Protecting Privacy is Good for Business
Mike Banks Valentine PrivacyNotes
April 25, 2002 Issue # 007
.....IN THIS DIGEST.....
// -- MODERATOR COMMENT -- //
"Computers, Freedom & Privacy 2002" ~ Mike Banks Valentine
// -- NEW DISCUSSION -- //
"Digital ID" ~ Eric Norlin
"Define Opt-In" ~ anonymous ~ anonymous ~ anonymous ~ Moderator
"New Meaning for Home Page" ~ Mike Valentine ~ Anonymous
// -- CONTINUING DISCUSSION -- //
"Digital Databases" ~ Anonymous
// -- PRIVACY NEWS -- //
"The Latest in Privacy Issues"
// -- MODERATOR COMMENT -- //
I just returned from the Computers, Freedom and Privacy (CFP2002)
conference where I heard four days worth of discussion and debate
from attorneys, corporate leaders, politicians and privacy advocates
over issues of civil liberties, privacy and commerce.
I've come away from that very enlightening conference with a
rather pessimistic conclusion -- That Sun Microsystems CEO Scott
McNealy was correct when he said, "You have zero privacy anyway,"
to a group of reporters in January of 1999, but I stop FAR short
of McNealy's suggestion to . . . "Get over it." On the contrary,
I suggest we all consider getting ON it and taking a wild ride
to protect what little privacy we have remaining and attempt to
regain the ground lost since September 11.
The worst thing for privacy from 9/11 beyond the innocent deaths
was the call for a national ID card from our good friend Larry
Ellison and less enlightened members of congress. That concept
was discussed in great detail at the CFP2002 conference by Andrew
Schulman. I highly recommend you visit the following site for
more information on the futility of that idea. Schulman is a software
Check out the top link listed under "recent work" for his National
California State Senator Jackie Speier spoke at the conference
on her legislation SB773, which seeks dramatic curbs on financial
institution's efforts to sell private Californians' financial
information to other companies. Californians have a fighting chance
at preserving privacy since we have Senator Speier working to
pass privacy initiatives in the state senate.
But I don't see any serious national privacy advocates within
the federal government since most listen when money talks before
they listen to public opinion. Although there is lots of activity,
there is no clear leader on the issue as described in the following
The USA Patriot Act had, at it's heart, national security and
protection from terrorism as clearly laudable goals, but some
unintended consequences leeched on to suck away some freedoms
when politicians used emotion above reason to attach some privacy
eroding amendments to it.
We do, however have organizations fighting for privacy on the
national level. They are the Electronic Privacy Information Center
Consumer Action @ <http://www.Consumer-action.org/English/library/privacy_rights/index.php>
and the Privacy Rights Clearinghouse @ http://www.privacyrights.org/
Jason Catlett's JunkBusters @ http://www.junkbusters.org/
They are each working hard to protect the public interest to
I hope that Oracle CEO, Larry Ellison is wrong when he says,
"Privacy is already gone."
The conference was fascinating, if a little bit depressing.
Look for some new members joining this discussion, starting next
issue, as I worked hard to UNdo the privacy of the list to prominent
privacy advocates attending. Since many of them are in the odd
position of wanting exposure for privacy issues, I hope they'll
be vocal participants in our discussions.
For a longer review of the conference visit: http://website101.com/arch/archive132.html
~ Mike Banks Valentine
// -- NEW DISCUSSION -- //
===> TOPIC: DIGITAL ID
From: Eric Norlin
I'm fairly new to the list, but very glad to have found it.
I wanted to point you to a new site I'm involved with that I
think your readers will find pretty interesting: http://www.digitalidworld.com
The site tries to tackle digital identity and all of the intersections
that occur there (distributed computing, web services, privacy
standards, etc)....we're starting to get some traction. Getting
folks like Esther Dyson becoming involved in the upcoming conference
and Charles Fitzgerald [of Microsoft] interview should be out
w/in the next 2 weeks or so).
Anyway -- hopefully we can be an additional resource to your
readers. keep up the great work.
Eric Norlin Partner, UnCharted Shores, LLC
===> TOPIC: DEFINE OPT-IN
A few days ago, I asked for help in locating a service bureau
that could send an email blast on behalf of one of our clients.
We are not in that business but have more Internet marketing expertise
than they do, so they asked for some advise.
I thought we should continue the debate over whether a purchased
list can ever be opt-in. From my vantage point, I think that a
purchased list can be but often isn't opt-in.
When I was younger and the world seemed more black and white,
I tended to think of issues in terms of absolutes. An example
of such an absolute is the statement that an email list purchased
from a third party can never be opt-in. I respectfully disagree.
While many and perhaps most lists purchased from third parties
are not opt-in, I believe that the issue is whether the third
party obtained from its users their consent to receive emails
from other organizations. An examination of the posted privacy
policy as well as the registration form filled out by the user
should provide the answer. If either clearly indicates that information
volunteered by the user will be sold to third parties, then hasn't
the user consented to receive emails from third parties? If so,
then isn't the list opt-in?
I understand that many on this list, including me, are frustrated
and often angry at the type and volume of spam that we receive.
Nevertheless, if we include in the definition of spam those emails
that we receive because we consented to the receipt of the emails,
then aren't we weakening our very important argument against the
ever increasing amount of spam?
===> DEFINE OPT-IN
should provide the answer. If [it] clearly indicates that information...
will be sold to third parties, then...isn't the list opt-in <<
Maybe, but not everyone actually reads the small print when
signing up for a list. Even if they do, they are likely to forget
they agreed to receive mail from "our partners". So when they
get your client's email, a certain proportion of recipients will
still consider it to be spam.
Unfortunately, "opt-in" seems to have become an almost meaningless
term. The I-Design list's posting address has definitely never
opted in to anything since it's not a person. Yet it receives
around a dozen spams a day along the lines of "You received this
email because you signed up at <spammersdomain.com> or with
one of our approved third party marketing partners." When I have
the time and the inclination, I report them as spam.
As other contributors to this thread have said, the only 100%
safe route is to build up your own opt-in list, or advertise in
reputable newsletters (I-Design, for example! <g>).
==> DEFINE OPT-IN
While Anonymous's point about privacy policies, permission to
provide information to third parties and such may be technically
valid -- we, after all, may have registered to receive information
by e-mail -- the parties that collect such information seem to
have a very broad view of what in included in the stated scope
If the truth be told, I don't know if I have ever received information
by e-mail from any of the companies with which I have registered
that bears any similarity at all to the type of information one
would reasonably assume to be in the mind of the person registering.
If I request information on up-grades for a specific software
application, for example, how is that related to joining a pyramid
In the real world, things might not be absolutely black and
white, but let's not get ridiculous here.
If it was my money, and the reputation of my company at stake,
I would never buy an e-mail list, opt-in or otherwise. If the
e-mail I receive stating that I requested the information is any
indication of what targeted e-mail is all about, it is a sad joke
and a sad waste of money for the companies relying on it.
If Anonymous's last point, that if we consent to the receipt
of e-mails weakens our argument against spam, is correct, then,
it would seem, our only alternative is to opt-out of all mailing
lists and never request information on anything again.
[ Moderator Comment ]:
I've worked very hard to keep my email addresses out of the
hands of both spammers and legitimate marketers since both tend
to believe that once they have your address, they can sell it
to others. This silliness is dubbed "secondary uses" in privacy
policies. That term sinks the ship of any privacy claim I read,
since it's just a way of masking their intent to resell or "Share"
your personal information.
I've got a method of tracking the original source of spam that
I thought would protect me, unfortunately some so-called "legitimate
list brokers" have purchased many of my tracking addresses originally
obtained from spammers and continue to resell them again and again.
Too many email campaigns from "legitimate" marketing lists are
using my tracking addresses now for them to have any remaining
value. The original offending spammer was using a mail server
in Singapore to promote what looked like a "legitimate" email
campaign when I first responded about a year ago with that tracking
address. I now know that they are NOT legitimate, unfortunately
nearly all of the supposedly "legitimate" list brokers are using
that address . . . which means they bought it from the spammers!
I think that the privacy seal programs are nearly meaningless
after seeing that Truste approved the recent move by YAHOO! to
opt-in all of it's millions of customers to spam from it's "partners"
do so. I no longer trust http://www.truste.org
when they say . . . "When you see the TRUSTe seal, you can be
assured that you have full control over the uses of your personal
information to protect your privacy."
Hmmmm, I don't think so!
===> TOPIC: NEW MEANING FOR HOME PAGE
From: Mike Valentine
I just found my home street address is a domain name! The house
I live in (I'm a renter) is for sale and the agent's domain name
caught my eye in passing this morning. It is my street address,
as in 555MainStreet.com, and I was not told this would occur!
As a privacy advocate, I was more than a little alarmed by this
little development. Since I don't own the house it really is none
of my business either, but doesn't this raise some red flags for
people selling their homes who don't know about this?
I'll be asking my landlord about whether they were told or even
asked about this when they signed the listing agreement. Isn't
it conceivable that, using public records, anyone could find that
listing and based on personal property visible in the posted photos
or just the look or description of the house, decide they want
to know more about the owner? This domain name is posted on all
the flyers distributed by the real estate agent and in published
listings in newspapers, real estate advertising books and virtually
everywhere the house is offered for sale.
I looked up the domain registrant and found that it is a service
for real estate agents. They pay $65 and get the (virtual) domain
name and three months of hosting with photos and descriptions
posted on a framed site that hides the real source of that domain
name, which is http://www.listingdomains.com
for a company called Properties Online. What a brilliant scheme
by that domain owner to profit by purchasing domain names for
real estate agents!
I can see the wheels turning among domain investors and speculators
with other interests. ;-)
This feels invasive, even though it's not my house, but what
if it were? So do I have a right to my own street address? Then
what if the house doesn't sell and that domain name is used for
unsavory purposes at the end of it's useful life selling the house?
I don't have a criminal mind, but it seems that, those who do,
have lots of ways of abusing otherwise worthwhile stuff in all
manner of evil ways! Am I wrong to feel nervous about this?
===> NEW MEANING FOR HOME PAGE
Interesting points you bring up. Really, Listing Domains is
just another way to advertise a home for sale. Unfortunately,
most forms of real estate advertising can be a little intrusive
because to sell the house - you have to show it. The web sites
provide easy access to the property details and are a lot cheaper
than newspaper ads. The Domain Riders are useful, because a person
driving by the home can get additional information about the listing
without having to contact the real estate office. The homeowners
like it because prospective buyers can get information about the
property without having to go though hundreds of other properties
for sale online.
The normal life of a Listing Domain web site is three months.
Once the agent marks the property as sold - the price is removed.
Once the home closes escrow, the agent removes the property. If
the agent doesn't update their property (which is likely) we remove
the home after the three month subscription. We are going to offer
the new homeowner extended hosting on the site if they want to
keep it to show out of town family and friends their new home.
The listing domain web sites do not give any information about
the homeowner. Anyone driving by a home can write down the address
and call a title company to find out who owns the property, what
they paid for it, etc. I can understand how you might find it
to be intrusive as you are the person occupying the home. If you
feel uncomfortable about it, I would talk to your landlord. I
can only assume that the agent told them that they would be purchasing
a Listing Domain site for their property - but who knows =).
Please let me know if your landlord was not asked by the agent
about doing a Listing Domain site. The agent signs an agreement
stating that he/she has received permission from the homeowner
prior to purchasing each site. Normally the homeowner is very
please that the agent is taking the extra step of purchasing a
unique website to showcase their property.
Most agents actually add our service to their listing presentation
to help them get the listings. For homeowners who don't like the
idea of their address being "out there" we offer the option of
not having the property address appear on the website and of course
the domain name can be anything that is available to register.
Here are a few samples:
SutterAve.com FountiangroveLots.com The707ranch.com colonyroad.com
I do appreciate your email. Feedback is a good thing. Please
let me know if you have any other concerns or if I can do anything
to put your mind at ease.
[ Moderator comment ]:
My landlord says the information on the listing domain was "probably
in the advertising stuff" I signed. Did you read any of it, I
asked. "No. I trust the agent." Oh, what if I DON'T trust the
agent? We had an open house next day and were asked to leave the
house for those three hours. The agent suggested that I put any
easily pocketed collectibles out of reach and warned that any
prescription drugs should be removed from bathroom cabinets, "Just
// -- CONTINUING DISCUSSION -- //
===> TOPIC: DIGITAL DATABASES
Larry Ellison stated 'The single thing we could do to make life
tougher for terrorists would be to ensure that all the information
in myriad government databases was integrated into a single national
I agree. What was left unsaid was that will also make life tougher
for every single person, not just terrorists. All of us equally.
What bothers me quite a lot is all the people that have a don't
care attitude. They say 'I have nothing to hide'. That has nothing
to do with it. Those people don't have a clue as to the impact
I am also getting very tired of things such as a database like
this being foisted on the public under the guise of security.
It brings no security. A music label recently introduced cds with
a new technology supposedly to prevent piracy of the songs of
a major artist. At this time, that cd is well on its way to being
the most pirated ever. So what was accomplished? The pretense
of security is the same.
In this case, Larry Ellison is being an opportunist to have
Oracle used in a very big way, which will give them a lot financially.
Are we so willing to allow this? I must add if Larry Ellison was
not an opportunist Oracle probably would not exist today.
One item no one ever ever mentions in regard to any of these
super-databases, whether in existence now or considered for later,
is security. How will this information (much of it can be very
personal too) be safe? Guaranteed?
// -- PRIVACY NEWS -- //
Privacy and free-speech advocates faced off Friday at a high-profile
computer conference here, debating a widening rift over how public
records should be made available on the Internet. For years, records
such as voter registration data, dog license information and most
court filings have been freely available. Someone hoping to cull
information from those files had to simply go down to the courthouse
or agency in person and request the records.
Even a conference room chock full of copyright law experts and
technologists could not determine Tuesday what role digital rights
management (DRM) should play in balancing the rights of users
and content providers. The panel grappled with the issue even
as a hotly debated piece of proposed legislation aiming to place
DRM in all consumer digital devices is currently snaking its way
through the U.S. Congress.
Sen. Ernst "Fritz" Hollings, D-S.C., on Thursday introduced
an online privacy bill that would force companies to obtain explicit
permission from individuals before collecting and sharing information
about them. Hollings' Online Personal Privacy Act aims to make
privacy laws consistent across the United States, pre-empting
all state statutes and regulations related to Internet privacy.
The World Wide Web Consortium (W3C) gave its official blessing
to the Platform for Privacy Preferences (P3P) 1.0 specification,
despite criticism from some privacy advocates who said the standard
does little to protect consumer privacy. W3C said users and Web
sites should adopt this standard. Officials from the Electronic
Privacy Information Center and Junkbusters, among others, argued
that the standard will not curb abuses by Web site operators because
it is not "easy, effective, and enforceable."
Computers, Freedom &Privacy conference Last week in San
Francisco, nary a conversation, speech or roundtable discussion
was uttered without some form of the phrase "since 9/11." While
many of us can go about our lives without thinking (too much)
about the effects of 9/11, those who work at the nexus of technology,
security and privacy cannot, for everything the government has
done in reaction to the attacks intersects all those areas.