Slashdot Mirror
Ebay's Flexible Privacy Policy
l2718 writes "Ha'aretz has a disquieting report on a presentation made by eBay's senior counsel to law-enforcement officials. Apparently eBay logs all user interaction with them, and will happily hand over all the information to any law-enforcement official without a warrant -- a fax is quite sufficient. He is actually proud of their 'flexible' privacy policy."
I've got a fax machine...
Maybe you need letterhead.
Oh, I've got an Internet connection, and plenty of places have seals and official logos online. The quality isn't great, but hey - it's a fax, right?
Maybe you need a phone number.
Oh, I've gota phone I can sit by and pretend to be whoever I want when I answer it.
What was it Kevin Mitnick said about social engineering?
That what was all this school was for... to teach us how to solve our own problems. -- janeowit
Don't complain about eBay and other companies doing this--complain about the laws that don't protect our privacy. Talk to your representative and make the case for protecting such information if this kind of thing bothers you (and it should).
In this current age of "let's go get them badguys", is anyone really surprised that a company would so willingly acquiesce to the government? Should they? Good question, but are you surprised that they DO?
Most sites have clauses in their privacy policies saying that they can change them at any time without notifying users, and the changes are retroactive to any information they already have. It's up to the user to notice the changes by reviewing the policy regularly and finding contact information for someone who can remove it, then askin them to do so before they have time to give the information away if it changes.
Yup, when that happens, a lot of police are going to head over to Anne Nonymouse's place in Beverly Hills 90210. I think she's ordering a lot of child porn.
Admire that string of X's in the "Legal Requests" column.
Not that I condone it for even a second - how can eBay (yes, /. editors, that's how it's spelt, how can you not get that much right?) be sure that the person requesting the information is a legitimate law enforcement official?
Even if they were, any information garnered in this way would immediately be thrown out of court in most countries (including the US) as inadmissible, because the source would be deemed an illegal search if the proper warrants hadn't been obtained.
Without even examining the link it's obvious why eBay would do this - verifying the legality and scope of every warrant that it is presented with takes time, and time costs money. Rather than spend this time and money unproductively (cooperating with police officers doesn't produce revenues), they choose the path of least resistance.
Unfortunately, eBay is sufficiently large enough (or at least it thinks it is) that it doesn't see this as a reason for people to defect to less popular rival online auction sites.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
If a competing auction site were to be setup with greater privacy, and was successful, more power to it. As long as eBay fully discloses its policies, then there shouldn't be any whining about it -- folks are free to vote with their mouse, and click on another auction site
Personally, I think it's positive that eBay will cooperate with bona fide investigations, and not force them to jump through hoops (at taxpayer expense!) to get the data they need to do their job.
It's not as though medical records are being stored on eBay -- just one's bids on beanie babies, or other baubles.
Even scarier ... who owns PayPal these days?
I hear some people use it like a bank. Would you want your financial info tossed around like that?
One more reason so stay way from Paypal.
If I placed an ad in the paper selling something (say, a large supply of ammonium nitrate fertilizer), and the police came up to me and asked me about what people came and inquired about it, I would tell them without hesitation. Big deal.
Guess what? There is no right to anonymity. And law enforcement has to have SOME room to work. Too many people seem to think that law enforcement should be required to never ask questions and never access the public.
Sometimes it's best to just let stupid people be stupid.
The correct term should be 'lack of' privacy policy.
There's a growing sense that even if The Future comes,
most of us won't be able to afford it.
-- Lemmy
Say the RIAA comes knocking on Ebay's door and wants a list of everyone who sold, bought, traded, anything with live boots, records, vinyl, cd's etc etc of any major label artist. Or what if the label themselves gets involved.
I think some people would have different opinions on this privacy issue, although I agree when it comes to the scam artists a heightened police interventention level would be welcome.
Fear Breeds Knowledge
This should be the final proof, if proof were required, that privacy policies and TRUSTe seals audits and seals are ineffective at protecting consumers.
"How to Do Nothing," kids activities, back in print!
You can get my bid history and my email, but you can't get my credit card number, my home address and phone number, and now they require you to put in a bank account to be a seller. I don't want all that handed to the "Homeland Security Agency". What if I like the Iron Cross, or the swastica, will they suddenly start investigating all my banking and credit card numbers, criminals should be caught I agree, but that is what warrants are for, when they hand over this info for something as simple as a fax that compromises my rights I feel.
Anonymous Cowards - Oh God, How I hate you
Public use of any portable music system is a virtually guaranteed indicator of sociopathic tendencies. -- Zoso
That is why as a BUYER you should know what you are looking for and ask question of the SELLER. people have to use commen sense to avoid being ripped off there will always be scammers out there.
I know of several people that have been seriously ripped, and in a way, I'm glad that Ebay will pass out a scammers info.. esp. to the police.
If it was just the scammers info that would be fine BUT IT IS EVERYONE'S INFO that i'm not glad about it is extremly easy to fake LE request via Fax or Email and any Larry moe or curly could potentially get the information with requiring a court order it raises the bar before they give out the info.
"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
I work in Student Records at a technical college in MN. I will NOT allow anyone to request information over the phone. They must either MAIL or FAX me a request with a hand written signature in order for me to release this information to them...
State and Federal law states that people can request information over the phone if it is going directly to them and *I* feel that it is really that person. Problem here is that I cannot verify if it is really them and the social engineering thing comes into play. So basically I won't accept any phone requests. I feel that I cannot safely determine who the person is if I don't see a handwritten request.
Oh, for chrissakes - handwritten requests are completely and utterly useless. Let me guess, it has to be on letterhead? See parent post regarding availability thereof...
So I fax you a request. It has Police Department letterhead...or something similar. I mean, you don't know what the Jackass Police Department's letterhead looks like. And I sign it as the chief of Jackass Police Department. You don't know what his signature looks like either. And I put my phone number on it - but it has the same area code and extension as the main number, so it could be a non-main phone line. Or maybe I made up a police department that doesn't even exist.
How many E-bay knobs are going to fully check this? Are they going to get a directory assistance to find the PD and check the number? Are they going to talk to the chief, from the phone number they looked up, to make sure he ordered the data? What if they can't find the department's listing (could be a small department, could be I made it up)? Probably none of the above.
When you get down to it, faxed requests are pretty much worthless. Which is why I would want a warrant served by law enforcement personnel who I could easily check up on. As for DNR, I don't believe that helps with ebay.
-Looking for a job as a materials chemist or multivariat
From the article:
Attorney Nimrod Kozlovski, author of "The Computer and the Legal Process" (in Hebrew), heard the lecture, and could not believe his ears. "The consent given in the user contract should be seen as `coerced consent,' in the absence of any opportunity to exercise free choice, with no real alternative but to agree. This is most certainly not conscious consent."
I think this says it all. We are rapidly becoming a society in which corporations can strip individuals of their liberties not by virtue of law, but by using onerous contracts.
Imagine if the utility companies forced a person to hand over keys to their residence when they signed up for service, so that the company could "inspect the premises in the interests of public safety". It wouldn't be long before the utility company would realize that they can make additional income by "renting" your key to law enforcement agencies on demand. But you, the resident would effectively have no say in this - you either agree to their terms, or you do without gas/electric/phone service.
You see, the danger of this is that by "renting" the key, law enforcement no longer needs a warrant to search your house; you implicitly gave consent for entry to the utility company, who then resold that consent to law enforcement. It is these kinds of agreements which allow law enforcement to circumvent the checks and balances gauranteed by the constitution, and this is what makes them so dangerous.
How long will it be before our lives and liberties are entirely beholden to corporate interests?
The society for a thought-free internet welcomes you.
Imagine being able to search:
Every page you've ever been to.
What you have searched for on Google.
Everything you have looked at, purchased, or sold on eBay.
All financial information from Paypal.
All the people you've sent/recieved email to/from.
I'm sure I'm missing a few things - but who needs TIA when these companies are bending over backwards to provide all this info?
Poindexter probably figured this out and got a raise for saving so much money... :(
You shouldn't cough up your freedoms to prevent crime. By the way, this isn't for when you get screwed over,do you honestly think you can file a complaint at your local police department and their going to fax ebay, hell no, their going to say, we can't do anything for you, or, do you have insurance. Like when my car stereo got stolen as well as 40 other car stereos, in one night, in my little town. And the law enforcement said, were not likely to catch these guys, they didn't dust for prints, they didn't look for clues, they just said, call your insurance company. Cops are fucking worthless in theft cases unless it's a felony theft, even then though, they are pretty useless. I found my car stereo at a pawn shop, they had the guys name and address after that, guess what happened, he got probabation for 3 months, he wasn't forced to pay me back for damage to my car or anything like that, he just got probation. What good did that do for me? The court said I could take him to civil court if I wanted to get my own lawyer and what not.
Anonymous Cowards - Oh God, How I hate you
"In communist regimes, [Kozlovski] says, the state would assign watchers to follow every citizen, who would pass incriminating information on to the authorities. Now the state doesn't have to do a thing. People come to it of their own free will. This is also the case for eBay, which exploits its stature in the market to have users accept contracts that strip them of their privacy. Perhaps the regime is different, but the outcome is most assuredly the same."
I used to live under a communist regime, and I think now I much prefer neighbors invading my privacy to get some extra food stamps to feed their children than a huge compnay like eBay appeasing the government a bit too much to get favorable regulation with which to make even more money.
Yes, I know I can just avoid eBay--and I do, so it's not really a great comparison. It just bothers me when people think that capitalism is the panacea for the world's ills and like to point out where it fails.
However, I really don't like the idea of the authorities being able to make casual inquiries via fax. At the very least, issue a subpoena in which you state a legitimate law enforcement purpose for the inquiry. For this, you only have to get the approval of your police legal advisor or a prosecutor.
The way this looks right now, cops can "browse" through anyone they want to check on, just to see if they can find anything suspicious. While this is certainly not the behavior most of us would engage in, there are always those willing to abuse this kind of device.
Those with a legitimate purpose can easily obtain the information with just a little bit of extra effort, whereas those who are just casually cruising through users (say, randomly checking any high-volume ebayers) may be discouraged by having to articulate a legitimate law enforcement purpose for each case.
As to self-policing on the part of ebay, I have absolutely no problem with that. Just like the Pawn shop owner who sees someone coming in with car stereos all the time, ebay has an ethical duty (in my opinion, with which you may disagree) to report people they believe may be engaging in criminal activity.
" A popular response is: "If you have nothing to hide, you have nothing to fear.
"By that reasoning, of course, we shouldn't mind if the police were free to come into our homes at any time just to look around, if all our telephone conversations were monitored, if all our mail were read, if all the protections developed over centuries were swept away. It's only a difference of degree from the intrusions already being implemented or considered.
"The truth is that we all do have something to hide, not because it's criminal or even shameful, but simply because it's private. We carefully calibrate what we reveal about ourselves to others. Most of us are only willing to have a few things known about us by a stranger, more by an acquaintance, and the most by a very close friend or a romantic partner. The right not to be known against our will -- indeed, the right to be anonymous except when we choose to identify ourselves -- is at the very core of human dignity, autonomy and freedom.
If we allow the state to sweep away the normal walls of privacy that protect the details of our lives, we will consign ourselves psychologically to living in a fishbowl. Even if we suffered no other specific harm as a result, that alone would profoundly change how we feel. Anyone who has lived in a totalitarian society can attest that what often felt most oppressive was precisely the lack of privacy.
The term is "fishing expedition". Say some cop or whatever has an ax to grind with you. They use a real or fake letterhead to get some dirt on you from ebay. They could turn it over to the press, blackmail you or use it to get a real warrant.
There is actually no Constitutional right to privacy
I would have to say no, you're wrong.
Amendment IX
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Or more correctly, there are no constitutional rights of any sort. The Constitution does not grant any rights. It simply limits government's legal authority to infringe on the rights we all already have by virtue of being alive.
So, if it's not prohibited or disparaged in some way, then it's our right to do it, say it, think it, not have it done, etc...
Now if we could just get the guys with the guns and tear gas to believe all of that and act accordingly...
I think that you need to pay more attention to the Bill of Rights:
Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
And, just in case you do not think gathering evidence applies there, let me throw this one at you:
Amendment IX
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
In other words, just because the Constitution does not say you have the right to privacy does not mean you are denied such a right. It only means that the founding fathers did not foresee the requirement to say, "You have the right to privacy."
Andrew Borntreger
Champion of cinematic disasters