More on Internet Privacy Legislation
Last week we noted that Senator Hollings had introduced a privacy bill and that there were likely to be more introduced. Now Salon has a piece critical of Hollings' bill. EPIC wrote about it as well, and they seem to think it's not too bad, all things considered. Read Hollings' bill yourself and decide who's right. Also of note is a bill introduced in the House that would require all Federal agencies to prepare privacy impact statements (the ACLU has a summary) akin to the environmental impact statements now required for actions adversely affecting the environment. Seems like a good idea to me.
---direct quote from bill
(c) NONSENSITIVE PERSONALLY IDENTIFIABLE INFORMATION REQUIRES ROBUST NOTICE AND OPT-OUT CONSENT- An internet service provider, online service provider, or operator of a commercial website may not--
(1) collect personally identifiable information not described in subsection (b) online, or
(2) disclose or otherwise use such information collected online, from a user of that service or website.
---end quote
Salon's article does sem a bit overly critical. This bill is a necessary piece of legislation. Sure some would like to see it even stricter(prohibiting any spyware style market research), but as it is it prohibits companies from collecting sensitive information and also from collecting information which is non-sensitve but could potentially be used to identify you.
The Salon article implies that the bill will allow companies to collect all sorts of non-sensitive personal information and use it to build a complete profile of you, including the stuff that can't be directly collected due to it's sensitivity. This just isn't true.
lysergically yours
From the Epic site: Hewlett Packard urged inclusion of a safe harbor provision in the Act to insulate companies from enforcement if they are members of a certified seal program such as BBBOnline or TrustE.
Oh, yes, of course, if they are members of wonderful TrustE then they'll nevvver evvver violate our privacy. That's why TrustE busted Yahoo! for changing our marketing preferences, right?
Seriously, has TrustE ever busted anybody -- at least any company that we've ever heard of?
"If I could live to be several hundred
I could take a walk and really wander, really wonder."
Don't be fooled, your name and address are two of the most sensitive peices of information you posses! In the hands of malicious people, it can simply be taken down to the DMV to bring up your file, and the unfortunate state of things is that most people list their social security number as their drivers ID (I changed mine to an anonymous number after taking a class in privacy, when we learned about the growing number of cases of identity theft). The fact of the matter is, I don't want people to have access to this sort of thing unless I give them it expressly. I also don't want information on my shopping and surfing habits getting released as it leads to phone soclicitations, as well as spam. What happened to the rights of the consumer? Why does congress allow bribes to give corperations the upper hand?
The world is changing rapidly, and our time is increasingly sucked away by meaningless adds. My parents can still remember a time not so long ago when junk mail was practically unheard of. Now we are saturated with it.
I think we ought to push for a bill which affords us a form of personal protection akin to the laws against tresspassing. In my opinion all cookies, spyware, etc that are installed on a computer without express permission from the user (EULA's are no good as no one reads them, and besides, we would be outraged if everyday were provided with a huge list of random comments, buried within which was a grant to tresspass on our property if we exit our house), should subject their makers to a fine. As a computer professional, my machines are a place I spend a considerable ammount of time, and I have a right to not have others intrude on my privacy.
As a final point, I realize that you can disable cookies, and most spyware, but it is ridiculous to assume that this makes them all right. Many people do not know how to do so, and above all else, we should never have to arm our computers with defenses just to preserve our rights. That is analogous to requiring everyone to bring a body guard when they left the house, or it would be legal to mug them.
*steps off of soapbox*, Sorry my wife is an IP lawyer and deals with this stuff everyday. We need more computing professionals in the government and law.
wanting free rides in our use of purchased media, complaining vigorously about the perceived lost dollars the legitamit exercise of personal use costs them... these people are now turning around and wanting a free-ride with my personal data?
I think not. Let me take the time to personally assure any politicians who happen to read Slashdot that a their support for this kind of initiative wil gurantee them my lost support, regardless of party, in their next bid for re-election.
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
Most of the focus on discussion I have seen so far has been addressing the "non-sensitive" information, and how this bill will open the flood gates to allow companies to collect and share it on a massive scale.
I think this is a huge problem, BUT - doesn't anyone else see the problem with how "sensitive" data is defined in this bill?
Sensitive data can only be collected or shared on an opt-in basis. Sounds good, but isn't medical information (one of the "sensitive" items) protected more highly by the HIPPA acts? Won't this act undo everything HIPPA did to help protect medical records? All it takes is one hidden or weasle worked opt-in box to release all your medical information. Or finantial information. Once out there, it can be sold. Then it's gone for good - opting out at that point won't do any good.
We need to raise a huge stink about how trivially this bill handles critical private information - medical, finantial and other records.