Forgot your password?
typodupeerror
United States Your Rights Online

Hollings Introduces Privacy Bill 296

Posted by michael
from the private-is-as-private-does dept.
Dynedain writes "Senator Disney (aka Hollings) is apparently trying to get on techies' good side. ZDnet is reporting he is proposing a bill for 'net privacy' requiring opt-in agreements when companies want to sell 'sensitive' information (medical history, sexual preference, etc.) and opt-out agreements when selling non-sensitive (buying habits). US Chamber of Commerce is opposing this." Another article on Newsbytes notes that there are likely to be several privacy bills floating around, offering different levels of actual protection.
This discussion has been archived. No new comments can be posted.

Hollings Introduces Privacy Bill

Comments Filter:
  • by wiredog (43288) on Friday April 19, 2002 @11:57AM (#3373928) Journal
    I've seen him referred to as "Senator Hollings (D-Disney)".
  • Great... (Score:5, Insightful)

    by Deluge (94014) on Friday April 19, 2002 @11:59AM (#3373944)
    Now /. has another guy to have a love/hate relationship with.

    Anyways, he's not trying very hard. All information that could be shared should be opt-out. Sharing very private information, like medical histories, is already well protected, and people's tendency to not notice opt-out options for buying habits and such will do nothing to stem the flow of spam and junk mail. Oh well.
    • the SSSCA/Cable-thingy-whatever-confusing-name bill is to damn evil to ever get me on his good side. I don't care if he proposes a give $1 million to everyone bill...I will still hate him(though I would like the money :-) )
    • Re:Great... (Score:5, Insightful)

      by Stephen Samuel (106962) <samuel.bcgreen@com> on Friday April 19, 2002 @12:29PM (#3374165) Homepage Journal
      As someone else said: This legislation does very little other than place in stone what the DMA is already doing. Not many people have the sensitive information that he's requiring the opt-in for, anyways (it's the nature of 'sensitive' information). In any case it doesn't matter.

      They can't tell me your sexual preference or your medical history, but they can tell me that:

      • You are male,
      • You visit 'beefcake' porn sites a lot
      • you buy AZT on the 'net because it's cheaper.
      I can figure out the rest from there.
      • Re:Great... (Score:2, Interesting)

        by hagardtroll (562208)
        This seems like is has one big loophole. The overlap between non-sensitive and sensitive data.

        For many buying habits ARE political and interpreted as such by marketers.

        For example.

        I bought trees from arborday.org so I wouldn't have to look at my neighbors house. As a result of the 'PURCHASE', I was placed on the mailing list of greenpeace, world wildlife fund, etc.

        So, when buying habits can be interpreted as political information what side does this law place that information on?

        All information sharing should be Opt IN. No exceptions, that is the only way privacy is protected.
    • by bricriu (184334) on Friday April 19, 2002 @12:30PM (#3374171) Homepage
      How is this a good bill? On the plus side, yeah, we have to give someone permisssion to sell our "critical" data. But who's to say that won't be buried in an EULA?

      And as Yahoo! has recently proved, automatically opting people in to recieve spam (since that's what the 2nd part of this legislations basically proposes, after all... they sell your info, you get spam) and making them opt-out leads to people getting bent out of shape. Why should companies get the right to ASSUME that I want to recieve spam from whoever they feel like hawking my info to?

      A privacy law with teeth would have opt-ins across the board, and a clause saying that each opt-in must be clearly labelled as such, with no "bundling" of opt-ins implicit in any other action.
    • Re:Great... (Score:5, Insightful)

      by gclef (96311) on Friday April 19, 2002 @12:51PM (#3374312)
      True. In fact, one thing I'd like to make sure this law does *not* do is to override the protections put in place for medical information by HIPAA. The privacy protections put in by HIPAA are actually pretty well done. I'd rather they not be weakened by a "We got you to click ok, so we're spamming the globe with your surgery results now" rule.

      • Actually they have already been weakened [sfgate.com]. This happened a few weeks ago, when nobody was watching. What? You actually thought this administration would let them stand?
  • by Dimensio (311070) <darkstar&iglou,com> on Friday April 19, 2002 @12:01PM (#3373956)
    ...unless it gives 24-hour time. Or if it also displays the date. Or if someone keep screwing with it and all.

    In any case, I wonder what his motivation is for this proposed bill. Is Disney interested in protecting their own digital privacy? Perhaps he's planning on expanding the bill to include much of the implications of the CBPTDA or whatever it was called...perhaps Disney thinks that such a law could warrant "mandated privacy devices" that would have the same effect.

    After his last proposal, I cannot trust Hollings no matter what he offers.
    • by WinPimp2K (301497) on Friday April 19, 2002 @12:06PM (#3374006)
      Nope, Eisner is sweating bullets that someone will access Walt's medical data and find out that he was scheduled for revival in 2001, but that some one named M. Eisner MD, delayed the procedure till a date (in true MD handwriting) that looks suspiciously like "hell freezes over"
    • Probably they are trying to get what they can and run. Opt-out for all the contact info (read: the valuable stuff) is still pretty great for companies, and crappy for people.

      The way things are looking, and the way people think, it's looking more and more like something that is Opt-in for everything could pass. This would be "bad" for Hollings' 'constituants'...
    • by VAXman (96870) on Friday April 19, 2002 @12:26PM (#3374145)
      What's the difference between the two bills? The first proposes massive government regulation and controls on makers of technology in order to enforce copyright protection. The second nill also proposes massive government regulation and controls on makers of technology in order to force privacy.

      Why should the government support massive regulation dictating how companies build internet products, all in the name of protecting piracy? That's just as patently riduclous as forcing hardware makers to include copyright controls on their products.

      The government should keep its hands out of technology, period.
      • The government should keep its hands out of technology, period.
        So tech companies should not be regulated by the EPA and should be able to pollute left and right? Or their employees should not be covered by labor regulations and forced to work long hours with no overtime or comp time? Or tech companies should not be covered by antitrust regulations, allowing them to monopolize what should be an open and free market?

        NO government intervention can be just as bad as TOO MUCH government intervention.

        Also, don't forget that in the 1960's and 1970's the government's funding of NASA and the Internet served to spur growth in technology faster than if it would have been left solely to the free market...
  • The idea that the opt-in is for 'sensitive' information and opt-out for 'non-sensitive' information should apeal to most people.
    The problem lies in what is 'sensitive' information and 'non-sensitive' information.
    It can vary wildly based on context and how the data is processed (the old, unique Id is the only directly identifing feature but link it to too many data references and you have the complete individual).
    If you think about it, the proposal can never be policed.
  • by jellomizer (103300) on Friday April 19, 2002 @12:01PM (#3373959)
    I dont see why your buyers habbits should have to opt opt. They should opt in as well. I buy something online They should ask me if I want my information spread to other companies or not. and Not just send the information and have me ask them to stop. By that time I realize I am on the list my Data would be spread to hundreds of sources and I have to opt out of each one.
    • by SirSlud (67381) on Friday April 19, 2002 @12:07PM (#3374019) Homepage
      This got me thinking that when you go into a store, in the very least, employees and gauge the demographics they are catering to, and adjust the way the store operates accordingly.

      You have to admit, much of the information they want when you buy (where ya from, how old are you) is 'casually' available in physical stores. Online retailers have no such luxery of asking their sales force (cause there is none) who's buying, so I really dont think it's asking to much for the companies to want the provision of that kind of information to be standard procedure when buying online.

      The physical retailers can provide this information based on sales data, the retailers physical location, and by virtue of the sales force being physically located where the buyer is. Virtual retailers arn't asking for anything new, other than potentially the granularity (IE, you live in this zipcode instead of you shop in this zipcode.)

      The Direct Marketing Association (DMA) said it continues to support industry self-regulation on privacy.

      I support segreating 'opt-in', 'opt-out' not by what information is collected, but by what you are allowed to do with that information. 'opt-out' collection should allow retailers to do internal aggregated sales analytics, while you MUST provide 'opt-in' collection when you wish to use that information to proactively contact the customer.
      • by Anonymous Coward
        How do you define internal? Are subsiduaries internal? Are alliances internal? If company A sends a consultant team to company B for 1 year, are they internal employees? If I sign a nondiscosure agreement that makes me a temporary employee, am I internal? What's internal and what's external is extremely vague in the corporate world.

  • by plemeljr (250971) on Friday April 19, 2002 @12:01PM (#3373966) Homepage
    "I fear the Greeks, even when bringing gifts"
    -Virgil (70-19 BC)
    • Or the old adage - don't look a gifthorse in the mouth.
    • by Rogerborg (306625) on Friday April 19, 2002 @01:47PM (#3374738) Homepage

      Well said. When the bill does surface into the light of day, let's bear something in mind. If Hollings is proposing a bill that guarantees Federally protected privacy (ahem) for your information, might the corollary be that it becomes an offence to provide dis-information, even when there's no fraudulent intent, just caution?

      Before you scoff and dismiss this, consider his track record, and apply the appropriate spin. How about "Promoting a culture of mutual trust in a value add win-win proposition for both peon^H^H^^H consumers and master^H^H^H^H^H^ business." And remember, you heard it here first.

      • "I fear the Greeks, even when bringing gifts"

      Ooh, ooh, I've got another one.

      Q: What's the most efficient way to check that personal information is being stored and used in accordance with this legislation?

      A: Why, to have it all held and handled by one company, of course!

      Someone check Microsoft's petty cash jar, quick.

  • From the article:
    The U.S. Chamber of Commerce, however, disagreed. The organization opposes Hollings' proposal, saying it would hinder online commerce and would open a plethora of class-action lawsuits.
    "This proposal is nothing more than a solution in search of a problem," Bruce Josten, executive vice president of the organization, said in a statement.


    Someone please spam this guy.
  • by Argyle (25623) on Friday April 19, 2002 @12:03PM (#3373985) Homepage Journal
    Is the /. crowd in favor of privacy legislation or do we take a Libertarian viewpoint on this as well and call privacy legistlation an affront to free speech?

    Viddy well my droogs, you don't want to be hypocritical here.

    Privacy bills like this will have a huge impact on the consumer's protection, but also have a huge cost to growing internet companies.
    • no, I like privacy, but I will not support his bill. He is a tainted piggy when it comes to technology issues AFAIAC.

      I will support another senators bil however.
    • sorry but your FUD that this will have a HUGE cost to new and growing internet companies is a pure and un-adulterated lie.

      It costs nothing to put a checkbox asking if "can I sell your information to every whoremonger I find?" or asking costs NOTHING.. I dont care what the marketing,financial,or Operations people you talk to say.. it costs Zero dollars and Zero cents to impliment a Opt-in system... Just ask the guys that write the code.
    • For this? No. (Score:2, Offtopic)

      by Lendrick (314723)
      Privacy bills are generally a good thing. We Slashdotters would rather bash Fritz Hollings [goatse.cx] for the other legislative idiocy [slashdot.org] he's been trying to pass.

      Note: Do yourself a favor and don't actually click on the Fritz Hollings link.
  • by ProfMoriarty (518631) on Friday April 19, 2002 @12:04PM (#3373991) Journal
    "Privacy fears are stifling the development and expansion of the Internet as an engine of economic growth," Hollings, chairman of the Senate Commerce Committee, said in a statement.

    Replace the Privacy with Piracy, and you get the former CPDBODJTO (you know what I mean). Hey, at least a lot of his sound bites are already written.

    When this bill actually comes out, we'll have to make sure there are NO RIDERS on it. This would be a perfect opportunity to do so, since this proposed legislation has a chance to pass.

  • by Ctrl-Z (28806) <timNO@SPAMtimcoleman.com> on Friday April 19, 2002 @12:04PM (#3373994) Homepage Journal

    I must say that I'm impressed that Senator Hollings would propose this bill, but I believe he is accurate when he says "Privacy fears are stifling the development and expansion of the Internet as an engine of economic growth."

    My concern with this bill is who will actually enforce it if it becomes law? It's nice to have theoretical privacy, but will it really work in practice? And if it turns out to be enforceable, what stops the disreputable businesses from relocating outside of the US?
    • I must say that I'm impressed that Senator Hollings would propose this bill, but I believe he is accurate when he says "Privacy fears are stifling the development and expansion of the Internet as an engine of economic growth."

      So? It's not the governments job to make sure that everything that we invent is useful as an engine of economic growth.


      Kevin

      • But you have to agree that it is in the government's interests to promote economic growth. In general, a stronger economy is better for everyone.

        If this would actually work as Senator Hollings claims -- which is dubious at best -- then it would be a win/win situation, right? Government wins because it strengthens the economy, and consumers win because more of their privacy is protected.

        I claim that the effects of such a bill, if passed into law, would be minor at best. The world already has enough ineffectual laws already.
  • by lkaos (187507) <anthony@NOsPam.codemonkey.ws> on Friday April 19, 2002 @12:07PM (#3374012) Homepage Journal
    Listen, if Hollings is sponsering this bill because he wants to "make-up" with the tech-community, then the worst thing the tech-community can do is continue to boycott him.

    Make the message clear, that the community will support good bill but go ape-shit crazy on bad ones. If he gets a bad reaction still, he's just going to write off the tech community as a special interest group that he has no chance of winning over. In that case, he'll say screw you to all of us and just go on taking blood money from disney.

    Don't make it personal, it's simply politics. We just have to play the game.
    • Do hold a grudge!!! (Score:4, Interesting)

      by Evro (18923) <evandhoffman&gmail,com> on Friday April 19, 2002 @12:29PM (#3374162) Homepage Journal
      Then when he gets all the techies to support this bill, he'll attach the SSSCA/CDBITPA as a rider. Then what? Gonna do a 180?

      I find it suspicious that after such a pro-corporation bill, he's proposing a pro-consumer one. Either he has a bizarre set of values or he's trying to gain favor for some reason. Either way, I think his past track record should speak for itself. There are other privacy bills; perhaps Mr. Rick Boucher will propose one that's worthy. He seems to be the only congressperson with any sense of technology/privacy issues at all.
    • by anthony_dipierro (543308) on Friday April 19, 2002 @12:42PM (#3374247) Journal

      Listen, if Hollings is sponsering this bill because he wants to "make-up" with the tech-community, then the worst thing the tech-community can do is continue to boycott him.

      If he wants to make up with me he needs to denounce the SSSCA as blatently unconstitutional and vow to never sponsor a bill remotely like it again. Then he'll graduate into my "I won't vote for you but I won't do everything in my power to stop you" category.

      Don't make it personal, it's simply politics. We just have to play the game.

      And the rules of the game say that once you sponsor nonsense like the SSSCA you're ejected. And you can't get back in no matter how much you apologize. It's too late. You lose. If you want a place in politics, apologize for your misdeeds and go work for someone else's campaign. If you apologize I'll consider voting for someone you support.

      • That's pretty harsh, dude. You really don't understand politics, do you? Every long-term Congressman has, at one time or another, proposed a bill that was bad. That's why bills go through a review process and a vote before being made into law. And that's only for the few bills that actually get that for - the overwhelming majority of ideas never make it to bills, let alone laws. The debate and decision process is vital to our country, and so you can't begrude anyone for using it. He certainly shouldn't apologize for doing his job. And yes, listening to other people and proposing bills to address a problem is his primary job.

        Hollings thought he had a good idea. He's not very knowledgeable about technology, just like you know little about politics. He has learned the hard way that the SSSCA and its kin are not good bills.

        If you don't allow people to learn from their mistakes, then they will continue to make them. If this privacy bill is a good one, then perhaps we can count Hollings as a future ally. History is FULL of individuals who made big mistakes, realized them, and then changed sides. Perhaps Hollings will be the next example.

    • Listen, if Hollings is sponsering this bill because he wants to "make-up" with the tech-community, then the worst thing the tech-community can do...

      is make up with him.

      Look, this bill or not, the fact is that he's still in the pocket of the MPAA, still supports awful legislation like the DMCA and CPDPTBPDAPDPDA or whatever it's called this week, and still is Not Our Friend.

      You can "make up" with someone who places the financial contributions from Disney on a higher level than his oath to uphold and defend the Constitution if you want to. I'm going to continue to feel that I'd be perfectly happy if he got run over by a bus.
    • There's more than one way to hold a grudge...

      I will make it clear to my representatives that I support legislation like this that protects my privacy. If Hollings' bill reaches a vote, I hope it passes.

      But come the next election in which Hollings is running, you can better believe I'll be giving money to his opponent.
    • by DGolden (17848) on Friday April 19, 2002 @02:26PM (#3375004) Homepage Journal
      Note: I'm not in the US, but US decisions have a way of being passed off as law in the EU... so this still concernes me.

      I'm a techie, AND I DON'T WANT "PRIVACY". I want _balance_. If someone has information about me, I want access to information on them. I DON'T want the RIAA/whoever to be able to make any deals with ANYONE behind closed doors.

      Total Societal Transparency.

      Let _everyone_ know everything, if they want to. If a corporation has data on its customers, then the corporation should not be allowed any meetings behind closed doors.

      Extreme example for illustrative purposes: surveillance cameras everwhere. Oh no! people cry... BUT: make the network Public Access, so that anyone, not just a privileged few, can tap in and keep an eye on what people are doing - and don't forget, other people will be able to see you watching, so don't be a perv.... i.e. it's a self-correcting way to run a society.

      See David Brin's book, "The Transparent Society: Will Technology for us to choose Between Freedom And Privacy?".

      Chapter one is available on-line here [kithrup.com] - I suggest all Techies read it rather than believing Privacy is necessarily a good thing.

      If the choice becomes "Privacy or Freedom", I'm for Freedom.

      How far would the RIAA or the WTO get if every person on earth was potentially privy to every bit of their meetings? All they usually currently give out is what they say happened, after the fact...

      Privacy is what gives them their political edge. We should be fighting to destroy privacy, not uphold it.

      And to be fair, we shouldn't want to hold onto our own privacy either. Paraphrasing Brin: "People always want privacy for themselves and accountability from other people - some people, even quite well-meaning and intelligent people [me: EFF?], do not see that their own position is illogical, asking for greater openness from others, and privacy for themselves"

      Maybe Hollings has cottoned on to that, and is chucking away at the naive techies right now...

  • by Uruk (4907) on Friday April 19, 2002 @12:07PM (#3374013)
    and opt-out agreements when selling non-sensitive (buying habits

    Since when are buying habits not sensitive? What if you're buying cream at the pharmacy for your genital warts? What if you're buying a particular product for your spouse, or for a friend? What if you're ordering porno over the net? (They don't ship it in brown paper covers to your house because nobody cares whether anyone else sees it or not) What if you're buying a drug for a medical condition that you'd rather nobody knew about? Sure, Mr. Jones, we don't have access to your medical records, but we see you've been buying AZT, and various magazines and books written by people infected with HIV as support tools. Hmmm.....

    Sexual preference, medical history, and lots of other things are tied to what you buy. I don't see how they can say that buying habits aren't sensitive.

  • by irony nazi (197301) on Friday April 19, 2002 @12:07PM (#3374015)
    Hmmm. Let's see if the irony nazi can understand this...

    Sensitive private characteristics:
    Sexual Preference: Heterosexual
    Medical History: Pretty healthy, alcoholism runs in family.
    Crinimal record: One speeding ticket, not much else.

    Yeah, those are pretty private

    Non-sensitive private information:
    Buying habits: Alcohol, Straight Pr0n, exercise stuff & vitamins, no medicine
    Web browsing habits: /., weightlifting websites, finance, and geeky websites. straight pr0n.

    Whoa. My non-sensitive information is extremely suggestive of my sensitive information, wouldn't you think? What gives? Is it more complicated to make all privacy information opt-in? It seems like it would be less complicated to the irony nazi.

    • I think the definitions should be more like this.

      A) Personal/Private:
      Name: Joe Black
      Address: 1154 Knights Rd. Okc, OK 73127
      Phone: (405) 721-5262
      Purchases: Prilosec 12/21/2001,1/22/2002,2/19/2002
      BoobWatch 4 11/26/2000
      Blue-Gray Polo Shirt 5/1/2001
      CreditCards:Visa $400 limit, MC $1000 limit, Discover $0 limit
      DOB: 08/17/1954
      Income: 52,697

      B) Demographic Information:
      Region: Midwest
      Sex: Male
      ZIP: 73127
      Purchasing habbits: Heartburn aids, adult entertainment videos, clothing
      Credit Cards: Yes
      Income: H (45,000-55,000)
      Age: D (45-54)

      Record A is PRIVATE and PERSONAL information that noone really needs. Record B is demographic information that cannot specifically identify a single individual and may in fact match with several individuals in a database. Record A is the property of the PERSON in question noone should have the ability to do anything with that information unless is relates directly to the request of the person mentioned. Record B is generalized enough that it doesn't identify a single person accurately enough to expose that persons personal and private life.

      Now someone with a supercomputer and a big database might be able to purchase all the little tidbits of information from every little company and assemble everything that matches and narrow down the field to identify someone specific, very small likelihood. Assuming that that is a concern we could simply request a law that states companies can only sell "blocks" of demographic data i.e. "45,000 people between the age of 27-50 like SmurFit WidgetX". While the original company that you did business with would retain some information about your purchasing habbits they would only be allowed to use them to help you with current or new purchases that you request. The rest of the information they sold would have to be in a much more generalized format.
  • Could there be a connection?
  • This law injects the government into internet technology through detailed definitions of privacy, sensitive vs non sensitive, etc. much like the DMCA (whatever it's called now) injects government into internet technology and definition of digital rights. Once the government gets into the habit of regulating, it won't stop. You might like government mandated privacy, now. But what happens when government changes the definition of "sensitive information", probably due to lobbying pressure.

    Both these laws create a power axis between congress and lobbyists that leaves out the people in general and technologists in particular. Oppose all these laws.
  • 10 LET Di$ = "Walt Dis"

    Sen. Hollings (D-Di$ney) writes a bill called SSSCA. Technology industry hates it. EFF sounds an alert.

    Hollings clarifies SSSCA, renames it CBDTPA, and introduces it in committee. It explicitly prohibits interference with fair use. But the technology industry still hates it. EFF sounds an alert. Some Slashdot readers claim that Hollings renamed it to cause confusion. They begin to refer to Hollings's policeware bills as "The Hollings Bill".

    Hollings introduces a new bill that Slashdot readers may like better. EFF likes it. But now the term "Hollings Bill" has become ambiguous, making it harder to talk about future versions of what is now called the CBDTPA.

    Or is this new bill part of the CBDTPA family? As Dimensio suggested [slashdot.org], does Hollings intend to add the CBDTPA as a rider to this bill?

  • You have a bill you can't get considered by a certain committee, because the chairman is blocking it. You find some related issue that the chairman *won't* block. You introduce a bill for that issue. Later, as the author of the original bill, you may be able to have most or all of the original (blocked) bill added to the bill as an amendment.

    --Dave Rickey

  • In Whose Hands? (Score:4, Insightful)

    by White Roses (211207) on Friday April 19, 2002 @12:11PM (#3374047)
    It seems to me, more and more, that privacy must be taken, and not granted. So our government wants to protect our privacy? And yet they've foisted Carnivore on us? Well, there's some more of my tax dollars cancelling each other out.

    It all comes down to whom do you trust with your private information, and what information you yourself deem to be private.

    Individuals are going to have to decide this for themselves. Trusting the government or advertising drones or Microsoft to keep your information private implies rather a lot of trust. Have you met these people? Told them about that time in 4th grade where you experimented with the chronic? Who knows stuff like that? Your closest companions at best.

    Privacy must be individually taken, kept and defended. It's not a gift to be handed down from on high. Each person must learn to defend their privacy on their own, and determine just what they consider private.

    Hate spam? Find a way to fight it, and keep your e-mail to yourself (or at worst, make up a free one). Don't believe the registration cards. Use a fake name on your phone number, or keep it unlisted. Give no one your SSN unless they can provide proof of needing it. Make sure you know what constitutes real proof. Never say hello twice when answering your phone. Turn off cookies. Set up trusted host lists.

    It's hard, yes. Joe Public won't know how to do it. OTOH, Joe Public may not care, or may not spend 10 hours a day cruising the net, or may never buy anything from anyone online.

    Know the risks, take pains to minimize them, and stay vigilant. It's the only real way to keep your privacy.

  • He's already pissed the hell out of the tech community. Now he's pissing the hell out of just about any company that does business online. lol.

    I hope he gets himself lynched (in an electoral sense).
  • by ip_vjl (410654) on Friday April 19, 2002 @12:15PM (#3374076) Homepage
    Wondering why Hollings would support this?

    Think about it. Having valid concerns about privacy is one of the things that still gives the consumer ammunition in the argument for keeping anonymity on the web.

    If you can break down the arguments for anonymity, you can slowly start to introduce laws that may eventually eliminate the ability to transact anonymously over the web.

    If everything you do is traceable back to you ... how much easier is it to enforce anti-piracy legislation.


  • Note that this bill only deals with specific instances of information usage. The business world is noticing a backlash against dot-con marketing techniques and needs some kind of legislation to keep them safe from a wholesale opt-in system (or other customer-dominant scheme). By building fences around areas where business people will be able to do whatever they want *by law*, Hollings is proposing that there be areas from which we can never regain personal privacy. You know how Congress works: you can't move that fence afterwards, and anything that isn't fenced is subject to usage-by-loophole.

    If people are truly concerned with privacy, there needs to be a bill that draws a line between personal and impersonal information. This way, everybody knows how and which of their activities are subject to commercial exploitation, regardless of whether the information is gleaned from a web activity, a store activity, signing a petition, registering a domain, etc. This bill just says that some small subset of information retrieved from *net* activities is off-limits. Big whoop.

    The prevailing attitude is that businesses can do practically whatever they want in the pursuit of profits, and this bill does nothing to rein them in. It just gives them official license.
  • Sorry Senator Disney (Score:2, Interesting)

    by PoiBoy (525770)
    There are many different internet privacy bills floating around Washington. Therefore, I see no reason to support Hollings' bill.

    Given his well-known legislative agenda "protecting" large media companies, can any of us really trust him. I wouldn't be surprised if there is some hidden agenda in his bill that will further help Disney et. al.

  • by PolyDwarf (156355) on Friday April 19, 2002 @12:17PM (#3374091)
    From the article...

    "Privacy fears are stifling the development and expansion of the Internet as an engine of economic growth," Hollings, chairman of the Senate Commerce Committee, said in a statement.

    Gee... I thought it was lack of strong encryption on every single digital device known to man or beast that was stifling the development and expansion of the Internet?
  • My Privacy Desires (Score:4, Insightful)

    by Trekologer (86619) <adb@trekologer . n et> on Friday April 19, 2002 @12:18PM (#3374096) Homepage
    I agree with the spirit of Hollings' proposed bill (and it pains me to say that). However, my "ideal" online privacy law would be:

    1. Companies are forbidden to share/sell/reveal, intentionally or not, any information that a consumer gives to the company or authorizes the company to obtain unless expressly authorized by the consumer. So, anything that you give the company can not be shared with anyone else unless you give them permission to do so.

    2. Companies are forbidden to share/sell/reveal, intentionally or not, any information created through consumers' transactions with the company that can be associated with a partifular consumer unless expressly authorized by the consumer. In other words, Company X can tell a marketing company that Y consumers purchased Product Z. They can NOT say that Consumer A purchased Product Z unless Consumer A authorizes it. If the company creates the data, they can use it, but can only associate the data with particular consumers with permission.

    3. Any permission given for a company to use your data must be an informed decision. The company must provide to the consumer who they will share the data with (specific comapnies), what data will be shared, what the receiving company will do with the data, and what the company will get for sharing the data. This information must be provided to the consumer before she agrees to give permission, not something that can get received "on request" later after agreeing.

    4. Companies that violate these three premises will be fined by the government and there will be a procedure set in place for consumers to collect damages.

    Hopefully, this would prevent companies from playing fast and loose with your information and force them to make sure that their systems are secure (note the "intentionally or not" would cause the company to violate this "law" if some third party, such as a cracker, gets the data).

    Self-regulation doesn't work. There will always be someone who will violate the "regulations" that the industry comes up with. The only solution is a legislative solution.
  • I'm Psychic (Score:5, Interesting)

    by 4of12 (97621) on Friday April 19, 2002 @12:21PM (#3374115) Homepage Journal

    Holling's move makes more sense than you realize.

    I commented several months ago about this but couldn't find it using the search engine, so I'll just repeat, roughly, what I said earlier.

    Privacy advocates and advocates of Content Use Restriction (DRM) have a shared goal.

    You, the liberty loving individual, don't want big bad governments and corporations using data about you without your permission. You want control over that data.

    Purveyors of digitized content don't want tiny bad people "pirates" using their data without their permission. They want control over that data.

    A rock-solid data tagging and protection system, (you know, the impractical kind) would provide a means to meet not only the needs of individuals seeking ownership and protection of their own data from duplication, but would simultaneously provide similar technology to media distributors seeking ownershop and protection of their data from duplication.

    When I first realized this I was kind of taken aback, because, like many here, I've always place a higher value on the protection of my data than on the protection of someone else's data. That same disconnect will continue to confuse many advocates on both sides of the issue.

    My own view is pragmatic: if it were easily possible to protect data this way, fine. But it's not. Once it's out there, it's beyond your control, just as for millenia, your spoken and written words have been able to disseminate beyond your control.

      • Privacy advocates and advocates of Content Use Restriction (DRM) have a shared goal.

      Well said. That's why I already use a private encryption scheme to protect any personal data that idiotic companies oblige me to provide. I think of a number, multiply by the day of the week, divide by my current age... and then I type a bunch of random crap.

      Seems to be working fine so far. If anyone does try and reverse engineer my scheme, the trusty DMCA will come to my rescue.

    • Re:I'm Psychic (Score:3, Insightful)

      by Hard_Code (49548)
      "You, the liberty loving individual, don't want big bad governments and corporations using data about you without your permission. You want control over that data.


      Purveyors of digitized content don't want tiny bad people "pirates" using their data without their permission. They want control over that data."
      Uh, except that we as consumers are not actively in the business of selling our data while the media industry is.

      I don't see any similarity here. The media industry wants to control information even after they have sold it, whereas as a consumer I don't even want to give out this information in the first place.

      Besides, I see a distinct qualitative difference between salable works of art/literature/content, and personal, non-artistic demographic data. Now if I created a piece of art based on my personal demographic data, and sold it, and then wanted to control how people used it, I would probably be in the same position as the media industry.
  • When you look at this bill and the DRM bill he's proposed, on thing is clear: this bill is the legislative equivalent of getting a big kiss on the lips right before you take it up the bum.
  • I have a solution... (Score:3, Interesting)

    by Lumpy (12016) on Friday April 19, 2002 @12:27PM (#3374149) Homepage
    OPT in on everything is required and a federal fine of $1000.00 per incident of releasing the unauthorized information and every use of it thereafter.

    I can hear the marketing dweebs already... "OMG you'll destroy marketing, and all bssnisses, the world will spiral into oblivion if we dont know you buy generic toiler paper every other thursday with your debit card!"

    again I say.... Bullcrap.. the world will continue, we will still see commercials, and things will continue EXCEPT they have to actually ask for the information now... it's like businesses are allowed to not have manners...
  • by Anonymous Coward on Friday April 19, 2002 @12:30PM (#3374168)
    I don't see how the "selling" of medical information is legal at all. I worked for a company who made software for the health care industry, and there's some serious laws regarding protection of medical information. Both parties sending and receiving any information must have written signed guarentees that the information will be kept private. This act is the Health Care Protection and Acountability Act (HIPAA).
    A simple opt-in (ala Yahoo! i'm asuming here) wouldn't abide by the laws set forth in HIPAA.

    I'm surprised Hollins even brings medical information to the Internet. Most medical facilities I worked with had stricit protocols or strict seperation regarding sensitive data and the Internet. If any information was sent at all, it was either via FAX, hardcopy, or on a secure connection (via CarbonCopy, or similar program).

    The only people who need my medical information are my health care providers.
    • Minor nitpick: HIPAA stands for Health Insurance Portability and Accountability Act.

      I agree that medical data should be completely off-limits to any opt-in or opt-out sharing. Anyone who needs medical information should be required to have the patient's signature on a release before they can obtain it.

      Working for an HMO, I can assure you that no medical data goes across the Internet unencrypted from our offices. We take our members' privacy very seriously, as should any organization involved in healthcare.
    • by geekoid (135745) <dadinportland AT yahoo DOT com> on Friday April 19, 2002 @01:54PM (#3374787) Homepage Journal
      "The only people who need my medical information are my health care providers."

      or a loved one who wants to know why you died on the table.

      The fact that he put Medical information in the bill tells me he wants to "scare" people into thinking its need so he can get this bill passed for some reason.
  • he will take this pivacy bill, tone down the cbtp-blah, smuch them together and call it the "Internet economic relief and proliferation act" (IERPA)

    since that seems to be a common theme in his bills.
  • Trojan Horse (Score:4, Informative)

    by rlp (11898) on Friday April 19, 2002 @12:32PM (#3374186)
    Just wait for it to get out of committee and have Hollings tack on an amendment that looks amazingly like the CBDTPA. Senator Leahy killed the CBDTPA by refusing to let it out of committee. Hollings could have had a change of heart, and suddenly become interested in individual privacy rights - but I wouldn't bet that way.
    • You are correct, sir (Score:3, Interesting)

      by dcavanaugh (248349)
      Given his track record, I have to assume Holling's latest initiative is merely a smokescreen for CBDTPA/SSSCA. I can't wait to see the Disney ammendments.
  • Senatorial chessgame (Score:3, Informative)

    by peacefinder (469349) <alan.dewitt@SLAC ... com minus distro> on Friday April 19, 2002 @12:34PM (#3374195) Journal
    Remember that the US Senate is one of the great bastions of political gamesmanship.

    It's probably a safe bet that Hollings hasn't suddenly switched his basic pro-media position. If that's so, then this bill may well be a maneuver to counteract someone else's bill.

    For instance, in the recent campaign finance reform debates, the opponents of CFR floated a *better* bill, that they knew would not pass, as a way to divide the support for a CFR bill that might pass. This could well be a similar maneuver.

    Pay close attention to the men behind the curtains. :)
  • The incredible state of almost is where this comes from. I suppose some compromise will have to happen, but in an ideal world, to me, things would opt-in, and any change would be required to be very explicit and specific. That is, if one opts into Company A for XYZ, even Company A can't bug one about JKL as that was not opted into.

    I'm not entirely sure I want law for privacy, as omissions in it might be seen as an invitation to do questionable things. But then having no law seems to be doing the same.

    Perhaps a law of reciprocity? If someone want information about me, first they must supply me with the equivalent about them. For any limit they want on what I do with that, I get to put a limit on what they do with my information - and it need not be the same limit (since I'm not doing what they are, most likely). Dream world? Yep, alas.
  • I understand that this senator is trying everything he can to please his employer (obviously not the US gov't), but he also doesn't seem to remember how he got there; on the vote of the people.... I will admit, he is scurrying around, getting his name noticed, but it isn't necessarily a positive thing to have your name popping up on a weekly basis because your employer (Disney) yanked your string....
  • Is it any coincidence that Hollings is the spokesman for all of these bills that are harmful to consumers, but loved by Hollywood? Quite simply, no one in South Carolina cares. I live in South Carolina and I haven't heard any media converage about this.

    Hollings is the spokesman for this because he won't take any heat from his constituants. As long as he brings the pork back to Charleston, he'll keep getting re-elected. (Let's face it, getting re-elected to the Senate in South Carolina isn't that difficult.) South Carolina is perhaps the least techonologically savvy states in the country (#1 in percentage of population living in mobile homes, #1 in rates of STD infection, #51 in SAT scores.) People here are too concerned with the damn Confederate flag to notice.

    My point is that Disney has lots of other Senators in their pocket. It's just that only Hollings can be so blatant about it.

  • by happyclam (564118) on Friday April 19, 2002 @12:42PM (#3374248)

    The real problem with privacy legislation is that the law needs to define clearly something that is very context-sensitive and subjective.

    More amusing and insightful than informative, NPR's David Weinberger a week or so ago ran this commentary [npr.org] about how as a digital society we are losing the subtle art of determining the context of information.

    In case the link gets /.ed, the fundamental points are these:

    • The privacy of pretty much all information is context-sensitive.
    • We use body language, visual and voice cues to indicate whether people should pursue certain lines of questioning or not, or whether something they overheard should be considered private, whether it was said in a public place or not.
    • Digital communication eliminates these subtle "real world" variables, so it's much more difficult to define what is private and what is not.
    • As a result, as a society we are beginning to consider all information as public if it happens to be voiced, photographed, etc. anywhere, any time. (Remember the email from the British girl whose celebrated quote, "yours was yum," became international news fodder?)

    How do we handle this as a society? How should I know? I had hoped we had elected people smarter than I to figure it out, but after seeing Enron and now Hollings, I'm beginning to despair of that notion...

  • It doesn't really matter if I need to opt-in. The day after the Bill is signed into Law, Lawyers will add the following line to the click-through licenses on their spyware products. "I here by grant full access to all personal data...."
  • I imagine the motivation behind this is so that the bill can later be amended to include CBPTDA provisions. By doing so, if they fail to pass the legislations he and those that support him can reign fire down on the opposition by saying they are anti-privacy. It is cases like this that make a line-item veto authority for the president very attractive.
  • "The U.S. Chamber of Commerce, however, disagreed....saying it would hinder online commerce and would open a plethora of class-action lawsuits."

    I must say, I really despise this argument. Doing the right thing, even with regards to law, should not be put on the backburner simply because it's regarded as "too much trouble."

    The fact of the matter is, would you really be upset if every spammer on the web was hit with multiple class-action suits? Do you really think the economy would be harmed if I got a little less pr0n in my inbox every day?

    Didn't think so.
    • The fact of the matter is, would you really be upset if every spammer on the web was hit with multiple class-action suits?

      That's not their concern.

      The real concern is that some company such as eBay or Microsoft or Sun or anyone (Disney even!), has a ton of money through legitimate business that never infringed on anyone's privacy. What's to stop a lawyer from filing class-action lawsuits against that company charging vague privacy infringements? The company, having oodles of money, will settle rather than go to court. The lawyers make out like bandits while all the company's customers get $0.09 each.

      Don't believe it will happen? Happens all the time with shareholder lawsuits. There are law firms that specialize in watching for sharp stock value drops and filing class-action lawsuits on behalf of the shareholders.

      • Don't believe it will happen? Happens all the time with shareholder lawsuits. There are law firms that specialize in watching for sharp stock value drops and filing class-action lawsuits on behalf of the shareholders.

        There are some of us who call this "compeuppance" or an example of "you reap what you sow." I think it is appropriately ironic that corporations - legal entities created and defended by lawyers - are plagued by fleas shed from the big dogs the corps have been breeding all these years. I say "Let them scratch."
        • Yes, but when you win $0.14 cents from a class action suit (which I never signed on to) against your medical insurer for overpayments of premiums, and then your premium goes up a crapload, you begin to understand that it hurts consumers and the employees of many campanies.
  • by jbf (30261) on Friday April 19, 2002 @12:46PM (#3374274)
    I hate having my data sold/being spammed as much as the next guy, but I wonder if banning this won't have the same effect as banning crypto export: they'll just develop and do it outside our borders. Then even federal law has no jurisdiction to stop them. For example, large US based web service provider could set up a shell company in the Bahamas which runs its website, collects all the marketable data, and sells it...

    The problem with laws on the Internet is that they're not of a larger scale than just a nation, so the only way to deal with privacy violations, spam, etc. is: 1) on a global basis or 2) a technical solution or 3) to have people not be stupid and give out sensitive information. Since (2) doesn't apply, and (1)'s not going to happen any time in the near future, (3) is the only way to go?
    • Many other countries already have much stronger privacy laws. There have been serious frictions between the EU and the US because the EU was trying to impose EU privacy guidelines for US companies doing business in Europe.

      Do you believe in death after life?

  • by anthony_dipierro (543308) on Friday April 19, 2002 @12:51PM (#3374311) Journal
    From the LA Times article [latimes.com] (google, you continue to impress):
    Two years ago, Hollings sponsored a bill that would have required Web sites to get permission before collecting or disclosing personal information, a process known as opt-in.
    This bill has nothing to do with Hollings trying to get on the good side of techies. He appears to sincerely hold these beliefs. That said, this bill probably has as much respect for the tenth ammendment as the SSSCA. I haven't seen the details, so I can't say for sure.
  • How's this for a cynical hypothesis?

    Disney doesn't care about the stuff that will be "sensitive." They would like to trade in the stuff that will be "non-sensitive." Opt-out doesn't hurt them too much, because few enough people will exercise it; but opt-in would damage their interests a lot. By passing a law that makes that stuff opt-out, they take the steam out of any future efforts to make it opt-in: "We don't need any more laws, marketing information is already regulated enough!"
  • by sterno (16320) on Friday April 19, 2002 @12:55PM (#3374340) Homepage
    I run a website that uses slashchode. Now, this asks for certain bits of information. I don't have any intention of doing anything with this information and I'm not any sort of commercial entity. Am I to be held to the same standards about opt-in and opt-out agreements?
  • An older version (Score:3, Informative)

    by anthony_dipierro (543308) on Friday April 19, 2002 @12:58PM (#3374360) Journal
    Here is an older version of a similar bill [loc.gov] which was sponsored by Hollings in 2000.
  • what's behind it? (Score:3, Interesting)

    by proclus (33875) on Friday April 19, 2002 @12:59PM (#3374370) Homepage Journal
    Is anyone else worried that upcoming privacy
    legislation will fix things so that only wealthy corporations can
    "trade" personal information?


    Regards,
    proclus

  • Either/Or? (Score:3, Interesting)

    by lousyd (459028) on Friday April 19, 2002 @01:04PM (#3374411)
    Good Bill? Bad Bill?

    No bill, please. Like all bills, somebody has to pay, and it should be neither you *nor* me.

    I don't want companies to use my information without my permission, and I want to be able to give my permission. Hollings' mistake is in thinking that it's his right to tell business owners how they're going to run their business, and telling me, in effect, what business practices I'm allowed to deal with.

    Get off my back!

    • Yes! Less regulation is better. *Hopefully* consumers will eventually be smart enough to see that they shouldn't deal with companies who abuse their personal information. Of course, if you end up having a lot of big corps abusing information like this, then I think there should be at least a "right to know" type of law where they are forced to make it clean and obvious what they are going to do with any information you provide them. If they lie, they pay big time.
  • Opt-out vs opt-in (Score:3, Insightful)

    by smack_attack (171144) on Friday April 19, 2002 @01:08PM (#3374445) Homepage
    This is a very simple debate if you look at the type of data being collected. A vocal majority of web users know that a good deal of information about them is tracked every time they go to a website or their favorite porn site. Most are content with allowing this information to be tracked as well as long as it is under the premise of being anonymous. When a site tries to tie in personal information, that is where the line needs to be drawn and opt-in needs to be specifically required (without questionable tactics such as pre-checking boxes allowing the user to be mailed by 3rd-parties).

    People are willing to give up a lot of information about themselves when you promise that the data will be anonymous or in aggregate format, and for the most part, companies have no problem with this. The ire of the masses is resounding when companies don't use this information in the manner intended or attempt to use it to create marketing profiles per user. I don't mind buying things, but I also do not want "HOT!!! DEALS!" crammed in my inbox and down my throat.

    So to Senator Hollings, I ask that instead of laying more restrictions on companies that will either get blown off or result in a plethora of legalese every time you sign up for a mailing list, he should focus more on making sure that his proposal is simple and understandable by both parties (COPA is a good example of how ALL personal data should be handled).
  • It isn't exactly hidden.
    1. Have law giving companies too much data control blocked
    2. Create law that protects privacy
    3. Use to law to mark data as ownable and prosecutable
    4. Acknowledge law 'did not do enough'
    5. Toughen law, adding companies in to protect their data
    6. Companies prosecute for sharing their 'private' data, such as music, movies....
  • Observation (Score:5, Insightful)

    by AntiNorm (155641) on Friday April 19, 2002 @01:20PM (#3374539)
    ZDnet is reporting he is proposing a bill for 'net privacy' requiring opt-in agreements when companies want to sell 'sensitive' information (medical history, sexual preference, etc.) and opt-out agreements when selling non-sensitive (buying habits

    An interesting observation I just made:

    When the data belongs to the consumer, Hollings (D-Disney) wants the data to be copyable. He'd be committing political suicide to not ask for at least some restrictions, so he introduces bills like this. As for the 'non-sensitive' opt-out data, I don't consider opt-out to be a restriction at all. I'll still get the spam, and (especially seeing how email spammers work) it's not exactly easy to trust anybody to honor opt-out requests.

    BUT...when the data belongs to a corporation, he doesn't want it to be copyable at all. Witness the DMCA and the SSSCA/CBDTPA.

    Now. Try and tell me he isn't biased against consumers and towards corporations.
  • why do we need laws to tell us what information is too sensitive and what isn't?

    you know what? if you get asked about your religion and it offends you... DON"T ANSWER.

    if you know of a site that tracks you and you don't want them to sell that information... DON'T SHOP THERE.

    and you know what? maybe, just maybe, the free market will regulate itself when people stop shopping at intrusive vendors.

    this is _not_ government's job. this bill will not stop spam. most legit companies already have well defined privacy policies on their websites so you know what you're getting yourself into.

    all in all, this bill accomplishes actively nothing, and yes it is nothing more than a front to appease opponents of his other bills...
  • by mcwop (31034) on Friday April 19, 2002 @01:36PM (#3374641) Homepage
    Will he just attach his stupid new copyright bill to this privacy bill in the dead of night?
  • by Quebec (35169)
    Let's design a standart form (much like
    the nutritional values on food packages)
    that easily point out all main privacy,
    copyrights and license fees issues
    almost on a blink of an eye.
    All EULAs without the standart form would be
    invalids

    Whadayatink?
  • Quoth the Chamber of Commerce, "This proposal is nothing more than a solution in search of a problem."

    Actually, it's closer to the truth to say that the CoC and the DMA are problems desperately seeking to evade a solution.

    There is a serious imbalance here in intellectual property right. Media and software companies impose draconian licenses to prohibit even common-sense personal uses of data we pay for, drug companies claim proprietary rights over genes found in nature and research paid for with tax money, the executive branch of the government routinely invokes some vague executive privilege to keep secret evidence of wrongdoing on the grounds that it might impede future wrongdoing -- and then these turkeys want to turn around and say that we, as customers and citizens, have no right to control our own personal data?

    This isn't just unfair, it's a scam. Moreover, there is already legal precedent to cite in defense of individual control over one's personal information. If Big Flipping Corporation wanted to use my photograph to market their products, they would not legally be able to do so without my consent (and, trust me, some serious royalty payments). And that's just my picture, which is not really integrally me in a more than superficial sense. But then, we are told that Big Flipping Corporation can use my gender, race, religious and political beliefs, and a list of my purchases at Amazon.com to market their (and others') products without my permission? Um, not to put too fine a point on it, but bullshit.

    The really disturbing thing here is the level of arrogance involved. Yes, of course I realize that "customer service" is just a noise that comes out of the colons of marketing people, but there's some truth to the idea. In a free market (or what passes for one), it is not my privilege to purchase goods and services from a company -- it is their privilege. It would be refreshing if these corporate titans, full of their own Reagan-era hogwash, would clue into the fact that making money is morally neutral of itself, and does not entitle them to special privileges or to erode the foundations of personal privacy and liberty in the name of "creating jobs" or "fueling the economy" or whatever they're calling the accumulation of shareholder wealth these days.

    I submit to them that if I want companies to stop calling me, stop sending me spam, and, for that matter, stop sending me paper junk mail, and definitely to stop using my personal information -- in short, if I demand that they stop harrassing me -- I have a right to force their compliance, and bigod, for once, Senator Disney has my support on something even if it doesn't go nearly far enough.

"Floggings will continue until morale improves." -- anonymous flyer being distributed at Exxon USA

Working...