Copy Link
Add to Bookmark
Report

Computer Undergroud Digest Vol. 09 Issue 13

  


Computer underground Digest Fri Feb 28, 1997 Volume 9 : Issue 13
ISSN 1004-042X

Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Field Agent Extraordinaire: David Smith
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #9.13 (Fri, Feb 28, 1997)

File 1--ITALY: PEACELINK COORDINATOR SENTENCED TO JAIL
File 2--CyberPatrol
File 3--Re: Boston Public Library query
File 4--Concerns with www.reference.com
File 5--More problems with the Cyber Patrol software
File 6--Maryland E-Mail BILL (fwd)
File 7--Calif Law and Blocking Software in Schools
File 8--CLO #22 "Your clickstream is showing"
File 9--Cu Digest Header Info (unchanged since 13 Dec, 1996)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Fri, 28 Feb 1997 12:09:42 -0800
From: Bernardo Parrella <berny@well.com>
Subject: File 1--ITALY: PEACELINK COORDINATOR SENTENCED TO JAIL

------> ------> Please redistribute widely <------ <------


ITALY: PEACELINK COORDINATOR SENTENCED TO JAIL

Giovanni Pugliese, co-founder and current secretary of Peacelink
Association, has been sentenced to three months of jail for "illegally
owned, copied, and distributed software." The news, arrived at his home by
snail mail on February 25, is the unexpected follow-up to the May-June 1994
crackdown against more than a hundred Fidonet BBSs. Quickly known as
"Fidobust," the world's largest raid against local BBSs was aimed to stop
"software piracy" throughout the country. Its several investigative
branches led however to the arrest of a couple of well-organized "pirates"
while in the related investigation, downplayed also due to the attention of
public opinion and media worldwide, most of the charges were dropped and/or
came to terms with those allegedly guilty. The operation decimated the
local BBS scene: most Fido sysops were never been able to recover the
damages suffered.

In this scenario, on June 3, 1994, custom police officials searched and
seized Peacelink BBS PC, owned and run by Giovanni Pugliese in his home
nearby Taranto. After a few days, the network was again up and running, but
the investigation had to follow its own way in compliance with the 1992
anti-piracy legislation. Amost three years later Giovanni Pugliese found
himself unmistakebly "guilty": he was using on his PC an unregistered copy
of MS Word, according to the sentence. That software however was not
included in the Peacelink BBS files and for the Italian law any personal
use of unregistered software can only be punished with a modest fine.

Why three months in jail, then? And why the valuation has been conducted by
an "audio technician" instead of a CMC expert, as Giovanni claims? Why both
the defendant and his lawyer have never been informed or questioned about
such a prosecution underway?

"Someone tried to silence Peacelink three years ago, and it didn't work.
Today here they are again -- to no avail." Giovanni Pugliese said. "I won't
(and can't) pay a dime for a crime I didn't committed. There is no evidence
whatsoever about anything. Our network is stronger than ever and we are
ready to go all the way through until this absurdity until will be fully
repaired."

To avoid jail terms, Peacelink coordinator should pay around 3.000.000 It.
lira (US $ 2,000), but in any case he must pay a fine of 500.000 It. lira
(US $ 300) and more than 9.000.000 It. lira (US $ 5,500) for judicial
expenses. According to Giovanni's attorney, this scenario seems to suggest
that local prosecutors are inviting to a plea bargain in order to archive
the case. While supportive messages are flooding Peacelink mailbox, the
appeal has already been filed: next move to local authorities.


Founded in December 1992 as a local BBS by Alessandro Marescotti and
Giovanni Pugliese, Peacelink Association network has currently more than 70
nodes all along Italy, and hosts about 30 conferences and several mailing
lists on pacifism, ecology, anti-Mafia, human rights issues. As a
non-profit and self-sustained organization, Peacelink is currently involved
in several campaigns about solidiarity actions in Italy and in Africa as
well. Last year the Association produced a successful book ("Telematica per
la pace") and finally has its own server up and running:
http://www.freeworld.it/peacelink.

To contact Giovanni Pugliese: <g.pugliese@freeworld.it>

For more information about his case (in Italian):
http://www.freeworld.it/gp/senten.html

------------------------------

Date: Sat, 22 Feb 1997 09:56:36 -0800
From: Jonathan Wallace <jw@bway.net>
Subject: File 2--CyberPatrol

CuD recently ran a letter I wrote Microsystems Software,
publishers of CyberPatrol, protesting the blocking
of my web pages. Your readers should know that a few days
later I received mail from the company acknowledging that
my site was blocked in error. A copy of that letter is
below.

However, the unblocking of my site should not lead anyone
to change their opinion of the company or its product.
CyberPatrol continues to block sites such as the
Electronic Frontier Foundation archives (www.eff.org) and
Nizkor (www.nizkor.org), the premier Holocaust resource
on the Web.

Subject-- re--Cyberpatrol senselessly blocks my site
Date-- Wed, 19 Feb 1997 13:48:04 -0500
From-- Cyber Info for Microsystems <cyberinf@microsys.com>
To-- jw@bway.net


Hi Jonathan,

Thank you for brining this to our attention. This site was blocked in
error.
I have removed this site from the CyberNOT list. This change will take
effect
with the next build of the CyberNOT list, by next Tuesday. Please
accept my
apologies for any inconvenience this has caused.

Debra Greaves
Internet Research Supervisor
Microsystems Software Inc.
http://www.microsys.com/cyber

------------------------------

Date: Tue, 25 Feb 1997 12:45:54 -0800
From: Mike Godwin <mnemonic@well.com>
Subject: File 3--Re: Boston Public Library query

Source - fight-censorship@vorlon.mit.edu

I had forwarded EFF's and my responses to these questions from
Dan Kennedy of the Boston Phoenix to Declan on the assumption
that he would forward that posting to this list. For some reason,
I haven't yet seen it appear here, so I'm taking the liberty of
reforwarding our statements about the library censorship problem
in Boston in the hope some FC readers, at least, will find EFF's
position "unambiguous."

(I assume that Declan isn't running Cybersitter, which we know
screens out EFF content.)

--Mike

--- begin forwarded text


Date--Mon, 24 Feb 1997 16:00:00 -0800
To--Dan Kennedy <dkennedy@shore.net>
From--Mike Godwin <mnemonic@well.com>
Subject--Re--Boston Public Library query

In response to questoins from Dan Kennedy at the Boston Phoenix:

>-- What is your position (and/or EFF's position) as to whether children
>ought to have complete access to everything on the Internet, and all that
>that entails?

1) First and foremost, EFF is dead-solid opposed to placing public
librarians in role of content cops. The role of public libraries is to
facilitate access to information. It's perverse of government officials to
force them to do the opposite.

2) EFF takes no position on what constitutes proper parenting. That's up to
parents. If we were to tell parents we know better than they do what kinds
of content they're supposed to guide their kids to, we'd be no less
presumptuous than Congress or the radical right when they do the same.
(One may ask why would anyone think that EFF, a civil-liberties
organization, could claim to be experts on children? I'm a lawyer and a
parent, but not a child psychologist or pediatrician. The question is
misconceived.)

My personal view as a parent is that filtering software is an inadequate
substitute for the teaching of values, and that, if one teaches one's
children values, there remains no arguable case for the use of such
software in parenting. When she begins to explore it, my little girl will
have as much access to the Internet as she likes.

>-- The City of Boston plans to install blocking software, although they've
>stepped back from their original intention of installing Cyber Patrol and
>are now studying it. The criticism of these programs, of course, is that
>they block access to politically controversial sites as well as to
>pornography. Are you aware of any good software available for such
>purposes, or do all of the programs have these problems?

EFF does not endorse any particular filtering software, nor will we ever do
so. We have not undertaken to evaluate "all of the programs" or any of them.

Anecdotally, we know that some products currently on the market incorporate
some stupid or inane blocking decisions or decision criteria. We know
further that EFF has itself been blocked by some of the software
manufacturers; as civil libertarians, we support their right to make even
silly decisions like that one.

We think the proper response to bad blocking decisions or criteria should
be public criticism and consumer education. We absolutely support the role
people like Brock Meeks, Declan McCullagh, and Bennett Haselton have played
in informing the public about these products. From time to time, we
ourselves are likely to be critical of particular products that incorporate
such decisions when we hear about them. (Again, we have no comprehensive
review or testing program in place for such products.)

>-- Where are we likely to evolve on this issue -- assuming atrocities such
>as the CDA are thrown out and that the Internet continues to contain a lot
>of stuff the average person wouldn't want his eight-, 10-, or 12-year-old
>to see, what do you think the ultimate solution is going to be?

If you're worried abour your child's accidentally seeing content you
disapprove of, you shouldn't be -- there's little that one sees on the Net
accidentally. If you're worried about your child's choosing to see content
you disapprove, there is only one solution that works reliably (in my
view), and that is to teach your child to disapprove of the same things you
do.

This also happens to be the solution most consistent with the values of an
open society.

------------------------------

Date: Mon, 24 Feb 1997 15:00:34 -0800 (PST)
From: Stanton McCandlish <mech@EFF.ORG>
Subject: File 4--Concerns with www.reference.com

[Sorry for the long intro to the forwarded item, but it bears a lot of
examination. The basic gist of the item is: "Reference.COM makes it easy
to find, browse, search, and participate in a wide range of Internet
discussion forums, including more than 150,000 newsgroups, mailing lists
and web forums", way beyond what DejaNews does.]

The forwarded advertisement from reference.com below is interesting for
three reasons:

1) This is a new form of spam - use a spider to find all web references to
your competitor, mail the admins of those site and try to convert them.
It's virtual "slamming". And if something like this shows up in my
mbox more than once in a blue moon, it's going to get very irritating very
fast. WORD TO THE WISE: If you are thinking of doing this kind of
marketing, don't. Webmasters like me will deliberately NOT link you in,
for having the gall to spam us about it. If you are genuinely looking at
each site and seeing if it's appropriate for them to list you, as it is at
EFF's site (we link to pretty much any search engine in our Net Tools &
Resources section), then mail to the webmaster should contain enough cues
to make it plain that message isn't spam, but a person-to-person message.

2) It's a very interesting and useful new service, from a user's point of
view.

3) It looks to me like it is archiving lists willy-nilly, by subscribing
an archiving script to the lists, with no regard to whether or not the
list *participants* consider it a public list or not, know about the
archival, indexing and profiling, consent to having their material made
available outside the forum it was posted to, and so on.

This has serious privacy implications, and less serious but interesting
philosophical (though not legal - no state action here) freedom of
association implications, as well as definite intellectual property
implications. It depends largely, I would think, on whether the list admin
has told the readership of the archival. Reference.com says it only
archives lists with the list owner's permission. I'm not sure that's good
enough. In fact, I dare say it's not nearly good enough.

The silliest objection to DejaNews was that it violated privacy and
copyrights solely by virtue of saving Usenet posts and making them
searchable. This is silly because how Usenet operates is by saving Usenet
posts for however long each site wants to and making them available to be
read. (DejaNews in effect is a Usenet node that turned off article
expiration). All newsreaders I'm aware of support threading and search
functions, DejaNews's is just better. DejaNews is different from another
news reader and news host only in degree. I think there are legitimate
privacy concerns *outsite* just the issue of saving News posts. The
profiling DejaNews does is a little scary, as is the fact that informed
consent is not involved - people talk freely in usenet, not knowing in
the majority of cases that DejaNews even exists. The server then cobbles
together a sometimes very revealing record of conversations that could be
used against the poster, e.g. to cost them jobs because of unpopular
political opinions, etc.

Reference.com on the other hand raises all of these issues, and none of
them are silly in this case. Usenet is public. Everyone who uses it
understands that, even if the majority of users (wrongly) assume it is
necessarily only ephermerally public.

But there is an overwhelming perception among mailing list users that
mailing lists (other than the 1-way announcement kind) are a private,
members-only forum, in which no ones' posts are being archived except by
other partipants for themselves, unless the charter (most often in the
form of that "Welcome to the list!" message you get when you subscribe,
though some lists keep charters as separate documents on a web page)
explicitly says the list is archived. Likewise, it is generally expected
that posts are not redistributed to others, except narrowly to friends or
to directly relevant discussion forums if at all publicly, unless the list
has an explicit policy that posts may be reposted at will.

Reference.com changes all that. Unless the admin is conscientious and
informs the readership, they clearly will in most cases have an
expectation of privacy and distribution control (IANAL - it may not be a
legally meaningful expectation of privacy, but certainly a socially
meaningful one, that has implications for the future development and use
of the medium).

Another way of looking at this: I don't care if Doug Bakerfeld "owns"
the Fight-Stupidity list. No one owns a mailing list in
any meaningful sense - mailing lists consist of the conversations and
intellects driving those conversations, for the relevant context here.
Doug has no real right to tell reference.com it can archive the
Fight-Stupidity list without telling subscribers like me that
Fight-Stupidity is so being archived and profiled, with enough advance
notice that I can unsubscribe - because Doug does not own my words,
only the software that runs the list (essentially the same distinction as
that between a book on the one hand and the presses and trucks that
produce and deliver it on the other.)

It's worth noting that (at present anyway) reference.com doesn't seem to
do the kind of "intelligent" profiling of authors that DejaNews does, but
it's advanced search function is plenty spiffy enough to do a search on
"Stanton McCandlish" and "sex" or "drugs" for example, which is enough
like profiling that the distiction is irrelevant.

NB: I have no absolute proof that reference.com does not require list
owners to inform list members, and update charters to mention this
archival and indexing by reference.com. I just see no evidence that they
are doing so, and their service seems geared to sucking up as much posted
material as possible and indexing it, so I remain skeptical. That they are
loudly advertising in a banner "Get rich quick:'multi-level marketing'"
makes me doubly, nay, trebly suspicious. That reference.com claims to have
indexed 100,000 mailing lists alone, plus all of Usenet, makes me
dodecatuply suspicious (100,000 list admins have agreed to let their
lists be profiled, and have told their users about it? Yeah, right.)
Although, this blustery 100,000-indexed claim may simply mean they
have a list of the names of 100,000 mailing lists, and have archived only
a fraction thereof. Who knows?

Please note my phrasing: "It looks to me like it is archiving lists
willy-nilly..." This is not an accusation, but a description of how
things look to me. If reference.com is responsibly informing, or insisting
that listmasters inform, participants in profiled/indexed lists, that's
good but the company has a PR problem and needs to make such good actions
considerably clearer, since people like me can't tell that it's
being done that way.


All of this is another example of online *trust* being an issue. Many
users will now be very suspicious of every mailing list they join and
demand to know if it's part of reference.com's stable. I have to say this
twisting of the net.paranoia knob one notch higher does not do anyone any
good. All it does is contribute to the general unease, that feeling in the
back our minds every time a new database like this comes online, that
every thing we say and do is going into someone's secret dossier, not
matter how innocent, no matter how "private" we think it may be.

Last study I saw on Internet usage said that the main reason Net holdouts
refused to get online was privacy concerns. Online commerce isn't going
to work if such concerns are not responsibly, and pretty promptly,
addressed by the industry generating the worries in the first place.

IMNERHO,

- S.McC.


P.S.: Anyone who thinks I'm simply an unimaginative rabid privacy-obsessed
nut who can't see legitimate uses for such things doesn't know me at all.
Among other things I'm also a genealogist. I pore over online search
engines like this for other McCandlishes with far more zeal than
the FBI or NSA search all of our news postings for keywords like "bomb" or
"secret". I love online search engines, (though I don't necessarily want
my HOME phone number and address in Four11.Com).

But I would like to see some RESPONSIBILITY exercized.

[Disclaimer I don't like having to make, but recent tumid and turgid
flames make me dig it out again:

This is just an informational forward and personal commentary, and does
not represent official EFF positions or statements in any way. NOTE: I'm
not the original author of the forwarded item, so please look at the
original headers carefully if you mean to reply to him/her.]



[begin forward]

From-- user-bounces@reference.com Mon Feb 24 12:54:40 1997
Date--Mon, 24 Feb 1997 12:40:48 -0800 (PST)


Hi,

We saw the link to dejanews on your website
and thought you might like to know about our
service, Reference.COM.

Reference.COM makes it easy to find, browse,
search, and participate in a wide range of Internet
discussion forums, including more than 150,000 newsgroups,
mailing lists and web forums. The official launch of
the service occurred on February 3.

We are different from other 'usenet-only'
search engines in several important ways:

-More Internet forums. Reference.COM is the only
service tracking newsgroups AND mailing lists and
webforums. Our directory and archive cover far
more forums than our nearest competitor.

-Powerful search capabilities. Reference.COM
allows you to search by keyword, author,
organization, date, and forum. The service
supports word stemming, and search operators
like AND, OR, NOT and NEAR.

-Active Queries. Active Queries allow you to
passively monitor the discussion in any/all Internet
forums tracked by Reference.COM. You store
queries on the Reference.COM server which are
automatically rerun at an interval you specify.
The results (since the last search) are emailed to
you. In essence, an Active Query functions as a
'cyberclipping' service.

You can see for yourself by visiting the
Reference.COM web site at http://www.Reference.COM.
If you like our service, we'd appreciate your
support.


Regards,

Jack Zoken
President
InReference, Inc.

------------------------------

From: David Smith <bladex@bga.com>
Date: Wed, 26 Feb 1997 23:46:28 +0000
Subject: File 5--More problems with the Cyber Patrol software

Source -- fight-censorship@vorlon.mit.edu

One of the things that I noticed about Cyber Patrol when I sat down
to test it at the Austin Public Library was that it not only blocked
according to a hotlist of URLs, but also keywords.

For example, I looked up on a search engine for "marijuana" and was
blocked by Cyber Patrol. A document which contains the word
"marijuana" could just easily be anti-drug literature as well as any
other perspective.

Similarly, "hacker" means you won't ever be able to find out about
Bruce Sterlings The Hacker Crackdown. I sure you can all come up
with examples.

It seems that the hotlist is something one could constantly refine,
adjust, and update, but that keyword blocking will never be able to
discriminate intelligently.

Speaking of the keyword list, btw, I was also surprised to discover
that the word "nigger" was not on the blocked keyword list. If that
is acceptable then I am not clear on what it takes to be blocked for
intolerance.

That no one except Microsystems really knows, I guess, is the point.



David Smith (http://www.realtime.net/~bladex/index.html)
bladex@bga.com
President, EFF-Austin (http://www.eff-austin.org)
Board of Directors, Central Texas Civil Liberties Union
512-304-6308

------------------------------

Date: Wed, 26 Feb 1997 23:55:18 -0500 (EST)
From: "noah@enabled.com" <noah@enabled.com>
Subject: File 6--Maryland E-Mail BILL (fwd)

From -Noah

---------- Forwarded message ----------
Date--Thu, 27 Feb 97 04:28:29 GMT
From--Albatross <alby@empire.org>

*****************************************************
Maryland Recycles Law On "Annoying" E-Mail
*****************************************************

A Maryland bill that would make it illegal to send "annoying" or
"embarrassing" e-mail was introduced this week by Democratic General
Assembly member Samuel Rosenberg.

The bill got little support when it was introduced last year, but
Rosenberg hopes to play off of recent murders involving electronic mail to
see the bill passed.

Civil liberties groups argue that the law would be unconstitutional, and
that the terms "annoy" and "embarrass" are too vague to be meaningful.
If passed, House Bill 778 would amend the state's criminal harassment law
to prohibit the use of e-mail to annoy, abuse, torment, harass, or
embarrass other people, with violators receiving a fine up to $500 and
three years in jail.

A similar bill introduced last year is quietly progressing through New
York's state legislature. Senate Bill 1414, introduced by Democratic State
Senator Ray Goodman, could be voted on in the House early this year.

Full text of the Maryland bill can be found at
http://mlis.state.md.us/1997rs/billfile/HB0778.htm.

------------------------------

Date: Mon, 24 Feb 97 23:02:13 -0800
From: cmarson@well.com
Subject: File 7--Calif Law and Blocking Software in Schools

In the event you haven't seen this beauty yet, I think the attached
proposed
California legislation deserves the widest distribution. It would require
all school districts in California that are connected to the Net to
purchase
and use software that would filter out any "sites that contain or make
reference to any of the following:"

"(a) Harmful matter as defined in subdivision (a) of Section 313 of the
Penal Code.
(b) Sexual acts.
(c) Drugs or the drug culture.
(d) Gambling.
(e) Illegal activity.
(f) Alcoholic beverages and tobacco."


Poor Bill Bennett; his denunciation of the drug culture will never
make it into K-12. Come to think of it neither will the Congressional
record, where Newt denounces it. And the State of the Union and State of
the State speeches mention illegal activity, and so they're out, and the
Bible mentions all kinds of mating, rape and procreation, and so it's out,
and the kids will never get an anti-smoking message or learn of the evils
of
alcohol, and, and, and,...

This is pretty far out even for an Assemblyman from Orange County.
Maybe you can have some fun with it. And notice, of course, that "contain
or make reference to" probably includes hyperlinking.



Chuck Marson

AB132
AB 132 Education technology.
BILL NUMBER: AB 132
INTRODUCED 01/15/97
INTRODUCED BY Assembly Member Campbell


JANUARY 15, 1997

An act to add Section 51870.5 to the Education Code, relating

to education technology.


LEGISLATIVE COUNSEL'S DIGEST

AB 132, as introduced, Campbell. Education technology.
Existing law, the Morgan-Farr-Quackenbush Educational
Technology Act of 1992 (hereafter the act), has the primary
mission of ensuring that the procurement and use of technology
is clearly guided by the needs of pupils, and the act is
established to accomplish specific purposes, including providing
access to education technology to every learner. The act
provides for school-based education technology grants to
develop, adopt, or expand existing technological applications to
support general education, English acquisition, and
non-English-speaking parent education programs pursuant to
specified conditions. Existing law also declares the
Legislature's intent that all school facilities construction
projects be designed and constructed to maximize the use of
educational technology.

This bill would require a school district that provides
pupils with access to the Internet or an on-line service to
purchase, install, and maintain a software program to control
the access of pupils to Internet and on-line sites and to
prohibit access to sites that contain or make reference to
harmful matter, as defined, sexual acts, gross depictions, drugs
or the drug culture, gambling, illegal activity, alcoholic
beverages and tobacco.

Vote: majority. Appropriation: no. Fiscal committee: no.

State-mandated local program: no.

SECTION 1. This act may be cited as the Children's Internet
Protection Act of 1997.

SEC. 2. Section 51870.5 is added to the Education Code, to
read:

51870.5. A school district that provides pupils with access
to the Internet or an on-line service shall purchase, install,
and maintain a software program to control the access of pupils
to Internet and on-line sites and to prohibit access to sites
that contain or make reference to any of the following:

(a) Harmful matter as defined in subdivision (a) of Section
313 of the Penal Code.

(b) Sexual acts.
(c) Drugs or the drug culture.
(d) Gambling.
(e) Illegal activity.
(f) Alcoholic beverages and tobacco.

SEC. 3. Section 2 of this act shall be operative July 1,
1998.

------------------------------

Date: Mon, 10 Feb 1997 11:40:36 +0100
From: "William S. Galkin" <wgalkin@LAWCIRCLE.COM>
Subject: File 8--CLO #22 "Your clickstream is showing"

Published by
Challenge Communications

=============================================================
January, 1997 Computer Law Observer Issue No. 22
=============================================================

The Computer Law Observer is distributed monthly for free by Challenge
Communications (ChallComm@aol.com or (410)356-1238). To subscribe, send
an e-mail message to lawobserver-request@charm.net with the word
"subscribe" typed in the message area (leaving out the quotation marks).
To unsubscribe, follow the same instructions substituting the word
"unsubscribe". Back issues can be found at
http://www.lawcircle.com/observer . Copyright 1997 by Challenge
Communications.
------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++
YOUR CLICKSTREAM IS SHOWING
Privacy of online consumer information
++++++++++++++++++++++++++++++++++++++++++++++
by William S. Galkin, Esq.
(biography at end)
Where we are

Surfing the Internet often resembles meanderings through a mega-book
store. Wander into the politics section ... glance at a few books ...
next into poetry, religion ... perhaps listen to a few CD's ... then
flip through the newspapers and magazines ...
How would you feel if the bookstore monitored your activities and kept a
record of every section you entered, every book or magazine you looked
at, every CD you listened to? What if the record included every page of
every book or magazine you looked at, or even every person you spoke to
in the bookstore?

What if the bookstore used this information to create a detailed
consumer profile which it then used to market products to you, or sells
to others for the same purpose? Imagine - while in the store, you read a
review in a magazine discussing a new model car, then the next day you
get direct mail, or a phone call, from the local auto dealer, who bought
this information from the bookstore. Sound far fetched? Not on the
Internet.

Many believe that commercial success on the Internet hinges on the
ability to collect and maximize the use of highly specific and detailed
consumer data. At the same time, consumers are very concerned how this
data will be used - or abused. However, both commercial and consumer
interests acknowledge that unless consumer privacy concerns can be
adequately addressed, consumer activity on the Internet will remain
subdued.

The Federal Trade Commission's Bureau of Consumer Protection held a
public workshop on Consumer Privacy on the Global Information
Infrastructure on June 4-5, 1996. The workshop was part of the Bureau's
Consumer Privacy Initiative, an ongoing effort to bring consumers and
businesses together to address consumer privacy issues posed by the
emerging online marketplace.

On January 6, 1997, the Bureau of Consumer Protection issued a staff
report regarding Consumer Privacy in the Online Marketplace based on the
workshop and subsequent comments received. The Report can be found at
the FTC's website (http://www.ftc.gov ) under "Conferences, Hearings,
and Workshops". The Report also discusses privacy of medical and
financial information as well as privacy relating to information about
children. However, this article focuses only on the consumer information
privacy issues discussed in the Report. Some are disappointed that the
Report is no more than a review of various positions and options. It
does not state the FTC's position - which, apparently, is still in the
development stage.

The problem -

When you surf the Internet, your connection runs through your Internet
Service Provider's (ISP) system. A record can be maintained of every
website, and every page of every website, that you access, which
newsgroups you participate in, which distribution lists you receive, the
e-mail addresses of mail you send and receive, and more. Traveling the
Internet creates a trail that has been referred to as a "clickstream."

In addition to your ISP, websites themselves often have the capability
of gathering and storing information. For instance, a website might
automatically know your e-mail address, what kind of browser you are
using, what kind of computer you are using, what pages in the site you
looked at, where you linked from and where you are linking to next.
Websites sometimes create a profile of your activities and store it in a
text file (known as a cookie and discussed more later) which is placed
on your computer so that the next time you visit, the site will know
better how to serve you. Much information is gathered invisibly, usually
without the knowledge or consent of the consumer.

It should be noted that accessing websites through commercial services
like America Online, Compuserve or Prodigy, or through a firewall,
blocks your e-mail identity from the websites. However, these services
themselves, of course, continue to have full access to all your activity
information.

In addition to all the automatically collected information just
described, a lot of information is volunteered by consumers. For
instance, you might fill out an online questionnaire or registration
form in order to receive access to a particular site, or to be included
in one of many online directories.

The vast amount of consumer data being collected is extremely valuable,
and is currently being compiled, combined, analyzed and sold with little
or no legal restrictions.

The solutions?

The possible solutions fall into three categories: (1) self regulation,
(2) technological protections and (3) government regulation.

Self regulation -

Sites and ISP's can prepare information policy statements that can be
available to view as users enter the site. These statements could
include information such as: what information is being gathered, what
the intended uses are for the information, whether it will be
transferred to third parties, whether users can review the gathered
information for accuracy, whether the users can restrict use of the
information, how long information will be retained, how information is
secured to protect against unauthorized access and disclosure and
misuse.

To date, few sites have developed such policies. Whether such statements
will be effective in increasing consumer confidence will depend upon
whether such statements are (1) prominently displayed, (2) uniform in
structure, (3) easily understood, or (4) represent obligations
enforceable against the collectors by either industry self regulation or
legal action.

Both commercial and consumer interests agree that consumers should have
a choice as to how the information is used. However, how this choice is
exercised is in dispute. Commercial interests prefer the "opt-out"
approach, where consumers must affirmatively "opt-out." This approach
allows use of personal information unless and until a consumer opts-out.
However, some privacy groups view personal information as a property
right. Under this approach, consumers should have to affirmatively
"opt-in" or consent before personal information could be used.

Technological protections -

There are several technologies now available that could be used to
enhance consumer privacy online. More options will undoubtedly become
available as technology further develops.

Universal registration systems - Users register a wide array of personal
information at a single registry and are assigned a unique
identification number. When a user accesses a website in the registry's
system, only the unique identifier and anonymous demographics about the
user are revealed to the website. The registry will perform anonymous
market research for websites in the registry. The registry will only
reveal a user's identity to a website with the user's express consent.
All websites in the system are contractually bound not to share or sell
user information. This is effective only when visiting sites in the
system.

Cookies - Cookies are a technology that allows a website to create a
text file on your computer that contains information gathered during a
visit to the site. Next time you visit the site, the site will retrieve
this information and already know some of your preferences. For example,
you have demonstrated an interest in golf and golf related information
may be presented to you upon your next visit. The use of this technology
has been criticized because users are not aware that websites are
creating and storing these text files on user's hard drives. Newer
versions of web browsers have mechanisms to alert users before creation
of a cookie file occurs.

However, this technology could be used so that when users express
privacy preferences in response to an information policy statement, upon
a user's return, the privacy preferences will be known and honored.

Filtering technology - The Platform for Internet Content Selection
(PICS) was developed by the World Wide Web Consortium at MIT. PICS
allows for the labeling of websites (e.g., excessively violent or
explicit sexual material). Labels are attached to the sites by owners or
third parties, and software utilizing PICS can read the labels and then
block access to the site. PICS could be used to identify sites that
follow certain privacy standards that a particular user feels
comfortable with, and exclude other sites.

Government Regulations -

Consumer representatives disagree as to whether self regulation and
technology can be, without legal enforcement capabilities, sufficient
for protection. Some consider the technology too complicated for
consumers to use effectively. They also argue that the technology
unfairly shifts the responsibility for protecting privacy to consumers.

Industry and trade associations advise that government should stay out
of the picture and let market pressures define the protections. They
warn that government regulations would be imprecise and would quickly
become obsolete due to fast pace of technological development.

Whether or not personal privacy becomes law, we are certain to see
multiple bills introduced in Congress and the states this year as well
as various privacy studies undertaken by different agencies. On January
7, the Consumer Internet Privacy Protection Act of 1997 (H.R. 98) and
the Fair Health Information Practices Act of 1997 (H.R. 52) were
introduced in Congress, both primarily designed to address some of these
issues.

Complications -

While commercial and consumer groups seem to agree on many privacy
principles, such as consumer choice, discussed above, or the right of
consumers to access and correct stored information, they disagree on how
to achieve or even define the solutions. For instance, even the
definition of "personal information" is a matter of dispute.

Many view PICS as having a lot of potential for providing privacy.
However, PICS offers protection only between a consumer and an online
entity using the information. It does not address use by third parties.
An additional weakness of PICS is that in order to use PICS for privacy,
websites would need to be labeled. How will the labeling occur? Labeling
by independent entities might provide a level of consistency, but this
might be impossible to administer due to the large numbers of new
websites opening daily. Self labeling has its own obvious weaknesses.
However, self labeling with third party certification of label accuracy
might be more feasible.

On the other hand, even if a labeling system can become operative,
commercial groups are concerned that filtering technology such as PICS
will be used to block out whole categories of information, thereby
severely restricting commercial speech. This concern might be alleviated
if the blocking were targeting specific sites rather than whole
categories.

Where are we?

In the end, education of both consumers and commercial interests is an
essential component of effective online privacy. Currently, consumers
often do not understand how information is being gathered and used.
Businesses also are too often not aware of the privacy issues and
options.


ABOUT THE AUTHOR:

Mr. Galkin can be reached for comments or questions
about the topic discussed in this article as follows:

E- MAIL: wgalkin@lawcircle.com
WWW: http://www.lawcircle.com/galkin
TELEPHONE: 410-356-8853/FAX:410-356-8804
MAIL: 10451 Mill Run Circle, Suite 400
Owings Mills, Maryland 21117.

Mr. Galkin is an attorney who represents small startup,
midsized and large companies, across the U.S. and
internationally, dealing with a wide range of legal
issues associated with computers and technology,
such as developing, marketing and protecting
software, purchasing and selling complex computer
systems, launching and operating a variety of online
business ventures, and trademark and copyright
issues. He is a graduate of New York University School
of Law and the adjunct professor of Computer Law at the
University of Maryland School of Law.

------------------------------

Date: Thu, 15 Dec 1996 22:51:01 CST
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 9--Cu Digest Header Info (unchanged since 13 Dec, 1996)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

SUBSCRIBE CU-DIGEST
Send the message to: cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message: UNSUB CU-DIGEST
Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (860)-585-9638.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown)
In ITALY: ZERO! BBS: +39-11-6507540
In LUXEMBOURG: ComNet BBS: +352-466893

UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
URL: http://www.soci.niu.edu/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

------------------------------

End of Computer Underground Digest #9.13
************************************

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT