Politech mailing list archives
FC: Intuit's recent privacy snafu (from privacy forum)
From: Declan McCullagh <declan () well com>
Date: Mon, 27 Sep 1999 09:23:15 -0600
From: "robbin stewart" <gt_bear () hotmail com> To: declan () well com Subject: intuit privacy snafu Date: Sat, 25 Sep 1999 20:29:28 PDT Hiya. Unless this has already been covered to death, it might be newsworthy. Robbin ----------------- Date: Sat, 25 Sep 99 12:04 PDT From: lauren () vortex com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Intuit "Shuts Down" Privacy Site After PRIVACY Forum Query Greetings. An alert PRIVACY Forum reader recently brought a somewhat bizarre and certainly ironic situation to my attention. Intuit (makers of "Quicken" and other extremely widely-used financial software packages) had a web site (http://privacy.intuit.com) that presented various information regarding their privacy policies. It also included a feature which allowed any registered Intuit customer to view and alter their "privacy preferences." This included data such as whether or not they wished to receive promotional materials from Intuit, how they should or should not be contacted (e.g. e-mail, phone, etc.), and whether or not their name and address would be released to outside firms. To access this feature, the customer needed to supply their last name, zip code, and ... *nothing else*! Upon entering any last name and zip code (and given the number of Intuit customers, a hit would be pretty likely for most common names) the user would see the associated first name, city, and last four digits of phone number for that person. The user could then freely modify the privacy preferences for that customer. Needless to say, I immediately expressed my concern over this situation to Intuit officials. Within a few days, I was contacted by their VP Corporate Communications, informing me that the preference access features of the site had been shut down, and that any users attempting to access them would be directed to an 800 number. A live customer service representative would then verify their contact information before performing any preferences changes. Intuit plans to restore the web preferences feature to the site after making security enhancements, probably within a month or two. That Intuit responded promptly to my concerns by closing down the feature is to be commended. One must still wonder, however, about the chain of events and review which permitted such an obviously flawed feature to have been implemented in the first place--it is, unfortunately, an all too common sort of situation.--Lauren--Lauren Weinsteinlauren () vortex com Moderator, PRIVACY Forum --- http://www.vortex.com Member, ACM Committee on Computers and Public Policy ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
-------------------------------------------------------------------------- POLITECH -- the moderated mailing list of politics and technology To subscribe: send a message to majordomo () vorlon mit edu with this text: subscribe politech More information is at http://www.well.com/~declan/politech/ --------------------------------------------------------------------------
Current thread:
- FC: Intuit's recent privacy snafu (from privacy forum) Declan McCullagh (Sep 27)