Politech mailing list archives
FC: Replies to Charles Platt on privacy and FTC do-not-call database
From: Declan McCullagh <declan () well com>
Date: Tue, 01 Jul 2003 00:57:44 -0400
Previous Politech message: "Charles Platt on privacy and FTC's do-not-call database" http://www.politechbot.com/p-04902.html --- Date: Sat, 28 Jun 2003 15:16:24 -0400 From: Robert Gellman <rgellman () netacc net> To: declan () well com Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database References: <5.2.1.1.0.20030627221430.047ebd20 () mail well com> Declan McCullagh wrote: > > I would say with confidence that I believe the folks at FTC have no > ulterior motives in creating this registry. But administrations can > change and policies can shift, and in any case the FTC may have > little power to resist requests from law enforcement agencies for the > complete database.While I think that you are probably correct about motive, the issue is open to some question. Let's look at what the FTC actually did. Here is a routine use (disclosure authority) for the do-not-call system of records:
"Records may be made available or referred on an automatic or other basis to other federal, state, or local government authorities for regulatory, compliance, or law enforcement purposes."
IMHO, this routine use is overbroad and inconsistent with the Privacy Act of 1974. Here is a quick argument:
First, the FTC collects records for a do-not-call database. Allowing disclosures to ANY government authority for ANY regulatory, compliance, or law enforcement purpose (other than as relevant to the do-not-call activity) fails to meet the statutory test that disclosures be compatible with the purpose for the information was collected.
Second, the notion of an "automatic" disclosure is very troubling and questionable. Disclosures by routine use are discretionary. An agency that allows an automatic disclosure of personal information without some review is abusing its discretion and could be violating the Privacy Act in other ways as well.
Third, as written, the routine use appears to allow the agency to establish a directory of email addresses and telephone numbers and to make that available for automatic search by virtually any government agency for any regulatory, compliance, or law enforcement purpose. For the FTC to have reserved that authority is appalling as well as illegal.
There is more that could be said about this routine use, but I doubt that you or your readers want to wallow in Privacy Act caselaw and minutia.
However, I do have some advice to those who want to add their names to the do-not-call list. Do it by phone and not online. I don't believe that you have to give your email address on the phone. I am sorry now that I registered online.
By the way, it took four tries before my registration resulted in the email response from the FTC that was necessary to complete the process. If anyone registered online and didn't get an email from the FTC (which requires a further response), then the registration probably didn't take.
There are other problems and loopholes with the do-not-call list, but those are subjects for another day.
Bob -- + + + + + + + + + + + + + + + + + + + + + + + + Robert Gellman + + Privacy and Information Policy Consultant + + 419 Fifth Street SE + + Washington, DC 20003 + + 202-543-7923 <rgellman () netacc net> + + + + + + + + + + + + + + + + + + + + + + + + --- Date: Sat, 28 Jun 2003 02:58:01 -0400 Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database To: declan () well com Mime-Version: 1.0 From: "Chris Hoofnagle" <souvarine () tmail com> Dear Declan,Fwiw: If the telemarketers had their way, only the line subscriber (not even the spouse of the subscriber) could enroll, and you'd only be able to enroll by mail after sending a copy of your DL. I'm not kidding here--the industry recommended every barrier possible to enrollment.
They didn't even want the roommate of a subscriber to enroll.Law enforcement access is a continued concern, but some govt access is necesary for enforcement of the rule. In order to avoid enrollment, we recommended that all telemarketers be required to send CNID--that way you could avoid calls through tech measures.
But in any case, most of the privacy concerns dissolve when one moves to an opt-in system. Cell phone telemarketing already is opt-in, and those who are wireless only experience far less marketing annoyance.
C -- Sent from Chris' Mobile --- From: Freematt357 () aol com Message-ID: <ea.3a883e8f.2c2edc32 () aol com> Date: Sat, 28 Jun 2003 07:55:30 EDT Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database To: declan () well com CC: other () platt us, politech () politechbot comIn a message dated Fri, 27 Jun 2003 14:22:48 -0400 (EDT), other () platt us writes:
I'm not sure exactly what someone could do with a huge database that links phone numbers with email addresses. But it triggered a reflexive concern, especially since I didn't see any notes about how the database is secured. Hi Charles and Declan,I almost added my phone numbers as well, but my paranoid other self thought better, not about any worry if the Feds have my number, as they probably have everyoneâs number who subscribes to Politech- But the donotcall list would make a great database for foreign marketers lets say the Chinese who wouldnât pay any attention to our law- Such a list would be ripe to call as it virtually ensures that the list would be devoid of domestic competition and give a foreign telemarketer unfettered access.
Regards, Matt Gaylor http://www.freeohio.us/ --- From: Vance Kochenderfer <vkochend () nyx net> Message-Id: <200306292323.h5TNN2sY013291 () nyx10 nyx net> Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database To: declan () well com Date: Sun, 29 Jun 2003 17:23:02 -0600 (MDT) The Privacy Act notices for the do-not-call registry seem to be located at 68 FR 37491 and 68 FR 37494. You can bring them up from the GPO's site at <http://www.gpoaccess.gov/fr/advanced.html>. Later, Vance --- From: "Bazeley, Michael" <MBazeley () mercurynews com> To: "'Declan McCullagh '" <declan () well com> Subject: RE: Charles Platt on privacy and FTC's do-not-call database Date: Fri, 27 Jun 2003 23:12:46 -0700 Asking for the email address eems a bit much, if you ask me. Interestingly, you can also sign up for the federal list through the California Attorney General's office, and they ask for nothing more than your name and phone number and zip code. The FTC says they use the email address to confirm the registration. But the AG's office makes no such requirement. Michael Bazeley --- Date: Fri, 27 Jun 2003 22:35:27 -0700 To: declan () well com From: "Brian W. Antoine" <briana () nas-kan org> Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database At 07:14 PM 6/27/03, you wrote:>I would say with confidence that I believe the folks at FTC have no ulterior motives in creating this registry. But administrations can change and policies can shift, and in any case the FTC may have little power to resist requests from law enforcement agencies for the complete database.
Also consider that the email address you give then isn't required to stay valid
for your registration to stay valid. Give them a throw away address to use to
confirm your registration and then toss it.
I wonder how many new signups hotmail got today. *grin*
--
(UniKyrn on IM, ICQ#27068798)
Brian W. Antoine http://www.nas-kan.org/
---
Date: Fri, 27 Jun 2003 23:27:30 -0700
Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v552)
From: Tom Collins <tom () tomlogic com>
To: declan () well com
On Friday, June 27, 2003, at 07:14 PM, Declan McCullagh wrote:
I'm not sure exactly what someone could do with a huge database that links phone numbers with email addresses. But it triggered a reflexive concern, especially since I didn't see any notes about how the database is secured.
I wasn't comfortable with the email address requirement, so I used the toll-free number to register my two phone lines. It took about 2 minutes per line.
Consumers can register for the free government service by visiting the Web site www.donotcall.gov. Telephone registration using a toll-free number -- 1-888-382-1222 -- is available in states west of the Mississippi River, including Minnesota and Louisiana, starting Friday, and nationwide by July 7, the Federal Trade Commission said.
-- Tom Collins tom () tomlogic com --- Date: Sat, 28 Jun 2003 01:10:12 -0700 From: "James J. Lippard" <lippard () discord org> To: Declan McCullagh <declan () well com> Cc: other () platt us Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database Note that no email address is required to register a phone number via phone call, you simply must call from the phone number that you wish to add to the registry (presumably they are using ANI to validate requests). The email address is only required when registering through the web site (or requesting verification that a number is on the list through the website--in which case there's clearly no necessary connection between the email address and the telephone number, since anyone could request verification of any phone number using any email address--a fact which could be possibly exploited to cause the sending of unwanted email). --- Date: Sat, 28 Jun 2003 11:05:54 -0400 To: <declan () well com> From: "Lawrence R. Ware" <larry () waywardhome com> Subject: Charles Platt on privacy and FTC's do-not-call database >I wonder if any politech recipients have added their phone numbers to this >interesting new database. Yes. >If they did, I wonder if they felt the momentary >misgiving that I experienced myself when the government-run system refused >to list my phone numbers as do-not-call until I provided a valid email >address for confirmation. Crossed my mind, but I wonder how else Mr. Platt expects an Internet web based sign up to work? Unconfirmed, (without a closed loop) would among other things allow me to un-subscribe his phone number, or yours for that matter. Want more interruption marketing? The telemarketer's will be jumping all over any number *not* on this list soon. The script kiddies would have a field day with it.Perhaps Mr. Platt would prefer to snail mail the FTC a letter, and include a photocopy of his phone bill to prove he has control over
the number instead? He could just use a throwaway Yahoo or hotmail account for this if the idea of adding to a government database bothers him that much. Considering how often people change email addresses for other reasons, the value of this database would be limited anyway. -larry # larry () waywardhome com # Orlando, Florida ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
Current thread:
- FC: Replies to Charles Platt on privacy and FTC do-not-call database Declan McCullagh (Jul 01)