Slashdot Mirror
Hollings Introduces Privacy Bill
Dynedain writes "Senator Disney (aka Hollings) is apparently trying to get on techies' good side. ZDnet is reporting he is proposing a bill for 'net privacy' requiring opt-in agreements when companies want to sell 'sensitive' information (medical history, sexual preference, etc.) and opt-out agreements when selling non-sensitive (buying habits). US Chamber of Commerce is opposing this." Another article on Newsbytes notes that there are likely to be several privacy bills floating around, offering different levels of actual protection.
I've seen him referred to as "Senator Hollings (D-Disney)".
Best Slashdot Co
Now /. has another guy to have a love/hate relationship with.
Anyways, he's not trying very hard. All information that could be shared should be opt-out. Sharing very private information, like medical histories, is already well protected, and people's tendency to not notice opt-out options for buying habits and such will do nothing to stem the flow of spam and junk mail. Oh well.
...unless it gives 24-hour time. Or if it also displays the date. Or if someone keep screwing with it and all.
In any case, I wonder what his motivation is for this proposed bill. Is Disney interested in protecting their own digital privacy? Perhaps he's planning on expanding the bill to include much of the implications of the CBPTDA or whatever it was called...perhaps Disney thinks that such a law could warrant "mandated privacy devices" that would have the same effect.
After his last proposal, I cannot trust Hollings no matter what he offers.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
I dont see why your buyers habbits should have to opt opt. They should opt in as well. I buy something online They should ask me if I want my information spread to other companies or not. and Not just send the information and have me ask them to stop. By that time I realize I am on the list my Data would be spread to hundreds of sources and I have to opt out of each one.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
"I fear the Greeks, even when bringing gifts"
-Virgil (70-19 BC)
Please email all complaints to root@127.0.0.1 and the issue will be dealt with in due time.
Is the /. crowd in favor of privacy legislation or do we take a Libertarian viewpoint on this as well and call privacy legistlation an affront to free speech?
Viddy well my droogs, you don't want to be hypocritical here.
Privacy bills like this will have a huge impact on the consumer's protection, but also have a huge cost to growing internet companies.
nuclear iraq bioweapon encryption cocaine korea terrorist
Replace the Privacy with Piracy, and you get the former CPDBODJTO (you know what I mean). Hey, at least a lot of his sound bites are already written.
When this bill actually comes out, we'll have to make sure there are NO RIDERS on it. This would be a perfect opportunity to do so, since this proposed legislation has a chance to pass.
Karma? Karma? I don't need no stinkin' karma.
I must say that I'm impressed that Senator Hollings would propose this bill, but I believe he is accurate when he says "Privacy fears are stifling the development and expansion of the Internet as an engine of economic growth."
My concern with this bill is who will actually enforce it if it becomes law? It's nice to have theoretical privacy, but will it really work in practice? And if it turns out to be enforceable, what stops the disreputable businesses from relocating outside of the US?
www.timcoleman.com is a total waste of your time. Never go there.
Nope, Eisner is sweating bullets that someone will access Walt's medical data and find out that he was scheduled for revival in 2001, but that some one named M. Eisner MD, delayed the procedure till a date (in true MD handwriting) that looks suspiciously like "hell freezes over"
You either believe in rational thought or you don't
Listen, if Hollings is sponsering this bill because he wants to "make-up" with the tech-community, then the worst thing the tech-community can do is continue to boycott him.
Make the message clear, that the community will support good bill but go ape-shit crazy on bad ones. If he gets a bad reaction still, he's just going to write off the tech community as a special interest group that he has no chance of winning over. In that case, he'll say screw you to all of us and just go on taking blood money from disney.
Don't make it personal, it's simply politics. We just have to play the game.
int func(int a);
func((b += 3, b));
and opt-out agreements when selling non-sensitive (buying habits
Since when are buying habits not sensitive? What if you're buying cream at the pharmacy for your genital warts? What if you're buying a particular product for your spouse, or for a friend? What if you're ordering porno over the net? (They don't ship it in brown paper covers to your house because nobody cares whether anyone else sees it or not) What if you're buying a drug for a medical condition that you'd rather nobody knew about? Sure, Mr. Jones, we don't have access to your medical records, but we see you've been buying AZT, and various magazines and books written by people infected with HIV as support tools. Hmmm.....
Sexual preference, medical history, and lots of other things are tied to what you buy. I don't see how they can say that buying habits aren't sensitive.
-- Truth goes out the door when rumor comes innuendo. -- Groucho Marx
Sensitive private characteristics:
Sexual Preference: Heterosexual
Medical History: Pretty healthy, alcoholism runs in family.
Crinimal record: One speeding ticket, not much else.
Yeah, those are pretty private
Non-sensitive private information: /., weightlifting websites, finance, and geeky websites. straight pr0n.
Buying habits: Alcohol, Straight Pr0n, exercise stuff & vitamins, no medicine
Web browsing habits:
Whoa. My non-sensitive information is extremely suggestive of my sensitive information, wouldn't you think? What gives? Is it more complicated to make all privacy information opt-in? It seems like it would be less complicated to the irony nazi.
Bringing irony to the Slash-masses
This got me thinking that when you go into a store, in the very least, employees and gauge the demographics they are catering to, and adjust the way the store operates accordingly.
You have to admit, much of the information they want when you buy (where ya from, how old are you) is 'casually' available in physical stores. Online retailers have no such luxery of asking their sales force (cause there is none) who's buying, so I really dont think it's asking to much for the companies to want the provision of that kind of information to be standard procedure when buying online.
The physical retailers can provide this information based on sales data, the retailers physical location, and by virtue of the sales force being physically located where the buyer is. Virtual retailers arn't asking for anything new, other than potentially the granularity (IE, you live in this zipcode instead of you shop in this zipcode.)
The Direct Marketing Association (DMA) said it continues to support industry self-regulation on privacy.
I support segreating 'opt-in', 'opt-out' not by what information is collected, but by what you are allowed to do with that information. 'opt-out' collection should allow retailers to do internal aggregated sales analytics, while you MUST provide 'opt-in' collection when you wish to use that information to proactively contact the customer.
"Old man yells at systemd"
It all comes down to whom do you trust with your private information, and what information you yourself deem to be private.
Individuals are going to have to decide this for themselves. Trusting the government or advertising drones or Microsoft to keep your information private implies rather a lot of trust. Have you met these people? Told them about that time in 4th grade where you experimented with the chronic? Who knows stuff like that? Your closest companions at best.
Privacy must be individually taken, kept and defended. It's not a gift to be handed down from on high. Each person must learn to defend their privacy on their own, and determine just what they consider private.
Hate spam? Find a way to fight it, and keep your e-mail to yourself (or at worst, make up a free one). Don't believe the registration cards. Use a fake name on your phone number, or keep it unlisted. Give no one your SSN unless they can provide proof of needing it. Make sure you know what constitutes real proof. Never say hello twice when answering your phone. Turn off cookies. Set up trusted host lists.
It's hard, yes. Joe Public won't know how to do it. OTOH, Joe Public may not care, or may not spend 10 hours a day cruising the net, or may never buy anything from anyone online.
Know the risks, take pains to minimize them, and stay vigilant. It's the only real way to keep your privacy.
Do not touch -Willie
Eisner is sweating bullets that someone will access Walt's medical data and find out that he was scheduled for revival in 2001
Myth Busters! Walter Elias Disney wasn't frozen but instead cremated two days after he died.
Will I retire or break 10K?
I agree with the spirit of Hollings' proposed bill (and it pains me to say that). However, my "ideal" online privacy law would be:
1. Companies are forbidden to share/sell/reveal, intentionally or not, any information that a consumer gives to the company or authorizes the company to obtain unless expressly authorized by the consumer. So, anything that you give the company can not be shared with anyone else unless you give them permission to do so.
2. Companies are forbidden to share/sell/reveal, intentionally or not, any information created through consumers' transactions with the company that can be associated with a partifular consumer unless expressly authorized by the consumer. In other words, Company X can tell a marketing company that Y consumers purchased Product Z. They can NOT say that Consumer A purchased Product Z unless Consumer A authorizes it. If the company creates the data, they can use it, but can only associate the data with particular consumers with permission.
3. Any permission given for a company to use your data must be an informed decision. The company must provide to the consumer who they will share the data with (specific comapnies), what data will be shared, what the receiving company will do with the data, and what the company will get for sharing the data. This information must be provided to the consumer before she agrees to give permission, not something that can get received "on request" later after agreeing.
4. Companies that violate these three premises will be fined by the government and there will be a procedure set in place for consumers to collect damages.
Hopefully, this would prevent companies from playing fast and loose with your information and force them to make sure that their systems are secure (note the "intentionally or not" would cause the company to violate this "law" if some third party, such as a cracker, gets the data).
Self-regulation doesn't work. There will always be someone who will violate the "regulations" that the industry comes up with. The only solution is a legislative solution.
Holling's move makes more sense than you realize.
I commented several months ago about this but couldn't find it using the search engine, so I'll just repeat, roughly, what I said earlier.
Privacy advocates and advocates of Content Use Restriction (DRM) have a shared goal.
You, the liberty loving individual, don't want big bad governments and corporations using data about you without your permission. You want control over that data.
Purveyors of digitized content don't want tiny bad people "pirates" using their data without their permission. They want control over that data.
A rock-solid data tagging and protection system, (you know, the impractical kind) would provide a means to meet not only the needs of individuals seeking ownership and protection of their own data from duplication, but would simultaneously provide similar technology to media distributors seeking ownershop and protection of their data from duplication.
When I first realized this I was kind of taken aback, because, like many here, I've always place a higher value on the protection of my data than on the protection of someone else's data. That same disconnect will continue to confuse many advocates on both sides of the issue.
My own view is pragmatic: if it were easily possible to protect data this way, fine. But it's not. Once it's out there, it's beyond your control, just as for millenia, your spoken and written words have been able to disseminate beyond your control.
"Provided by the management for your protection."
OPT in on everything is required and a federal fine of $1000.00 per incident of releasing the unauthorized information and every use of it thereafter.
I can hear the marketing dweebs already... "OMG you'll destroy marketing, and all bssnisses, the world will spiral into oblivion if we dont know you buy generic toiler paper every other thursday with your debit card!"
again I say.... Bullcrap.. the world will continue, we will still see commercials, and things will continue EXCEPT they have to actually ask for the information now... it's like businesses are allowed to not have manners...
Do not look at laser with remaining good eye.
Then when he gets all the techies to support this bill, he'll attach the SSSCA/CDBITPA as a rider. Then what? Gonna do a 180?
I find it suspicious that after such a pro-corporation bill, he's proposing a pro-consumer one. Either he has a bizarre set of values or he's trying to gain favor for some reason. Either way, I think his past track record should speak for itself. There are other privacy bills; perhaps Mr. Rick Boucher will propose one that's worthy. He seems to be the only congressperson with any sense of technology/privacy issues at all.
rooooar
I don't see how the "selling" of medical information is legal at all. I worked for a company who made software for the health care industry, and there's some serious laws regarding protection of medical information. Both parties sending and receiving any information must have written signed guarentees that the information will be kept private. This act is the Health Care Protection and Acountability Act (HIPAA).
A simple opt-in (ala Yahoo! i'm asuming here) wouldn't abide by the laws set forth in HIPAA.
I'm surprised Hollins even brings medical information to the Internet. Most medical facilities I worked with had stricit protocols or strict seperation regarding sensitive data and the Internet. If any information was sent at all, it was either via FAX, hardcopy, or on a secure connection (via CarbonCopy, or similar program).
The only people who need my medical information are my health care providers.
How is this a good bill? On the plus side, yeah, we have to give someone permisssion to sell our "critical" data. But who's to say that won't be buried in an EULA?
And as Yahoo! has recently proved, automatically opting people in to recieve spam (since that's what the 2nd part of this legislations basically proposes, after all... they sell your info, you get spam) and making them opt-out leads to people getting bent out of shape. Why should companies get the right to ASSUME that I want to recieve spam from whoever they feel like hawking my info to?
A privacy law with teeth would have opt-ins across the board, and a clause saying that each opt-in must be clearly labelled as such, with no "bundling" of opt-ins implicit in any other action.
AHHHHHHH! I'm burning with goodness again!
- Reakk, Sluggy Freelance
Just wait for it to get out of committee and have Hollings tack on an amendment that looks amazingly like the CBDTPA. Senator Leahy killed the CBDTPA by refusing to let it out of committee. Hollings could have had a change of heart, and suddenly become interested in individual privacy rights - but I wouldn't bet that way.
[Insert pithy quote here]
Remember that the US Senate is one of the great bastions of political gamesmanship.
:)
It's probably a safe bet that Hollings hasn't suddenly switched his basic pro-media position. If that's so, then this bill may well be a maneuver to counteract someone else's bill.
For instance, in the recent campaign finance reform debates, the opponents of CFR floated a *better* bill, that they knew would not pass, as a way to divide the support for a CFR bill that might pass. This could well be a similar maneuver.
Pay close attention to the men behind the curtains.
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
The real problem with privacy legislation is that the law needs to define clearly something that is very context-sensitive and subjective.
More amusing and insightful than informative, NPR's David Weinberger a week or so ago ran this commentary about how as a digital society we are losing the subtle art of determining the context of information.
In case the link gets /.ed, the fundamental points are these:
How do we handle this as a society? How should I know? I had hoped we had elected people smarter than I to figure it out, but after seeing Enron and now Hollings, I'm beginning to despair of that notion...
He looked at me and said, "Kid, we don't like your kind, and we're gonna send your fingerprints off to Washington."
I hate having my data sold/being spammed as much as the next guy, but I wonder if banning this won't have the same effect as banning crypto export: they'll just develop and do it outside our borders. Then even federal law has no jurisdiction to stop them. For example, large US based web service provider could set up a shell company in the Bahamas which runs its website, collects all the marketable data, and sells it...
The problem with laws on the Internet is that they're not of a larger scale than just a nation, so the only way to deal with privacy violations, spam, etc. is: 1) on a global basis or 2) a technical solution or 3) to have people not be stupid and give out sensitive information. Since (2) doesn't apply, and (1)'s not going to happen any time in the near future, (3) is the only way to go?
Given his track record, I have to assume Holling's latest initiative is merely a smokescreen for CBDTPA/SSSCA. I can't wait to see the Disney ammendments.
I run a website that uses slashchode. Now, this asks for certain bits of information. I don't have any intention of doing anything with this information and I'm not any sort of commercial entity. Am I to be held to the same standards about opt-in and opt-out agreements?
This sig has been temporarily disconnected or is no longer in service
That's not their concern.
The real concern is that some company such as eBay or Microsoft or Sun or anyone (Disney even!), has a ton of money through legitimate business that never infringed on anyone's privacy. What's to stop a lawyer from filing class-action lawsuits against that company charging vague privacy infringements? The company, having oodles of money, will settle rather than go to court. The lawyers make out like bandits while all the company's customers get $0.09 each.
Don't believe it will happen? Happens all the time with shareholder lawsuits. There are law firms that specialize in watching for sharp stock value drops and filing class-action lawsuits on behalf of the shareholders.
He looked at me and said, "Kid, we don't like your kind, and we're gonna send your fingerprints off to Washington."
Here is an older version of a similar bill which was sponsored by Hollings in 2000.
legislation will fix things so that only wealthy corporations can
"trade" personal information?
Regards,
proclus
Good Bill? Bad Bill?
No bill, please. Like all bills, somebody has to pay, and it should be neither you *nor* me.
I don't want companies to use my information without my permission, and I want to be able to give my permission. Hollings' mistake is in thinking that it's his right to tell business owners how they're going to run their business, and telling me, in effect, what business practices I'm allowed to deal with.
Get off my back!
If aspiration is a virtue, achievement cannot be a vice.
This is a very simple debate if you look at the type of data being collected. A vocal majority of web users know that a good deal of information about them is tracked every time they go to a website or their favorite porn site. Most are content with allowing this information to be tracked as well as long as it is under the premise of being anonymous. When a site tries to tie in personal information, that is where the line needs to be drawn and opt-in needs to be specifically required (without questionable tactics such as pre-checking boxes allowing the user to be mailed by 3rd-parties).
People are willing to give up a lot of information about themselves when you promise that the data will be anonymous or in aggregate format, and for the most part, companies have no problem with this. The ire of the masses is resounding when companies don't use this information in the manner intended or attempt to use it to create marketing profiles per user. I don't mind buying things, but I also do not want "HOT!!! DEALS!" crammed in my inbox and down my throat.
So to Senator Hollings, I ask that instead of laying more restrictions on companies that will either get blown off or result in a plethora of legalese every time you sign up for a mailing list, he should focus more on making sure that his proposal is simple and understandable by both parties (COPA is a good example of how ALL personal data should be handled).
Hammer of Truth
ZDnet is reporting he is proposing a bill for 'net privacy' requiring opt-in agreements when companies want to sell 'sensitive' information (medical history, sexual preference, etc.) and opt-out agreements when selling non-sensitive (buying habits
An interesting observation I just made:
When the data belongs to the consumer, Hollings (D-Disney) wants the data to be copyable. He'd be committing political suicide to not ask for at least some restrictions, so he introduces bills like this. As for the 'non-sensitive' opt-out data, I don't consider opt-out to be a restriction at all. I'll still get the spam, and (especially seeing how email spammers work) it's not exactly easy to trust anybody to honor opt-out requests.
BUT...when the data belongs to a corporation, he doesn't want it to be copyable at all. Witness the DMCA and the SSSCA/CBDTPA.
Now. Try and tell me he isn't biased against consumers and towards corporations.
I pledge allegiance to the flag...
of the Corporate States of America...
Will he just attach his stupid new copyright bill to this privacy bill in the dead of night?
"I don't think it's selfish, to eat defenseless shellfish." -NOFX
Note: I'm not in the US, but US decisions have a way of being passed off as law in the EU... so this still concernes me.
I'm a techie, AND I DON'T WANT "PRIVACY". I want _balance_. If someone has information about me, I want access to information on them. I DON'T want the RIAA/whoever to be able to make any deals with ANYONE behind closed doors.
Total Societal Transparency.
Let _everyone_ know everything, if they want to. If a corporation has data on its customers, then the corporation should not be allowed any meetings behind closed doors.
Extreme example for illustrative purposes: surveillance cameras everwhere. Oh no! people cry... BUT: make the network Public Access, so that anyone, not just a privileged few, can tap in and keep an eye on what people are doing - and don't forget, other people will be able to see you watching, so don't be a perv.... i.e. it's a self-correcting way to run a society.
See David Brin's book, "The Transparent Society: Will Technology for us to choose Between Freedom And Privacy?".
Chapter one is available on-line here - I suggest all Techies read it rather than believing Privacy is necessarily a good thing.
If the choice becomes "Privacy or Freedom", I'm for Freedom.
How far would the RIAA or the WTO get if every person on earth was potentially privy to every bit of their meetings? All they usually currently give out is what they say happened, after the fact...
Privacy is what gives them their political edge. We should be fighting to destroy privacy, not uphold it.
And to be fair, we shouldn't want to hold onto our own privacy either. Paraphrasing Brin: "People always want privacy for themselves and accountability from other people - some people, even quite well-meaning and intelligent people [me: EFF?], do not see that their own position is illogical, asking for greater openness from others, and privacy for themselves"
Maybe Hollings has cottoned on to that, and is chucking away at the naive techies right now...
Choice of masters is not freedom.