Privacy News

Home | About Us | Contact Us | Privacy Policy | Links

Privacy News






Friday, March 28, 2003


In each of these newsletters, I will also try to give updates on a specific area of legislative concern. Today, I would like to share some details of our efforts to protect American’s from identity theft. My goal is to protect American's personal information – including medical data, financial data, social security numbers and driver’s license information, and create an appropriate balance between protecting personal information from identity thieves and others who would misuse it, while allowing legitimate business and government practices to go forward.

To achieve this, I have introduced a package of legislation designed to:
• Combat the growing crime of identity theft;
• Give identity theft victims the ability to restore their good names;
• Prohibit sale and display of social security numbers to the public; and
• Set a national standard for how individuals personal information is protected.

The Social Security Number Protection Act -- Makes it harder for identity thieves to obtain Social Security numbers by restricting public access to the number. Prohibits the sale or display of Social Security numbers to the general public, removes Social Security numbers from government checks and driver's licenses, and requires Social Security numbers to be taken off documents obtained via the internet. At the same time, the bill would permit legitimate business and government use of the number.

The Identity Theft Prevention Act – Makes it harder for identity thieves to get access to your credit card numbers or take over your credit card account. Penalizes credit card companies that ignore a victim's report of fraud and continue to issue credit to the thief. Requires truncation of any credit card number printed on a store receipt.We’ve had some good news on this front. On March 6, I joined Visa CEO Carl Pascarella to announce new Visa regulations prohibiting the display of all but the last four digits of credit card numbers on consumer receipts. By taking this action, Visa is joining in the fight against identity theft, setting a new industry standard for the protection of personal information.The Identity Theft Penalty Enhancement Act – Strengthens the criminal penalties for those who use identity theft as a means to perpetrate other serious crimes, including terrorism, fire arms offenses and immigration violations. Makes it easier for prosecutors to prove identity theft. This bill was approved by the Senate on March 20.

The Privacy Act – Sets a national standard for protection of personal information, including Social Security numbers, driver's licenses and health and financial data, including information collected both on-line and off-line. This bill will be introduced in the next two weeks.

My home page has further details on these bills along with links to learning how to better protect yourself from identity theft:

End of Feinstein news ----

Location-based wireless services are just around the bend, and a good dose of controversy is bound to arrive with them. Though services that can pinpoint a user's exact location through a mobile phone signal offer promising applications, especially for public safety, they also promise the opportunity for widespread invasions of privacy . Location information can be used in many ways -- from beneficial to downright malicious. What is troubling to many is that the power to use the data properly rests almost entirely in the hands of mobile operators.

Florida Issues Subpoenas to Investigate Prozac Mailing On July 9, 2002, the Florida Attorney General issued investigative subpoenas to Eli Lilly & Co., Walgreens and a number of health care providers to determine whether state laws were violated when Prozac tablets were mailed unsolicited to a Florida resident. In the most recent twist on direct marketing of pharmaceuticals to patients, the individual received an envelope from Walgreens that included a letter encouraging the patient to switch to Prozac Weekly along with a free one-month trial of the drug. The Attorney General’s office is concerned not only with the unsolicited delivery of a prescription drug, but also with the possibility that privacy rights were violated by the misuse of medical information to target likely candidates for a particular drug.

Florida Attorney General Settles Eckerd Marketing Investigation The Florida Attorney General’s Office announced July 10, 2002, that it had reached a settlement with Eckerd Drug Corporation in the investigation of the company’s use of private medical information for commercial purposes. The attorney general had been investigating Eckerd’s practice of having customers sign a form that not only acknowledged receipt of a prescription but also authorized the store to release prescription information to Eckerd Corp. for future marketing purposes. The form apparently did not adequately inform customers that they were authorizing the commercial use of their personal medical information.

WASHINGTON, July 9 Under Congressional pressure, the Bush administration said today that it was open to the idea of installing a chief privacy officer in a new Department of Homeland Security to make sure it weighed issues of confidentiality and the secure handling of personal information. "If you bring us a proposal, I think we'd look at it very carefully, Privacy is a very important function." Mr. Barr opened a subcommittee hearing by asking Mr. Everson what steps would be taken "to ensure the privacy of personally identifiable information as the new agency establishes necessary databases that coordinate with other agencies of the government."

For many interactive marketers, one solution to that threat is permission-based (also called opt-in) marketing. Behind permission-based marketing’s significance is the mounting focus on privacy matters among the American population. This focus is not simply an online or an e-mail phenomenon—and it’s not even a "phenomenon," if that means a fad or a trend. Instead, privacy concerns represent a sea change in how people are ready to deal with corporations and government, and what they expect from those institutions in return.

v More than 14 million Americans are under continual electronic surveillance by their employers, who not only watch e-mail, chats, and Web traffic but also look into employee files, according to a July 2001 report issued by the Privacy Foundation, a Denver-based advocacy group. In some cases, the monitoring is reactive—as was the case with General Dynamics. Most of the time, however, companies watch their workers hoping to nip problems in the bud. Any machine that belongs to a company is fair game. The company doesn't need a warrant—or your permission.

Every new technology gives birth to new security and privacy fears. When mobile phones first started gaining popularity in the late '80s and early '90s, it seemed anyone who could navigate a Radio Shack could put together a little receiver to intercept random cell traffic from the air. Although carriers have made it a little harder to do that today, the sense that some conversations are better had in person, or over a wired line, has not disappeared.

FORT LAUDERDALE, Fla., July 3 "Enclosed you will find a free one month trial of Prozac Weekly," it said. "Congratulations on being one step to full recovery." The mailing infuriated one recipient, a 59-year-old home caregiver who filed a class-action lawsuit this week in state court here. "They're going after me because I have a problem," said the caregiver, who agreed to an interview in her lawyer's office here on the condition that her name be withheld. "It bothers me to think that somebody could get into my medical records and start sending me dangerous medications." The suit says Walgreens, a local hospital, three doctors and Eli Lilly, which makes Prozac, misused patients' medical records and invaded their privacy. It also accused the drugstore and Lilly of engaging in the unauthorized practice of medicine.

Cellphones, with their unlisted numbers, have long been more or less safe from the marketing that bombards kitchen phones, mailboxes and e-mail in-boxes. But that electronic cocoon is starting to fray. Telemarketers are increasingly reaching people on their cellphones. Wireless phone services say they are receiving a growing number of complaints from consumers angry because the calls are costing them money. So many complaints, in fact, that a backlash has begun. Companies and consumers are suing telemarketers. Legislators in at least four states are trying to regulate such calls, and a bill barring cellphone spam has been introduced in Congress.

Protect Your Digital PrivacyEye scans, satellite tracking and digital video surveillance are among the technologies that Silicon Valley officials recommended Monday to bolster the San Jose airport's security and make travel more efficient for passengers. Conscious of questions about an erosion of civil rights, the group argued that its recommendations would not infringe upon privacy rights. ``None of the recommended technology applications have the potential (as face recognition software would, for example) to radically change the amount of private information that airports, airlines or the government gathers about the public,'' the report stated.

From the Bill Gates e-mails unveiled during the Microsoft trial to the Enron debacle, the digital trails people leave have provided stunning insight into their beliefs and habits. Now the FBI is hoping to capture and corral more of our digital detritus in the name of fighting terrorism. The Senate Judiciary Committee on Thursday will examine proposed Justice Department guidelines that would give federal investigators new license to mine publicly available databases and monitor Web use. The changes, which come after a major FBI shakeup last week, have sparked intense debate over the merits of expanding government surveillance powers as the country faces ongoing threats of terrorist attacks.

Researchers Nathaniel S. Good and Aaron Krekelberg have found that users of Kazaa and other P2P filex sharing networks often share files that they would probably rather keep private. "We discover[ed]," said the HP researchers, "that the majority of the users in our study were unable to tell what files they were sharing, and sometimes incorrectly assumed they were not sharing any files when in fact they were sharing all files on their hard drive."

What you are about to read is a solution to spam that requires no reengineering of e-mail, the Web or any other systems. It could be set up to guarantee spam blocking using simple, existing technologies. I've dealt with corporate intranets in the past, which have completely blocked e-mail from the outside unless one is on an approved list. Contact must always go through the network administration. Individuals working within these institutions receive absolutely NO spam inside their network because they have turned the filtering problem on its head. In typical spam filtering, you filter information from select addresses or with select content. In reverse filtering, you only permit information from select addresses or with select content.

North Dakotans voted overwhelmingly last Tuesday to require banks and credit unions to get customers' permission before selling data on them, and privacy advocates say the vote will send a message across the country. The result of the statewide referendum, in which 72 percent of those casting ballots favored a tightening of privacy law, "shows that when given a chance, the voters of a conservative Plains state will vote to protect their privacy, It gives the lie to the idea that privacy is either a liberal idea or out of the mainstream." The editor of Privacy Journal, published in Providence, R.I., said the vote would encourage other groups working on privacy issues, and added, "It might deter some legislators from going with corporate interests."

Seth Godin argues that privacy and anonymity lead to bad behavior. Better to be transparent and identifiable than obscure, opaque and anonymous. He floats a raft of good points worth serious consideration. Are we ready to be fully visible?

The creator of an add-on program for AOL Time Warner's Instant Messenger plans to eradicate a component that phones home after critics called the feature "spyware." The recent decision comes after some users of Big-O Software's AIM+ program--which adds chat logging, ad removal and other features to AIM--complained that the program violated their privacy by sending information about their online identity back to a Big-O server. "The fact that AIM+ returns information to the Big-O Software servers has never been hidden from the users," Mark Swiss, beta tester and community organizer for Big-O Software, said last Friday in a
response to consumers' complaints on the company's online forum.

Best Buy is changing its online privacy policy, allowing the company to combine customer information from its Web site with that collected in its stores. As part of the policy modification, the company also said it may share with third parties information collected from surveys or reviews on its site. The company has begun notifying customers of the changes via e-mail; the updated policy will go into effect June 9. The shift raised the eyebrows of some privacy advocates. The changes are only the latest in a disturbing trend of companies revamping their privacy policies to the detriment of consumers, advocates say. Companies usually make such changes themselves, taking little input from customers and leaving them with little recourse.

Five owners of a controversial digital video recorder sued the entertainment world's biggest firms Thursday, asking a federal judge to uphold consumers' rights to record TV shows and skip commercials. The owners of the ReplayTV 4000 claim an entertainment oligopoly of U.S. television networks and movie studios is trying to label them as criminals. "I'm just trying to exercise my normal rights in terms of video recording," said one of them, Craig Newmark, founder of the popular community listings site Features like commercial skipping, he added, help parents "protect their kids from excessive consumerism."

North Dakota voters on Tuesday will be the first in the country to make their own choice about how to regulate financial privacy. A statewide referendum will decide if banks and other financial institutions can continue to share or sell data without obtaining customer permission. A disparate coalition seeking tighter privacy restrictions, reaching from labor and the American Civil Liberties Union to a small conservative organization, the Constitution Party, forced the referendum on the ballot. There are unusual allies on the other side, too: the banks and credit unions, which often fight each other on financial regulation.

Privacy and Security on your PC. Spyware, nosy bosses, unnecessary demographic information,
the government: the efforts to learn what you're up to are constant. In this first installment, know your adversaries, their tools--and your rights. Extremetech covers the six layers of information security.

He cuts off telemarketers on the phone, regularly reminds direct-mail associations to keep him off their lists and diligently opts out of mass e-mail lists. But he didn't hesitate to give his fingerprint, credit card information and phone number to a company he had never heard of. He is one of the 2,000-plus customers of a Thriftway grocery store in West Seattle who signed up in a pilot program run by Oakland, Calif.-based Indivos Corp. that links customers' fingerprints with their credit or debit cards, allowing them to buy groceries by simply running a finger over a scanner.

The Justice Department said today that it would immediately loosen restrictions on the F.B.I., giving the bureau broad new powers to go after terrorists without violating the United States Constitution. Attorney General John Ashcroft and the F.B.I. director, Robert S. Mueller III, announced the changes this afternoon. Mr. Ashcroft said that far from endangering the rights of Americans, the changes would allow federal agents to do things that members of the public already do. Under the current guidelines, the bureau cannot send undercover agents to investigate groups that gather at places like mosques or churches unless investigators first find probable cause or evidence that leads them to believe that someone in the group may have broken the law. Now they can attend any function open to the public.

New York State has taken aim at the growing amount of spam plaguing consumers by filing suit against online marketing company MonsterHut and two of its executives. "Every day, New Yorkers are being inundated with unsolicited commercial e-mails, or spam," Spitzer said. He called a portion of the spam "a vehicle for fraud" and noted that some of it is "inherently fraudulent." Spitzer leveled the suit at MonsterHut, company CEO Todd Pelow and chief technical officer Gary Hartl, accusing them of representing the company’s e-mail marketing service as an opt-in offering. Their claims, the suit alleges, are intended to convince outsiders that every consumer who has received commercial e-mail from MonsterHut specifically requested it.

A Tennessee man who devised an audacious identity-fraud scheme to bilk jewelers and corporate executives out of $730,000 worth of diamonds and Rolex watches was sentenced to eight years in prison yesterday by a federal district judge in Manhattan. The defendant, James Rinaldo Jackson, 41, said when he pleaded guilty in 2000 that he found the names of corporate executives in "Who's Who in America" and paid $50 to $100 to buy their Social Security numbers from Internet information brokers. He also fraudulently obtained their credit card numbers and other personal data, and impersonated his victims on the telephone to buy the jewels and watches. "The defendant's crimes are everyone's worst nightmare,"

Glitches in a controversial FBI system to monitor the e-mail of suspected criminals likely hampered an investigation of al Qaeda two years ago, according to internal FBI documents released on Tuesday. According to memos obtained by the Electronic Privacy Information Center, FBI investigators threw out the results of an e-mail wiretap in March 2000 because the system, commonly known as "Carnivore," collected electronic messages of regular Internet users as well as the target of the probe. FBI officials have told Congress the system captures only a narrow field of information for which interception is authorized by a court order. The documents showed Carnivore had occasionally grabbed the e-mail messages of other Internet users, especially when set up to work on unusual e-mail systems.

Technology companies are enlisting in the war on terrorism, seeking to profit by making Americans more secure. But some of the new technologies, including lie detectors that claim to read brain waves and electronic scanners that see through clothing, raise concerns about possible invasions of privacy. "In the wake of Sept. 11, a wide array of corporations, with the active encouragement of the U.S. government, are developing new and extremely intrusive systems to capture personal data, biometric data and video information," said Wayne Madsen, a privacy researcher at the Electronic Privacy Information Center in Washington. All technology companies seek to share in the billions of dollars budgeted for homeland security.

BRUSSELS, May 27 (Bloomberg News) - The European Commission has begun an inquiry into Microsoft because of concerns that its .NET Passport system may violate privacy rules. The European Commission said last week that it had concerns about the legality of Microsoft's Passport, which stores identity data on the company's servers so that Internet users do not have to re-enter it as they move among programs and Web sites. Microsoft already faces the threat of a fine by the commission for abusing the dominant position of the company's Windows operating system, which runs 90 percent of the world's personal computers.

TRUSTe, the nonprofit organization widely known for its leading privacy certification and seal program, and ePrivacy Group, a respected privacy consulting, training and technology company, have joined forces to launch a groundbreaking email certification and seal program to bring consumer trust to commercial email.  Under the banner “Trusted Sender,” this new program includes beta testers Microsoft, DoubleClick and Topica. Announced in January.

Researchers in Scotland are developing a new kind of Web monitoring
Protect Your Digital Privacy software that they claim can collect enormous amounts of data on Web
surfers while remaining nearly undetectable. The University of
Strathclyde received the award for an undisclosed sum Thursday. Dr.
Lykourgos Petropoulakis, who is heading the 18-month research project,
declined to comment on the technology, calling it "highly classified"
information. Web surveillance software has drawn intense interest from
consumer advocates, who fear the interactive nature of the Internet can
provide unprecedented power for governments, corporations and individuals
to trample people's privacy

The agency responsible for the U.S. Defense Department's global
networks and classified command and control systems has a gaping
security hole in its front yard -- security cameras at its headquarters in
Arlington, Va., are connected to a nonsecure and unencrypted wireless
LAN. Chris O'Ferrell, chief technology officer at NETSEC Inc. in Herndon,
Va., which provides intrusion-detection services to numerous federal
agencies and commercial customers, detected the nonsecure wireless
LAN at the Defense Information Systems
Agency (DSIA) last Friday.
While parked across the street from DISA's headquarters, O'Ferrell was
able to easily map the topology of the agency's network, including the
Service Set Identifier (SSID) numbers of access points and numerous IP

Ford Motor Credit informed 13,000 consumers Friday that their personal
information -- including Social Security number, address, account
number and payment history -- was accessed by hackers who broke
into a database belonging to the Experian
credit reporting agency. Federal
Bureau of Investigation special agent Dawn Clenney told NewsFactor
that the data breach is being investigated and that law enforcement is
working with Ford, which believes the hack occurred sometime between
April 2001 and February 2002. Letters to the 13,000 people, 400 of
whom were Ford credit customers, were mailed out in the last three
weeks. Privacy advocates, who point to identity theft's ascent as the
top crime in the United States, called the exposure another example of
insufficient privacy protection in the country.

A Senate committee appeared set on Thursday to pass a controversial
measure that would limit the way businesses could use customers'
personal information, until it was delayed by a parliamentary maneuver.
The Senate Commerce Committee voted to approve several changes to
the bill, designed to increase Internet privacy by limiting how
businesses use phone numbers, purchase records and data collected
through their Web sites. But a final vote to send the bill to the full
Senate was blocked by Sen. Trent Lott, who invoked an obscure
parliamentary rule that can prohibit a committee from taking action two
hours after the Senate convenes.

Provisions of two new bills -- one to increase online "cybersecurity,"
the other to aid in the prosecution of online child pornography -- would
remove statutory protections that safeguard personal data in the hands
of Internet Service Providers (ISPs). Current law protects the privacy of
electronic communications by prohibiting ISPs from disclosing to the
government their customers' e-mail without a court order. The two new
bills open loopholes in that protection by creating broad new categories
of "voluntary" disclosure.

On May 16, the Senate Commerce Committee marked-up S. 2201, the
Online Privacy Protection Act
, introduced by Senator Ernest Hollings (D-SC).
"Marking up" a bill means amending it in a formal Committee session
where Members or Senators offer amendments, debate them and vote on
them. Often at mark-up many amendments are rolled into a single
"substitute" offered by the bill's sponsor. The Hollings bill as introduced,
CDT's analysis of it, and the text of the amendments on May 16 are all
available at:

E-mail address appending is the process of adding an individual’s e-mail
address to that individual's record
inside a marketer’s existing database.
This is accomplished by matching the marketer’s database against a
third party, permission-based database to produce a corresponding
e-mail address. I was amazed that the organization (Direct Marketing
Association) danced around privacy issues by creating a loophole
extravaganza. The document was written by marketers for marketers,
culminating in a classic case of a wolf in sheep’s clothing. Opinion
column by Rodney Much.

New York Times Letters to the Editor on Privacy Issues

Protect Your Digital Privacy
Tens of thousands of stolen credit-card numbers are being offered for sale each week on the Internet in a handful of thriving, membership-only cyberbazaars, operated largely by residents of the former Soviet Union, who have become central players in credit-card and identity theft. The marketplaces where credit card prices fluctuate with supply and demand in a sort of black stock market offer a window into a crime that costs the financial system $1 billion or more a year. They also show how readily personal information is being stolen and traded in the computer age.

(Free membership required, read the privacy policy!)
Two University of Cambridge computer security researchers plan to describe on Monday an ingenious and inexpensive attack that employs a $30 camera flashgun and a microscope to extract secret information contained in widely used smart cards. The newly discovered vulnerability is reason for alarm, the researchers said, because it could make it cost-effective for a criminal to steal information from the cards. Smart cards are used for dozens of different applications, including electronic identity protection, credit and debit cards and cellular phone payment and identity systems.

(Free membership required, read the privacy policy!)
Researchers in Scotland are developing a new kind of Web monitoring software that they claim can collect enormous amounts of data on Web surfers while remaining nearly undetectable. "Technology like this, once it's spread around, means people can be tracked from site to site," said Lee Tien, senior staff attorney for the Electronic Frontier Foundation. "Whatever (the Scottish Enterprise) is doing, this is part of a long-standing practice by governments to fund the development of spying technology or, more generally, technology that facilitates law enforcement and national security."

Since "Googling" -- looking up a new acquaintance on Google before going out on a date -- has become a popular research tool, this could become a real liability. It happens sometimes, said Google software engineer Matt Cutts. Your Web presence depends on things that you can't always control -- "how long you've been on the Internet, whether you have a home page, how actively you seek out social contacts online," he said. Finding the right balance between recognition and privacy is difficult. Chris Hoofnagle, legislative counsel at the Electronic
Privacy Information Center, a Washington-based nonprofit, outlined a few options for people seeking to control their own Google identity.

Yahoo, the vast Internet portal that set off howls of protest when it abruptly changed its marketing policy in March. Suddenly, Yahoo granted itself the right to send advertising messages to tens of millions of its users who had previously asked to receive none. The blanket permission went beyond e-mail to include postal mailings and telemarketing phone calls. Immediately, privacy advocates reacted with criticism, and outraged postings flooded message boards all over the Internet. In the four weeks from March 25 to April 21, nearly a million Internet users in the United States looked at Yahoo's new privacy policy.

A troubling trend in constitutional law: the erasing of the line between commercial and noncommercial speech. Last month, a court struck down a federal law banning junk faxes and affirmed the right of a company called American Blast Fax to continue to blast away. If other courts push corporate free speech to this illogical limit, laws against spam e-mail may suffer the same fate, as judges elevate the right to send e-mail ads for get-rich-quick schemes and Internet pornography sites to a constitutional imperative. Editorial Opinion.

A NEW survey shows a correlation between the actions of Sacramento politicians on financial-privacy legislation and the amount of contributions they have received from the measure's opponents. Opponents of legislation that would require banks and insurance companies to obtain customer permission before selling or sharing personal financial information contributed nearly $5 million to legislators and the governor since the 2000 election cycle, Common Cause found in its study, titled "Privacy for Sale."

If you shop on the Internet, you may fret about keeping your credit card number safe. But when
you pay a bill to a hospital or clinic, you probably don't think about where those computerized
account records end up. Nor is that foremost on your mind when you start a job and provide
your employer a home address and Social Security number. Yet the way those bills and records are handled can determine whether you become a victim of identity theft, the top online consumer complaint at the Federal Trade Commission.

San Francisco Chronicle Opinion on privacy legislation. AN UNACCEPTABLY weak financial-privacy bill Protect Your Digital Privacy
reaches a critical juncture today in the state Assembly's Judiciary Committee. This is the moment for sponsoring Assemblyman Joe Nation, D-San Rafael, to deliver on his promise to produce truly meaningful consumer protections in AB1775. It may require Nation to break his alliance with Gov. Gray Davis, who undermined a strong privacy bill last year -- and appears determined to do so again.

Homeland Security Director Tom Ridge for the first time disclosed Thursday the Bush administration is studying ways to set national standards for driver's licenses that would assist in preventing fraudulent identification and expose aliens who overstayed their visas.

Once the musings of science fiction writers and technology whiz kids, the promise of fingerprints and retinas opening some doors -- and keeping others locked -- has been rushed into reality. Companies around the world are perfecting ways to scan, store and process faces, fingers, voices, hands and eyeballs. The Sept. 11 attacks spurred a mini boom in security products and services, and scuttled some of the privacy and civil liberties concerns that long hampered the industry.

"We've been ordered to invade the privacy of our customers,'' said Ken Potashner, SonicBlue's chairman and chief executive. ''This is something that we find personally very troubling.'' Privacy advocates condemned the ruling which came during the pre-trial discovery process of a series of lawsuits against SonicBlue. Last October, the studios and networks accused SonicBlue of permitting copyright-infringement with its latest digital video recorder. The machines work like a VCR but record to a hard drive instead of video tape.

As wireless laptops, scanners and other gadgets become more popular in businesses and homes, threats to privacy are growing as well. Just this week, Best Buy suspended use of wireless cash registers over concerns that eavesdroppers could obtain credit card numbers and other customer data by sitting in the parking lot with the right equipment.

Federal authorities announced a nationwide sweep of identity theft arrests today, charging the people with using false credentials to cover up a murder, sell homes belonging to the elderly and exercise 176,000 stock options belonging to an unknowing company executive. Attorney General John Ashcroft announced the prosecutions, many of them fraud cases, to demonstrate sharply stepped-up federal efforts, and he called on Congress to pass legislation to ensure that identity thieves received longer sentences (Free membership required, Read the Privacy Policy!)

Intrusion Explosion. Forget all about old-fashioned consumer surveys or even focus groups. The hot new technique in exploring your buying decision is called "observational research" or "retail ethnography." This buying-spying uses hidden surveillance cameras, two-way mirrors and microphones concealed under counters. Opinion from William Safire. (Free membership required, Read the Privacy Policy!)

Free-speech group has won a legal round in its fight against unsolicited e-mail, invoking Washington state's anti-spam law. The King County District Court in Bellevue, Wash., on Monday granted Peacefire $1,000 in damages in each of three complaints filed by Peacefire Webmaster Bennett Haselton. The small-claims suit alleged that Red Moss Media, Paulann Allison and Richard Schueler sent unsolicited commercial messages to Haselton that bore deceptive information such as a forged return e-mail address or misleading subject line.

Protect Your Digital Privacy Disguise your desk and keep your boss out of your office if you want any privacy. Personal spaces such as offices and bedrooms are an "incredibly rich" source of information about people's personalities, according to new research by psychologist Samuel Gosling of the University of Texas and his colleagues. Their study found people are "remarkably accurate" at guessing some aspects of others' personalities -- in particular whether they tend to be open and conscientious -- based only on a look at either their offices or their bedrooms.

A Senate effort to limit what businesses can do with information they collect online from their customers is under attack from Internet companies and getting tepid support from consumer advocates. The proposed online privacy legislation, introduced last week by Sen. Ernest Hollings, D-S.C., would require businesses to tell visitors to their Web sites what information is being gathered on them and how it will be used. Online businesses would then have to get consumers' permission before sharing with third parties sensitive information such as bank accounts, medical information, political or religious affiliation or Social Security numbers. Anyone who finds sensitive data was misused and can prove harm could sue for up to $5,000 for each use of the information.

Microsoft and other technology makers struggling to define new Web services business models have another obstacle: consumer distrust of online authentication systems. A new Gartner study indicates that despite compulsory sign-up programs, consumers aren't interested in online identity and authentication accounts--such as Microsoft's Passport and AOL's Screen Name service--and won't be anytime soon. Moreover, few people trust Microsoft and AOL to safeguard the personal or financial information necessary for conducting online transactions.

Seven months after terrorism trumped privacy as a Congressional concern, bipartisan alliances in both houses are seeking to rekindle the issue. In the House, Representatives Bob Barr, Republican of Georgia, and Jerrold Nadler, Democrat of Manhattan, ideologically as far apart on other issues as two members can be, are pushing legislation to require government regulators to include a "privacy impact statement" in any new regulatory proposals. Such statements listing the privacy consequences of any regulation could then be the subject of court battles, delaying the rule-making process.

Federal regulators Monday fined the Web site operator for the Etch-A-Sketch toy and sent warning letters to more than 50 other Internet operators regarding children's privacy online. The Ohio Art Company, which makes the children's doodling toy, has agreed to pay $35,000 to settle charges it violated the Children's Online Privacy Protection Rule, the Federal Trade Commission said. The site was collecting information from children before obtaining parental or guardian consent, the FTC said in a statement. Companies must make their privacy policies compliant with the law.

ISPs oppose Minnesota Web privacy bill A controversial bill before the Minnesota state legislature would limit how Internet service providers (ISP) use consumers' private information, and a lobbying group warned that ISPs will pull out of the state if the bill becomes law. The bill would prevent ISPs from collecting data on customers' Web surfing habits and then selling that data to other companies.

It's the talk of Silicon Valley: How did someone break into the voice mail of Hewlett-Packard Co.'s chief financial officer, snag a sensitive message from his boss, Carly Fiorina, and leak it to the local newspaper? HP executives were shocked. But experts in phone systems and computer security say they're not surprised - largely because voice mail is digital and is stored on computers. "If you don't want it publicized, don't say it digitally," said Bruce Schneier, founder of Counterpane Internet Security Inc. "Don't put it in e-mail, don't record it in a voice mail, don't put it in a Power Point presentation. Basically, all of this stuff is vulnerable."

Leak of a private voice mail from (HP CEO Carly) Fiorina to (HP CFO Bob) Wayman, left March 17, two days before the shareholder vote on the Compaq merger. The voice mail, sent anonymously to the (San Jose) Mercury News earlier this week, details strategy for last-minute lobbying of two key shareholders by Fiorina and other executives. In his e-mail Thursday, Wayman told employees he felt "personally violated" by the voice mail leak, adding "it is illegal and damaging to the company and your fellow employees." Wayman said HP is "vigorously investigating" this breach along with others that have occurred in recent weeks. The perpetrators, he warned, will be prosecuted "to the fullest extent."

Jeffrey Rosen, law professor at George Washington University Law School, in his feature article for the New York Times Magazine, Sunday April 14, discusses in detail the connect-the-dots database concerns elicited in my comments from last week's list. Larry Ellison says, "Central databases already exist. Privacy is already gone." Rosen ends his lengthy article with a question to Ellison, "In 20 years, do you think the global database is going to exist, and will it be run by Oracle?" "I do think it will exist, and I think it is going to be an Oracle database," he replied. "And we're going to track everything."

Thousands of people who have installed a popular wireless video camera, intending to increase the security of their homes and offices, have instead unknowingly opened a window on their activities to anyone equipped with a cheap receiver. The wireless video camera, which is heavily advertised on the Internet, is intended to send its video signal to a nearby base station, allowing it to be viewed on a computer or a television. But its signal can be intercepted from more than a quarter-mile away by off-the-shelf electronic equipment costing less than $250.

Bye, Bye Yahoo. Opinion piece discussing YAHOO! Desperation Tactics.

Protect Your Digital Privacy A Greeting Steals Its Way Onto Your Hard Drive. Outlook owners, look out. Users of Microsoft popular e-mail program are the targets of a new computer virus, made by an artist, that arrives disguised as an electronic greeting card. When the card is opened, the virus spreads by randomly picking three images from the recipient's hard drive and sending them in a flickering message to everyone in the victim's Outlook address book.

Microsoft, I.B.M. and VeriSign plan to announce a new technical approach today that they hope will ensure greater security and thus stimulate commercial development of an emerging Internet technology called Web services. Web services is the term used to describe clever software that in theory could bring a new level of automation and greater productivity to all kinds of online transactions among companies, suppliers and consumers. Yet the new, unproven technology — which uses the Web to find and share data in electronic databases of companies or individuals — has stirred concerns about data security and personal privacy.

Microsoft has quietly shelved a consumer information service that was once planned as the centerpiece of the company's foray into the market for tightly linked Web services. The service, originally code-named Hailstorm and later renamed My Services, was to be the clearest example of the company's ambitious .Net strategy. It was intended to permit an individual to keep an online persona independent of his or her desktop computer, supposedly safely stored as part of a vast data repository where there could be easy access to it from any point on the Internet.

Seeking Profits, Internet Companies Alter Privacy Policy. Internet companies are increasingly selling access to their users' postal mail addresses and telephone numbers, in addition to flooding their e-mail boxes with junk mail. Yahoo, the vast Internet portal, just changed its privacy policy to make it clear that it has the right to send mail and make sales calls to tens of millions of its registered users. And it has given itself permission to send users e-mail marketing messages on behalf of its own growing family of services, even if those users had previously asked not to receive any marketing from Yahoo.
Now that HTML e-mail has become increasingly common, cookies are showing up in HTML e-mail messages, many of which are sent by spammers, who have little or no obligation to disclose how they use consumer data they collect. Whereas cookies on Web sites generally collect data "anonymously," e-mail cookies have the potential to connect individuals' surfing habits with particular e-mail addresses.

A three-judge panel hearing a case against the Children's Internet Protection Act were openly skeptical of the law at the end of the two-week trial. The plaintiffs, including libraries, library patrons, and operators of Web sites, want to overturn the law because it mandates Internet filters that the group says restrict free speech. The judges seem to agree.

Most passwords are hopelessly easy to guess and many employees put company information at risk by using easily guessed or simple to break passwords. Very few employees are ever trained in rudimentary security measures which puts networks at peril.

DoubleClick settlement details begin to slowly emerge from the shadows after last week's announcement of the class action suit against privacy protection advocates. The online advertising company has agreed to pay $1.8 million in legal fees and will purge their list of names on a regular basis.

YAHOO! flames flying after they opt-in users to spam last week. Because word travels fast online, even users who have not yet been notified by YAHOO! are angry about the changes to their privacy preferences, even though YAHOO! claims that no changes take effect for 60 days from the day the user is notified of the change.

Corporate hack attacks go unreported to law enforcement or federal authorities due to concerns of public exposure of privacy and security problems at those companies suffering attacks.

Ezine-Tips discusses problems with BBB privacy seal and third party list hosts. Web sites approved by BBB online are required to place the seal on every page, including that of list hosts. If those hosts don't allow posting of the BBB seal for members, then those list owners cannot get the BBB privacy seal at all.

As the number of wireless devices in use continues to grow, security concerns regarding them are mounting as well. New market research reports from Gartner and IDC suggest that corporate users and consumers have reason to question how much information they could be giving away through their wireless devices.

International Business Machines Corp. (IBM) said on Wednesday it is releasing free software that will allow companies to automate their Internet privacy practices, while AT&T Corp. T.N has free software to alert Web surfers to different privacy settings on Web sites.

A poll taken just after the six-month anniversary of the September 11th attacks on New York's World Trade Protect Your Digital PrivacyCenter and the Pentagon showed that Americans' support for and confidence in electronic governmental surveillance is waning.

Informix spin-off Ascential Software Inc. last week said it's buying privately held data-cleansing software vendor Vality Technology Inc. for about $92 million in cash. The deal, slated to close in April, would let Ascential (ASCL-Nasdaq) expand its tool suite for building data warehouses.

The U.S. Federal Trade Commission has joined eight state law enforcers in the United States and four Canadian agencies in an initiative targeting deceptive spam and Internet fraud. The agencies have brought 63 law enforcement actions against Web-based scams ranging from auction fraud to bogus cancer cure sites, and have sent more than 500 letters warning people sending deceptive spam that it is illegal. The task force has been dubbed "NetForce"

DoubleClick agrees to settle Privacy Litigation. Internet advertiser DoubleClick Inc. on Friday said it had agreed to purge consumer information it had collected and adhere to an enhanced privacy policy, as part of a settlement of federal and state class action lawsuits filed against the firm. DoubleClick agreed to notification and opt-in approval for combining individual clickstream data with other personally identifiable data. It also agreed to pay $1.8 million in legal fees.

A lot of companies are busy gathering customer data, but knowing how to put that data to good use remains an obstacle for many firms. Data mining is growing dramatically, but data warehousing poses huge obstacles to that fine line between personalization and privacy invasion. This study of Customer Relationship Management implementation skims the surface of what to do with all that data once collected.

Crime-Fighting by Computer Widens Scope. New York City's renowned Compstat (short for computational statistics) crime-fighting program, originally created to measure and map serious crime in city neighborhoods, has grown into a sweeping data-collection machine that traces hundreds of factors, many of which appear distant from the nuts and bolts of police work.

Yahoo March 28 — The giant web portal has revised its privacy policy to more clearly describe how user data will be treated in certain circumstances, company officials said. THE NEW POLICY states Yahoo will share information to investigate circumstances involving illegal activity such as fraud, violations of its terms of service agreement and the use of its service for potential threats. The revision also said Yahoo will transfer user information if it is acquired by another company and abide by the acquiring company’s privacy policy.

A Loss to Medical Privacy Opinion By DONNA E. SHALALA, former Health and Human Services Director for Clinton Administration says that the Bush administration must be careful not to accept changes to regulations that could lead to the misuse of patients' personal health information.
Got a mobile phone? We know where, when, and who you are! Mobile industry proposes opt-in policy for cellular users to help them avoid location-based mobile text messaging spam.

Budweiser has launched a World Cup promotion using global positioning satellite technology. It has hidden special transmitters inside beer cans and bottles sold in multi-packs in stores across the UK. Opening a special can or bottle will be picked up by communications satellites. Winners will be tracked down and receive a trip to see England and Ireland in the World Cup finals.

Bush administration proposed dropping a requirement at the heart of federal rules that
protect the privacy of medical records. It said doctors and hospitals should not have to obtain consent from patients before using or disclosing medical information for the purpose of treatment or reimbursement.

Scannable driver licenses threaten privacy when scanned and stored by businesses such as bars, convenience stores and other commercial interests by keeping detailed records locally and making them accessible by any employee with access to the scanner.

Privacy Issues Weighty Ecommerce Concern. Privacy has been a growing topic of concern among the US public since 11 September. Harris found that 91% of US consumers say they would be more likely to do business with a company that verified its privacy practices with a third party.

Protect Your Digital Privacy On March 4, 2002, Privacy International presented the 4th annual UK "Big Brother" awards to the government and private sector organisations that have done the most to invade personal privacy in Britain.

Best place for a break-in? The front door! Professional hacker Daniel Lewkovitz says if you look like you belong, employees will hold the doors open for you.

Modem LED's transmit data stream optically and can be intercepted optically if your modem is visible through a window, regardless of your stringent internal security measures.

RIM Blackberry Internet edition openly transmits your unencrypted email to anyone who wants to intercept it across wide geographic areas within the Mobitex network.

Massive Identity Theft


HTML Tutorial | CGI tutorial | Email Tutorial |
Spam Tutorial | Cookies Tutorial | Privacy Tutorial | Windows Tutorial | DreamWeaver Tutorial | Domain Name Tutorial | Business Plan Tutorial | Search Position Tutorial | Online Advertising Tutorial | Ecommerce Essentials Tutorial


Home | About Us | Contact Us | Privacy Policy | Links