PRIVACY Forum Digest Friday, 23 December 1994 Volume 03 : Issue 25 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. ***************************** ***** HAPPY HOLIDAYS!!! ***** ***************************** CONTENTS What's wrong with customized service? (Phil Agre) Re: Orwell, 499 channels, and where privacy begins (Christopher Zguris) Re: Where privacy begins (Jeremy Grodberg) Nosy lawyers (Joseph A. Drain) Regarding Web Servers and Stats collection (Neil Briscoe) Caller-ID harassment syndrome (Paul Baclace) Re: How to stop invasion of privacy (Robert A. Rosenberg) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW home page at the URL: "http://www.vortex.com/". For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX to (818) 225-7203. ----------------------------------------------------------------------------- VOLUME 03, ISSUE 25 Quote for the day: "He knows when you've been sleeping. He knows when you're awake. He knows if you've been bad or good. So be good for goodness sake!" -- No, no, not a quote from "1984" about "Big Brother", but of course a few lines from the popular holiday song, "Santa Claus is Coming to Town". Hmmm, that jolly old guy has quite an operation going there... Merry Christmas and Happy New Year! ---------------------------------------------------------------------- Date: Sat, 17 Dec 1994 13:14:50 -0800 From: Phil Agre Subject: What's wrong with customized service? The message by Michael McCarthy in response to Jerry Leicter (who, I believe, had been responding to me) illustrates, I think, an increasing and very unfortunate tendency to trivialize real privacy issues, and I think it's important to consider carefully how his argument works. Although I would prefer to include his entire message in my commentary, I doubt if the readers of Privacy Digest would approve of this, so I have selected particular passages to show the outline of his argument. Date: Wed, 7 Dec 1994 16:14:51 -0800 From: mac@Advanced.COM (Michael McCarthy) Subject: What's wrong with customized service? ... we may be expending effort to control a trivial aspect of privacy when so many vital areas of privacy are under seige. This may be taken as Mr. McCarthy's thesis, that privacy in commercial transaction records is a trivial issue. I had a coworker who was infuriated because the owner of the local sandwich shop greeted him every day by name. ... My coworker was something of a snob, and felt the shop owner beneath him. He begins with a story about bad feelings and business information. The story is not being told simply for its intrinsic interest, but as a proposed paradigm of concerns about business' knowledge about customers. He has chosen a highly unappealing character whose complaint is (so far as we can determine from the story) trivial in nature. Note that the story has nothing to do with the concerns that people actually have about, for example, the use of personal information to cause harm. I suspect that the hatred of businesses knowing more about you in order to serve you more specifically is not really as widespread as assumed in places like the Privacy Forum. No evidence is presented here, just a suspicion backed up by nothing except the story about the unappealing snobbish fellow. He could have gone looking for evidence, and he might have found widespread anger against practices, for example, of credit companies. (See, for example, Jeff Smith's book "Managing Privacy", in the vicinity of page 149.) I see an undercurrent of elitism and disdain for mere commerce inthe criticisms -- businesses are acting "too familiar." Here is the really outrageous part. From an unsympathetic story and an evidence-free suspicion, he jumps to a huge and ugly generalization. Listen to it carefully: "elitism and disdain for mere commerce". Privacy advocates are assimilated to the snobbish guy with the trivial complaint. And on what evidence? An "undercurrent" that Mr. McCarthy "sees". But sees where? And by what signs? The rhetoric is really very sophisticated: privacy advocates are placed on one side, as a snobbish elite, set against commerce, which is supposedly looked down upon in general, as a class, and the general populace, who are supposedly "assumed" by these elitists to share the "hatred of businesses knowing more about you in order to serve you more specifically". These are ugly slurs, and -- I repeat -- they are presented with no supporting evidence at all. Let us consider what the average person, of any stripe, truly hates: junk mail -- misaddressed, mislabeled, and especially about things we are totally uninterested in. Is this *all* that the "average person, of any stripe" truly hates? The argument being set up is that the *only* thing people hate is being presented with advertisements they don't want to act upon, and that therefore if businesses have vast amounts of information on you then they'll be able to restrict their solicitations to those which you actually *will* act upon, with the result that you will no longer receive solicitations that you hate. But send me a solicitation to buy a map of the hidden doors to Doom II, [....] Note that he shifts now from "the average person" to the first person, "I". The claims he's about to make about himself are probably true, inasmuch as he (or so I infer) does not care whether marketers have large databases of information about him... [...] or to sell me a CD of clip art just after I got my first copy of Microsoft Publisher, or to contribute to the von Mises Institute as I stew about the latest inanities emitted by Robert Reich -- well, I don't complain about these things, do I? If I am following him, it would follow that he is unconcerned that a political institute is able to use commercial transaction records to learn what books he has been reading. Note the implausibility of the scenario -- since he has been reading the inanities of Robert Reich, the von Mises Institute will supposedly figure that he's therefore ripe for a contribution. He may be attempting a joke here, to the effect that the overwhelming majority of readers of Robert Reich will become converts to full-bore free-market conservatism in response. But the joke covers up one of the most serious dangers here -- what if he had been reading books from Karl Marx, or the Aryan Nation? In fact, if there's a movement or a sale or an event that I'd be really interested in and nobody tells me about it, I'm annoyed and feel cut out. The astounding thing is that he feels an entitlement to advertising! >From the context, it is clear that he does not feel that he must go seeking these good things himself; rather, his entitlement is only satisfied within a system in which everyone's commercial records are available to every organization that could possibly make a proposition that might appeal to him. Well there's no pleasing some people. I want you to send me only that mail and make to me only those phone calls that address my burning needs and momentary passions most directly -- but don't you dare try to figure out what they might be by examining my recent buying patterns, you nosy so-and-so's! The point being (and please correct me if this passage can make any other sense) that there's a contradiction here between the desire for commercial solicitations and taking offense at commercial gathering of data. But in order for this paragraph to make any sense, we need to back to the moment when he shifted from the "average person" to "I". He appears to wish to conflate the two, suggesting that not just he but *everyone* -- or at least, the average person -- wants to get software offers and solicitations from political institutes, and that everyone -- the average person -- actually feels an entitlement to receive these things. Again, no evidence is presented for this except for his own particular case. The real fear is of Giant Corporations knowing Too Much about us. Note the ridicule in these capital letters, as well as the "you nosy so-and-so's" etc. Another form of trivialization. Yet our greatest *safety* lies in what some find most offensive: the commercial instincts of those same giant corporations. They are interested in knowing exactly as much about us as will allow them to do the most targeted kind of marketing -- which is almost by definition the least offensive kind of marketing for any given person By whose definition? This only follows if the only offense caused by marketing is the making of solicitations which do not result in purchases. But there are at least three fallacies here. The first is that this is the only offense that marketing can cause. The second is that giant corporations can remuneratively use personal information only for marketing purposes (as opposed, say, to selling it to the Selective Service or to insurance companies or to firms providing pre-employment background checks). And the third is that targeted marketing only results, or *can* only result, in minimal numbers of offensive solicitations. The truth is that companies can only probabilistically know our desires, and the return-on-investment in a given solicitation is equal to the profit derived from that solicitation's being accepted times the probability of its being accepted. When the price of a given solicitation is low and the profit from accepted solicitations is high, companies will be willing to make very large numbers of solicitations for each one accepted. (except those who profess to hate being marketed to -- the liars). This is incredible. It turns on a very inflated definition of the notion of marketing. I hate having large organizations maintain vast amounts of information about me, but I don't mind if large organizations make information about their products and services available where I can find it when I need it. These are very different, and it is indeed the difference between them that is at stake -- not "marketing" in general. Giant corporations, for all their faults, are not trying to have us arrested or taxed or thrown out of the country. For that kind of truely fearsome invasion of privacy -- for privacy violations aimed squarely at enslavement rather than selling us Cheerios -- we have to turn to the government. Giant corporations are incapable of fearsome invasions of our privacy? This is an astounding and absolutely false statement. What about the private detectives hired to assemble dossiers on the personal lives of their employees? What about the industry that smears people who have filed workers' compensation and other insurance claims by asserting that they are responsible for their own repetitive stress injuries through their sewing? I suggest that our efforts be focussed on keeping commercial marketing data out of the hands of -- our congressmen! (I fear information about me in the hands of Newt Gingrich and Teddy Kennedy far more than in the hands of Sears-Roebuck and Apogee Software.) But of course the election business operates on the same models, using the same methods, as the marketing business. That, my friends, is the final perfection of Mr. McCarthy's world of informational transparency. Phil Agre, UCSD ------------------------------ Date: Sat, 17 Dec 94 08:36 EST From: Christopher Zguris <0004854540@MCIMAIL.COM> Subject: Re: Orwell, 499 channels, and where privacy begins karl@reed.edu (Karl Anderson) wrote: >I signed up to donate blood when I was 18, before I had ever been >tested for HIV. I was given a questionnaire first. The fine print >mentioned that in accordance with state or federal law >something-or-other, names associated with several types of positive >tests, including syphillis and HIV, would be forwarded to state or >federal agency this-or-that. Some government official had been >recently blathering to himself in the media about quarantine camps and >glow in the dark tattoos. I turned around and walked out. This dangerous attitude is obscene. How about my -- and everyone else's -- right, Karl, to get uninfected blood should we require a transfusion or find out if a sexual partner has tested positive so that we may know? AIDS has spread like wildfire partly due to the blood supply being such a mess and refusal to allow for any sort of partner tracking due to "privacy" concerns. If a donor unknowingly has syphillis or HIV he/she is a _serious_ danger to the community and anyone he/she may have had sex with. The point of contacting "state or federal agency this-or-that" is to try to stop that person from unknowingly spreading the disease, and to contact his/her former partners to alert them and hopefully stop them from spreading the disease further _if_ they're infected. These are long-established CDC policies, aimed at controling the spread of infectious disesases. The theory is society has a right to know, even if it comes at the cost of the "privacy" of the infected person. What's the solution, to guarantee "privacy" absolutely even though it means putting the rest of society in general at risk? I'm sorry, the "Mind your own business" attitude can get stuffed when it comes to this. >If the Red Cross was administered by "mom and pop", who would do >nothing with this knowledge except tell me whatever helpful >information they knew, then I might not have done so. Do you realize what a stupid -- and dangerous -- concept that is? The blood supply, as it is, is a mess. "Screening" hasn't done a whole hell of a lot. Instead of one organization, you want a bunch of "mom and pop" operations collecting blood from whoever using their own guidelines (or lack there-of)? Why? Because they'll guarantee _your_ privacy while damning the rest of us who may need blood (god help those who do) to whatever disease you may have but "choose" not to disclose (I'm not saying you have a disease, I'm making a point). We're talking about life-and-death here, I can't go along with "privacy" concerns outwaying the common good of society as-a-whole. If you have a sexually transmitted disease, it should be _required_ that anyone you may have exposed be notified, period. I didn't mean to come down on you Karl, but this is a subject that really ticks me off. Christopher Zguris czguris@mcimail.com ------------------------------ Date: Sun, 18 Dec 1994 13:28:24 -0800 (PST) From: jgro@netcom.com (Jeremy Grodberg) Subject: Re: where privacy begins I can tell you some of the reasons I don't like to give marketers much information about me; I don't know how many other people share my objections. The biggest and most general reason I don't like companies to have detailed information about me is that I don't have equally detailed information about them, nor the opportunity to use that information to negotiate fairly. Sure, I'd love every mail-order company to know that I do not have pets and I do not buy women's clothing: that would cut down the number of unwanted catalog pages I get by more than 50%. What I don't like is companies knowing how much I earn and how much I spend and what kind of things I buy, and using that to charge me more for services I really want. Of course, they don't phrase it that way, but that is the essense of what happens. For example, I am in several frequent-flyer programs, even though I fly only a few times a year. I'm finding, though, that since the airlines know that I only fly occasionally, I am getting special discounts and incentives to fly more often. Sure, that's great for me, but unfair to the average flyers. It just like people getting upset that "new" magazine subscribers get discounts and bonuses for subscribing that are unavailable to loyal subscribers. The people who marketers know really want their service get charged more than the people who marketers are not sure of. I imagine as marketers get more sophisticated, they will be able to use information about me to determine when I have a strong desire for a product or service, and use that information against me, thus pressuring me to pay more, buy more, and or get inferior products. I have no access to quality information about the marketer, such as the quality of their goods, the prices and marketing programs that are available to other customers, their cost of goods, profitability, or any other information that would let me gauge whether I am getting a good deal or getting ripped off. I usually don't even have an opportunity to negotiate a better deal, even if they are giving the better deal to someone else. As this information gets widely collected, it is only a matter of time before it is widely disseminated. Such information can be used against me in other ways. For example, I am a consultant, and frequently must negotiate my fees for services. I don't want future clients making inferences about whether or not I'm charging them too much based on my lifestyle. I also don't want them taking advantage of the fact that my savings are low and I have to pay the mortgage to pressure me into taking the job at a low fee. I certainly don't have information like that about my clients, so their having such information about me is an unfair advantage. Even if I did have that information, I think it would degrade the quality of commerce to use it. I don't want to base my fees on how much the other person can afford or how badly they need my services; that is opportunism, and (except for the situation of reducing one's fees for charity cases) is a major violation of the Golden Rule. (Arguments showing how this is already being done without such information are completely beside the point that with such information these practices are likely to increase.) I also don't want my competitors, or people considering competing with me, to know the details of my business, since they could use that information in the same ways. I prefer to base my fees on a competitive marketplace, competing with other consultants on the bases of quality, value, efficiency, and supply & demand. There is also great danger to me in other people having too much data on me without enough information. For example, suppose I start dating a woman, and she decides to run a background check on me (a practice growing in popularity, especially in large urban areas). She finds out that in the past year I have bought every book that came out on the subject of rape. Because she does not know me, she decides I must be obsessed with rape, becomes afraid that I will rape her, and refuses to see me ever again. She does not know, or will not believe me when I tell her that my sister was raped and I did not know how to handle it, so I started reading everything I could about it. Millions of mistunderstandings, mostly large in their impact, are possible because "the facts don't lie" and people do lie, so people generally trust their own interpretation of the facts rather than other people's explanations of them. Another problem is that of "first impressions." I don't think I need to tell you about the importance placed on first impressions. First impressions are important because later information tends to be interpreted so as to strengthen the first impression if possible. All the gray areas of interpretation are subconciously shaded toward reinforcing the first impression. If detailed objective data about me are widely available, there is a great risk that for many people, that data about me will form their first impression. I believe that such data are much more likely to be mis-interpreted, with regards to my character, beliefs, convictions, and personality, then it is to give the person looking at it a good idea of who I am. So again, I don't like having it out there. Thes are the reasons just off the top of my head. I'm sure if I worked at it longer, I could give you more reasons. I'm sure their are counter-arguments for all my reasons, too. The bottom line is that if the data are not collected in the first place, we do not run the risk of it being mis-used. I see no evidence that its collection will benefit me enough to be worth the risk of its mis-use; that is a subjective value judgement which everyone will have to decide for themselves. -- Jeremy Grodberg Committed to developing user-friendly products, jgro@netcom.com Because technology is supposed to make life easier ------------------------------ Date: Sat, 17 Dec 1994 17:11:44 -0500 From: eo891@cleveland.Freenet.Edu (Joseph A. Drain) Subject: Nosy lawyers As a member of the Ohio Bar Association, I've been solicited by the Ohio Professional Electronic Network ("OPEN") to subscribe to its computer service. That is, for a very, very modest fee, I could have a hookup that would, in the words of OPEN's latest solicitation, allow me to "perform quick, easy and cost effective background checks on potential employees, have instant access to a company's status with incorporation filings, track worker's compensation claims, identify drivers of illegally parked or suspicious cars, follow the progress of a state Senate bill, view a UCC filing or communicate electronically with co-workers, customers, prospects [ed.: that means YOU, non-lawyers] or vendors." Some of these things are obviously innocuous and bland lawyer stuff. Others seem rather dicey. OPEN is apparently operated by a Kansas- based company, and I expect that it has made similar arrangements with state bar associations all over the country (although the playful moniker "OPEN" works only in Ohio, Oregon and Oklahoma). I can make virtually no good use of OPEN's service, but I'm interested nonetheless. I won't subscribe, but that's only because I am currently, shall we say, financially challenged. Imagine what other , more financially bloated lawyers out there will do with this service. And it fell out of the sky and into our laps merely because we're lawyers, as if somehow that makes us responsible and upstanding people. Uuuhh . . . well, uh . . . it does, . . . uuhh sorta, maybe . . . well, it does ME, anyway. Armed with OPEN and my Dick Tracy decoder ring, watch it if you drive down my street. I've got your number and I'm gonna sleuth you up. All of you. Your cars are all suspicious. You're all prospects. All of yuz. The OPEN dog and pony show pulls into Cleveland's Public Square, Stouffer Tower City Hotel on January 18, 1995, at 10:00a.m. It appears the demonstration to be given will be free, but I aint exactly sure. Those within earshot of Cleveland may be interested in attending by calling (614)481-6999; by fax at (614)481-6980 Or write to its headquarters at P.O.Box 549, Columbus, Ohio 43216-0549. Or just show up and look suspicious - they'll find you. Just don't tell them I sent you, becuase I'm denying everything. Don't hate us lawyers just because we're beautiful. Find another reason. Regards, Joe Drain, boy lawyer eo891@cleveland.freenet.edu ------------------------------ Date: Sun, 18 Dec 1994 09:06:27 +0000 From: Neil Briscoe Subject: Regarding Web Servers and Stats collection genghis@ilces.ag.uiuc.edu (Scott Coleman) wrote: > In short, don't think for a moment that leaving the email address field > in your web browser's config file blank will prevent the unscrupulous from > collecting your email address. > > This is another feature of which most web users are blissfully unaware; > unlike the ftp sites which proclaim their logging policy in all caps and > encourage users to disconnect immediately if they do not like that policy, > this logging is not explicitly disclosed by any web sites or browsers that > I have ever encountered. I think the reason that you never hear about the logging facilities of a site are, apart from any conspiracy to just collect the stats, you can connect to a server at any page, you never have to go in via a login page. If we take the www.sunsite.unc.edu site as an example of a server with a great many pages, providing a point of information provision for many different groups on the 'Net - if the warning was repeated on the home page of each service provider, a casual browser would soon get bored reading it. If the warning was only displayed on http://www.sunsite.unc.edu alone, and you dive straight into the underground music pages, then you'll never see the warning. The point is that just one httpd server provides all these pages, so if it logs anything, it will be doing so for all of them. The question then arises as to whether the facilities providers, UNC in this case, then make these stats available to the people for whom they are providing pages, or whether they keep this information to themselves and use it merely to provide faster machines, more disk space, as demand arises. Disclaimer: Note: The above is in no way intended to indicate that UNC are now, or have ever had occasion to, provide such statistics to those for whom they provide web space. I merely used them as an example of a large web site where such considerations have to be taken into account. Regards Neil Neil S. Briscoe | The Three Stages of Life: Aldershot, Hants, England | First, you believe in Father Christmas neil@salmon.demon.co.uk | Then you don't believe in Father Christmas nbriscoe@cix.compulink.co.uk | And then, you are Father Christmas ------------------------------ Date: Mon, 19 Dec 1994 12:52:01 -0800 From: Paul.Baclace@Eng.Sun.COM (Paul Baclace) Subject: Caller-ID harassment syndrome Caller-ID has come to Houston and brings up a hard to predict side effect: harassment from dialing the wrong number. I know of 2 women that accidently dialed the wrong number and then had their return phone numbers recorded. In both cases they got many return calls of a harassing and/or salacious nature. Apparently there is a service that allows one to dial the caller-ID of the most recent in-coming call. The $5 a month service causes *69 to return the call and requires no special hardware. Luckily, the number is erased after another incoming call, but one woman had her answering machine outgoing message state her phone number... A defense against this is either for everyone to have caller-ID or everyone to block the caller-ID when making calls. Neither option is reasonable and doing both is the best defense, but it adds no value to the use of the phone system--it simply is an extra cost for a creep-deflector and a creep-enabler. Paul E. Baclace peb@netcom.com peb@eng.sun.com ------------------------------ Date: Tue, 20 Dec 1994 17:13:50 -0500 From: hal9001@panix.com (Robert A. Rosenberg) Subject: Re: How to stop invasion of privacy At 23:07 12/16/94, PRIVACY Forum wrote: > There was also a report that the next (1995) release of a popular > windows-oriented operating system for PCs might contain an "online > registration" feature which uploads the users' AUTOEXEC.BAT file. > Since careful inspection of this file could reveal the names of > which software packages the user had installed on their system > (among other information) the author of the message was concerned > about the privacy implications. No details regarding this > "feature" or how (or *if*) it was really implemented were > available. Persons with more information are of course invited > to comment here in the Forum. I do not know about the Operating System Rumor, but I can state that I just bought a popular Macintosh Fax Program that came with an Online Registration (of the Software) feature. The registration menu had a little check box that was already checked (which you could uncheck it if you wanted) marked "System Information". Leaving this box checked, added to the Registration Fax a complete list of all the installed Control Panels, Inits and Extensions on the machine as well as certain other info about user's machine. I made sure that the copy that was sent in did not have this information (I just reviewed the Fax before sending, deleted the Fax transaction, and went through the Registration Process again with the box unchecked after allowing the connection to the supplied 800 number to me made). ------------------------------ End of PRIVACY Forum Digest 03.25 ************************