The following document is from the PRIVACY Forum Archive at Vortex Technology, Woodland Hills, California, U.S.A. For direct web access to the PRIVACY Forum and PRIVACY Forum Radio, including detailed information, archives, keyword searching, and related facilities, please visit the PRIVACY Forum via the web URL: http://www.vortex.com ----------------------------------------------------------------------- PRIVACY Forum Digest Sunday, 10 August 1997 Volume 06 : Issue 11 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, "internetMCI" (a service of the Data Services Division of MCI Telecommunications Corporation), and Cisco Systems, Inc. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS Spamming has forced some domain/address blocking to vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) AOL backs down -- But new problems loom (Lauren Weinstein; PRIVACY Forum Moderator) Trojan phonecards / Internet opinion surveys (Lauren Weinstein; PRIVACY Forum Moderator) Re: TRUSTe (Roger Clarke) CFP '98 Request for Proposals (Ecavazos) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic list handling system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list handling system. Please follow the instructions above for getting the "help" information, which includes details regarding the "index" and "get" commands, which are used to access the PRIVACY Forum archive via the list handling system. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 06, ISSUE 11 Quote for the day: "Oh say, Can you see, My eyes? If you can, Then my hair's too short!" -- The Tribe "Hair" (United Artists; 1979) ---------------------------------------------------------------------- Date: Sun, 10 Aug 97 12:29 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Spamming has forced some domain/address blocking to vortex.com Greetings. I wanted to let the readership know that due to the continually increasing quantities of "spam" (unsolicited e-mail advertising, scams, and related trash), I have been reluctantly forced to begin blocking significant numbers of domains/IP addresses from inbound e-mail (SMTP) access to the vortex.com domain. This includes all PRIVACY Forum inbound addresses, list maintenance addresses, my personal mailboxes, and so forth. My policy currently is to only block domains or addresses which appear to exist primarily or completely for the purpose of spam transmission. This unfortunately allows significant numbers of spams to continue arriving via major ISPs who also have large numbers of non-spamming subscribers, and via third party SMTP abuse, but I'm not at this time blocking unless I've determined that spam is apparently the primary function of the site in question. Even doing this turns out to be non-trivial, since many spammers have disfunctional DNS servers, forge domain names, or have other attributes that often make it necessary to block by specific IP numbers rather than domain names. Also, non-spamming domains also often have DNS problems, making the simple failure of a DNS name lookup an insufficient condition for detecting an attempted spam transmission. While I'm at this time being fairly conservative in my blocking, it is not impossible that at some point a legitimate submission to the PRIVACY Forum might be blocked by these measures. I apologize in advance in case of this eventuality. In such a situation, please contact me via a third party and I'll do my best to re-enable appropriate e-mail access for that case. It is a sad commentary that these steps have become necessary. Even stronger steps may be necessary in the future. It seems increasingly clear that technical procedures alone will not be sufficient to control the spam flood, and that legislative action in this area is increasingly necessary. Clearly no legislation addressing this topic will be perfect, and there are risks of side-effects as a result. But unless some reasonable rules and controls regarding spam are established soon, we all run the risk of being buried under electronic piles of ads for live sex sites, vast arrays of scams, and a wide range of dubious products and services in which most of us have not one iota of interest. Anyone interested in more details about these spam blocking procedures are invited to contact me directly. --Lauren-- Moderator, PRIVACY Forum www.vortex.com ------------------------------ Date: Sun, 10 Aug 97 12:40 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: AOL backs down -- But new problems loom After a flurry of criticism by AOL subscribers and privacy advocates, America Online has canceled a controversial plan to provide subscriber telephone numbers to "partner" telemarketing firms. In a news release and notice to members from AOL Chairman and CEO Steve Case, AOL apologized for not more directly notifying subscribers of the plan in advance, and announced that the plan had been abandoned. However, AOL subscribers may still receive telemarketing calls from AOL itself on behalf of its "marketing partners," and AOL says it will continue the "standard industry practice" of renting addresses of subscribers to other firms for direct mail marketing purposes. The controversy began when it was disclosed that AOL had made a change in their rarely read "terms of service" for subscribers, describing that starting July 31, subscriber phone numbers could be released to firms (such as marketer "CUC International," reportedly the first firm to have been involved in the project), unless subscribers took specific steps to indicate their desire not to have their information released. The deal with CUC was reported to have been worth tens of millions of dollars. Concerns were raised quickly by persons upset that AOL had not announced this plan in a manner likely to be seen by all subscribers, and by those who felt that they have provided their address and phone information to online services for the services' direct use only, not as a bonus marketing income stream to be rented or sold as a commodity. However, just as this controversy died down, a new concern has appeared. AOL is reported to be on the verge of announcing yet another round of changes to their "terms of service," explaining their policy regarding release of subscriber usage information, e.g., user selections, information access histories, and so on--in other words, who clicks what, and when. An AOL spokesperson has suggested that such information would only be made available to outside entities in "aggregate" form for marketing purposes. The privacy community awaits the details of this plan with considerable interest. --Lauren-- Moderator, PRIVACY Forum www.vortex.com ------------------------------ Date: Sun, 10 Aug 97 13:31 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Trojan phonecards / Internet opinion surveys Greetings. I wanted to bring two items to your attention of potential importance that recently came within sensor range, about which I'm still researching details. First, the concept of "trojan phonecards" appears to have materialized. OK, get your mind out of the gutter--this isn't about a prophylactic debit card. But, it could be a real concern. I've received reports of a firm selling pre-paid telephone debit cards designed to be given as gifts. So far so good. But the twist is that they reportedly provide the call detail for all usage of the card to the party who *purchased* the card, allowing them to track your calling patterns. Interestingly, under current law, which provides very little protection for call detail data, this *may* be completely legal. I'm attempting to get more information about this, but in the meantime it might be a good idea to be highly skeptical of any "free" phone debit cards which might appear, unless you know for sure where the call detail is going and under what conditions it will be released to outside parties! ---- On another note, I've received mailings from a new web service promoting itself as an Internet "opinion gathering" site, through which persons would be invited to make their opinions known to the powers-that-be on various issues, with the apparent intent of influencing legislation and other decision-making processes. I had a number of polite exchanges with these folks, and I have to admit I am singularly unimpressed. They seemed unfamiliar with basic statistical theory or practice, not even realizing the fundamental problems with "self-selected" polls (which are notoriously inaccurate in terms of extrapolation to larger populations). They apparently plan to require fax or physical mail verifications of opinion submissions, to try avoid the problems of forged e-mail. But they also seem to be planning to *release* name and address information of respondents in mailing list form to contracting outside entities. The whole situation is confusing at best. Until there are reasonable confirmable standards for such operations, I'd urge using a great deal of caution dealing with any Internet-based opinion gathering service, both in terms of giving any weight to their results, or in terms of providing any name, address, or other personal information as part of the poll or other opinion gathering system. --Lauren-- Moderator, PRIVACY Forum www.vortex.com ------------------------------ Date: Tue, 5 Aug 1997 16:37:55 +1000 From: Roger Clarke Subject: Re: TRUSTe Roger Debreceny said: >I don't recall discussion of TRUSTe (http://www.etrust.com/) on Link. >TRUSTe was launched in June. This is an outgrowth of the EFF .. it >takes an interesting approach to the relationship between commerce and >privacy. >From the home-page: "The principles behind TRUSTe are disclosure and informed consent: when consumers visit a site, they will be informed of what information the site is gathering about them, what the site is doing with that information, and with whom that information is being shared". I've been refraining from saying anything, hoping that I'd feel more positive as time went on. I don't. The reasons are: - - It's based on the principles that transactions need to be identified, that sellers *will* collect and use data, and that all that's necessary is that the consumers be informed. The starting point has to be that electronic transactions should be just like conventional ones, i.e. anonymous except where anonymity won't work; then preferably pseudonymous; and only identified if there's genuine justification; - - The protections for identified transaction data are very slim, and cover only a fraction of the conventional privacy protections that are needed to generate public trust in people's delaings with organisations; - - It's a peculiarly American way of doing things ("*trust* us; *we've* got a logo up on our web-site!"); - - There are no teeth behind it. We've seen what self-regulation is like in the absence of legislative sanctions behind it, i.e. empty. The simple fact that freedom-from-big-government Americans just can't get into their heads is that there is imbalance of power between large organisations and little consumers, and that steps are necessary to address that imbalance (call it a 'market failure' if you like). In short, I think eTrust (sorry, I see they've changed it to sound like a guard-dog - very cute) is a sell-out by EFF to the big corporations; and is a very minor contribution to privacy protection on the Internet. Talking of which, see: http://www.anu.edu.au/people/Roger.Clarke/DV/Internet.html Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ http://www.etc.com.au/Xamax/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 6 288 1472, and 288 6916 mailto:Roger.Clarke@anu.edu.au Visiting Fellow, Faculty of Engineering and Information Technology The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 6 249 3666 ------------------------------ Date: Wed, 16 Jul 1997 15:47:28 -0500 From: ecavazos Subject: CFP '98 Request for Proposals REQUEST FOR PROPOSALS: CFP98 (proposals must be received by August 15, 1997 to be considered) COMPUTERS, FREEDOM, AND PRIVACY CONFERENCE February 18-20, 1998 * Hyatt Regency Austin at Town Lake * Austin, TX The Eighth Annual Conference on Computers, Freedom, and Privacy (CFP98) is scheduled for Wednesday February 18 to Friday February 20, 1998 in Austin, Texas, at the Hyatt Regency Austin Hotel on Town Lake. The Computers, Freedom, and Privacy Conferences serve as an internationally recognized forum and gathering place for the key members of the technical, government, hacker, legal, security and journalistic communities to address cutting edge technical, business, legal and cultural issues. Topics and speakers from prior years' CFP conferences can be found at the CFP web site, http://www.cfp.org. For the 1998 CFP conference, The 1998 Program Committee (members listed below) is particularly interested in receiving proposals that deal with: 1) emerging issues relating to privacy and data ownership, such as the use of infrared tracking of supermarket shopping carts to monitor search and purchasing patterns of customers; developments with medical databases, library filtering, GPS tracking systems, etc. 2) controversial issues; 3) conflict, e.g., debates where presenters have sharply defined and differing points of view, technolibertarian vs. anti-tech "humanist; " or have different training/disciplines, e.g., cyberactivists on virtual communities vs. sociologist/philosopher/writer discussing nature of the "physical world." 4) innovative and alterantive formats such as moot courts, case studies, reverse role playing, etc., to enliven some of CFP's recurring topics that are increasingly found at other conferences. The 1998 Program Committee strongly encourages proposals that involve one or two speakers, as well as panel presentations. A single or two person presentation is often better focused than a panel and it is the goal of The 1998 Program Committee to provide a mix of panels and single/dual speaker presentations during the General Session. Ideally, panels will be limited to no more than four persons whose views are not duplicative of each other. In addition to the two and one-half days of General Session, which starts the afternoon of Wednesday February 18, CFP98 will offer tutorials. Five or six three hour tutorial sessions will be offered on the morning of Wednesday February 18. CFP98 will also continue the practice of breakout topic presentations during the Thursday and Friday luncheons. The Program Committee is seeing proposals for both tutorials and the luncheon sessions. It is the goal of the CFP98 Program Committee to be able to offer some travel money to speakers; however the amount or allocation of travel funds depends heavily on success in obtaining sponsors, which will not be known until early September. The CFP98 Program Committee will meet the week of August 18 to finalize selection of proposals; consequently all proposals must be received * by August 15, 1997 * to assure consideration by the Program Committee. Please follow the submission guidelines below. * CFP98 PROPOSAL SUBMISSION GUIDELINES * CFP98 is being organized and hosted this February under the auspices of The University of Texas School of Law. Mark Lemley, Professor at The Law School, serves as Chair of the Program Committee. He may be reached by e-mail at: mlemley@mail.law.utexas.edu Proposals should include the following information. 1) Presentation Topic Title: 2) Presentation Type: [ ] General Session [ ] Luncheon [ ] Tutorial 3) Proposed Length of Presentation* * Presentations during the General Session can range from .5 to 1.5 hours. Breakout luncheon presentations are 1.0 hr. Tutorial presentations run 3.0 hrs. 4) Name(s) of Speaker(s), plus BRIEF background description about each speaker. For presentations with more than one speaker, please indicate and provide contact information for the primary panel coordinator/moderator/chair. 5) A one to two paragraph description of the Topic and Format, suitable for conference brochure and press release. 6) Additional information regarding topic, format (including special presentation or A/V needs), possible but not yet confirmed speakers, or speaker substitutes -- or any other information that you think would be useful to The Program Committee in evaluating your proposal. For more information on the Computers, Freedom, and Privacy Conferences, please visit our Web page at: http://www.cfp.org. Proposals should be sent as soon as possible to CFP98 Program Chair Mark Lemley at: mlemley@mail.law.utexas.edu or by mail to: Mark Lemley The University of Texas School of Law 727 East 26th Street Austin, TX 78705 *Proposals must be received no later than August 15, 1997 * ------------------------------------------------------------- CFP98 PROGRAM COMMITTEE Mark A. Lemley, CHAIR Assistant Professor of Law The University of Texas School of Law Matt Blaze Senior Research Scientist AT&T Bell Research Edward A. Cavazos Senior Vice President, General Counsel Interliant, Inc. Gary B. Chapman Director, The 21st Century Project LBJ School of Public Affairs The University of Texas at Austin David Chaum DigiCash bv Amsterdam, The Netherlands Dave Del Torto Pretty Good Privacy, Inc. Michael Esposito The University of Texas School of Law A. Michael Froomkin Associate Professor of Law University of Miami School of Law Katie Hafner Newsweek Technology Correspondent Newsweek Magazine Donna L. Hoffman Owen Graduate School of Management Vanderbilt University Deborah Hurley Director, Information Infrastructure Project John F. Kennedy School of Government Harvard University Bruce R. Koball Technical Consultant Jon Lebkowsky President, EFF-Austin Teresa Peters Organisation for Economic Co-Operation and Development Paris, France Ned Ramage The Freedom Forum First Amendment Center Shabbir J. Safdar The Voters Telecommunications Watch Jonah Seiger Communications Director Center for Democracy and Technology Sharon Strover Director, Texas Telecommunications Policy Institute The University of Texas at Austin Peter Toren United States Department of Justice ------------------------------ End of PRIVACY Forum Digest 06.11 ************************