Security Protecting Privacy is Good for Business
Published by: Mike Banks Valentine
August 8, 2002 Issue # 021
.....IN THIS DIGEST.....
// -- MODERATOR COMMENT-- //
"Spam A Criminal Privacy Issue?" ~ Mike Banks Valentine
// -- CONTINUING DISCUSSION -- //
"P3P Editor Article" ~ Moderator Note ~ Bob Chambers
"Privacy for the Poor" ~ Nancy Ryan
// -- PRIVACY NEWS -- //
"The Latest in Privacy Issues"
// -- SPAM A CRIMINAL PRIVACY ISSUE? -- //
Spam is a crime. Until now it's been a nuisance. Now it's becoming
absolutely criminal, wrong, outrageous and destructive! The topic
of UCE or unsolicited commercial email has always raised the temperature
of otherwise rational professionals when the topic pops up in
polite conversation. That conversation will inevitably get heated
in even the best of situations. It's becoming so inflamed among
web professionals that it cannot be rationally discussed between
intelligent humans who diverge only slightly in their viewpoints
-- which is highly likely.
As a privacy advocate, I am compelled to share with everyone
that I work with where I stand on the spam issue in relation to
my work as a search engine optimization specialist. I've recently
been hired to work regularly with a client that actively and openly
spams in order to gain business leads. The work I'm doing for
them doesn't spam the search engines with submissions or unethical
techniques so it clearly separates me from what I consider to
be unethical behavior.
I felt compelled to share with that company that I'm staunchly
opposed to spam and UCE and that I insist my name not be connected
in any way with their promotions, er . . . their spamming campaigns.
I clearly stated that I was opposed to the tactic and requested
that they not use my efforts to seek to gather more illegitimate
lists. They agreed, fortunately.
I'd like to openly ask you here, web professionals, how you
are affected by spam and whether you consider it to be a privacy
issue. I'd like to ask that question in context of how it affects
business directly for YOU.
I think the issue is reaching the point where it compares to
working for offline companies that produce harmful products such
as tobacco, guns and alcohol. Spam is harmful, expensive and unethical
in my opinion.
I worked as a professional photographer for 20 years and found
that many ad agencies, art directors, illustrators, photographers,
printers, etc. would refuse work connected with guns, alcohol
and tobacco products while others saw absolutely no connection
between their photograph, artwork, design and the clients' attempts
to encourage the unhealthful or dangerous use/abuse of those harmful
products. This goes directly to the heart of the spam/UCE controversy
depending on your stance.
Will you never again consider buying drugs from Eli Lilly company
because they exposed the email addresses of several prozac customers
to public scrutiny, whether done intentionally or not? Will you
offer your copywriting services, your web design services, your
programming services, your marketing services, your time - to
companies who violate privacy online by spamming everyone whose
email address they can illegitimately harvest or purchase?
I find that I need to start drawing the line myself now, more
and more often as I chose work from among available clients. I
have turned away work from online casinos because I personally
believe that online gambling can be addictive and financially
ruinous to those who participate. They also actively spam, harvest
email addresses, practice search engine spamming and deceptively
advertise with pop-under windows I didn't chose to see.
Where do you draw the line? Until I had to sign up for a paid
service to clean my emailbox of spam, my line was gray and flexible.
It's becoming increasingly black and white and more rigid as I
see abuses eroding my own business activity online.
I own and distribute several email lists and find that my subscribers
often write asking why they didn't receive their newsletter today
or for some length of time. When I go to the list owner administration
and search their name, I find that they are still subscribed.
This means one of two equally distasteful things to me. Either
that subscriber is so inundated with spam that they are quickly
deleting much of their own email without reading it, or, they
subscribe to an internet service provider that is aggressively
filtering member emails for spam.
All I can do in this case is include references to spam filtering
articles for them to read, reassure them that they are still subscribed
to my own list and suggest they speak with their provider about
why they are not receiving things they are indeed subscribed to,
and very much want to receive! I actively encourage them to change
providers if they don't get emails they very much want to receive
regularly and aren't able to.
False positives for Spamfilters are the biggest issue in filtering
discussions. Editors and online columnists must carefully choose
their words to avoid filtering by server-side filtering and even
simple client-side filtering rules set up in Outlook Express preferences.
The difference between my paid filtering service and those used
by many internet service providers is that I have full control
and access to filtered emails. It is my choice how sensitive those
filters are and it is my choice if I want to receive emails that
include supposedly "banned" words or phrases. This is a form of
puritan prudery to censor emails because they include terms like
"Viagra" or "Mortgage" or "HGH" or even "$" dollar signs.
This is what causes false positives and removal of much valued
and legitimate email from subscribers entirely without their knowledge
The control needs to be put in the hands of the end-user. NOT
taken from them without their knowledge. Server-side filtering
is as big a crime as is the spamming that makes it's use supposedly
It's beginning to severely hurt my business that some web hosts
are removing my emails from subscriber inboxes without their knowledge
or approval. This came about because SOMETHING has to be done
to stem the tide of spam crashing in around all of us. Service
providers are reacting by taking the control and consent out of
the hands of their customers AND out of the control of legitimate
Spam is slowly killing online business (as if we needed anything
additional to drag down the internet economy) and something must
be done to stop it. This very email discussion list will be filtered
by some hosts and not received by subscribers to this list because
of terms used above in reference to false positives. There should
be choice involved here.
What are you doing and where do you stand? You cannot stay neutral
for very much longer if you want to see email remain standing
as a useful tool for online business.
// -- CONTINUING DISCUSSION -- //
===> TOPIC: P3P CONFUSING
Note: I had asked Bob Chambers offline about P3P editors and
I'm sure his comments will be of interest to the rest of the list.
The P3P editor will be fairly mandatory for non-techy folks like
yours truly. I haven't got a clue about how the XML stuff works
so I'll be relying on the software to write that for me.
From: Bob Chambers
Here is an article about P3P that just came out today:
E-Commerce Manager http://unitrindirect.com
// -- CONTINUING DISCUSSION -- //
===> TOPIC: PRIVACY FOR THE POOR
From: Nancy Ryan
Terri Robinson said:
>> The same people who get foodstamps and AFDC probably
already have a bank account with a debit card, so the EBT won't
be anything different in that respect. Their privacy is already
"compromised" in today's high tech world. <<
We are forgetting one major distinction between Electronic Benefits
Transfer of public assistance monies and the rest of us using
our credit or debit cards.
You and I, using our credit or debit cards, know that information
about our purchases is likely being stockpiled in a number of
places. If we choose to use the credit and debit cards for convenience,
that may be part of our trade-off.
But for recipients of public assistance whose foodstamps will
now be locked into a little plastic card for use in those machines
at the grocery store, there is no choice. Paper food stamps are
not an option. No exceptions. The only way a person receiving
food stamps can maintain anonymity regarding their purchases is
to pay cash. But of course, if they could pay cash, they wouldn't
need food stamps.
I don't use the Safeway Club Card because I resent the fact
that they track purchases. I am very grateful that I don't need
food stamps, and the loss of privacy that would entail.
// -- PRIVACY NEWS -- //
Moderator note: There are two ways to access previously listed
privacy news stories. One is to visit Privacynotes archives, the
other (simpler) way is to visit
where I also keep a privacy news archive.
A group of Bell Labs computer researchers describe new network
security software yesterday intended to protect personal digital
information and increase security when connecting to remote computers
and Web sites. The technology, designed for individual and corporate
use, is significant because it does not require the centralized
structure now necessary with many existing software security systems.
Moreover, it could become a widely used and free alternative to
similar software that is being developed by companies like Microsoft
and Sun Microsystems. The two programs, Factotum and Secure Store,
will be described in a technical paper to be given by the researchers
at the Usenix computer security conference scheduled to begin
yesterday in San Francisco.
Japan put into operation a national computerized registry of
its citizens today, provoking two un-Japanese responses: civil
disobedience and a widespread feeling that privacy should take
priority over efficiency. Yokohama, Japan's second largest city,
made the national government's registry voluntary, and half a
dozen other cities refused to be included in the computerized
system connecting local registries, effectively leaving four million
people out of the system. But a much larger mass of angry public
opinion was behind this visible resistance. Critics noted that
the government had labored for three years to produce the system
on time, but had been unable to produce a privacy law that was
to accompany it.
WHEN the news broke a week ago that a Princeton admissions officer
had used the Social Security numbers of applicants to his school
to view Yale University's Web site for admissions, privacy advocates
were aghast not only at his act, but also at the Yale site's lack
of security. In one online forum, Richard Wiggins, an author and
information technology specialist at Michigan State University,
noted that most businesses with online customer accounts have
learned that Social Security numbers alone offer poor security,
and issue personal identification numbers as well.
A 30-year-old professional photographer struck up a relationship
with a deputy coroner who allowed him to take still pictures of
corpses. Some months later, in January 2001, he took a roll of
pictures to a developing shop, where a technician looked at them
and called the police. The two men were indicted in February and
convicted in October Ñ Mr. Condon of eight counts of abuse of
a corpse and Mr. Tobias, who was suspended from his post, of two
counts. The relatives of the deceased saw the photographs on the
news and sued for abuse instead of privacy violation.