Interesting People mailing list archives
IP: Privacy Report Has Both Sides Scrambling for Spin -- fro mTelecom Digest
From: Dave Farber <farber () cis upenn edu>
Date: Sat, 15 May 1999 19:22:14 -0400
Date: Fri, 14 May 1999 02:24:07 -0400 From: Monty Solomon <monty () roscom com> Subject: Privacy Report Has Both Sides Scrambling for Spin http://www.thestandard.com/articles/mediagrok_display/0,1185,4555,00.html It was a classic case of the glass being half empty or half full - or more precisely, two-thirds full or one-third empty. A Georgetown University study on commercial Web sites' privacy policies found that two-thirds of the top 300-plus sites had a privacy policy posted. That compares to the paltry 14 percent that had policies posted last year when the FTC did a similar study, sparking debate between an online industry that wants to regulate itself and privacy groups that are pushing for legislation. The Washington Post's Robert O'Harrow Jr. set the scene perfectly, saying "the scramble to gain the high ground of interpretation began within hours of the report's release, as people on all sides of the debate issued statements, held press conferences and dissected what it all means." (The study's genesis at nearby Georgetown may have helped O'Harrow's story land on the Post's front business page.) Industry mouthpieces quickly seized on the positive upswing, saying laws weren't needed; indeed, the Wall Street Journal story led with the conclusion that the study's release means "the Clinton administration is likely to back away from threats to press for new privacy laws.'' But critics pointed out that the survey also showed that only 10 percent of major sites had comprehensive privacy policies that allowed surfers to access their own data, which became the focus on tech sites like News.com and ZDNet. In the half-empty camp, Beth Givins of the Privacy Rights Clearinghouse complained to CyberTimes that "one-third posted no privacy practices at all." Electronic Privacy Information Center director Marc Rotenberg was even more critical, telling the Post that "I think the time for self-regulation is running out." Still, there were some voices of compromise in the debate. FTC chair Robert Pitofsky told the Post that online firms deserve credit for making progress over the last year, though he added that the FTC would analyze the survey's results before reporting to Congress. And Jerry Berman, executive director of the Center for Democracy and Technology, told CyberTimes, "I think that the self-regulatory efforts that are being made deserve credit for moving a lot of those numbers up, but I don't think ... we can get privacy to be the rule simply based on the self-regulatory efforts of industry." Reporters' heads weren't only spinning from the dueling experts, but also from the concept of Web reach touted by Media Metrix. CyberTimes' Jeri Clausing said the study showed that two-thirds of "all commercial Web sites" display warnings on collecting personal information, while the Post's O'Harrow said the sample accounted for "99 percent of the activity on the Web." Hogwash. Wired News' Declan McCullagh got it right, saying the survey included 364 "dot-com" Web sites that together reach 98.8 percent of home Internet users, according to Media Metrix's confusing metrics. That doesn't mean all Web sites or all Web activity - just the most visited sites according to one ratings house. More Web Sites Appear to Post Privacy Policies http://www.washingtonpost.com/wp-srv/WPcap/1999-05/13/067r-051399-idx.html New Privacy Study Says Majority of Sites Provide Warnings http://www.nytimes.com/library/tech/99/05/cyber/articles/13privacy.html Survey: Web Privacy Improving http://www.wired.com/news/news/politics/story/19643.html Study: Data Privacy Policies Fall Short http://www.news.com/News/Item/0,4,36470,00.html?st.ne.fd.mdh.ni Web Has Work to Do on Privacy http://www.zdnet.com/zdnn/stories/news/0,4586,2258012,00.html?chkpt=hpqs014 [TELECOM Digest Editor's Note: I feel like such an idiot sometimes. When I recently tried to renovate and improve the telecom-archives web site at http://telecom-digest.org, one of the first things I did was add a short blurb about 'your privacy at this site'. It is avail- able to readers with java-enabled browsers since those readers get a small cookie offering from me if they wish to accept it, and I ask for the same cookie back on subsequent visits. It just seemed to me it was extremely important to let people know my intentions and the specifics about the cookie information. I do not give the file to Lynx browsers because I do not have the ability right now to ask a Lynx user anything anyway. Any non-java browser which does not see that file in the greeting at the top of the page can still read it if they wish at http://telecom-digest.org/cookienotes.html Then I read a report like the one Monty sent in today, and it frankly annoys me no end that so many *huge* 'dot com' sites do not bother to explain anything at all, nor sometimes even the fact that they are busy raping your hard drive while you read whatever they have to offer. Others insist you either take their cookies or you cannot participate at all. Maybe *they* have so many callers each day they can afford to offend and send away users with privacy concerns, but I sure cannot afford it. The other day I saw a web site (if I can recall its URL I will get it again and post it here) where the webmaster talked openly about the techniques he uses in cooperation with several other sites to share 'cookie data' and user information. He claims if you visit even a few 'cooperating sites' with what he termed 'double-click and/or 'click-trade' schemes over a period of a few days, you can then go to his site and he can tell (and does look to see) all the other places you have been. As he explained it, site A trades cookies with B, but not with C. However B trades with D and E, and E trades with C. So soon enough, all sites which collect cookie information have all the information on users who went to any of the others. He contends that many sites not only use cookies, but have no compunction at all against just looking through your cache, i.e. Windows Temporary Files, grabbing up all the URLs they can find in there as well, which become part of your 'UserID' information which is stored in the cookie. I guess the first one of these sites to discover you do not have a cookie with a userID embedded in it assigns you one, and plants a cookie with it on your computer. Subsequent sites use whatever userID was assigned by whichever site assigned it. And from that day on, as your 'dossier' grows, each site references that same userID when it trades with other sites. So he concluded, "go ahead, surf the net for a couple days, I will wait for you. You'll be bound to hit at least one double-clicker or cookie collector in that time, and when you get around to my site eventually, I'll be able to tell you exactly when and where you went when you downloaded the porn pictures of those naked boys ... but at least I am honestly telling you what is going on; most sites won't. And did it ever occur to you that certain government and law enforcement sites which encourage the public to visit might also be double-clicking behind your back and looking to see what you are about? You bet they do ..." Well, like I said two or three paragraphs ago, it makes me feel like an idiot at times, sitting here with my dinky little thing and puny little website, putting up a notice about user privacy. If so few in dot.com seem to care about it, why the hell should I? I get mail every day from sites who want me to join in 'click-trade' with them. I think the privacy problem on the net may be even worse than some privacy experts believe. PAT]
Current thread:
- IP: Privacy Report Has Both Sides Scrambling for Spin -- fro mTelecom Digest Dave Farber (May 15)