IP: Re: Citibank's meaningless privacy notice: [risks] Risks Digest 21.40

[David Farber <dave () farber net>]

> Date: Fri, 11 May 2001 15:46:21 -0400
> From: Zygo Blaxell <zblaxell () genki hungrycats org>
> Subject: Re: Citibank's meaningless privacy notice (Prevelakis, RISKS 21.38)
>
> In other words, what you are saying is "information can be shared with group
> A when box B is checked and group C when box B is not checked, therefore
> information can be shared with group A or C regardless of the state of box
> B."  That is true if and only if groups A and C have exactly the same
> membership.
>
> It is easy to get trapped in logical fallacies if one does not include the
> legal context of contractual agreements in the analysis.
>
> In reasonable jurisdictions(*), there are two classes of third parties:
> those that Citibank can unconditionally share information with (e.g., law
> enforcement officials), and those with whom Citibank cannot lawfully share
> information without your permission.  Checking boxes on the appropriate form
> would seem to be a reasonable indication of your desire to grant or deny
> such permission, which would affect the legal status of certain third
> parties.
>
> Indeed, quoted sections of the Citibank agreement would seem to acknowledge
> that this is the case, although other sections of the document would seem to
> contradict this.  The Citibank privacy agreement seems to be written in no
> language I can understand, whether legal, plain, or otherwise...
>
> (*) Of course, I'm not making any assertion about whether Citibank is
> actually located in a reasonable jurisdiction...



For archives see: http://www.interesting-people.org/