Privacy & Security Heat Generates Little Light

Privacy Heat Generates Little Light
by Mike Banks Valentine


Privacy and security are topics I've been following closely for over two years online and off. I know I've seen some rather vehement and heated opinions voiced on Privacy and I've watched otherwise very level-headed discussions turn rather boistrous when privacy issues come up in conversations of internet industry marketing or security veterans.

An innocent comment on spam can cause unimaginable eruptions of heated emotions at a internet professional gathering. Vast hotel ballrooms overflow at web conferences to hear panel discussions on IT infrastructure security issues since September 11, 2001. Databases of customer information have been fought over in dot com bankruptcies while accidental exposures of private information is unwittingly made public by simple human error handling email soft- ware. Privacy issues made DoubleClick famous overnight.

I watched two episodes of the popular network television show "Law and Order" just this month that dealt with innocent death due to a hacker killing diabetics in one show and a stalker accessing private information purchased from datamining profiteers to kill an innocent in another show. These programs are supposedly based on real-life cases. Privacy issues have made it to Prime-Time on 60 Minutes repeatedly, from identity theft to facial recognition software to airport security matters.

What permission is presumed given by subscribers when they join a discussion list as to Privacy concerns? Do you include their email address on subscriber posts? Do you have permission to contact them for stand-alone ads from list advertisers? Does your web site privacy policy apply to your list subscribers and if not, can you then archive the list online? What if you remove those email addresses before archiving?

Privacy has been a growing topic of concern among the US public since 11 September. Harris found that 91% of US consumers say they would be more likely to do business with a company that verified its privacy practices with a third party.

http://www.emarketer.com/estatnews/estats/ecommerce_b2c/20020222_harris.html

These are the hot-button issues that can make or break a web business and you can't afford to be ignorant of any of them whether you are webmaster of a micro-business with a ten page site or a corporate CIO in charge of multiple company web properties.

Posted Privacy Policies accessible from the most prominent pages of a business web site are now mandated by the Federal Trade Commission in the United States.

Most web site visitors fail to read a posted privacy policy so the World Wide Web Consortium (W3C) http://www.w3.org/ has initiated the Platform for Privacy Preferences (P3P) http://www.w3.org/P3P/ Standards are being developed as a browser default that will notify visitors of the strictness of your Privacy Policy and warns them if you don't honor their preferences.

YAHOO! this week revised their privacy policy and is sending notice to it's millions of free account holders of that change. In press releases announcing the privacy update,

http://www.msnbc.com/news/730862.asp

YAHOO! suggests that the move is simply a procedural action to allow legal investigations when requested by law enforcement agencies. A second notation suggests that they be allowed to provide member information to any corporation that might buy YAHOO! properties as an asset of that potential sale.

But YAHOO! fails to mention publicly what is involved with changes to how information is shared on existing members with a YAHOO! ID. The change is sweeping and massive internally as it now requires every existing member to re-opt-out of wide information sharing with partners, advertisers and myriad YAHOO! properties such as the free email account holders, Geocities free web site members, Yahoogroups (formerly Onelist.com) email list distribution system and their giant web directory advertisers (anyone who has paid to list their site).

The action by YAHOO! prompted a flurry of angry email Friday across dozens of discussion lists and newsletters suggesting immediate changes to YAHOO! profiles by current members. I received the following note from two sources, both of which told me they had reproduced it from a list they belonged to and didn't know the original poster. As in many cases of email campaigns, the source is elusive, but the message is valid and calls for serious attention.

The following post has been distributed widely across email discussion lists. I was unable to find the author for attribution, but better to get the word out than see the resulting overload of spam you'll get.

You may remember when you signed up for a Yahoo ID and were asked by them if you wished to receive any "Special Offers & Marketing Communications." Yahoo recently revised their privacy policy. As a result, and regardless if you chose to receive any of these "Special Offers" or not when you signed up for your Yahoo ID, Yahoo have set every single person who has a Yahoo ID (and those that have more than one) to "Yes" in these preferences. This means that you may well be inundated with even more junk mail than you are already receiving.

In order to change your settings back to whatever you had them at before, you will need to log in to your account and physically change them.

Login at the following URL - you will be prompted for your Yahoo ID and password:

http://edit.my.yahoo.com/config/eval_profile

The middle segment within the Member Information (email addresses) section has a link to: Edit your marketing references. Click on this link and you will see all of your settings were changed to "Yes." Meaning of course that you will receive all kinds of "offers" from Yahoo and their "partners."

Unless you wish to receive even more junk mail than you are already getting, you may wish to go through the entire page and choose whether to receive such notices. Also, right at the bottom of the page are other ways you could be notified - by phone or postal mail. Unless you wish to receive unsolicited phone calls and paper junk mail, you will need to change these settings to "No" also.

Once you have finished your selections, make sure you click on the Save Changes button right at the bottom of the page.

Yahoo is supposedly sending out notices to all its users regarding this particular change. However, it is estimated it will take several weeks for everyone to receive their notification.

Better to pay attention to a growing public concern before you are in a position to put out fires caused by all the heat generated by it!

http://privacynotes.com
--------------------------------------------------------
Privacy News Links
--------------------------------------------------------


DoubleClick agrees to settle Privacy Litigation. Web advertiser DoubleClick Inc. on Friday said it had agreed to purge consumer information it had collected and adhere to an enhanced privacy policy, as part of a settlement of federal and state class action lawsuits filed against the firm.

http://reuters.com/news_article.jhtml?type=search&StoryID=757089

A lot of companies are busy gathering customer data, but knowing how to put that data to good use remains an obstacle for many firms. Data mining is growing dramatically, but data warehousing poses huge obstacles to that fine line between personalization and privacy invasion. This study of Customer Relationship Management implementation skims the surface of what to do with all that data once collected.

http://www.emarketer.com/analysis/ebusiness/pepprog_one2one_20020325.html

Crime-Fighting by Computer Widens Scope. New York City's renowned Compstat (short for computational statistics) crime-fighting program, originally created to measure and map serious crime in city neighborhoods, has grown into a sweeping data-collection machine that traces hundreds of factors, many of which appear distant from the nuts and bolts of police work.

http://www.nytimes.com/2002/03/24/nyregion/24COMP.html
(Free membership required to read story, but read the privacy policy first!)

Yahoo March 28 Ñ The giant web portal has revised its privacy policy to more clearly describe how user data will be treated in certain circumstances, company officials said. THE NEW POLICY states Yahoo will share information to investigate circumstances involving illegal activity such as fraud, violations of its terms of service agreement and the use of its service for potential threats. The revision also said Yahoo will transfer user information if it is acquired by another company and abide by the acquiring companyÕs privacy policy.

http://www.msnbc.com/news/730862.asp

A Loss to Medical Privacy Opinion By DONNA E. SHALALA, former Health and Human Services Director for Clinton Administration says that the Bush administration must be careful not to accept changes to regulations that could lead to the misuse of patients' personal health information.

http://www.nytimes.com/2002/03/30/opinion/30SHAL.html
(Free membership required to read story, but read the privacy policy first!)

On March 4, 2002, Privacy International presented the 4th annual UK "Big Brother" awards to the government and private sector organisations that have done the most to invade personal privacy in Britain.

http://www.privacyinternational.org/bigbrother/uk2002/

Best place for a break-in? The front door! Professional hacker Daniel Lewkovitz says if you look like you belong, employees will hold the doors open for you.

http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2856367,00.html

Modem LED's transmit data stream optically and can be intercepted optically if your modem is visible through a window, regardless of your stringent internal security measures.

http://www.usatoday.com/life/cyber/tech/2002/03/07/computer-spy-methods.htm

RIM Blackberry Internet edition openly transmits your unencrypted email to anyone who wants to intercept it across wide geographic areas within the Mobitex network.

http://www.eweek.com/article/0,3658,s=712&a=23806,00.asp