Slashdot Mirror
Federal Trade Commission Wants More Online Privacy
orpheus writes: "According to this article, The U.S. Federal Trade Commission has completed a review of Web site privacy policies, and voted 3-2 to seek Congressional legislation to improve user privacy on the Web. According to Jason Catlett, president of Junkbusters Corp, the grading was "very easy", but most Web sites flunked anyway. "
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Unless the FTC plans to sieze already-existing databases, or to regulate their use, the privacy war is already over, (except for those netziens who haven't been born yet.
tcd004
Here's my Microsoft Parody, where's yours?
http://www.ftc.gov/reports/p rivacy2000/privacy2000.pdf
___
I know everyone and their mother is going to post saying something along the lines of "oh no, congressional legislation is going to kill [anonymity/privacy/freedom/little puppies] on the web, we have to stop these uninformed lawmakers from making any laws about the internet before they destroy it"
OK.. that's valid, but it's not going to do anything to help. Lawmakers are in office because they want to do things to (in their eyes, and supposedly the eyes of their constituents) help, and they are fairly convinced, probably by the fact that they are elected officials, that they should be the ones to make changes to try to help. I don't think we're going to be able to pursuade them from that beleif, so yelling and screaming about how uninformed and non-technical politicians shouldn't be making technology laws isn't going to help anything. What WILL help is either a) educating the politicians so that they beleive themselves that keeping anonymity and privacy will be beneficial to the internet and to society as a whole or b) convince them that their constituents beleive this.
A is a tall order.. congressmen did not grow up in our generation, they do not understand the kinds of changes the internet is going to bring, so we should focus our efforts on B. Make yourself heard, and not just by writing your congressman (which is good as well), but also by telling people you know, your family and friends, people you meet, etc our point of view. If more people can be made to understand this the way it really is rather than having their views shaped by the equally ignorant and hype-prone media.
Spread the word!
//Phizzy
"Most European technology just isn't worth our stealing," -- Former CIA chief James Woolsey, referring to Echelon
On a side note, I only use SSH now because of them, SSH for almost everything. Before I usually used SSH, but if I needed to I would use telnet. Now if a computer doesn't have SSHD running, I don't login to it.
Spring is here. Don't believe me, look outside!
http://www.ftc.gov/reports/privacy2000/appa.pdf discusses the methodology employed to gather information for their report, and I have to say I'm disappointed that they collected no data on the selling of tracking information between sites.
___
the lack of privacy on the internet has grown to frightening proportions. i have personally suffered due to the lack of online privacy.
about a year ago, i sent a long, heartfelt email to natalie portman. i expressed my deepest emotions and offered to assasinate a top political figure to win her love.
i was astonished when i was subsequently contacted by the fbi. they knew EVERYTHING about me! THEY EVEN HAD A COPY OF THE EMAIL I SENT TO NATALIE PORTMAN! they confiscated my natalie portman film collection and my detailed blueprint of the whitehouse.
something needs to be done about our lack of internet privacy AT ONCE!
thank you.
i like german girls. and nannies.
does it matter? Because the FTC is recommending a vote in congress does not mean that it will be passed. Actually, I find it very unlikely that it will be passed. This won't be as easy to justify to congress as COPA, and the corporations will have plenty of nice-sounding arguments against regulation up their sleeves. I mean, look at the speech that Bronfman gave lambasting online anonimity. It sounds reasonable enough to probably convince most congressmen to reject any sort of measure. Granted, this is about commercial privacy, not privacy in programs such as Napster, but the argument could probably still be applied.
How cleverly put. In other words: "Since we don't believe the industry can control the net, we should be given the authority to do it". What's wrong with this picture is that the net doesn't need to be regulated by any institution! So far it has done just fine without a one. Unfortunately, just like the Seagrams guy basically claimed that only corporations have brought (and can bring) content to the net, lots of non-tech people believe that the government is the only way to impose order in the net.
Wrong.
Having the government (or actually: governments) in control of the net would be just as bad as having corporations running the place. While FTC does seem to have a more positive attitude towards privacy (for now), it doesn't change the fact that they are -- just like corporations -- simply trying to gain back the ground they lost by being asleep when the net started to become mainstream.
I mean, I don't like excessive laws either, but consumer protection laws are to protect you and me. There wouldn't be any demand for these laws if companies had behaved in the past. They had their chance, they blew it. I have no sympathy for them. If they don't like it, then they should remove the need for these laws, not complain about them.
Hey officer, can I self-regulate too?
I'm worried that what will happen is that the FTC will adopt some lame standard that allows sites to say "look, we're FTC compliant" when in fact they are dealing out all sorts of privacy violations.
Many privacy policies sound good, and give you that comfortable warm feeling that makes you trust them. HOWEVER, somewhere in the small print is a line like
Yeah, carefully selected to give Foo Inc. the most money per demographic datum.
Such a privacy policy can be worse than nothing, because it gives the user a false sense of security (much like bad encryption). These days, I simply don't trust any privacy policy; I figure there's always some loophole I missed.
I'm not saying that every company means to deceive; I know for a fact that some companies truly value consumer privacy. Clauses like the one above may be needed to allow for outside contractors, etc. (but they should be more specific in that case). All I'm saying is that most privacy policies look a lot stronger than they really are, and that you could be screwed if you count on their protection.
When I read the summary of this article and then the article itself, I thought, "Damn, it's about time," and I was pretty sure that the majority of Slashdotters would feel the same. It seems that one of the things that most people here agree on is that corporations are eroding the privacy of online participants and there's really nothing anyone can seemingly do about it. Along comes a government with the ability to affect at least some change in these corporations and Slashdotters are like, "No! Government regulation will be the death of the Internet. Down with government. Boo. Hiss." What the hell do people want here?
I think it's naive of Slashdot to think that geeks alone are going to be able to convince corporations that they need to maintain the privacy of their customers. I think government intervention on an even more massive scale than the US government (read: international) is going to be required to safely ensure that we have access to what information is being collected, what is going to be done with that information, and who has the right to restrict that information. Corporations just won't do it on their own. I have never been to a corporate web site that would've passed the tests that the FTC used, and the tests were basic. They didn't cover anything about what was done with the information, only about how it's collected.
But Slashdot plays this out like there is no good side. We say, "Oo, corporations are evil," but when someone (read: the government) tries to help us out agains the evil corporations, we say, "Oo, governments are evil," and turn our back on one of our potentially greatest resources. How do you expect to reform the corporate world? By going around door-to-door like some geek Jehovah's Witnesses? The fact that Congress is controlled rather strongly by corporatist lobbiers means that these FTC recommendations have an uphill climb. We should backing them if we want to see any of these suggestions come to bear (and from the slant of past Slashdot stories and posts, I'd say that most in the online community do).
But what do I see when I finally read the posts? I see basically mistrust of the government and a refusal to take help from those who are offering it. Personally, I'll throw my support behind the FTC. I'd rather have a organization that is supposed to work for the people working towards my privacy goals than a corporation with absolutely no ties to me whatsover.
Accessibility and security are always at odds, especially on the internet. One thing that I have been saying for years, and will likely continue saying, is that if you want to secure your information, you must keep it away from the internet, period.
There is no practical way to give J. Random Surfer internet access to his personal information as stored by an internet business without also giving it to any script kiddie who finds a way to crack the system. As long as the threat of intrusion exists, the data is at risk of unauthorized disclosure. As long as that risk exists, the only responsible thing to do with that data is to get it away from the internet as fast as it comes in. ALL DATA THAT CAN BE REACHED VIA THE INTERNET IS AT RISK OF UNAUTHORIZED DISCLOSURE.
The referenced FTC report is so suspicious as to be, in my mind, totally discounted. Either the people who wrote it don't know how the internet works, or there's some hidden motive. I am most fearful of, and most likely to believe, the latter. FUD is a powerful weapon.
i think a lot of people get too cought up in the 'government is bad' 'government is bad' thing...
in reality, it's not the government, but rather it's power that is the real danger. furthermore, anythign with too much power can be a danger, whether it be a corporation, or an individual. in this case, we have the government offering to limit the power of corporations. now, IANASGV (i am not slashdot grizzled veteran) but this certainly seems like something to check the rampaging power of the 'shrink-wrap' type license agreements ("by entering this site you agree to give us your firstborn upon it's 2nd birthday") and kicking the various corps around a bit.
we should cheer up a bit.
shaolin punk, activist post-industrial
1) My name is ESR and I'm voting republican. /. poll.
2) My name is Hemos and I've never been in a
3) I'm from the government and here to help.
;)
___
The paradox I see is that while something like 90% of people online list privacy as their primary concern, general behavioral practices don't support that. People dole out personal information for online lotteries, to get free Web space, to get "paid to surf", to get free PCs -- as if there were no value to the data at all. Either that or their valuation is much lower than mine. Generally, (and this certainly doesn't apply to Slashdotters, eh?), people don't know to insulate their primary email address or to be judicious in filling out forms, particularly when the data isn't required, or how to take protective measures when surfing "promiscuously". Though it's been a hot button issue, most people don't get what HTTP cookies are, assuming they've even heard of them. I asked my young nephew who spends an inordinate amount of time online if he ever surfs anonymously. "Oh, all the time" he said. I asked him what he did to stay anonymous and he gives me a quizzical stare and says "I just don't tell anyone who I am". I'm sorry, but this may seem profoundly naive to this crowd but the truth is that the vast majority have no clue and probably don't want to have to deal with the details. They just want to know that what they perceive is true...that electronic communications are somehow inherently private.
I've been a believer that educating the user/consumer to take more command of his or her personal information was much more empowering than having "big daddy" government do it for us, especially if the masses out there don't seem to care as strongly as the advocates. Is that ignorance? I certainly don't think anyone is justified in saying the person who makes the educated decision to expose his personal details in return for something (whether it be a free giveaway, opt-in targeted advertising, or just a customized homepage at Yahoo) is a fool who doesn't appreciate the degree of intrusion. The key is that it must be an EDUCATED choice...not one clouded by ignorance. I do think what we need is for the marketplace to react by penalizing companies or entities that abuse the trusted consumer/provider relationship. It's our obligation to demand and examine the privacy statement and not just see that one exists or that there's some toothless seal attached to it. We must be judicious in limiting data in registration forms to only what the requester has a need to know and with what matches our comfort level with regard to personally identifiable information. We don't have to be evangelical paranoids, worried about "cookies filling up our harddrives" or charging that Anonymizer.Com is a front for the FBI. We simply need to help the common Internet user know that choice is already in his hands (assuming the cat's not already out of the bag).
I'm not suggesting that there isn't a role for legislation or regulation. I certainly would like to see some standardized method to let consumers rely on a spoon-fed assurance of privacy and the means for remedy if the guarantee is violated. But what I think we'll end up getting are "Surgeon General" style warnings about how your personal data is going to be exploited before the registration process, and we'll become dulled to it just as I bet 99% of you breeze on past the Terms of Service or Acceptable Use Policy statements (you've seen one, you've seen them all, right?).
Now that my long-winded position has been poorly articulated, I end by saying that mine may be a Utopian goal. We'll never be able to rely on education and experience as a protective umbrella for all users. And while I'd like to see consumer privacy demands influence the marketplace, <sigh>I'm beginning to acquiesce and see the necessity for oversight. </sigh>
Get Veiled
if you didn't turn off java and javascript, or all that other client side crap we have shoveled into our borwsers now, use usenet with a fake email address, and munge every email address that your browser keeps, oh and turn off ALL cookies, then you are willinly giving this information out. you do not NEED any of these "features" to get what you want off the web. you do not NEED to have a slashdot login, you do not NEED to give any information to any website- period. Now, if you shop at a site, and you do NOT include in the notes that they cannot circulate you name/number/ets or use your info outside of that transaction, then you gave them the right to do it. They have avery right to use the information they have just as we all scream "let information be free!" YOU are responsible to make your information ride with a EULA.
Buy online? post your information EULA, stating that if they do not agree to keep your info private and not use it then to cancel your order,and destroy all information about you. that way they are legally bound (as we are legally bound by EULA's) to use your information as you requested. - and dont trust "geek" friendly sites...you set the terms sof your information, and if they dont agree, they must destroy your data. Or sue their butts off.. It's time we used their tools against them!!
EULA's for our personal Information!
Do not look at laser with remaining good eye.
And it was politics as usual. The "study" the FTC had done was to go to a bunch of websites, and look at what they offered regarding privacy options. The problem was that anyone who didn't meet really absurd guidelines was failed. I don't remember the details, but to make the FTC happy right now, you would have had to have two different checkboxes for "you can use my info internally" and "you can share my information". Other people they didn't like because they didn't clearly specify who they might share the information with.
But Orson Swindle (one of the dissenting votes) got it right. He said:
1. Web sites have an incentive to figure out what the best privacy options are, and offer those to their customers.
2. The guidelines the FTC wants don't necessarily bear any relation to what consumers want.
One condition that failed a lot of sites was "access to the data". Which means that I can see what information they are keeping on me. Now, when you're talking about credit reports, this makes sense. But it doesn't when you're talking about websites. What websites track is your habits, and what pages and ads you have seen. The information is used for advertising. Does anyone really care that there might be incorrect data in what ads Slashdot thinks I might want to see?
Websites have been keeping track of people since about 1996 or 1997. Why does the government need to jump into an industry and start regulating it before it has had time to develop and see whether it solves the "problems" on its own? The only reason I can see is that it's obvious that these problems will be solved by the marketplace ("5% off, if you let us add you to our mailing list!"), and the government realizes they aren't going to be able to justify regulation when everything is working fine.
For more, go to the link above, and read Swindle's dissent. I don't recommend the computer world article. I mean "We've toyed with the problem long enough; it worsens every day".
What if they actually reported what's really going on? "Government Study Finds Young Companies Still Ironing Out the Details". "Federal Bureaucrats Want More Power".
... look at slashdot.org. Does it pass the test?? Lets see, from the article: "offer consumers the four types of privacy protection the agency deems essential: a notice defining privacy policies, a choice as to how data collected by the site is used, access to that data and assurances that the data is secure. "
1) a notice defining privacy policies.
YES, at http://andover.net/privacy.html (link on the left of the page)
2) a choice as to how data collected by the site is used.
NO, though the editors have talked about adding an option for opting-out of book publishing deals.
3) access to that data.
NO, correct me if I'm wrong here...
4) assurances that the data is secure.
NO, at least not that I can find in the FAQ or the about sections.
My point is that the criteria were pretty strict, as #2 and #3 are not readily available on most sites. I am really surpised that ANY sites offer #3. As for #4, it's pretty useless so I don't really care about it.
So before you get all upset about all those sites failing... remember that privacy-respecting firms like Andover.net (I hope) fail too.
-rt-
-rt-
** Evil Canadians are taking over the world. Learn about the conspiracy
I think you mean "the government represents itself". When you "get involved", you become part of the government. Is it any surprize that the government does what the people involved in government want it to do? Isn't this nearly a tautology?
"running for local/state/federal office"? You mean, if I get elected to the senate, then government will represent me? Or will I just be part of the government, saying "fuck the people, I want power"?
You don't need to get involved. You need to tell the government to go fuck itself. I don't want anyone to have that kind of power over me. With corporations, I can opt out. I can refuse to buy SDMI hardware. I can refuse to sign up for a service that doesn't respect my privacy. With government, I have no such choice. For example, I can choose not to put my savings in Wells Fargo. I cannot choose not to put my savings in the federal social security. The key point of government is that you are given no options. I like having options. Therefore, I dislike government.
--Kevin
For a second there I thought it said
"Federal Trade Commision Wants More Online Piracy"
We're not that lucky =(
SuPz.orG
"You may find that there are gaps in industry enforcement where government must step in to ensure compliance," said Jill Lesser, a vice president at America Online Inc. in Dulles, Va. "Nevertheless, it is clear that companies are responding to the increasing marketplace demand for online privacy," she said at the commerce committee hearing.
AOL is arguing that online privacy is increasing? AOL that steals people's URLs? AOL that has the *worst* track record for spam in the entire $#!@#% industry?! That AOL?
If an aol atom touched an online privacy atom, they would probably annihalate each other in a puff of pure energy.
Judge Pag, the Learned, Impartial, and Very Relaxed
Let me tell you a story that happened to a friend of mine. She was involved in college politics, and was worried that college were reading her email.
So she came to me for help. I informed her of her rights under the Data Protection Act - the right to copies of any data any organisation had on her - and she asked college for the lot.
A month later, college delivered a HUGE box of documents. They listed everything college knew, all her academic record (including confidential bits), interview reports, etc. Then some college council minutes in which her activities had been discussed.
The moral of the story? DPA law is _good_ for individuals, _bad_ for companies. And you don't need a lawyer, just write a letter.
You as a U.S. citizen are already a member of the Government. You may not be an elected executive or legislative representative, but by simply being a member of this society, you are a member of the Government.
Whether or not you exercise your abilities is entirely different. If you don't, then don't be surprised if laws, policies, and decisions that effect a number of people, don't reflect what you want. This is something that many people attempt to ignore, as they whine about some nonexistant repressive institution.
Amongst other things that I mentioned, yes, becoming a Senator is a fairly good way of making sure that policies reflect your beliefs. Simply voting is also another way, but if you feel no one represents you directly, then doing it yourself is the way to go.
What you would personally do as an elected official, I can't say, but there's really only minor power to be had as one of many U.S. Senators.
You do need to get involved, otherwise you can't expect your world around you to represent your ideals. If no one hears your great ideas, no one is going to support them.
I'm not sure what sort of power you think any one member of the Government has over you, either. Are you suggesting a member of the FTC, or perhaps a school board member, can somehow control every action in your life? Perhaps you think your mayor can tell you what color socks you should wear, or a town clerk can tell you how to cut your hair?
You may not be aware of this, but the Government's actions are constrained by law and the courts. The law will reflect what ever body of people actively attempts to shape it, and then the courts will decide if it's appropriate. So the Government doesn't have any supreme control over you.
You can make a difference, but certainly not by running from "big brother."
It's amusing that you hold more faith in corporations, which are made in an even more amusing form of feudalism.
If a corporation is dumping toxic waste in your river, can you go to them and vote to have them stop? No, of course not. Since you've removed the Government, you either deal with it, or leave.
If you work for a business, can you vote for a longer lunch break? Can you vote on what you want to work on, as an employee? No, your options are deal with it, or leave. Yeah, power to the corporations!
You have no choices with corporations, other then the ones they choose to give you. As a private non-democratic institution, you have no say in their actions. Your options for controlling them is law (which you don't like), money (and there's a million more people to sell to), and going somewhere else.
With Government, if you don't like something, you can change it. You don't want to pay social security? Get off your ass and tell your elected representative. Don't like him? Run yourself, or support someone you do like.
Run for office? To which party am I going to sell my soul in exchange for enough backing to stand a chance of being elected? Ventura's election in Minnesota gives a slight amount of encouragement, but it doesn't change the fact that getting elected as an independent is almost impossible unless you're personally sickeninglyl rich.
Just voting leaves me with an interesting dilema, however. Do I vote for the party which wants to pass an internet decency act and reduce everything on the net to a level suitable for third grade children, or for the party which wants to pass a law which says that it's illegal to use any encryption other than the program supplied by the government with a built-in backdoor? Voting is, at best, a choice of which evil you want. To put it crudely, just because you can choose whether to grab you ankles or swallow doesn't mean you aren't being raped.
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
A:None.
I think your idea is not only very plausable, but very inforceable if the law would recognize your personal data as your copyright. It's sad, really, but at the moment (In USA) it becomes the property of the collector building your digital biography. What's more is you have no recourse when the data is incomplete, incorrect, or just flat out false.
___
1)Within 2 years(i think) the companies and institutions need to send you a letter containing what info they have on you.
2) You have the right to correct any info about you
3) They have to ask you if they can distribute youre info and you have a right to say No.
4) They cannot give the info to anyone in a third country that does not guarantee the same amount of privacy.
It also contained a whole heap of other protective measures. Allthough i think the European mentality is much more for privacy than the US one, in general atleast.Over here people want theire privacy.
Anyhow that is the type of law i think should be passed in the USA, and then maybe made into an international standard.
As a computer scientist, I'm sure you're aware that the government doesn't need to make public every piece of information it knows about you in order to authenticate you. Indeed, all they have to do is map an instance in their identity database to one "instance" of a person (er, you).
Even then, with a shadow identity, it would be trivial for you to choose what authenticated information to send. You just ask the government database to authenticate you to the foreign site and send with the ticket some information about you. Naturally, it will be encrypted--for whatever protection that gives you.
Much like "Don't steal; the government hates competition." In this case, the government is concerned that corporate power over our lives is growing to match its own. Can't have that now can we. Evil vs. Evil, and to the victor go the noncombatants.
I know most everyone in the computer world are big privacy buffs, but I just don't see the point. This is a discussion I have with my father all the time, and he just doesn't see it either. I think the world would be a better place if people weren't as uptight about privacy.
I remember an article posted to Slashdot something like two years ago. It was a commentary on the future of privacy and painted a really good picture of a world where cameras were just a part of daily life. It provided people with a way to look after each other and after each others' properties. Imagine how low the crime rate would be if there was most likely an active camera in every house.
On the more abstract side, privacy concerns block the flow of data. This is fundamentally contrary to the geek mindset, and I have never understood why so many geeks believe in it. Consider if someone did have records of your every move. You could never be falsely accused of a crime, you could be found easily in case of emergency, and the statistical information could be very good for society. Remember how the vaccine for small pox was discovered by noticing that milk maids previously infected with cow pox never contracted the disease? With huge databases of statistical data, I have to wonder how many other cures could be discovered like that. But the collection of much of this information would run against the privacy concerns of many of you.
On another angle, it is coming. Survaleance technology will soon be to the point where the cameras and microphones are completely undetectable, at which point no law can really help anything. So we have a choice, either we embrace it and have access to the vast amount of data, or we kick and scream and only the Orwellian police type people will. As long as the people have access to the data, we can even monitor the police. By kicking and screaming about it all, we actually increase the chances of the future that people say they're trying to protect.
Finally is the arguement that I have been avoiding: if you're not doing anything wrong, what do you have to fear? I say let them (websites, police, men in black, my neighbor) monitor me all they want. I'm not doing anything wrong. If that's how they'd get their kicks, let them go for it. If they want to put forth the effort to watch me going about a normal life, let them. It doesn't cost me anything.
I think complaining about privacy is the wrong way to go. Instead, complain about how the data is used. Pass laws making it illegal to modify data without making it clear that the data was modified (Times Square on New Year's Eve). Make sure all of the data is public so that no entity can horde it and use it for nefarious purposes. Knowledge is power, and that power needs to be in the hands of the people, not any secret police. Laws would have a much greater success rate when dealing with how the data is used, not how it is collected. It's just too tough to police every organization and person who *might* have a camera, while it is comparitively easy to monitor how the data is used. As soon as someone gets hurt, they can sue, and a harsh penalty will warn organizations against such practice in the future.
Don't get me wrong, I don't advocate forcing a webcam in every home. But I do wish people would stop raising such a fuss about every little thing that they see as an invasion of privacy. It seems to represent an inconsistancy in the mindsets of many geeks, and is swimming against a strong current instead of being carried to a place downstream that's better anyway.
Like a food buff swimming up the Mississippi River doing his best to get away from New Orleans (food capitol of the world, for those of you who don't know).