Slashdot Mirror

KilroyTheVeg writes "The Mercury News reports that the California Attorney General, Bill Lockyer, filed suit against Internet marketer PW Marketing LLC, accusing the company of illegally spamming millions of Californians. The Story is here and the Sidney Morning Herald also has the story here. The suit named PW Marketing LLC (note:subpoena in link is third one down the page) and its owners Paul Willis and Claudia Griffins defendants in the suit which seeks "at least" $US2 million from them for allegedly flouting several state consumer protection laws banning spam mail. All I can say is Make 'em pay, it's the only way to hurt 'em where it counts." Update: 09/30 22:02 GMT by T : Note, that's Sydney Morning Herald.

There will be a number of stories out shortly (here's an early one) noting that Microsoft has settled with the FTC over privacy complaints relating to Microsoft Passport. Short summary: Microsoft made lots of false representations about the security of Passport, and collected more information than it disclosed in its privacy policy, and now must be penalized in the usual Microsoft fashion - they must promise not to do it again. The FTC's settlement page has the complaint and settlement documents. We've covered this extensively - All Your Bits Are Belong to Us, EPIC's complaints about the integration of Windows XP and Passport, Microsoft Defends Passport, EPIC pushing state attorneys general to act against Passport, etc. In fact EPIC has an entire page devoted to Passport. The FTC settlement requires two main things: that Microsoft adopt basic security practices (what were they doing before?), and that Microsoft be audited by a third-party to assure compliance - perhaps it will be TrustE, since Passport's privacy policy remains approved by TrustE.

securitas writes: "Remember all of those recent misleading 'invoices' and other VeriSign tactics that resulted in transfers of domains to VeriSign from competing registrars, domain deletions and other domain-slamming shenanigans? Well the Federal Trade Commission has decided to investigate VeriSign's domain practices. This kind of probe is long overdue."

the special sauce writes "A few months back, our customers (we run a regional ISP) started receiving deceptive domain renewal notices from Verisign and Verisign partners such as Interland. A couple of our customers temporarily lost their domains in the process as the registrant, contact information and hosting company was all changed. Yesterday, I received an e-mail from a customer. He was forwarding a "reminder" e-mail he had received. It was an SSL certificate "renewal" notice from a UK company, Comodo. It instructed him to "upgrade" his current certificate (issued by Equifax) before it expired." More information on this charming practice follows... the special sauce Continues: "For those who don't know, Equifax was just bought out by GeoTrust, who offers a QuickSSL product. Comodo's e-mail was advertising an "InstantSSL" product, which I myself mistook for the GeoTrust product on first reading the e-mail. When I realized my mistake, I contacted Comodo and inquired as to their relationships with Equifax and GeoTrust and how they came by my customer's information. The response: "We have no relationship with Equifax or GeoTrust. The information on a certificate is public information which we have used to inform this company that they have an option when they come to buy their certificate."

My interpretation: Comodo is harvesting contact information from certificates in bad faith, to market a competing product. Furthermore, I think they have targeted Equifax customers because the company was just bought out. In any buyout, confusion exists as to the "new" company's identity. I think they are offering a product whose name is confusing similar to a GeoTrust's product. The language in their e-mail does everything possible to obfuscate the fact that they are not affiliated with Equifax, encouraging customers to "renew" and "upgrade" their certificates. In reality, if my customer had clicked the links in the e-mail, he would have been purchasing a new certificate from a company with which he had no previous relationship.

So I ask, is this not cert slamming? I don't expect this to be as big a problem as Verisign's domain slamming: we simply host less certificates than domains so it is easier to warn all of our customers with secured web sites. Nevertheless, I've reported the practice to the FTC."

the special sauce writes "A few months back, our customers (we run a regional ISP) started receiving deceptive domain renewal notices from Verisign and Verisign partners such as Interland. A couple of our customers temporarily lost their domains in the process as the registrant, contact information and hosting company was all changed. Yesterday, I received an e-mail from a customer. He was forwarding a "reminder" e-mail he had received. It was an SSL certificate "renewal" notice from a UK company, Comodo. It instructed him to "upgrade" his current certificate (issued by Equifax) before it expired." More information on this charming practice follows... the special sauce Continues: "For those who don't know, Equifax was just bought out by GeoTrust, who offers a QuickSSL product. Comodo's e-mail was advertising an "InstantSSL" product, which I myself mistook for the GeoTrust product on first reading the e-mail. When I realized my mistake, I contacted Comodo and inquired as to their relationships with Equifax and GeoTrust and how they came by my customer's information. The response: "We have no relationship with Equifax or GeoTrust. The information on a certificate is public information which we have used to inform this company that they have an option when they come to buy their certificate."

My interpretation: Comodo is harvesting contact information from certificates in bad faith, to market a competing product. Furthermore, I think they have targeted Equifax customers because the company was just bought out. In any buyout, confusion exists as to the "new" company's identity. I think they are offering a product whose name is confusing similar to a GeoTrust's product. The language in their e-mail does everything possible to obfuscate the fact that they are not affiliated with Equifax, encouraging customers to "renew" and "upgrade" their certificates. In reality, if my customer had clicked the links in the e-mail, he would have been purchasing a new certificate from a company with which he had no previous relationship.

So I ask, is this not cert slamming? I don't expect this to be as big a problem as Verisign's domain slamming: we simply host less certificates than domains so it is easier to warn all of our customers with secured web sites. Nevertheless, I've reported the practice to the FTC."

InspectorPraline writes "Providing more proof that the record industry is indeed a oligopoly, this article at the New York Times reports that two major record companies, Vivendi Universal and Warner Communications, have been convicted of price fixing by the FTC over a recording from 1998 of the Three Tenors. While Warner reached an agreement with the FTC about a year ago, Vivendi continues to deny wrongdoing and will, of course, appeal." The FTC's release is quite informative, describing the entire case.

Mister B writes: "A scam artist who trapped surfers mistyping their URLs (including those for children's websites) and barraged them with popup ads for pr0n and gambling has been busted to the tune of about $2 million. Apparently the FTC got ticked after having to close 64 separate browser windows! The FTC has a sense of humour nevertheless: the case name is 'Cupcake Party' (the scammer did business under 'Cupcake') :-) . More details at MSNBC and the FTC."

Controlio writes: "The FTC is proposing a national do-not-call list to help keep telemarketing under control. More info is available in HTML or PDF, and the rule is available in PDF as well. The FTC has extended the deadline for comment until April 15th, and they are asking for your comments via e-mail. A snail mail address is also available. Many of the public comments can be viewed here, and it looks like the telemarketers are spamming the list with a pre-written script, for an example, look under "T". FOX News and CNN have old stories on this as well, but CNN is re-airing the story today. Finally, someone sticking up for those of us who get over 10 calls per day."

Controlio writes: "The FTC is proposing a national do-not-call list to help keep telemarketing under control. More info is available in HTML or PDF, and the rule is available in PDF as well. The FTC has extended the deadline for comment until April 15th, and they are asking for your comments via e-mail. A snail mail address is also available. Many of the public comments can be viewed here, and it looks like the telemarketers are spamming the list with a pre-written script, for an example, look under "T". FOX News and CNN have old stories on this as well, but CNN is re-airing the story today. Finally, someone sticking up for those of us who get over 10 calls per day."

Controlio writes: "The FTC is proposing a national do-not-call list to help keep telemarketing under control. More info is available in HTML or PDF, and the rule is available in PDF as well. The FTC has extended the deadline for comment until April 15th, and they are asking for your comments via e-mail. A snail mail address is also available. Many of the public comments can be viewed here, and it looks like the telemarketers are spamming the list with a pre-written script, for an example, look under "T". FOX News and CNN have old stories on this as well, but CNN is re-airing the story today. Finally, someone sticking up for those of us who get over 10 calls per day."

Controlio writes: "The FTC is proposing a national do-not-call list to help keep telemarketing under control. More info is available in HTML or PDF, and the rule is available in PDF as well. The FTC has extended the deadline for comment until April 15th, and they are asking for your comments via e-mail. A snail mail address is also available. Many of the public comments can be viewed here, and it looks like the telemarketers are spamming the list with a pre-written script, for an example, look under "T". FOX News and CNN have old stories on this as well, but CNN is re-airing the story today. Finally, someone sticking up for those of us who get over 10 calls per day."

Controlio writes: "The FTC is proposing a national do-not-call list to help keep telemarketing under control. More info is available in HTML or PDF, and the rule is available in PDF as well. The FTC has extended the deadline for comment until April 15th, and they are asking for your comments via e-mail. A snail mail address is also available. Many of the public comments can be viewed here, and it looks like the telemarketers are spamming the list with a pre-written script, for an example, look under "T". FOX News and CNN have old stories on this as well, but CNN is re-airing the story today. Finally, someone sticking up for those of us who get over 10 calls per day."

Controlio writes: "The FTC is proposing a national do-not-call list to help keep telemarketing under control. More info is available in HTML or PDF, and the rule is available in PDF as well. The FTC has extended the deadline for comment until April 15th, and they are asking for your comments via e-mail. A snail mail address is also available. Many of the public comments can be viewed here, and it looks like the telemarketers are spamming the list with a pre-written script, for an example, look under "T". FOX News and CNN have old stories on this as well, but CNN is re-airing the story today. Finally, someone sticking up for those of us who get over 10 calls per day."

Controlio writes: "The FTC is proposing a national do-not-call list to help keep telemarketing under control. More info is available in HTML or PDF, and the rule is available in PDF as well. The FTC has extended the deadline for comment until April 15th, and they are asking for your comments via e-mail. A snail mail address is also available. Many of the public comments can be viewed here, and it looks like the telemarketers are spamming the list with a pre-written script, for an example, look under "T". FOX News and CNN have old stories on this as well, but CNN is re-airing the story today. Finally, someone sticking up for those of us who get over 10 calls per day."

Controlio writes: "The FTC is proposing a national do-not-call list to help keep telemarketing under control. More info is available in HTML or PDF, and the rule is available in PDF as well. The FTC has extended the deadline for comment until April 15th, and they are asking for your comments via e-mail. A snail mail address is also available. Many of the public comments can be viewed here, and it looks like the telemarketers are spamming the list with a pre-written script, for an example, look under "T". FOX News and CNN have old stories on this as well, but CNN is re-airing the story today. Finally, someone sticking up for those of us who get over 10 calls per day."

BuckMulligan writes "Attention, Citizens! The deadline for filing comments against the telenuisance industry is Friday at 5 PM. You can send comments via e-mail to TSR@FTC.GOV. Also, EPIC has a guide to telemarketing and suggestions for comments online. It's important to note that the FTC regulations won't apply to banks and telephone companies that telemarket. However, these rules could be extended to those industries. This is also a lesson that state privacy legislation is better because state do-not-call lists apply to all telemarketers--even banks and common carriers." My state has a statewide do-not-call registry and although it has a list of exemptions a mile wide - charities, anyone you've done business with, etc. - getting on that list has cut out most of the telemarketing calls we used to get. Very nice. Update: 03/28 17:57 GMT by M : EPIC informs me that the deadline has been extended to April 15. Taxes and telemarketing, two great things that go great togeth... well, nevermind.

klaun writes: "Yahoo has an article about the FTC launching a crackdown on deceptive unsolicited email. Basically they are after scammers offering easy money quick, not the average 'get porn here' type of spam. There is more info at the in a press release at the FTC's website." TheGreatGraySkwid amplifies, saying that this story "tells of an FTC crackdown on Spammers, that had resulted in charges (settled) against 7 chain-letter ring spammers, and several pending cases. I know I could use some Spam relief..." The settlement, unfortunately, isn't exactly stern stuff: the seven spammers "agreed to refrain from participating in deceptive schemes in the future, or lying about the legality or potential earnings from any such schemes."

klaun writes: "Yahoo has an article about the FTC launching a crackdown on deceptive unsolicited email. Basically they are after scammers offering easy money quick, not the average 'get porn here' type of spam. There is more info at the in a press release at the FTC's website." TheGreatGraySkwid amplifies, saying that this story "tells of an FTC crackdown on Spammers, that had resulted in charges (settled) against 7 chain-letter ring spammers, and several pending cases. I know I could use some Spam relief..." The settlement, unfortunately, isn't exactly stern stuff: the seven spammers "agreed to refrain from participating in deceptive schemes in the future, or lying about the legality or potential earnings from any such schemes."

Brian writes: "This article states that the operators of www.playgirl.com and several other Web sites offering adult-oriented content agreed to pay $30 million to settle charges that they illegally billed thousands of customers for what were advertised as free services, the Federal Trade Commission said on Monday."

Brian writes: "This article states that the operators of www.playgirl.com and several other Web sites offering adult-oriented content agreed to pay $30 million to settle charges that they illegally billed thousands of customers for what were advertised as free services, the Federal Trade Commission said on Monday."

Schnake writes: "An article on USAToday talks about how the FTC is investigating Sun Microsystems, Unocal, and Rambus to determine whether they illegally kept patents secret while helping set industry standards! And a quote from the ZDNet article: "It noted that all three companies had filed patent infringement lawsuits against firms they say owed them royalties. But the litigation backfired when those firms countersued, charging them with concealing their patents, and complained to the FTC.""

That's a large part of the intent of the Hague Convention on Jurisdiction and Foreign Judgments, tempered by other countries' desire to have their copyright and patent laws enforceable worldwide, too. Today I attended a public roundtable discussion about this treaty proposal at the U.S. Library of Congress. (more)

Representatives of "copyright holders" heavily outnumbered freedom advocates, as is typical at this kind of event, but the leadoff speaker, Michael Davis of the Progressive IP Law Association, started the session by talking about how hip-hop sampling would be killed by the Hague Convention if it is ratified in its present form, which has "fair use" provisions nearly as onerous as those contained in the DMCA.

Interestingly, Marilyn Cade of AT&T spoke out against much of the Hague Convention's intent; her company's concern, she said, is keeping global communications and ecommerce free and easy. A representative from Yahoo! was even more negative about this treaty, which would make U.S. authorities responsible for enforcing other countries' copyright and IP laws, and vice versa.

Think about this spectre, which another participant raised: a court in Moscow, Iran or China could decide something posted on a Web site based in the U.S. violated their countries' laws and, as Hague Convention signatories, demand that U.S. authorities force the Web site owner to remove the offending material. This is not a far-fetched idea; remember Yahoo! and the French government's objection to Nazi memorabilia sales?

At the other extreme, the American Society of Media Photographers loves the idea of a treaty that will help its members collect royalties from foreign media that use their images.

Not Just Speaking to the Peanut Gallery

I only counted 36 people in the audience; intellectual property issue discussions never draw mass attention. But the only audience that counted today was the U.S. Hague Convention delegation, and they were here, sitting up front, listening to every panelist's words, asking questions, and generally trying to learn what various constituencies want (and don't want) in the way of intellectual property treaties before they go off to the next negotiating session.

A Nationalized Movie Industry?

Jared Jussim of Sony Pictures talked at length about the "entrepreneurialism" of the movie business and how vigorous international copyright enforcement is needed to keep the movie business healthy. He said, "If we could have the Digital Millenium Copyright Act extended throughout the world, I would be ecstatic about it."

Jussim ranted hard about online freedom-seekers; he dumped on "professors" who "cite each others papers in a big circle" and how they are all "liars." Strong words. But that wasn't enough for the man. He directly stated that if movies or even pieces of them were distributed online or through other means not approved by the movie companies, the entire industry would eventually shut down; that "you would pay a tax" to finance government-produced movies; and that government flunkies would decide what movies got made and what you saw in theaters and on TV. Horrors!

The spectre of a government-controlled film industry obviously is enough to make any right-thinking person want to see all possible copyright protection added to every possible intellectual property treaty.

Faced with this potential evil, it is obvious that the ACLU and all those professors who yammer on about fair use, freedom of speech, constitutionality and similar silliness must be ignored.

Media Attention

The Washington Post showed up. A cameraman from TechTV shot a few moments worth of tape, without sound. One of the local tech newsletters sent a reporter. And me. These were all the "known" journalists I spotted, but others were taking notes, so who can say? Perhaps one of the quiet people in the front row was a secret representative of the Today Show, but somehow I doubt it.

The Hague Convention could make major changes in the way intellectual property and copyright laws are handled on an international scale, but "the public" probably won't hear about any of this -- and won't care if they do -- unless there is some sort of corporate aggression under the Hague Convention that affects as many people as the RIAA's anti-Napster actions. Then you'll see the big-time pundits weigh in. But at this point in the game, they are nowhere to be found.

Enter RMS, Stage Right

Richard M. Stallman, representing the League for Programming Freedom, was scheduled to take part in the afternoon session but he showed up shortly before lunch and was immediately buttonholed by the Washington Post reporter. He spent the lunch break charming a member of the trade delegation, who said she was surprised that she had not heard "strongly" before about any of the intellectual freedom concerns brought up today by Stallman and other panel members. And listen to Stallman she did, with total concentration, while eating a sandwich and drinking a soda on the front lawn of the Library of Congress's Adams Building.

Stallman was not alone in speaking about the rights of intellectual property creators and users. Laurie Racine, of the Red Hat-sponsored Center for the Public Domain, did a turn, as did representatives of the Trial Lawyers of America, a blacksuited young attorney from the MPAA, Jamie Love from the Consumer Project on Technology, people from BMI, ASCAP,AAP, and other "interested parties."

Love brought up a hypothetical situation: Cuba copyrighting the "cuban beat" and demanding 5% royalties from all American music performers who use it -- and under the terms of the proposed Hague treaty, having the legal right to force U.S. officials to help them collect.

But proceedings like this one are basically dominated by lawyers. "What if?" questions get asked and debated. Ties between copyright laws and other cross-border civil and criminal situations get discussed in detail so excruciating that it could make non-smokers want to take up the habit just to have an excuse to slip outside for a few minutes now and then.

Not Just the U.S.

Even if the U.S. delegation to the Hague Convention come down totally on the side of the angels, they will still be just one of many delegations, and other countries may have other ideas. A number of people here today have talked about how, when it comes to copyrights and patents, the U.S. is one of the most restrictive nations around, so American copyright holders probably have more to fear on that front from the rest of the world than the rest of the world has to fear from us.

Where ordinary Americans may lose out is on freedom of speech issues. Many countries have far more restrictive policies on libel and on what citizens may or may not say about touchy subjects like politics or religion, especially if those opinions are published on the Internet.

RMS vs. Sony

Imagine Stallman being accused of "not speaking for the public" on copyright matters by Sony's Jussim -- who also managed to get in a plug for movies being a great entertainment value compared to live theater or professional sports. Imagine Stallman calmly -- aside from a gleam in his eyes -- reminding the poor flak that more money goes to promote movies than to make them, so that more money in the studios' pockets wouldn't necessarily lead to better movies.

This was the first moment of passion in over an hour. Sadly, it only lasted a moment. Then it was back to drone, drone, drone.

"The ISP Community" and "The Content Community" were phrases that got thrown a lot. In the legal sense, we heard, the question of whether "publication" takes place on a server or on the client where it is displayed hasn't been settled yet.

And so on.

Toward the end of the day Jamie Love said, "There hasn't been a single American newspaper article about this treaty, and here you are getting ready to create the Magna Carta of cyberspace."

Love didn't blame the people on the U.S. delegation for working in comparative secret. "I've called reporter after reporter [about this] and their eyes glaze over," he said.

So Slashdot was there. And if you want to read the text of this treaty, it's online here.

And if you are a U.S. citizen who wants to get in touch with the people representing you at the next Hague Convention meeting (in June), three good people to contact are:

Jennifer Lucas at USPTO (jennifer.lucas@uspto.gov)

Jeffrey D. Kovar at U.S. Dept. of State (kovarj@ms.state.gov)

Maneesha Mithal at the Federal Trade Commission (mmithal@ftc.gov)

This FTC release details what can happen to web sites that collect infomation about underage users without parental consent. "The FTC charged Monarch Services, Inc. and Girls Life, Inc., operators of www.girlslife.com; Bigmailbox.com, Inc., and Nolan Quan, operators of www.bigmailbox.com; and Looksmart Ltd., operator of www.insidetheweb.com with illegally collecting personally identifying information from children under 13 years of age without parental consent, in violation of the COPPA Rule." For collecting things like name and age (and in the case of the BigMailbox.com, making the info available to a 3rd party), the three companies were fined a sum of 100,000 dollars. You might like to read more on COPPA as well, and then the Center for Media Education's report on COPPA. In related news, Spain imposed a fine on Microsoft for violating Spanish laws on data-transfer, for transfering employee information from servers in Spain to the U.S.

innertruth writes "Cnet has an article about FTC dropping its probe into DoubleClick privacy practices. Without the FCC looking over their sholder now we have to wonder what they really will do with all the information they've collected online and that offline database they now have." The FTC's letter ending their investigation has more information. Keep in mind that the FTC has a very narrow mandate: "Is Doubleclick doing something different than what they say?" So as long as Doubleclick states their practices accurately - whether they are or are not linking the household information from Abacus with the click information from Doubleclick's network - then the FTC's role is ended.

Rack up a debt or crime, no matter how minor or how many years ago, and you're tagged for life, sometimes unfairly, sometimes erroneously, in mushrooming, linked databases used by credit and collection agencies, banks, governments, insurers and employers. In recent months, I've been getting a ton of e-mail offering fresh horror stories from people -- many of them students -- snared by information-tracking programs disgorging past debts and misdemeanors to unaccountable, indiscriminate business entities. This is just a taste of how privacy (and dignity) are being eroded by technology. (Note: First of a two-part series.)

JD got a letter in the mail just before Christmas, telling him his student loan application had been denied because an independent credit search agency had uncovered a $120 debt he'd allegedly incurred four years ago -- when he would have been a teenager. The bank said it wasn't responsible for the credit information, and the collection agency that listed his debt wasn't responsible for the loan denial.

With his University of Minnesota tuition money held up, he couldn't register for classes, access his grades or eat at the cafeteria. When he called the bank loan officer (it took three days to reach her), she told him a computer credit agency in Arkansas had red-flagged his loan. All she could tell JD was that the debt had showed up in an online collection agency's files; she didn't know the details. "We don't really have anything to do with it," he remembers her telling him in an odd farewell. If the bank didn't have any responsibility, he wondered, who did?

When JD called the number for the credit firm listed on his loan rejection form, he got a recording: the firm didn't take telephone calls about credit information, supposedly for security reasons (but probably to evade enraged callers.)

The message instructed those people questioning their credit problems (JD had no debts, so far as he knew; he was too young at the time of the alleged problem to have credit cards) to write registered letters, then submit the overdue payments by mail. In the meantime, there was no way he could learn the details of the alleged delinquency, or even how to pay up.

JD wrote the letter -- his tuition payment was past due by this point, and desperation was setting in -- only to get a form saying he owed the $120 for music ordered by mail. He could challenge or appeal the debt, but that would take at least another 30 days, by which time, he'd be suspended, a "ghost" student, allowed to stay in his dorm and attend classes, but not to register or get grades.

I've gotten a number of e-mails like this in recent months, raising serious questions about growing databases, the way financial firms share personal information and use tracking software, and the impact these factors have on privacy, personal dignity and consumer's rights.

We've heard some public discussion about "identity theft," and about credit ratings damaged by thieves and crackers, but there may be an more widespread problem: privacy invasions of people who have minor legal or financial problems -- all now collected and instantly reported by credit and collection agencies using high-powered tracking software -- and institutions' often disproportionate responses. Sophisticated software and growing computer networks and databases mean that no transgressions of any sort are private, or truly past. Rack up a debt or commit a crime, no matter how minor or long ago, and you're tagged for years, perhaps for life.

Suddenly, we all seem to live at the mercy of credit-tracking companies. Companies and organizations -- especially those, like insurance firms, that rely on stats and formulas -- are no longer able to make sensible or humane judgements about what these agencies uncover. Instead, software seems to be making the calls on consumers' reliability and integrity.

For instance, JP56 at earthlink writes that she was denied a teaching job because of a drunk driving arrest that occurred a few weeks after she'd turned eighteen (she's now twenty-eight). She had gotten drunk at a high school graduation party, and drove afterward. Dumb behavior, for sure, but she says she isn't a regular drinker, has had no other violations, and that her penalty was a 60-day license suspension.

Dan was denied car insurance after he hit two deer in Pennsylvania within a six-month period. "Because of mild winters, there are tons of deer around," he wrote me. "I was doing a lot of driving -- I was working two jobs to pay for school -- late at night. One time a deer ran into the side of the car, another I hit it straight on. Then I moved to San Francisco. Three years later, I get a letter from my insurance company referring me to this credit tracking company. My insurance is denied, says the insurance company. It was years ago, and it wasn't my fault. But there wasn't anything I could do. I had to get into this state pool and pay three times the going rate. And I've never had a traffic ticket in my life."

Peter agreed to buy some vintage comic books from a phone-order firm on a monthly payment plan. He says he didn't realize how elaborate a procedure was required to stop getting the comics. He went off to college, not realizing the bills were still piling up (plus his family had moved), until he applied for a car loan and got turned down because a collection agency had red-flagged him in a computer database. No car. "First off, this comic place took advantage of kids like me. I did order the comics, but didn't understand the complexity of the arrangement. Then I moved and didn't get any more bills or comics. I had no idea this was building up, and no way of straightening it out that wouldn't cost a fortune and take months and months. Now my name is in some computer and I owe a lot of money. And the original company has changed hands a dozen times. Nobody there wants to hear about this. It's a nightmare."

AndyP wrote two months ago that he'd been arrested for vandalism after one Halloween mischief night when he was sixteen. An online tracking agency dug up the arrest -- even though it was a misdeanor offense, was supposed to be kept sealed, and had happened a decade earlier. "I was turned down because my company was working on a government project and we all needed a moderate security clearance. I never got it sorted out, because it was technically true. But jeez, it was a spray-painting incident. I guess in certain quarters, I'm unemployable for the rest of my life."

My e-mailers complain that even though appeals and application procedures exist, there are few checks on these agencies devoted to rummaging through people's pasts. Most of us have messed up a bit at one point or another, and now those incidents can be dredged up and used against us without much in the way of due process. Some are in blatant defiance of supposed federal consumer-protection laws, laws which seem porous, to say the least. Do people have the right to own the details of their own lives?

Students in particular have sent me a stream of stories like JD's, but the issue is getting much broader than student loans. Credit and collection companies run down past traffic tickets, immigration problems, child support payment histories, arrests and debts, all being fed into rapidly expanding databases as records are digitalized. Banks, insurers, employers and government agencies can hire these companies to run credit and security checks, then claim they have nothing to do with the resulting decisions. For the people trapped in this tightening net, it's a procedural nightmare.

Under the federal Fair Credit Reporting Act, consumers have the right to contact these companies and get some details of their supposed crimes or debts. But since almost any financial agency can enter information into these growing and increasingly-linked data banks, it can take weeks or months to figure out exactly what the alleged problems are.

You might be surprised to know what your credit "rights" are under the U.S. Fair Credit Reporting Act, especially considering how often they seem to be ignored. You can find the complete text of the FCRA 15 U.S.C. 1681-1681u at the Federal Trade Commission's web site. Among the protections provided to you by law:

• You can dispute inaccurate information with the consumer reporting agency (CRA) involved. Anyone who uses information from a CRA to take action against you -- denying an application for credit, insurance or employment -- must give you the name, address and phone number of the CRA.
• Inaccurate information must be corrected or deleted, assuming you can prove it's inaccurate and the CRA agrees it's inaccurate, but the CRA is not required to remove accurate data from your file unless it is outdated.
• You can dispute inaccurate items with the source of the information (if you can reach them).
• Outdated information may not be reported. In most, but not all cases, a CRA may not report negative information that is more than seven years old; ten years for bankruptices. (My e-mail suggests this is wantonly ignored. Some institutions don't always have to say precisely why they took an action, and in many cases, you'll never know).
• Your consent is required for reports that are provided to employers, or reports that contain medical information. And you may choose to exclude your name from CRA lists for unsolicted credit and insurance offers, assuming you know where the CRA is and what it's doing and can reach them.

(Note: Credit rights are also covered by the Fair Debt Collection Practices Act; thanks to reader William Lockwood for the reminder.)

It doesn't sound half bad, but trying reaching a CRA for yourself to test how easy it is or how responsive they are. Notice also that there are no restrictions on selling information or passing it along to agencies the CRA deems appropriate.

And where there are disputes, people often have no recourse but time-consuming and expensive legal action. Even then, there are no clear guidelines for resolving disputes. Simply because a consumer says he never incurred that debt, banks and other institutions aren't required to accept his word. There are no uniform national laws requiring credit companies to respond in a particular way. Although I have no hard statistics, many of the people e-mailing me said they paid these debts rather than fight or challenge them, simply because they couldn't afford not to and were afraid of a time-consuming process. "It's an unconscious kind of extortion," write Jan, a student from the University of Florida. "They don't threaten you, but they don't have to. How can you prove you didn't owe $100 bucks five years ago, and can you afford to have your loan held up in the meantime? Not me."

There's scant protection for people who might have been victims of theft or simple error, or who made a minor mistake earlier in their lives, or who need issues resolved quickly. Only perfect people, it appears, are safe.

Next: Technology is eroding some rights, as the reasons for collecting data on citizens grows. Is privacy worth keeping in the country that invented the idea? Some other countries think so.

Rack up a debt or crime, no matter how minor or how many years ago, and you're tagged for life, sometimes unfairly, sometimes erroneously, in mushrooming, linked databases used by credit and collection agencies, banks, governments, insurers and employers. In recent months, I've been getting a ton of e-mail offering fresh horror stories from people -- many of them students -- snared by information-tracking programs disgorging past debts and misdemeanors to unaccountable, indiscriminate business entities. This is just a taste of how privacy (and dignity) are being eroded by technology. (Note: First of a two-part series.)

JD got a letter in the mail just before Christmas, telling him his student loan application had been denied because an independent credit search agency had uncovered a $120 debt he'd allegedly incurred four years ago -- when he would have been a teenager. The bank said it wasn't responsible for the credit information, and the collection agency that listed his debt wasn't responsible for the loan denial.

With his University of Minnesota tuition money held up, he couldn't register for classes, access his grades or eat at the cafeteria. When he called the bank loan officer (it took three days to reach her), she told him a computer credit agency in Arkansas had red-flagged his loan. All she could tell JD was that the debt had showed up in an online collection agency's files; she didn't know the details. "We don't really have anything to do with it," he remembers her telling him in an odd farewell. If the bank didn't have any responsibility, he wondered, who did?

When JD called the number for the credit firm listed on his loan rejection form, he got a recording: the firm didn't take telephone calls about credit information, supposedly for security reasons (but probably to evade enraged callers.)

The message instructed those people questioning their credit problems (JD had no debts, so far as he knew; he was too young at the time of the alleged problem to have credit cards) to write registered letters, then submit the overdue payments by mail. In the meantime, there was no way he could learn the details of the alleged delinquency, or even how to pay up.

JD wrote the letter -- his tuition payment was past due by this point, and desperation was setting in -- only to get a form saying he owed the $120 for music ordered by mail. He could challenge or appeal the debt, but that would take at least another 30 days, by which time, he'd be suspended, a "ghost" student, allowed to stay in his dorm and attend classes, but not to register or get grades.

I've gotten a number of e-mails like this in recent months, raising serious questions about growing databases, the way financial firms share personal information and use tracking software, and the impact these factors have on privacy, personal dignity and consumer's rights.

We've heard some public discussion about "identity theft," and about credit ratings damaged by thieves and crackers, but there may be an more widespread problem: privacy invasions of people who have minor legal or financial problems -- all now collected and instantly reported by credit and collection agencies using high-powered tracking software -- and institutions' often disproportionate responses. Sophisticated software and growing computer networks and databases mean that no transgressions of any sort are private, or truly past. Rack up a debt or commit a crime, no matter how minor or long ago, and you're tagged for years, perhaps for life.

Suddenly, we all seem to live at the mercy of credit-tracking companies. Companies and organizations -- especially those, like insurance firms, that rely on stats and formulas -- are no longer able to make sensible or humane judgements about what these agencies uncover. Instead, software seems to be making the calls on consumers' reliability and integrity.

For instance, JP56 at earthlink writes that she was denied a teaching job because of a drunk driving arrest that occurred a few weeks after she'd turned eighteen (she's now twenty-eight). She had gotten drunk at a high school graduation party, and drove afterward. Dumb behavior, for sure, but she says she isn't a regular drinker, has had no other violations, and that her penalty was a 60-day license suspension.

Dan was denied car insurance after he hit two deer in Pennsylvania within a six-month period. "Because of mild winters, there are tons of deer around," he wrote me. "I was doing a lot of driving -- I was working two jobs to pay for school -- late at night. One time a deer ran into the side of the car, another I hit it straight on. Then I moved to San Francisco. Three years later, I get a letter from my insurance company referring me to this credit tracking company. My insurance is denied, says the insurance company. It was years ago, and it wasn't my fault. But there wasn't anything I could do. I had to get into this state pool and pay three times the going rate. And I've never had a traffic ticket in my life."

Peter agreed to buy some vintage comic books from a phone-order firm on a monthly payment plan. He says he didn't realize how elaborate a procedure was required to stop getting the comics. He went off to college, not realizing the bills were still piling up (plus his family had moved), until he applied for a car loan and got turned down because a collection agency had red-flagged him in a computer database. No car. "First off, this comic place took advantage of kids like me. I did order the comics, but didn't understand the complexity of the arrangement. Then I moved and didn't get any more bills or comics. I had no idea this was building up, and no way of straightening it out that wouldn't cost a fortune and take months and months. Now my name is in some computer and I owe a lot of money. And the original company has changed hands a dozen times. Nobody there wants to hear about this. It's a nightmare."

AndyP wrote two months ago that he'd been arrested for vandalism after one Halloween mischief night when he was sixteen. An online tracking agency dug up the arrest -- even though it was a misdeanor offense, was supposed to be kept sealed, and had happened a decade earlier. "I was turned down because my company was working on a government project and we all needed a moderate security clearance. I never got it sorted out, because it was technically true. But jeez, it was a spray-painting incident. I guess in certain quarters, I'm unemployable for the rest of my life."

My e-mailers complain that even though appeals and application procedures exist, there are few checks on these agencies devoted to rummaging through people's pasts. Most of us have messed up a bit at one point or another, and now those incidents can be dredged up and used against us without much in the way of due process. Some are in blatant defiance of supposed federal consumer-protection laws, laws which seem porous, to say the least. Do people have the right to own the details of their own lives?

Students in particular have sent me a stream of stories like JD's, but the issue is getting much broader than student loans. Credit and collection companies run down past traffic tickets, immigration problems, child support payment histories, arrests and debts, all being fed into rapidly expanding databases as records are digitalized. Banks, insurers, employers and government agencies can hire these companies to run credit and security checks, then claim they have nothing to do with the resulting decisions. For the people trapped in this tightening net, it's a procedural nightmare.

Under the federal Fair Credit Reporting Act, consumers have the right to contact these companies and get some details of their supposed crimes or debts. But since almost any financial agency can enter information into these growing and increasingly-linked data banks, it can take weeks or months to figure out exactly what the alleged problems are.

You might be surprised to know what your credit "rights" are under the U.S. Fair Credit Reporting Act, especially considering how often they seem to be ignored. You can find the complete text of the FCRA 15 U.S.C. 1681-1681u at the Federal Trade Commission's web site. Among the protections provided to you by law:

• You can dispute inaccurate information with the consumer reporting agency (CRA) involved. Anyone who uses information from a CRA to take action against you -- denying an application for credit, insurance or employment -- must give you the name, address and phone number of the CRA.
• Inaccurate information must be corrected or deleted, assuming you can prove it's inaccurate and the CRA agrees it's inaccurate, but the CRA is not required to remove accurate data from your file unless it is outdated.
• You can dispute inaccurate items with the source of the information (if you can reach them).
• Outdated information may not be reported. In most, but not all cases, a CRA may not report negative information that is more than seven years old; ten years for bankruptices. (My e-mail suggests this is wantonly ignored. Some institutions don't always have to say precisely why they took an action, and in many cases, you'll never know).
• Your consent is required for reports that are provided to employers, or reports that contain medical information. And you may choose to exclude your name from CRA lists for unsolicted credit and insurance offers, assuming you know where the CRA is and what it's doing and can reach them.

(Note: Credit rights are also covered by the Fair Debt Collection Practices Act; thanks to reader William Lockwood for the reminder.)

It doesn't sound half bad, but trying reaching a CRA for yourself to test how easy it is or how responsive they are. Notice also that there are no restrictions on selling information or passing it along to agencies the CRA deems appropriate.

And where there are disputes, people often have no recourse but time-consuming and expensive legal action. Even then, there are no clear guidelines for resolving disputes. Simply because a consumer says he never incurred that debt, banks and other institutions aren't required to accept his word. There are no uniform national laws requiring credit companies to respond in a particular way. Although I have no hard statistics, many of the people e-mailing me said they paid these debts rather than fight or challenge them, simply because they couldn't afford not to and were afraid of a time-consuming process. "It's an unconscious kind of extortion," write Jan, a student from the University of Florida. "They don't threaten you, but they don't have to. How can you prove you didn't owe $100 bucks five years ago, and can you afford to have your loan held up in the meantime? Not me."

There's scant protection for people who might have been victims of theft or simple error, or who made a minor mistake earlier in their lives, or who need issues resolved quickly. Only perfect people, it appears, are safe.

Next: Technology is eroding some rights, as the reasons for collecting data on citizens grows. Is privacy worth keeping in the country that invented the idea? Some other countries think so.

alumshubby writes "The Washington Post, undoubtedly among others, reports that the AOL & Time-Warner merger has gone through. Note that it was unianimous, and the FTC extracted a promise that the new behemoth would 'protect consumer choice.'" And, on the more amusing side check out this alternative coverage. On a more serious note, we've also got information from the FTC, and coverage from CNNfn, and ABCNews.

stereoroid writes "InfoWorld has an article describing how the US Federal Trade Commission" has listed the "Top 10 Types" of "Dot-Con" scam. The main web page does not name names, but the PDFs downloadable from there certainly do - hundreds of names. Then there's the list of last month's actions, including MS WebTV's "Deceptive Advertising Claims". "

stereoroid writes "InfoWorld has an article describing how the US Federal Trade Commission" has listed the "Top 10 Types" of "Dot-Con" scam. The main web page does not name names, but the PDFs downloadable from there certainly do - hundreds of names. Then there's the list of last month's actions, including MS WebTV's "Deceptive Advertising Claims". "

stereoroid writes "InfoWorld has an article describing how the US Federal Trade Commission" has listed the "Top 10 Types" of "Dot-Con" scam. The main web page does not name names, but the PDFs downloadable from there certainly do - hundreds of names. Then there's the list of last month's actions, including MS WebTV's "Deceptive Advertising Claims". "

Markar writes: "An article on ComputerWorld states that the FTC is holding an educational forum next Thursday and Friday on software-licensing practices and UCITA laws. The FTC is requesting public comment. Here's your chance to tell the FTC what you think of UCITA (be nice :-)." (more below.)

This seems long-overdue -- if "licenses" are not comprehensible, what's the good in "agreeing" to their content? Though the deadline for comments is past, this page details the symposium, which will be open to the public. If you can get there, post your impressions here! The most important facts are these:

The Federal Trade Commission will hold a public forum on October 26 and 27, 2000 to examine warranty protection for software and other high-tech goods and services marketed to consumers.

The public forum will be held at the Federal Trade Commission headquarters, 600 Pennsylvania Avenue, N.W., Washington, D.C. on October 26, 2000 from 8:30 a.m. to 5:30 p.m. and on October 27, 2000 from 9:00 a.m. to 5:30 p.m.

What I'd like to do is get a few industry "autographs" on the back of a sheet of boilerplate (in the same font size as comes on typical EULA stickers and such) that begins: "By signing the reverse of this document, you agree to have irrevocably and with full knowledge waived the following rights and privileges ..." Sorry bub -- you signed the agreement, what can I tell ya?!

So, as today is a somewhat slow day, and I've had the galling experience of dealing with the phone system today, I thought I'd give a small piece of my mind about that wonderful practice known as phone slamming, and what wonderful practices Big Business likes to engage in.

I've recently moved to Boston, as those who've been on IRC with us, and watched the news lately have seen. It's great -- I love the city, and I like where I live. When moving, I had to do the typical thing of signing the house up for electric, gas, water and all that good stuff. One of the interesting things that Boston differs from Holland in is that you can have different local phone providers. Not being very happy to start with concerning Bell Atlantic/Verizon, I opted instead for another giant media company, MediaOne. They only offered local service, not long distance, so I selected MCI Worldcom as my long distance. I'd been happy with them before, and they offered me frequent flyer miles.

I'm happily going along this morning, deleting submissions when I get call from MCI Worldcom wondering why one of my lines has left MCI. After spending the 30 minutes to convert my line back, I become progressively more frustrated.

You see, the FTC had given MediaOne and AT&T permission to merge, which they did recently. Since then, I've gotten a call a day on my lines, asking me to switch to AT&T for long distance. I refuse. It costs more, and I don't get frequent flyer miles. I've told them this, but they somehow persist, thinking perhaps that they can wear me down, like so much water on rock.

But they evidently decided that me saying No meant Yes, and so slammed me. I hate this practice. What a waste of time and energy. And they know that they'll lose my business, and that if I get my gumption up I'll call the State AG's office. I think is illegal. If not, it should be.

How many other people have had problems with this?

Luyseyal writes "Comments to the FTC regarding the Warranty Protection for High-Tech Products and Services forum are due by September 11. This was originally mentioned here on Slashdot in June. I've submitted my 2 cents to the FTC on UCITA. Have you?"

Luyseyal writes "Comments to the FTC regarding the Warranty Protection for High-Tech Products and Services forum are due by September 11. This was originally mentioned here on Slashdot in June. I've submitted my 2 cents to the FTC on UCITA. Have you?"

jmozena writes "Disney's failed Toysmart.com has gotten the go-ahead from the Federal Trade Commission to sell its customer database as part of a bankruptcy sale, as long as the buyer agrees to abide by Toysmart's privacy policy. The FTC also found that Toysmart violated the Child Online Privacy & Protection Act (COPPA) of 1998 by collecting information from children under 13 without their parents' consent, and is filing a complaint in federal court to get Toysmart to destroy that information before any sale. This is the first time the FTC has filed a complaint under COPPA. The FTC press release is here."

EasyKill adds: "[here] is a link to the zdnet story about the FTC allowing Toysmart to sell some of their customer database, albeit under limited circumstances. I don't think this is a good thing, but it could be worse."grahamwest also points out this CNNfn story on the decision.

You may also be interested in the story emmett posted when the plan to sell this data first came to light, and the followup hemos posted about the involvement of the FTC. For once, I think I (mostly) agree with the FTC.

orpheus writes: "According to this article, The U.S. Federal Trade Commission has completed a review of Web site privacy policies, and voted 3-2 to seek Congressional legislation to improve user privacy on the Web. According to Jason Catlett, president of Junkbusters Corp, the grading was "very easy", but most Web sites flunked anyway. "

kid_wonder writes: "The FTC today announced that they had '... reached separate settlement agreements with Universal Music and Video Distribution, Sony Corp. of America, Time-Warner Inc., EMI Music Distribution and Bertelsmann Music Group (BMG), the five largest distributors of recorded music who sell approximately 85% of all compact discs (CDs) purchased in the United States to end their allegedly illegal advertising policies that affected prices for CDs.' "

kid_wonder writes: "The FTC today announced that they had '... reached separate settlement agreements with Universal Music and Video Distribution, Sony Corp. of America, Time-Warner Inc., EMI Music Distribution and Bertelsmann Music Group (BMG), the five largest distributors of recorded music who sell approximately 85% of all compact discs (CDs) purchased in the United States to end their allegedly illegal advertising policies that affected prices for CDs.' "

dantes asks: "As the managing Internet engineer for a large commercial entertainment site, I am wondering what measures people are taking to deal with the Children's Online Privacy Protection Act (COPPA), which goes into effect April 21, 2000. A description of who must comply from the FTC Web site: "If you operate a commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have actual knowledge that it collects personal information from children, you must comply with the Children's Online Privacy Protection Act." I have run this by higher-ups and our lawyers here and have received little to no response. I would prefer to not have to re-write our registration functionality on the 20th of April. I have theorized a bunch of tricks including simply not saving information for users who represent themselves as younger than 13; my thinking is that we will be able to use our source code and our data to defend our policy should the need arise. Any other ideas?" Will most online registration forms need to be changed for this? Is it even something that deserves worrying about?

Some more information from michael : COPPA shouldn't affect most sites. Unless your site is targeted toward children and actively solicits personal information (name, e-mail address, regular address, age, etc.) from children, you probably have to do nothing. Here's a snippet, straight from the FTC:

"If you operate a commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have actual knowledge that it collects personal information from children, you must comply with the Children's Online Privacy Protection Act."

"Children" is defined to mean "people under the age of 13". So unless your site is directed to kids 12 and under and collects information from visitors OR you collect information and you know that you're collecting information from kids 12 and under (for instance, you make them register and include an age category with "12 and under" as one of the choices), you don't need to do much at all. Just don't ask their age!

Slashdot received reports that Yahoo was forcing people to provide credit card information in order to register for services. Well, part of Yahoo is directed specifically at children, and Yahoo does collect personal information, so they're concerned. The submissions implied Yahoo was doing this for ALL of their services though, which seems like overkill - a ploy to justify seeking more information from adults (a credit card allows Yahoo to identify you precisely, of course). I would avoid any online service that required adults to provide a credit card or anything similar. If some service is using COPPA as an excuse to demand intrusive information from adults, call them on it.

The law is intended to slow down (hardly stop) sites designed to market to little kids. Registering as "12 and under" at Disney's site, for instance, seeks my name, date of birth, gender, zip code, e-mail address (more than enough information to identify me exactly), mother's maiden name and parent's e-mail address - a veritable bonanza of information. I was waiting for them to ask me for a DNA sample. Disney sends an e-mail to the parental e-mail address. Currently Disney does NOT comply with COPPA; the e-mail sent does not in any way notify the parent that they can opt-out of the information collection, it just says "We collected this information from your child and we're really good people so you can trust us with it. And it's a good thing you can trust us, because we've got it now, and we're not giving it back." Compare the FTC guidelines:

"The notice to parents must contain the same information included on the notice on the Web site. In addition, an operator must notify a parent that it wishes to collect personal information from the child; that the parent's consent is required for the collection, use and disclosure of the information; and how the parent can provide consent. The notice to parents must be written clearly and understandably, and must not contain any unrelated or confusing information. An operator may use any one of a number of methods to notify a parent, including sending an email message to the parent or a notice by postal mail."

So, Disney doesn't comply. But they still have a few days. You may want to check out the FTC's information page which has all you need to know about COPPA. If you want to steer clear of any problems whatsoever, it's simple: don't market to little kids. It takes a certain amount of slime to market to people under age 13 anyway - since they don't have any money, you have to brainwash them to pester their parents. If you do want to market to little kids, COPPA isn't much of a barrier. You may need to notify the parents, but you can simply condition your entertainment service on the provision of information and most parents will probably comply. Then you can market to your heart's content, including selling the information to other companies. COPPA is a pretty feeble barrier, and I don't have much sympathy for anyone who gets tripped up by it. We've already seen that the FTC refuses to investigate even large-scale privacy fraud on the part of Internet companies, so it seems extremely doubtful that they're going to deploy COPPA Vice Squads to go out and enforce compliance. Unless you're a really big company in really flagrant violation of the law, you have nothing to worry about.

dantes asks: "As the managing Internet engineer for a large commercial entertainment site, I am wondering what measures people are taking to deal with the Children's Online Privacy Protection Act (COPPA), which goes into effect April 21, 2000. A description of who must comply from the FTC Web site: "If you operate a commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have actual knowledge that it collects personal information from children, you must comply with the Children's Online Privacy Protection Act." I have run this by higher-ups and our lawyers here and have received little to no response. I would prefer to not have to re-write our registration functionality on the 20th of April. I have theorized a bunch of tricks including simply not saving information for users who represent themselves as younger than 13; my thinking is that we will be able to use our source code and our data to defend our policy should the need arise. Any other ideas?" Will most online registration forms need to be changed for this? Is it even something that deserves worrying about?

Some more information from michael : COPPA shouldn't affect most sites. Unless your site is targeted toward children and actively solicits personal information (name, e-mail address, regular address, age, etc.) from children, you probably have to do nothing. Here's a snippet, straight from the FTC:

"If you operate a commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have actual knowledge that it collects personal information from children, you must comply with the Children's Online Privacy Protection Act."

"Children" is defined to mean "people under the age of 13". So unless your site is directed to kids 12 and under and collects information from visitors OR you collect information and you know that you're collecting information from kids 12 and under (for instance, you make them register and include an age category with "12 and under" as one of the choices), you don't need to do much at all. Just don't ask their age!

Slashdot received reports that Yahoo was forcing people to provide credit card information in order to register for services. Well, part of Yahoo is directed specifically at children, and Yahoo does collect personal information, so they're concerned. The submissions implied Yahoo was doing this for ALL of their services though, which seems like overkill - a ploy to justify seeking more information from adults (a credit card allows Yahoo to identify you precisely, of course). I would avoid any online service that required adults to provide a credit card or anything similar. If some service is using COPPA as an excuse to demand intrusive information from adults, call them on it.

The law is intended to slow down (hardly stop) sites designed to market to little kids. Registering as "12 and under" at Disney's site, for instance, seeks my name, date of birth, gender, zip code, e-mail address (more than enough information to identify me exactly), mother's maiden name and parent's e-mail address - a veritable bonanza of information. I was waiting for them to ask me for a DNA sample. Disney sends an e-mail to the parental e-mail address. Currently Disney does NOT comply with COPPA; the e-mail sent does not in any way notify the parent that they can opt-out of the information collection, it just says "We collected this information from your child and we're really good people so you can trust us with it. And it's a good thing you can trust us, because we've got it now, and we're not giving it back." Compare the FTC guidelines:

"The notice to parents must contain the same information included on the notice on the Web site. In addition, an operator must notify a parent that it wishes to collect personal information from the child; that the parent's consent is required for the collection, use and disclosure of the information; and how the parent can provide consent. The notice to parents must be written clearly and understandably, and must not contain any unrelated or confusing information. An operator may use any one of a number of methods to notify a parent, including sending an email message to the parent or a notice by postal mail."

So, Disney doesn't comply. But they still have a few days. You may want to check out the FTC's information page which has all you need to know about COPPA. If you want to steer clear of any problems whatsoever, it's simple: don't market to little kids. It takes a certain amount of slime to market to people under age 13 anyway - since they don't have any money, you have to brainwash them to pester their parents. If you do want to market to little kids, COPPA isn't much of a barrier. You may need to notify the parents, but you can simply condition your entertainment service on the provision of information and most parents will probably comply. Then you can market to your heart's content, including selling the information to other companies. COPPA is a pretty feeble barrier, and I don't have much sympathy for anyone who gets tripped up by it. We've already seen that the FTC refuses to investigate even large-scale privacy fraud on the part of Internet companies, so it seems extremely doubtful that they're going to deploy COPPA Vice Squads to go out and enforce compliance. Unless you're a really big company in really flagrant violation of the law, you have nothing to worry about.

IQ was first to write "The Children's Online Privacy Protection Act (COPPA) was issued today by the FTC. It kicks in April 2000. The goal is to protect the privacy of the children by requiring "verifiable parental consent". Check out the release text. "

If you have the time you might also want to read the actual rule and public comments. Most online news services have covered it; Wired has a lengthy analysis sourced to an anonymous Republican staffer, but News.com has one without the Republican political spin. Fundamentally, the act regulates those commercial websites that target themselves to children (12 and under) and collect personal information about them - if you aren't commercial, or don't target yourself to children (even if you collect personal information from people) or just don't collect personal data from the kids, you aren't affected. Nevertheless, it is a significant step in privacy regulation - businesses must contact parents before collecting such information from an individual that they have actual knowledge is a child (for instance, by asking their age), but have no duty to ask the age of the general population. Thus most websites, even commercial ones that collect personal information, will have no change in day-to-day operations - they target themselves to a general audience, don't care about their visitors' ages, and need not take any steps under the new regulations.

Sites which do target kids for marketing will have to get parental permission before doing so. Parents also must be offered the option to prevent their kids' information from being shared with third-parties - to prevent the sale of that data, in other words. Parents can also opt-out entirely on behalf of their children and the site must honor their request. In school situations, teachers can give the requisite permission for their students so school activities won't be hampered.

The law and rule are likely to put a significant damper on online marketing to kids aged 12 and under. Specialized kids' sites will have to get parental permission to collect the data that is their primary reason for existence, and presumably many parents will prevent these sites from selling it. How well will they be enforced? That's uncertain. According to EPIC, the FTC has received hundreds of privacy-related complaints and has investigated only three.

"Self-regulation" of privacy concerns is an obvious failure. TrustE, the leading light of the businesses trying to prevent consumer protection on the internet, spends more time covering up privacy breaches by its members than investigating complaints... Will targeted government intervention have any better effect?

IQ was first to write "The Children's Online Privacy Protection Act (COPPA) was issued today by the FTC. It kicks in April 2000. The goal is to protect the privacy of the children by requiring "verifiable parental consent". Check out the release text. "

If you have the time you might also want to read the actual rule and public comments. Most online news services have covered it; Wired has a lengthy analysis sourced to an anonymous Republican staffer, but News.com has one without the Republican political spin. Fundamentally, the act regulates those commercial websites that target themselves to children (12 and under) and collect personal information about them - if you aren't commercial, or don't target yourself to children (even if you collect personal information from people) or just don't collect personal data from the kids, you aren't affected. Nevertheless, it is a significant step in privacy regulation - businesses must contact parents before collecting such information from an individual that they have actual knowledge is a child (for instance, by asking their age), but have no duty to ask the age of the general population. Thus most websites, even commercial ones that collect personal information, will have no change in day-to-day operations - they target themselves to a general audience, don't care about their visitors' ages, and need not take any steps under the new regulations.

Sites which do target kids for marketing will have to get parental permission before doing so. Parents also must be offered the option to prevent their kids' information from being shared with third-parties - to prevent the sale of that data, in other words. Parents can also opt-out entirely on behalf of their children and the site must honor their request. In school situations, teachers can give the requisite permission for their students so school activities won't be hampered.

The law and rule are likely to put a significant damper on online marketing to kids aged 12 and under. Specialized kids' sites will have to get parental permission to collect the data that is their primary reason for existence, and presumably many parents will prevent these sites from selling it. How well will they be enforced? That's uncertain. According to EPIC, the FTC has received hundreds of privacy-related complaints and has investigated only three.

"Self-regulation" of privacy concerns is an obvious failure. TrustE, the leading light of the businesses trying to prevent consumer protection on the internet, spends more time covering up privacy breaches by its members than investigating complaints... Will targeted government intervention have any better effect?

IQ was first to write "The Children's Online Privacy Protection Act (COPPA) was issued today by the FTC. It kicks in April 2000. The goal is to protect the privacy of the children by requiring "verifiable parental consent". Check out the release text. "

If you have the time you might also want to read the actual rule and public comments. Most online news services have covered it; Wired has a lengthy analysis sourced to an anonymous Republican staffer, but News.com has one without the Republican political spin. Fundamentally, the act regulates those commercial websites that target themselves to children (12 and under) and collect personal information about them - if you aren't commercial, or don't target yourself to children (even if you collect personal information from people) or just don't collect personal data from the kids, you aren't affected. Nevertheless, it is a significant step in privacy regulation - businesses must contact parents before collecting such information from an individual that they have actual knowledge is a child (for instance, by asking their age), but have no duty to ask the age of the general population. Thus most websites, even commercial ones that collect personal information, will have no change in day-to-day operations - they target themselves to a general audience, don't care about their visitors' ages, and need not take any steps under the new regulations.

Sites which do target kids for marketing will have to get parental permission before doing so. Parents also must be offered the option to prevent their kids' information from being shared with third-parties - to prevent the sale of that data, in other words. Parents can also opt-out entirely on behalf of their children and the site must honor their request. In school situations, teachers can give the requisite permission for their students so school activities won't be hampered.

The law and rule are likely to put a significant damper on online marketing to kids aged 12 and under. Specialized kids' sites will have to get parental permission to collect the data that is their primary reason for existence, and presumably many parents will prevent these sites from selling it. How well will they be enforced? That's uncertain. According to EPIC, the FTC has received hundreds of privacy-related complaints and has investigated only three.

"Self-regulation" of privacy concerns is an obvious failure. TrustE, the leading light of the businesses trying to prevent consumer protection on the internet, spends more time covering up privacy breaches by its members than investigating complaints... Will targeted government intervention have any better effect?

The FTC today announced a crackdown on pornjacking, errr, pagejacking. Apparently these smooth operators have been copying other sites wholesale in order to get hits on certain keyword combinations - search engine fodder. And then of course when you click through from the search engine, you are whisked away with Javascript into porn land, never to return... It seems that the actual offenders were Australian so international cooperation was required. Hmmm, here's a couple of readers submitting a New York Times story too, it's a little more in-depth.

We can probably assume there were assorted copyright violations involved; but when does this rise to the level of consumer fraud? Using dictionaries to get search engine hits is a stupid practice, one that the search engines are right to minimize, but if it starts being regarded as some sort of legally-actionable fraud, a lot of people are going to be in trouble - and there's a lot of potential side-effects (see the various lawsuits that have been filed about people using certain keywords in their META tags, such as Playboy suing a former Playmate who used "Playmate" in her tags: Playboy lost). Where's the line? -- michael

The FTC today announced a crackdown on pornjacking, errr, pagejacking. Apparently these smooth operators have been copying other sites wholesale in order to get hits on certain keyword combinations - search engine fodder. And then of course when you click through from the search engine, you are whisked away with Javascript into porn land, never to return... It seems that the actual offenders were Australian so international cooperation was required. Hmmm, here's a couple of readers submitting a New York Times story too, it's a little more in-depth.

We can probably assume there were assorted copyright violations involved; but when does this rise to the level of consumer fraud? Using dictionaries to get search engine hits is a stupid practice, one that the search engines are right to minimize, but if it starts being regarded as some sort of legally-actionable fraud, a lot of people are going to be in trouble - and there's a lot of potential side-effects (see the various lawsuits that have been filed about people using certain keywords in their META tags, such as Playboy suing a former Playmate who used "Playmate" in her tags: Playboy lost). Where's the line? -- michael

Forrester Research has released a study of the internet which claims that "90% of sites fail to comply with the five basic privacy protection principles" and "most privacy policies are a joke." To read the full report, you need to be a paying client, but the E-Commerce Times reprints some tidbits. Among them: the research firm, contradicting a Georgetown University study accepted by the Federal Trade Commission just two months ago, recommends that the FTC take action because third-party oversight is not proving effective.

Intel who have been stung recently by the FTC in an anti-trust investigation and by a suit from Intergraph have countersued. They are arguing that Intergraph is actually the one who is infringing on patents, as well as that the cross-licensing deal gives them immunity from Intergraph's lawsuit.

Kristian Köhntopp writes "The german publication Telepolis served a pointer to the federal trade commision of the US of A today outlining a roadmap to consumer privacy. The FTC is looking for ways to limit uncontrolled data exchange between governmetal organizations and between private organizations and companies, which are increasingly into gathering data about persons.

The FTC has to engage such a plan to comply with the new European privacy laws. These laws prohibit export of person-related data into legislations where privacy rights are less strongly enforced that in Europe. Without a proper privacy legislation, US outsourcing companies will be effectively closed out of the European market. "

SBC, Inc. has announced a US$62B merger agreement with Ameritech. The merger is the second largest in history, and the combined companies' value will be about US$146B. I wonder what the FTC thinks...

The United States Federal Trade Commision has decided not to file a preliminary injunction on Intel's proposed acqusition of Chips and Technologies, Inc. The announcement also states that the FTC is continuing their investigation.