Security Basics mailing list archives
Re: Privacy Policy - we don't need no 'stinking privacy
From: "David Vertie" <verticalrave () hotmail com>
Date: Tue, 29 Jul 2003 19:53:03 +0000
Exactly, its just cover your a** stuff. All or most of this stuff is written by lawyers, for lawyers. You will see this on some pieces of software, and hardware. They're not responsible for 'such and such' acts of 'blah blah and blah'.
Unavoidable stuff, just have to deal with it. David
From: dennis () unixqi com To: "Burton M. Strauss III" <BStrauss () acm org> CC: "Security-Basics" <security-basics () security-focus com> Subject: Re: Privacy Policy - we don't need no 'stinking privacy Date: Fri, 25 Jul 2003 08:59:31 -0700 (PDT) What if someone breaks into their site and steals your information? Might you sue them? I think they, as a business, need to cover such possibilities and so have to state it on their site. Specifically, you must have missed the following section: 7. USE OF PERSONAL INFORMATION THAT YOU PROVIDE US During your use of our site, you may provide us with personal information (such as your name, address, telephone number, e-mail address and credit card information) for the purpose of making reservations, requesting information or for other reasons. Holland America does not sell the personal information of our users to third parties. I really think they are just covering their ass for the possible case of break in or someone stealing your account information from your computer rather than trying to make a loop hole... I don't think this cuts it as a "hall of shame" candidate. > The wife and I are booked on a Holland America cruise. The travel agent > asked me to visit their web site and do some basic data entry for the > line. > There's a form (see > https://www.hollandamerica.com/tahq/pdf/Immigration.pdf) > to give them a bunch of personal information. >> I'm assuming this is the data required by the new US "Border Security and> Visa Entry Reform Act" (Public Law 107-173). Start here> http://thomas.loc.gov/cgi-bin/query/z?c107:H.R.3525: and click through to> the text of the enrolled bill, SEC. 402. PASSENGER MANIFESTS: >> "`(c) CONTENTS OF MANIFEST- The information to be provided with respect to > each person listed on a manifest required to be provided under subsection> (a) or (b) shall include-- > > `(1) complete name; > > `(2) date of birth; > > `(3) citizenship; > > `(4) sex; > > `(5) passport number and country of issuance; > > `(6) country of residence; > > `(7) United States visa number, date, and place of issuance, where > applicable; > > `(8) alien registration number, where applicable; > > `(9) United States address while in the United States; and > > `(10) such other information the Attorney General, in consultation with > the > Secretary of State, and the Secretary of Treasury determines as being > necessary for the identification of the persons transported and for the > enforcement of the immigration laws and to protect safety and national > security" > > > First off, it's interesting to see this US law applied to a cruise by a > non-US flagged ship which does not touch any US port. It's probably > because > it's all the information (and more) that will be required by the > authorities > in the various countries we will be visiting. So I can't really fault > them > for asking to have the data already entered - instead of having to do it > on > board after we sail. >> However, because of the sensitivity of the information, I checked the web> site and privacy policy. The web site uses ssl, has a valid certificate > and > uses reasonably current versions of various software (specifically> Apache/1.3.27, mod_ssl/2.8.12 and OpenSSL/0.9.7). So far so good. Next,> I > clicked on to the privacy policy, at > http://www.hollandamerica.com/aboutus/policies/privacy.htm which says, > > "1. CONFIDENTIALITY > > Your confidential use of this site cannot be guaranteed by us. We shall > not> be responsible for any harm that you or any person may suffer as a result> of > a breach of confidentiality in respect to your use of this site." > > Huh? >> It's sad to see a web site that has done a decent job of making accessible> a > lot of scattered information, flop so miserably on the last meter. > > Needless to say, I will be providing them the information via the paper > form. > > Anyone else have any entries for the "Wall of Shame"? > > > > > >> --------------------------------------------------------------------------- > ----------------------------------------------------------------------------> > -- Dennis Durling djd () shells sh 916-730-2889 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
_________________________________________________________________MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Privacy Policy - we don't need no 'stinking privacy Burton M. Strauss III (Jul 25)
- RE: Privacy Policy - we don't need no 'stinking privacy C England (Jul 28)
- Re: Privacy Policy - we don't need no 'stinking privacy dennis (Jul 29)
- RE: Privacy Policy - we don't need no 'stinking privacy Burton M. Strauss III (Jul 28)
- Re: Privacy Policy - we don't need no 'stinking privacy Meritt James (Jul 29)
- RE: Privacy Policy - we don't need no 'stinking privacy Burton M. Strauss III (Jul 29)
- <Possible follow-ups>
- RE: Privacy Policy - we don't need no 'stinking privacy JohnNicholson (Jul 28)
- Re: Privacy Policy - we don't need no 'stinking privacy David Vertie (Jul 29)