you are the person occupying the home. If you feel uncomfortable about it, I would talk to your landlord. I can only assume that the agent told them that they would be purchasing a Listing Domain site for their property - but who knows =).

Please let me know if your landlord was not asked by the agent about doing a Listing Domain site. The agent signs an agreement stating that he/she has received permission from the homeowner prior to purchasing each site. Normally the homeowner is very please that the agent is taking the extra step of purchasing a unique website to showcase their property.

Most agents actually add our service to their listing presentation to help them get the listings. For homeowners who don't like the idea of their address being "out there" we offer the option of not having the property address appear on the website and of course the domain name can be anything that is available to register. Here are a few samples:

SutterAve.com FountiangroveLots.com The707ranch.com colonyroad.com AltaVistaAve.com

I do appreciate your email. Feedback is a good thing. Please let me know if you have any other concerns or if I can do anything to put your mind at ease.

Amanda http://www.listingdomains.com

[ Moderator comment ]:

My landlord says the information on the listing domain was "probably in the advertising stuff" I signed. Did you read any of it, I asked. "No. I trust the agent." Oh, what if I DON'T trust the agent? We had an open house next day and were asked to leave the house for those three hours. The agent suggested that I put any easily pocketed collectibles out of reach and warned that any prescription drugs should be removed from bathroom cabinets, "Just in case."

 

// -- CONTINUING DISCUSSION -- //

===> TOPIC: DIGITAL DATABASES

From: Anonymous

Larry Ellison stated 'The single thing we could do to make life tougher for terrorists would be to ensure that all the information in myriad government databases was integrated into a single national file.'

I agree. What was left unsaid was that will also make life tougher for every single person, not just terrorists. All of us equally.

What bothers me quite a lot is all the people that have a don't care attitude. They say 'I have nothing to hide'. That has nothing to do with it. Those people don't have a clue as to the impact on society.

I am also getting very tired of things such as a database like this being foisted on the public under the guise of security. It brings no security. A music label recently introduced cds with a new technology supposedly to prevent piracy of the songs of a major artist. At this time, that cd is well on its way to being the most pirated ever. So what was accomplished? The pretense of security is the same.

In this case, Larry Ellison is being an opportunist to have Oracle used in a very big way, which will give them a lot financially. Are we so willing to allow this? I must add if Larry Ellison was not an opportunist Oracle probably would not exist today.

One item no one ever ever mentions in regard to any of these super-databases, whether in existence now or considered for later, is security. How will this information (much of it can be very personal too) be safe? Guaranteed?

Anonymous

 

// -- PRIVACY NEWS -- //

Privacy and free-speech advocates faced off Friday at a high-profile computer conference here, debating a widening rift over how public records should be made available on the Internet. For years, records such as voter registration data, dog license information and most court filings have been freely available. Someone hoping to cull information from those files had to simply go down to the courthouse or agency in person and request the records.

http://zdnet.com.com/2100-1105-887466.html

Even a conference room chock full of copyright law experts and technologists could not determine Tuesday what role digital rights management (DRM) should play in balancing the rights of users and content providers. The panel grappled with the issue even as a hotly debated piece of proposed legislation aiming to place DRM in all consumer digital devices is currently snaking its way through the U.S. Congress.

http://staging.infoworld.com/articles/hn/xml/02/04/17/020417hndrm.xml

Sen. Ernst "Fritz" Hollings, D-S.C., on Thursday introduced an online privacy bill that would force companies to obtain explicit permission from individuals before collecting and sharing information about them. Hollings' Online Personal Privacy Act aims to make privacy laws consistent across the United States, pre-empting all state statutes and regulations related to Internet privacy.

http://zdnet.com.com/2102-1105-886876.html http://news.com.com/2100-1023-886679.html

The World Wide Web Consortium (W3C) gave its official blessing to the Platform for Privacy Preferences (P3P) 1.0 specification, despite criticism from some privacy advocates who said the standard does little to protect consumer privacy. W3C said users and Web sites should adopt this standard. Officials from the Electronic Privacy Information Center and Junkbusters, among others, argued that the standard will not curb abuses by Web site operators because it is not "easy, effective, and enforceable."

http://www.idg.net/ic_848725_1794_9-10000.html

Comment? mailto:privacy@website101.com

Computers, Freedom &Privacy conference Last week in San Francisco, nary a conversation, speech or roundtable discussion was uttered without some form of the phrase "since 9/11." While many of us can go about our lives without thinking (too much) about the effects of 9/11, those who work at the nexus of technology, security and privacy cannot, for everything the government has done in reaction to the attacks intersects all those areas.

http://www.eweek.com/article/0,3658,s=712&a=25741,00.asp

privacy@website101.com 5318 E. 2nd St. #789 Long Beach, CA 90803