Slashdot Mirror
Ebay's Flexible Privacy Policy
l2718 writes "Ha'aretz has a disquieting report on a presentation made by eBay's senior counsel to law-enforcement officials. Apparently eBay logs all user interaction with them, and will happily hand over all the information to any law-enforcement official without a warrant -- a fax is quite sufficient. He is actually proud of their 'flexible' privacy policy."
http://www.ebay.co.uk/
. ht ml
It appears they have a presence in the UK. Therefore the Data Protection Act applies to them. They make no mention of this in their Privacy Policy:
http://pages.ebay.co.uk/help/community/png-priv
Oh, dear. Looks like someone should shop them to the Data Protection Registrar...
I don't care how small a point font it was printed in,
as long as it was printed on the site when I registered, or sent to me in an e-mail update.
Now, the legality of defining their policy and having you click-thru is still up in the air with EULAs; just because its printed in legalese doesn't mean it will hold up in court.
But to give me a warm fuzzy, disclose it to me.
Why? Because there are a lot of rip-off artists on e-bay. If it makes it easier for law enforcement to find and fine these scummy ebayers, that is a GOOD THING.
Honestly, I'd rather have E-bay in my corner if I get screwed than to have them go the PayPal route.
In the future, I would want to not be isolated from my friends in the Space Station.
Don't bother emailing eBay in cases of fraud. You may or may not get an answer. Sounds like the way to go is to get a local police department to take a complaint. Hand them the request for information to fax for you. Post the results...
Envy my 5 digit Slashdot User ID!
If you have ever been ripped off or defrauded on ebay, you would look at this from a different perspective.
The last thing I want to do when someone defrauds me using ebay is jump through the many legal hoops to obtain a warrant.
As stated, this information can only be requested by law enforcement, and trust me, law enforcement officials don't get off of from violating your privacy and requesting it just for kicks. This is a welcome move that will help people that got screwed recover their money a little easier and a little faster. I, and many other ebayers, welcome the policy.
Witold
www.witold.org
witold.org
I work for a banking service provider (one of the guys who run the banking software for the little 1-50 branch banks). A few years ago we used to get excited because the Secret Service or FBI wanted us to pull some records. These days we almost need a full time person to track this stuff down. This week we got a call from a homicide detective in Columbus, OH. (Is that really a city?) The detail we can provide these guys is pretty complete - even if it's just a lame web banking hack attempt, we can often link that attempt back to a specific ISP user (because the ISP often attaches additional information to web requests - ahem, AOL) as well as tell ever single transaction that account, that IP, that user has done since XXX. And what does it take for people to get the information? At first we only trusted agents with ID at the door, but it really is getting to the point of a phone call and a fax; in fact, the best way to social engineer these days might just be to pretend you're a cop - the person on the other end of the phone (at least at my place) will generally roll over and cough up whatever you want by the second phone call. Fortunately, some management types have started to pay attention to the hack opportunity provided and are beginning to educate the first-line responders to these kind of calls that just because they say they are cops, doesn't mean they really are....
Yesterday I tried to delete my account, but I can not, it will not let me.
I do not ever intend to use ebay, but it seems my account will forever be there.
Annoying that.
Dataprotection in EU si not about where the data is stored. It is about having the right to know, check , and correct data stored on YOU , EU citizen. Likewise like USA saying they have the right to Sue/pursue people having done sales in the USA, when you do have a transaction with somebody in the EU what count is not where you store the data , but the fact that you have per see a contract/sale with somebody resident in EU.
Else this would have been YEARS that every EU firm would have put their Data server in some off shore haven.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
There is actually no Constitutional right to privacy.
There is in California...83chrise.nuf
I think you're missing a point here.
Suppose you screw me in an auction. I fax in a request for your info, find out where you live, where you work etc.
Now I don't have to settle for just marking you as a bad seller/buyer, I can give personal punishment.
It's not a freedom/safety issue. It's not about violent criminal behavior. It's about money.
Specifically, states are busy passing laws allowing collection of taxes on internet sales, but most of these sales go unreported. (Think about it, did you list last year's eBay sales on your 1040? Well, neither did anyone else.) So this is their method for reporting. And thanks to eBay's "flexible" reporting system, a simple fax request is all that's needed. No need for a time-consuming, cumbersome warrant with all those messy rules about Judge's signatures and prior evidence... just a bored cop's desire to go trolling for evil tax evaders.
"Dear eBay,
Please send us a list of all the transactions in the past 7 years from customers in the 90210 area code.
Thank you,
Sgt. Jackass, Podunk California Police Department."
It's simple. If they want to collect taxes on unreported sales, they start with records from the largest online retailer, the one who hands out information no questions asked. Thanks for nothing, eBay!
I'll bet Google does the same thing as EBay -- it's just that Google isn't dumb enough to brag about it. From New York Times, 28 November 2002, page E6:
"Google currently does not allow outsiders to gain access to raw data because of privacy concerns. Searches are logged by time of day, originating I.P. address (information that can be used to link searches to a specific computer), and the sites on which the user clicked. People tell things to search engines that they would never talk about publicly -- Viagra, pregnancy scares, fraud, face lifts. What is interesting in the aggregate can seem an invasion of privacy if narrowed to an individual.
"So, does Google ever get subpoenas for its information? 'Google does not comment on the details of legal matters involving Google,' Mr. Brin responded."
There is actually no Constitutional right to privacy. People like to conjure out of of vapors eminating from other amendments, but it is all smoke and mirrors: it is NOT there. I would be in favor of amending the Constitution to add this right.
The Roe v Wade case pretty much estabished the right to privacy, as that was one of the main points used to win the case.