Slashdot Mirror
Ebay's Flexible Privacy Policy
l2718 writes "Ha'aretz has a disquieting report on a presentation made by eBay's senior counsel to law-enforcement officials. Apparently eBay logs all user interaction with them, and will happily hand over all the information to any law-enforcement official without a warrant -- a fax is quite sufficient. He is actually proud of their 'flexible' privacy policy."
I've got a fax machine...
Maybe you need letterhead.
Oh, I've got an Internet connection, and plenty of places have seals and official logos online. The quality isn't great, but hey - it's a fax, right?
Maybe you need a phone number.
Oh, I've gota phone I can sit by and pretend to be whoever I want when I answer it.
What was it Kevin Mitnick said about social engineering?
That what was all this school was for... to teach us how to solve our own problems. -- janeowit
Don't complain about eBay and other companies doing this--complain about the laws that don't protect our privacy. Talk to your representative and make the case for protecting such information if this kind of thing bothers you (and it should).
In this current age of "let's go get them badguys", is anyone really surprised that a company would so willingly acquiesce to the government? Should they? Good question, but are you surprised that they DO?
Most sites have clauses in their privacy policies saying that they can change them at any time without notifying users, and the changes are retroactive to any information they already have. It's up to the user to notice the changes by reviewing the policy regularly and finding contact information for someone who can remove it, then askin them to do so before they have time to give the information away if it changes.
Yup, when that happens, a lot of police are going to head over to Anne Nonymouse's place in Beverly Hills 90210. I think she's ordering a lot of child porn.
Admire that string of X's in the "Legal Requests" column.
Not that I condone it for even a second - how can eBay (yes, /. editors, that's how it's spelt, how can you not get that much right?) be sure that the person requesting the information is a legitimate law enforcement official?
Even if they were, any information garnered in this way would immediately be thrown out of court in most countries (including the US) as inadmissible, because the source would be deemed an illegal search if the proper warrants hadn't been obtained.
Without even examining the link it's obvious why eBay would do this - verifying the legality and scope of every warrant that it is presented with takes time, and time costs money. Rather than spend this time and money unproductively (cooperating with police officers doesn't produce revenues), they choose the path of least resistance.
Unfortunately, eBay is sufficiently large enough (or at least it thinks it is) that it doesn't see this as a reason for people to defect to less popular rival online auction sites.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
If a competing auction site were to be setup with greater privacy, and was successful, more power to it. As long as eBay fully discloses its policies, then there shouldn't be any whining about it -- folks are free to vote with their mouse, and click on another auction site
Personally, I think it's positive that eBay will cooperate with bona fide investigations, and not force them to jump through hoops (at taxpayer expense!) to get the data they need to do their job.
It's not as though medical records are being stored on eBay -- just one's bids on beanie babies, or other baubles.
Even scarier ... who owns PayPal these days?
I hear some people use it like a bank. Would you want your financial info tossed around like that?
One more reason so stay way from Paypal.
If I placed an ad in the paper selling something (say, a large supply of ammonium nitrate fertilizer), and the police came up to me and asked me about what people came and inquired about it, I would tell them without hesitation. Big deal.
Guess what? There is no right to anonymity. And law enforcement has to have SOME room to work. Too many people seem to think that law enforcement should be required to never ask questions and never access the public.
Sometimes it's best to just let stupid people be stupid.
Say the RIAA comes knocking on Ebay's door and wants a list of everyone who sold, bought, traded, anything with live boots, records, vinyl, cd's etc etc of any major label artist. Or what if the label themselves gets involved.
I think some people would have different opinions on this privacy issue, although I agree when it comes to the scam artists a heightened police interventention level would be welcome.
Fear Breeds Knowledge
This should be the final proof, if proof were required, that privacy policies and TRUSTe seals audits and seals are ineffective at protecting consumers.
"How to Do Nothing," kids activities, back in print!
Public use of any portable music system is a virtually guaranteed indicator of sociopathic tendencies. -- Zoso
I work in Student Records at a technical college in MN. I will NOT allow anyone to request information over the phone. They must either MAIL or FAX me a request with a hand written signature in order for me to release this information to them...
State and Federal law states that people can request information over the phone if it is going directly to them and *I* feel that it is really that person. Problem here is that I cannot verify if it is really them and the social engineering thing comes into play. So basically I won't accept any phone requests. I feel that I cannot safely determine who the person is if I don't see a handwritten request.
Oh, for chrissakes - handwritten requests are completely and utterly useless. Let me guess, it has to be on letterhead? See parent post regarding availability thereof...
So I fax you a request. It has Police Department letterhead...or something similar. I mean, you don't know what the Jackass Police Department's letterhead looks like. And I sign it as the chief of Jackass Police Department. You don't know what his signature looks like either. And I put my phone number on it - but it has the same area code and extension as the main number, so it could be a non-main phone line. Or maybe I made up a police department that doesn't even exist.
How many E-bay knobs are going to fully check this? Are they going to get a directory assistance to find the PD and check the number? Are they going to talk to the chief, from the phone number they looked up, to make sure he ordered the data? What if they can't find the department's listing (could be a small department, could be I made it up)? Probably none of the above.
When you get down to it, faxed requests are pretty much worthless. Which is why I would want a warrant served by law enforcement personnel who I could easily check up on. As for DNR, I don't believe that helps with ebay.
-Looking for a job as a materials chemist or multivariat
From the article:
Attorney Nimrod Kozlovski, author of "The Computer and the Legal Process" (in Hebrew), heard the lecture, and could not believe his ears. "The consent given in the user contract should be seen as `coerced consent,' in the absence of any opportunity to exercise free choice, with no real alternative but to agree. This is most certainly not conscious consent."
I think this says it all. We are rapidly becoming a society in which corporations can strip individuals of their liberties not by virtue of law, but by using onerous contracts.
Imagine if the utility companies forced a person to hand over keys to their residence when they signed up for service, so that the company could "inspect the premises in the interests of public safety". It wouldn't be long before the utility company would realize that they can make additional income by "renting" your key to law enforcement agencies on demand. But you, the resident would effectively have no say in this - you either agree to their terms, or you do without gas/electric/phone service.
You see, the danger of this is that by "renting" the key, law enforcement no longer needs a warrant to search your house; you implicitly gave consent for entry to the utility company, who then resold that consent to law enforcement. It is these kinds of agreements which allow law enforcement to circumvent the checks and balances gauranteed by the constitution, and this is what makes them so dangerous.
How long will it be before our lives and liberties are entirely beholden to corporate interests?
The society for a thought-free internet welcomes you.
Imagine being able to search:
Every page you've ever been to.
What you have searched for on Google.
Everything you have looked at, purchased, or sold on eBay.
All financial information from Paypal.
All the people you've sent/recieved email to/from.
I'm sure I'm missing a few things - but who needs TIA when these companies are bending over backwards to provide all this info?
Poindexter probably figured this out and got a raise for saving so much money... :(
However, I really don't like the idea of the authorities being able to make casual inquiries via fax. At the very least, issue a subpoena in which you state a legitimate law enforcement purpose for the inquiry. For this, you only have to get the approval of your police legal advisor or a prosecutor.
The way this looks right now, cops can "browse" through anyone they want to check on, just to see if they can find anything suspicious. While this is certainly not the behavior most of us would engage in, there are always those willing to abuse this kind of device.
Those with a legitimate purpose can easily obtain the information with just a little bit of extra effort, whereas those who are just casually cruising through users (say, randomly checking any high-volume ebayers) may be discouraged by having to articulate a legitimate law enforcement purpose for each case.
As to self-policing on the part of ebay, I have absolutely no problem with that. Just like the Pawn shop owner who sees someone coming in with car stereos all the time, ebay has an ethical duty (in my opinion, with which you may disagree) to report people they believe may be engaging in criminal activity.
I think that you need to pay more attention to the Bill of Rights:
Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
And, just in case you do not think gathering evidence applies there, let me throw this one at you:
Amendment IX
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
In other words, just because the Constitution does not say you have the right to privacy does not mean you are denied such a right. It only means that the founding fathers did not foresee the requirement to say, "You have the right to privacy."
Andrew Borntreger
Champion of cinematic disasters