FC: Intuit's recent privacy snafu (from privacy forum)

[Declan McCullagh <declan () well com>]

> From: "robbin stewart" <gt_bear () hotmail com>
> To: declan () well com
> Subject: intuit privacy snafu
> Date: Sat, 25 Sep 1999 20:29:28 PDT
>
> Hiya. Unless this has already been covered to death, it might be
> newsworthy. Robbin
> -----------------
> Date:    Sat, 25 Sep 99 12:04 PDT
> From:    lauren () vortex com (Lauren Weinstein; PRIVACY Forum Moderator)
> Subject: Intuit "Shuts Down" Privacy Site After PRIVACY Forum Query
> Greetings.  An alert PRIVACY Forum reader recently brought a somewhat
> bizarre and certainly ironic situation to my attention.  Intuit (makers of
> "Quicken" and other extremely widely-used financial software packages) had a
> web site (http://privacy.intuit.com) that presented various information
> regarding their privacy policies.
> It also included a feature which allowed any registered Intuit customer to
> view and alter their "privacy preferences."  This included data such as
> whether or not they wished to receive promotional materials from Intuit, how
> they should or should not be contacted (e.g. e-mail, phone, etc.), and
> whether or not their name and address would be released to outside firms.
> To access this feature, the customer needed to supply their last name, zip
> code, and ... *nothing else*!  Upon entering any last name and zip code (and
> given the number of Intuit customers, a hit would be pretty likely for most
> common names) the user would see the associated first name, city, and last
> four digits of phone number for that person.  The user could then freely
> modify the privacy preferences for that customer.
> Needless to say, I immediately expressed my concern over this situation to
> Intuit officials.  Within a few days, I was contacted by their VP Corporate
> Communications, informing me that the preference access features of the site
> had been shut down, and that any users attempting to access them would be
> directed to an 800 number.  A live customer service representative would 
> then
> verify their contact information before performing any preferences changes.
> Intuit plans to restore the web preferences feature to the site after making
> security enhancements, probably within a month or two.
> That Intuit responded promptly to my concerns by closing down the feature is
> to be commended.  One must still wonder, however, about the chain of events
> and review which permitted such an obviously flawed feature to have been
> implemented in the first place--it is, unfortunately, an all too common
> sort of situation.--Lauren--Lauren Weinsteinlauren () vortex com
> Moderator, PRIVACY Forum --- http://www.vortex.com
> Member, ACM Committee on Computers and Public Policy
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com

--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo () vorlon mit edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------