FTC Asks To Regulate Privacy; Doubleclick Hires PR Team 178
It is important to keep in mind what this is being billed as: Doubleclick calls this, in their press release, a "Consumer Privacy Advocacy Board." Supposedly this board is set up to, you know, advocate consumer privacy. So, let's take a look at its composition.
Robert Abrams, former attorney general of New York: hired because of his connections in New York State, which threatened to file suit against Doubleclick. His role will be to lobby his buddies in various government agencies to prevent privacy lawsuits.
Robert Litan, vice president and director of economic studies at the Brookings Institution: supports "opt-out" marketing and notification of privacy policies, as opposed to actual privacy. (Which is exactly Doubleclick's position, of course.)
Harriet Pearson, director of public affairs at International Business Machines Corp.: Pearson is one of the people behind the Online Privacy Alliance, a corporate front group working to attack privacy on the Internet. Pearson has moderated seminars on how to profile users without seeming to be Big Brother; her job is to make you feel good about not having any privacy. Every group needs a PR flack.
Lori Fena, chairman of Web privacy organization TrustE: Fena is an advertising executive by trade. And obviously, having her on board means that TrustE won't exactly be cracking down on any of Doubleclick's practices.
Daniel Weitzner, an executive at the World Wide Web Consortium: Weitzner's main job at W3C is promoting P3P, a protocol designed to automatically give out your name, address, phone number, credit card information, Social Security number, and other personal data to Web sites as you browse -- a sort of hyper-invasive universal cookie. Need I say more?
Elizabeth Lascoutx, a director and vice president at the Council of Better Business Bureaus: Lascoutx's work at the BBB used to center around children's advertising -- she sought to have commercial messages on children's Web sites set off from the rest of the content in the same manner as television advertising ("after these messages, we'll be right back").
David Stazer, vice president and co-founder of PlanetOut.com: I don't know of any qualifications Stazer might have with regard to privacy.
Stewart Baker, a partner at the law firm of Steptoe & Johnson: Baker used to be the general counsel of the National Security Agency, probably not the first people you'd think of when you think "privacy"; he's an influential Washington lobbyist now. Baker publicly attacked the efforts to boycott Intel and Microsoft over the Pentium-III processor ID and the GUID embedded in MSOffice documents -- he stated that if all machines on the Internet were authenticated and identified, things like denial of service attacks could be prevented (which is true enough, if you don't mind a total loss of privacy).
No one from EPIC? No one from the ACLU? You can draw your own conclusions about whether this "Consumer Privacy Protection Board" (sic) is intended to actually help Doubleclick change its ways, or whether it is merely intended to help protect the company from lawsuits and adverse governmental action, like, say, the FTC wanting the authority to force companies to respect privacy concerns.
Oh No, we're in for a tough round. (Score:1)
Get involved if you want to help curb these misguided efforts, I we and our peers do raise the volume, who will?
Wow, a blazing set of representatives for privacy. (Score:1)
For that matter, my wife is a member of several survey web sites: they (*gasp*) pay her to answer their questions, instead of trying to monitor her each and every move. Imagine that!
Anyway, I can see how well this board will protect our privacy online. I'm almost willing to say, 'Fine, let the government in.' Corporations are simply getting too big for their britches.
(Anyone else fear a ShadowRun future?
Save the world! (Score:1)
Thank you.
Govt regulation (=loopholes)will eliminate privacy (Score:2)
The 'net simply moves/changes too fast for legislators and their regulators.
The real solution to privacy is users--we must demand it. Most poeple don't, and haven't a clue of what privacy would bring them. It will take some really bad scares before John Q Public wakes up.
Is it that hard to block doubleclick's cookies? (Score:2)
I'd much rather deal with the problem myself, personally.
--
The Real Slim Shady (Score:2)
--
Have Exchange users? Want to run Linux? Can't afford OpenMail?
Corporations taking over... (Score:1)
Today a pan-european newschannel broadcast a story about how important "curbing cyberterrorism" (images of ILOVEYOU e-mails and the alleged author being arrested flashing by) is in the next few years, and how international legislation and collaboration is required to ensure trouble free commercial use of the net.
The recent G8 meeting also received a corporate brewed proposal/request for tightened net control. It's truly worrying when corporations start dictating international policies. Especially when privacy is an issue.
Formula for disater (Score:2)
A couple of thoughts. . .
1- If find it difficult to beleive that the legislators and psuedo board members really had balancing our rights as their number one focus suring the recent retreat to Leesburg. I think the focus was more than likely on balancing their drinks while on the 10th fairway. Nothing like spending our tax dollars on a little vacation. To me this is not a very good precident on the way to send a positive message that the hugely impacting pricacy policies are being managed over drinks and golf.
2- So now they are looking at "poorly thought out legislation". So in a remedy for that they are going to pass more, with input from folks such as former NSA officials, and we're supposed to support this and blindly go along beleiving that the results will really be in our best interest? Don't think so. This is a true formula for disaster as far as our privacy right go.
Re:Corporations taking over... (Score:1)
Regulation (Score:2)
-----------------------
What's wrong with P3P? (Score:4)
I'm not intimately familiar with the P3P spec. But according to the P3P guiding principles [w3.org] user agents are supposed to:
On the surface, at least, that looks pretty reasonable. It certainly doesn't sound like the description given above. What am I missing?
Re:Govt regulation (=loopholes)will eliminate priv (Score:1)
If you want your personal information to remain private, the DON'T GIVE IT OUT. DUH! What these people want is to have the benefits of whatever freebie some net entity is offering in exchange for their name, address, surfing habits etc...
What the hell are you afraid of anyway? A little more spam? Don't give a real email addy then. Afraid of junk mail? then don't give a real snail addy. Is this fradulent? Perhaps, but it is no more fradulent than a company which uses the information submitted by stupid net-surfers. What did you think they wanted the info for? Again, DUH!
Cookies, either disable them or do as I did and put a
If the FTC gets in the act they won't just be nice about it, it will become a federal crime to use any info gathered without the express written permission of the user or some such other mechanism which will only serve to raise the costs of doing business on the net. Along with regulation by the feds comes mandatory recordkeeping. An unintended consequence may very well be that data miners be required to submit all of their databases to the feds for verification of compliance with the law. Anyone thought of the loss of privacy from having your surfing habits perused by a government bureaucrat? A net marketer usually only wants to sell you something, a government bureaucrat usually wants to force something down somebodies throat.
FTC... NOT!
It is much easier to deal with a corporation which has it self interest at heart than it is to deal with a government which is hell bent on "helping."
Be careful what you wish for. You might get it.
Re:Privacy is a myth (Score:1)
Re:Govt regulation (=loopholes)will eliminate priv (Score:1)
Not only that, most of the current legislation is based upon telemarketing based laws which although similar in many respects are different and cannot be used as a base from which to port new laws. It's unfortunate but legislatures main background information for this area on which their decisions are made come from the telecom lobby which is notorious for bashing privacy.
Silly paranoia (Score:3)
I'm not going to make any comment on this "news", except to say DO YOUR OWN RESEARCH.
This commentary is so ridiculously biased and paranoid that unfortunately this article tells you almost nothing, except Michael has been watching too many "1984" movies.
I think it behooves everyone -- particularly the people who run Slashdot -- to remember that reasonable people can disagree even on matters of privacy. Sometimes these people don't even live in James-Bond-Villain style homes with albino cats, plotting how to take over the world. Good lord, sometimes they're even real people with real families!
And sometimes these people even have good points.
Knee-jerk -- dare I say immature? -- reactions like the kind that "michael" creates are NOT the way to influence policy.
--
Re:Govt regulation (=destroy everything) (Score:1)
its usurped power to do anything other than its
original intended purpose,(lay tarrifs on imports,
keep interstate commerce flowing smoothly,run
a post office and protect our BORDERS)it inevitably
screws up everything it touches beyond belief.
If the legislators were doing something other
than lining their pockets and filling the law with
UNCONSTITUTIONAL pork just to leave a legacy,they
wouldnt have to CARE how much faster the net was
than theirselves.
the real solution is privacy,WE MUST TAKE IT.
you can demand in one hand and pardon me;"shit"
in the other one and just see which one fills up
first.
You are correct,time to wake up and smell
the gasoline.
Dont expect privacy through profit motivation (Score:1)
...................
Re:Corporations taking over... (Score:1)
Soon we'll have a worldwide DMCA and those found in violation of it will be sent to "re-education camps", a concept so successfully employed by the Chinese.
European Privacy Laws (Score:4)
There must be a reason to collect data. This can have quite far reaching consequences. I.e. if an employer asks on an application about religion, sexual preferences or your dope smoking habits, this is verboten. Because this data is not relevant to the application
Data can't be past to third party without explicit consent of the err! victim. Some 235 page click through agreement with a well hidden check box is not considered explicit consent.
Every person has a right to get information what data is stored about her/him and has a right to correct wrong data.
Data may not be collected indiscrimnately
etc...
Fantastic! (Score:2)
Also, does anyone have a contact address for doublclick to protest this? I would really *like* to see company's self-regulate themselves, but if this is their idea of doing it then I hope national gov'ts regulate them to insane degrees.
Re:Govt regulation (=loopholes)will eliminate priv (Score:5)
I keep hearing this and similar comments over and over, but I don't understand it.
In what way has the Net changed so fundamentally that a privacy policy from 1990, or 1980 would be outdated today? The entire point of good lawmaking is to make a law general enough to be adaptable to new circumstantial details.
If, at the beginning of Compuserve in the 70s, Congress had a made a law saying:
"No one shall, without prior consent of the user, keep records of that user's activities on any electronic network, including personally identifiable information, except such that is necessary for technical or security reasons. This shall in no way limit the use of information provided by a user in any public forum such that a user would not reasonably expect such information to be considered private."
And there would be another paragraph explaining that people with existing/ongoing relationships can store and use such information as is necessary to maintain that relationship (commercial or not). And another one talking about how sharing information with third-parties is subject to other rules, and some final sections with definitions of terms used.
Making law is very much the same as making code -- if you do it high-level enough, you only have to change the details to make it work in entirely new situation.
More regulation from the FTC is not the answer, because clever people always find a loophole or a way around regulations.
So we shouldn't even try? People manage to get around the laws against murder on occassion, but we haven't seen fit to scrap them yet. At the beginning of the Civil Rights Era, the anti-discrimination laws were circumvented with dull regularity. Now you'd be hard-pressed to find a companies who won't do anything to avoid getting in trouble under them.
The point is that yes, people will get around the law but we'll reach a balance point that's a lot closer to provacy than it is right now. We're certainly not going to get more provacy by doing nothing...
Wrong target (Score:1)
Here's why: no one visit's DoubleClick directly; websites we visit create the links to DoubleClick. Who's to blame for the invasion of privacy? The websites we traverse. DoubleClick is only fulfulling others' desire to invade our privacy.
If no websites linked to DoubleClick it would become irrelevant. So; why do websites purposefully enter into agreements with DoubleClick when DoubleClick is so hated? Simple: website owners want your information, or, are willing to act as DoubleClick agents (DoubleCrossers?) to gather your personal information.
As long as DoubleClick itself is catching the heat, no problem. But as soon as attention is diverted to the real culprits -- those sites that link to DoubleClick -- then their may be real trouble in the data-gathering business.
I propose a change in tactic: make it painfully uncomfortable for web sites to link to DoubleClick. Complain, politely, but firmly and often against using DoubleClick (or similar info-gatherers) on their sites.
DoubleClick is not the source of the problem; attack the source.
whew! thanks mike... (Score:2)
Slashdot
FUD for nerds. Opinions that matter
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
Re:Wrong target [Apologies for the Grammar] (Score:1)
then their may be real trouble
Sorry Ms. Peacock (my English grammar teacher), I promise I'll have more coffee before attempting to write...
Network admins - just black list 'em (Score:1)
Re:Silly paranoia (Score:1)
Re:Silly paranoia (Score:1)
In fact, the only knees that are jerking are the net-libertarian types who hate government and automatically reject any suggestion that a corporation might be doing something bad. Like you. Of course people can disagree on the privacy issues. I'm pointing out that Doubleclick is trying to mislead you, and that information should be useful regardless of where you stand on privacy issues.
--
Michael Sims-michael at slashdot.org
www.slashdot.org/authors is a start :) (Score:1)
You can also get an idea of who Michael is by doing a search for his name and seeing the articles he's posted -- Michael and Jamie both take time from their day jobs to sort, investigate and post news related to your rights online.
timothy
Re:Silly paranoia (Score:5)
Paranoia and albino cats are indeed quite unnecessary, as DoubleClick's actions are backed by sound logic. DC is a for-profit company, and the more information about their customers they have, the more profit they can make. Hence privacy is detrimental to their bottom line, and it's in DC's best interest to fight against it -- as long as the public backlash from doing so doesn't outweigh the gains.
In this light, setting up that wonderfully named Consumer Privacy Advocacy Board is perfectly logical. Create a board so it looks like they care about privacy, and populate it with stooges (carefully selected from other organizations so it doesn't look too obvious) to prevent the board from actually interfering with their operations. Downright brilliant... unless you're a consumer. And without michael's research, would the average /. reader have noticed the "independent" board members' links to DC? I certainly wouldn't have.
Cheers,
-j.
Problem..? (Score:2)
The problem is, we (the
I'm tired - time for bed...
~Steve
--
Say what? (Score:1)
Re:Govt regulation (=loopholes)will eliminate priv (Score:2)
Why not opt out of DoubleClick right now (Score:1)
Slashcoders - why in hell can your code not cope with URLs longer than a very few characters in length. (he said, by way of explaining why the above link is not clickable). If you'd make bugzilla.shashdot.org available to us, we could feed back bugs like this pretty effectively...
Help! I'm bein' repressed! (Score:2)
In the near future, I'm going to become more active in this area. Why? Mostly, the ease at which 'tallica and NetPD invaded my privacy -- not only my privacy, but millions of people -- an entire segment of society was poked, prodded and examined without their approval or a court order.
Traditionally, the authorities cannot enter my home without my permission or a judge-issued search warrant. Private citizens? They either have to get permission, or contact the authorities if they think I've committed a crime.
But suppose I have a computer with a soundcard, mic and camera installed. It's technically feasible for people to enter my home -- not just the autorities, which is bad enough -- but regular people can enter without my permission. Several years ago there were issues with some Unix workstations having funky permissions on such devices and varisou forms of monitoring going on.
Finally, at some point, I think the peer-to-peer connection between two personal computers needs to become a protected channel. No examination or monitoring without 1) My explicit permission; or 2) a warrant issued by a judge.
I understand why 'tallica did what they did. They want the traditional revenue stream to stay intact as technology transitions away from CDs. The problem is the unforeseen negative consequences of such an action -- if 'tallica and netPD can examine what we do at will in the year 2000, who knows what the courts will say is legal 20 years from now!
If anyone has links to sites working on these types of issues, I'd like to see them.
Re:Corporations taking over... (Score:2)
Re:Govt regulation (=loopholes)will eliminate priv (Score:5)
I'm curious, how did you get a job without telling your emplyer your Social security number and your home address? How do you get medical care without providing billing information to the hospital? How did you get a drivers' license?
How did you get your credit cards? how do you get the things you order online (or offline) without a proper address? How do you pay your phone bill?
I'm fascinated by the idea that anyone who doesn't live in a mud hut is an idiot for "giving out" information that we could so obviously simply keep private. The point is that many people you HAVE to give information to in order to exist have no relucatance whatsoever of selling that information to other people you specifically don't want it to go to.
We're not getting pissed about people using information we gave them knowingly and willingly, but if I give my SS# to the insurance company I don't think they should have any legal right whatsoever to sell it to my gocery store, or Amazon.com, or anyone else.
If the FTC gets in the act they won't just be nice about it, it will become a federal crime
I should hope they wouldn't be "nice about it", otherwise you lose most of the deterrent effect. they aren't nice about it when I break laws, why should companies get a break? Of course, the truth is they generally ARE "nice about it". The FTC will send warnings, demand complaince, do everything but send a singing telegram with flowers before they penalize a company. If anything the FTC is too lenient, because 99% of the time the worst that happens for breaking the law is you get told to stop breaking it. I wish I got such harsh punishment!
It is much easier to deal with a corporation which has it self interest at heart than it is to deal with a government which is hell bent on "helping."
Why doesn't the government (or rather, regulators/politicians) have it's self-interest at heart? Why doesn't the corporation want to help? Ayn always says, check your premises...
I know people hate Microsoft here, but... (Score:4)
If you're using Internet Explorer 4 or Higher, there's the security settings which allow you to set zones. You can then assign websites into zones.
Put *.flycast.com and *.doubleclick.net into the 'high' security zone and watch the problems go away.
And if sites won't let you in 'cause the banner won't load... did you really need them ANYWAY?
I don't know if Netscape 6 has anything like that - I never use alphas on my machine, I like the idea of vague stability. No matter how much of an illusion it may be.
----
A Suggestion for the Paranoid and Cheap (Score:1)
Re:What's wrong with P3P? (Score:3)
Today, a website can't just demand that, as a condition of entry, you provide it with your SSN and mother's maiden name. People have an initial bad reaction to that, and coupled with the hassle of filling out a form to enter that info, they'll turn away from the site. P3P allows web sites to do that without the hassle - instead of being presented with a form, you'll see a dialog box:
"Website X is requesting full access to your personal information. Yes/No?"
If you say no, website X won't let you enter. If you say yes, it gets access to every bit of information in the profile you filled out. Eventually, of course, you'll get tired of seeing those pop-up boxes and will turn them off and forget about it. You'll even have a hard time putting in fictitious information because ecommerce sites will use it for purchasing information - you'll have to enter the right information if you ever want to actually purchase anything.
Consider: Doubleclick has a whole elaborate Doubleclick cookie with information you enter at a site when you make a purchase. Now Doubleclick could simply access your profile. The protocol is designed to move information from the user to the remote site behind the scenes, in such a way that the user doesn't see it go. If it actually caught on, the default for the web would switch from being more-or-less anonymous until you choose to identify yourself, to being identified, personally, at every site you visit.
--
Michael Sims-michael at slashdot.org
Re:What's wrong with P3P? (Score:1)
Having skimmed through those same specifications, I must agree with you. P3P doesn't seem to resemble cookies very much (since when did cookies let you selectively decide what to give out?). On the side of 'universal cookie', it does allow any conforming sites access to prescribed information, but they put users in control (which is always a good thing, as long as there aren't stupid defaults in UAs [user agents])--you first have to *specify* the data and your *policy* regarding that data. If you don't want sites to get certain personal information (Social Security number?? you've got to be kidding!), just don't enter it in the first place (granted, this assumes the UA would explicitly ask the user for it, instead of trying to glean it from other sources)!
Any further pontification is moot without an implementation on which to base it. For starters, I would hope a sane UA would allow you to store per-domain policies--I can think of several I'd certainly like to deny. The implementation of these specifications are the only places I could see justifiable complaints (I could imagine that IE, as integrated as it already is with the OS and with all the details you give it, could have toe potential to be a security-conscious person's nightmare, for example). Just don't jump to rash conclusions before.
Of course, if michael is reading this and can back up his assertion with proof, I would appreciate it.
Various ramblings (Score:2)
As, i'm sure with a lot of people, the big thing that bothers me with organizations like Doubleclick.net is how the (alledged) profiling is done without any concent. Although, I personally don't solicit them, organizations like Alladvantage (which pay you to view ad banners) at least compensate you, and it is something you sign up for. Doubleclick.net not only gets payed to show the ad banner, but they also get free consumer information, which is just wrong.
Hmph... so, to finish it off, I applaud organizations like Slashdot who do their own ads, since they are obviously taliored around the page and aren't being used for a large scale marketing project.
And, finally, to the author of this story, please be careful to be as unbiased as possible. While I do think that Doubleclick.net is a spawn of the devil, objective reporting is quite important (the lack of which is why i don't watch TV news anymore).
Just how i see it. =^)
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
Who said it would deny entry? (Score:1)
I certainly agree that it would be a grim day when your example situation became true, but nowhere in the specs did I see it mention denying entry based on not offering information (point me to a link if you disagree). I would imagine the server decides (or specifies in the policy) what happens if you refuse one of its requests, but it doesn't have to be complete denial of entry.
As I stated elsewhere, though, I would hope to be able to have domain-specific user policies (in Mozilla, I expect it the most :). One might specify one or two domains and leave the rest as deny-all, if one was so inclined.
Again, I agree that if denial-upon-refusal becomes the norm, there is potential for privacy degradation, but why would a site designer block out all hits from privacy-minded people? (for background, I block all cookies not comming from specifically-allowed sites, and almost never provide correct email addresses where I don't desire to establish long-term communication)
If it won't work without entering all the information, I doubt it will catch on (or will be rethought and reimplemented), but that is an implementation detail (if they specify that compliant UAs require that, please cite where!), and thus all but moot.
Re:Govt regulation (=loopholes)will eliminate priv (Score:1)
Re:Silly paranoia (Score:3)
Allright, let's just take one of your "insights"...
Lori Fena, chairman of Web privacy organization TrustE: Fena is an advertising executive by trade. And obviously, having her on board means that TrustE won't exactly be cracking down on any of Doubleclick's practices.
Nice character assassination, without any evidence. How about actually doing some research, since that's what you are alleging to be doing, and tell us:
1) What evidence is there that TrustE being on a board of directors wouldn't be anything but good? Past history, please?
2) Since you know she is an advertising executive, and you choose to take this as damning of her character, how about giving us a full resume? Tell us exactly when and how she has been damaging to privacy (as you define damage, of course).
In fact, the only knees that are jerking are the net-libertarian types who hate government and automatically reject any suggestion that a corporation might be doing something bad. Like you.
And yet another knee jerking. I specifically didn't tell you my opinion on privacy, corporations and specifically this one. I am specifically attacking you and your appalling lack of research, attacks on possibly innocent people without providing a shred of evidence, and your all-around irresponsibility.
In short, what you are engaging in is gossip and innuendo, plain and simple.
--
Why Private Data Is Sometimes Safe To Give Up (Score:2)
If advertisers obtain information from their database, than the value of the database (which, until that point was proprietary) depreciates. Why would an advertiser pay a premium for DoubleClick's advertising when they can send ads direct to the people in the database, themselves. Since companies do not want their investments to depreciate, they will go to great lengths to protect that information--often doing more to protect the information than the people in the database, themselves.
The major problem with DoubleClick is not that they might have our information. It is simply that they are collecting it without explicit consent that upsets me. I have no doubt that any information thy do have is safe in their hands and that paranoia is not warranted.
Targeted Advertising (Score:1)
If I will have to see banner ads, I don't think I would mind not seeing the same one all the time and looking at ads for stuff I might actually want (Yes, I have clicked on banner ads, boo-hoo, I must be evil)
That having been said, I think a privacy board to keep things restricted and anonymous would be a good thing. After all, there was a scare with Doubleclick a while ago - they went too far with the database idea. But too many people complain about the cookie like it's some sort of bar code tattoo or something.
Re:whew! thanks mike... (Score:3)
Trust Big Brother? (Score:1)
Let's keep the FTC (and FCC) far away from the Internet for as long as we possibly can.
great start! but... (Score:1)
The requested URL (authors) is not found.
If you feel like it, mail the url, and where ya came from to pater@slashdot.org
--
Have Exchange users? Want to run Linux? Can't afford OpenMail?
Re:Silly paranoia (Score:2)
i think you've gone beyond knee-jerking here - we're talking multiple joints going at high speed here. take a breath and then go do the research you request *yourself*.
you're making the claims now, go back them up. find one of those people who's been active in advocating privacy for consumers. in fact, find a majority of them.
Not exactly... (Score:2)
He may very well be right, they may all be creeps. But just because he writes a line or two about their supposed 'evilness', doesn't make it true. Likewise, just because DoubleClick makes money through the creation of marketing databases, doesn't mean each additional unit of information is profitable for them. One might very well look at this board and say, Ok, we have: A lawyer (to advise on legal issues), and gaggle of people who've lobbied for reasonable advertizing and privacy restrictions....A relatively well rounded board (on the surface atleast) to advise a CORPORATION on what they can, and should, realistically do.
Re:Silly paranoia (Score:2)
As far as Lori Fena is concerned, what evidence do *you* have that she is commited to privacy?
Come on, Kevin. You know better than that. What evidence do I have that you don't sexually attack little girls?
When it comes to assassinating someone's character, it should not be OK to just make assumptions without any evidence. Is that really that world you want to live in, where people can just make up gossip and innuendo about you, and the burden of proof is on you to prove it's not true?
If Slashdot wants to dig up actual facts, that's fine. But gossip and innuendo is NEVER ok.
--
Re:Targeted Advertising (Score:2)
What is wrong is that DoubleClick seems to want to make these cookies non-anonymous.
Re:Silly paranoia (Score:3)
Any writer has to assume a few things about his audience. If every story included a total recap of everything that had happened to date, I wouldn't have to assume any knowledge, but the stories would quickly reach Katz-length. In this case, I am assuming that you know something about TrustE - how it was created as a PR device to ward off government regulation, how it has repeatedly refused to investigate or condemn any of its members, no matter how egregious their actions. It's been asked to investigate Microsoft, Real, Doubleclick, Dejanews, Hotmail, Geocities... and couldn't find anything wrong with any of them. That's right - Real wasn't violating its privacy statement by tracking what music you listen to, Geocities wasn't violating its user agreement that said it wouldn't sell information to outside parties when it (according to the FTC) sold information to outside parties.... TrustE is a very forgiving overseer, you see.
After all, companies pay it for the privilege of being overseen - if TrustE started cracking down, the companies would stop paying! There have been dozens of stories about TrustE, several of them in slashdot. For an example, see TrustE Decides Its Own Fate Today [slashdot.org].
Perhaps I am assuming too much. I've been following TrustE for several years, and seen it evolve from an organization supposed to protect privacy to an organization solely geared toward PR work in protecting its member corporations. These facts might not be obvious to someone who hasn't been paying attention.
--
Michael Sims-michael at slashdot.org
Angry (Score:2)
The more I think about this post, the angrier I get.
I've said this in several posts, but I think it needs to said again load and clear: This article is nothing but gossip and innuendo.
If Michael wants to provide actual facts, that's one thing. But this character assassination is just not acceptable. I even had a follow-up post state that I should provide evidence that these people are not anti-privacy!!
Folks, is this really the world you want to live in? Where people are guilty until proven innocent? Gossip and innuendo should never be acceptable. Never!
Again, I remind Slashdot that these are real people they are slandering without a shred of evidence.
If Slashdot had an ounce of balls, they would yank this article and issue apologies to all concerned.
--
Yellow journalism (Score:2)
You can draw your own conclusions about whether this "Consumer Privacy Protection Board" (sic) is intended to actually help Doubleclick change its ways, or whether it is merely intended to help protect the company from lawsuits and adverse governmental action, like, say, the FTC wanting the authority to force companies to respect privacy concerns.
I belive it's obvious from just this biased statement that no, I can not.
I must say that I have never seen _this_ much bias in a Slashdot story before. Hell, even John Katz isn't this bad. Michael, it's one thing to do a little research for us on the backgrounds of the people on the board, it's completely different when you give strong opinions about what you think their intentions are. Next time, give us a factual article and post any personal opinions about the matter to the comments section like the rest of us; we'll decide if they're worth reading.
thePsychotron
Re:What's wrong with P3P? (Score:1)
That doesn't appear to be the case at all from a closer look at the documentation. It is described as being intended to allow the user to be selectively notified (at the user's option) when information the user considers critical is being requested and to allow the user to make an informed decision whether to allow that information to be sent. You are claiming that the intent is precisely the opposite. I've seen nothing to back that up other than your rather strident assertions of ill intent.
Website X is requesting full access to your personal information. Yes/No?" If you say no, website X won't let you enter.
Their loss, then. In the competitive world of the Web, sites that turn away business by implementing such policies won't be around long. You're positing a worst-case scenario and calling it the norm. That's either paranoid or deliberately misleading. And it displays little understanding of how Web commerce actually works.
Eventually, of course, you'll get tired of seeing those pop-up boxes and will turn them off and forget about it.
God protect me from those who would save me from myself. Thank you, but I don't turn off features that apply security/privacy policies with which I agree.
The protocol is designed to move information from the user to the remote site behind the scenes, in such a way that the user doesn't see it go.
That's not the way it appears to me. It looks to me like it is intended to allow the user to know what information is being requested and to control whether it is sent. If you can provide some explicit evidence that the intent is as you claim, I'd be very interested in seeing it. So far, you've not done so. Your argument seems to rest on the proposition that users will configure their browsers to send their personal information without restriction. I don't think that will be the norm. Now, if browser implementations show up that default to that configuration, I think we should collectively scream loud and long. But if the browsers do their part in keeping the user in the loop when information is requested, the concepts behind P3P seem like a net win to me.
Re:whew! thanks mike... (Score:2)
I'll make that determination myself thanks. If i want cynical or misrepresented news...i'll go watch 60 minutes.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
Keeping your enemies close (Score:4)
It fits the old saying "keep your allies close, but keep your enemies closer".
Imagine the big three automakers hiring Ralph Nader as a "consultant" back in the 70s. Imagine Richard Nixon hiring Archibald Cox to form an "exploritory panel". Imagine Bill Clinton hiring Ken Star as a "advisor" in the 90s. Would any of these people sell out and join the oposition? I think not.
Not to name names ;) but these people:
Robert Abrams
Robert Litan
Harriet Pearson
Lori Fena
Daniel Weitzner
Elizabeth Lascoutx
David Stazer
Stewart Baker
are all selling out your privacy and their own personal integrity.
___
Re:Silly paranoia (Score:2)
A comment for reality Master 101 about TrustE:
TrustE is an organization created by companies such as M$ to police privacy policies. They do not police priacy as a whole -- they are an instrument to help maintaqin the current system whereby any site with a privacy policy is supposedly acting in good faith.
TrustE does not event try to make sites post privacy-friendly privacy policies; they only attempt to make sure a site is acting in accordiance with the privacy policy they have posted.
So a site could post a privacy policy that states they will collect all the information about a visitor they can, and will sell it to anyone they choose. And as long as the site did that, they could have a TrustE seal. Remember the first major Hotmail hole a few months back? Well, when M$ needed to do a privacy audit they called TrustE. And, surprise, the entire process, including the findings, were closed from the public. Not exactly an approach that is in line with the priciples of good security. Whatever your personal opinions are about privacy (and you're right -- we don't really know what your opinions are) one think I think (hope:) we can agree on is that the DoubleClick Board is filled with people who agree with the existing policies of the company. They all want privacy policies and opt-out marketing instead of strong privacy-enhancing technologies and a legal framework for data collection and use. This isn't a consumer advocacy Boeard -- it is a lobbying group for DoubleClick. That should be obvious to everyone. Peace.
+_+_+_+_+_+_+_+_+_+
The Ordinary Seaman
Crackbeat Society
Re:Silly paranoia (Score:2)
These facts might not be obvious to someone who hasn't been paying attention.
Fine -- you have an opinion about TrustE (Please learn the difference between a fact and an opinion). But what you're really telling me is that you were too damn lazy to insert a couple of links into your article to tell me exactly why you were suspicious about TrustE.
My point still stands: Gossip and innuendo are NOT acceptable. Character assassination is NOT acceptable. If you are going to attack someone -- a real person, with real feeling and a real career -- then you better damn well care about providing facts to support your conclusions.
I mean, good god, you and your Slashdot brethren have already had many cases where your character was attacked based on association and/or misinterpretations of certain events. I would think you would have learned from that, and would be especially careful before attacking other's character.
--
Re:Silly paranoia (Score:2)
Your characterization of P3P is certainly NOT factual or accurate. The P3P 1.0 specification does NOT include a capability to send data to a server from a user agent.
reality's mistress gets used (Score:2)
just a few months ago, Real Networks was caught red-handed violating their users' privacy in direct violation of Real Network's own stated policies. Real Networks displayed the un-TrustE seal of approval and un-TrustE let them completely off the hook, no punishment, reprimand, nothing.
There are numerous other examples of un-TrustE never lifting a finger to punish the people that pay money--hey, what a coincidence--into un-TrustE's coffers.... and you would know this if you did any of the research you keep whining about. This is the reality you've failed to master. Perhaps if you get to the 200-levels?
Re:Silly paranoia (Score:4)
some links follow in case you're too lazy to hit google. but most of these are not current - 1995-1998 seem to be the ranges. this could just be google's problem, but again i think a slashdot interview with her would be in order.
Don't like Doubleclick? Use Junkbuster! (Score:5)
Are you a sysadmin? Have you considered setting up a Junkbuster proxy alongside your Squid caching proxy and recommending it to your users? You can save a lot of bandwidth by letting your users opt out of banner ads. Most of them don't like 'em any more than you do.
(If you use Debian [debian.org] on your server systems, Junkbuster is available in both slink (the current stable release) and potato (the current beta release) as the package "junkbuster".
If you use a Macintosh [apple.com] for your home system, as I do, I recommend to you the iCab [www.icab.de] Web browser, which almost exactly duplicates the image-filtering abilities of Junkbuster -- right there in your browser configuration.)
Advertisers do not have any right to your bandwidth or your private information. However, you need not rely on the FTC or any other branch of government to protect you, your children, or your institution's resources. And if you're only willing to stand up for your rights if government will help you -- then what rights do you really have?
Re:Silly paranoia (Score:2)
opinion. The only factual evidence you have is that there appears to
be something in the field that seems from one side to be a sheep. In
the light of Michael's post, I'm inclined he's in the right to say
what he does about TrustE. Drop the patronising `Please learn the
difference between a fact and an opinion'.
If you haven't read it yet . . (Score:2)
Here's a summary:
This book is more than simply a journalistic summary of the current state of privacy rights and violations. It is a call to arms. Forty years ago, unbridled technology attacked our environment--and few people seemed to know or care. With the publication of Silent Spring in 1962, Rachel Carson opened our eyes. Her graphic depiction of the ecological and health ravages brought by technology made many people realize the risks as never before. Today, our environment still imperils us, but things are better than they might have been, and we have a population that's informed and, in many cases, activist. This book pleads the case for privacy in the same way. There is much that can be done with, not in spite of, technology. An aware public is the first step. It is our hope that this book will open the public's eyes to the many intrusions on our privacy before it is too late.
___
Re:Help! I'm bein' repressed! (Score:2)
I'm curious at to exactly how they invaded your privacy, or anyone's.
Metallica wanted a list of people trading MP3s of thier songs. NetPD logged onto Napster's servers, searched for "Metallica," and made note of all the names that popped up. This is no different from the thousands of other people looking for Metallica MP3s, except, of course, the intent was different.
Anyone with a copy of the Napster software could have done exactly this. Granted, it would have taken far longer. The fact remains, though, that when you sign onto Napster, you make your list of shared MP3s available to anyone who signs onto that same server. If you don't like that, then don't use Napster.
Re:My HOSTS file (Score:2)
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.doubleclick.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adbot.theonion.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.doubleclick.net
127.0.0.1 ads.i33.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 adforce.imgis.com
127.0.0.1 ads.enliven.com
127.0.0.1 Ogilvy.ngadcenter.net
127.0.0.1 oz.valueclick.com
127.0.0.1 doubleclick.net
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
127.0.0.1 ad10.doubleclick.net
127.0.0.1 ad11.doubleclick.net
127.0.0.1 ad12.doubleclick.net
127.0.0.1 ad13.doubleclick.net
127.0.0.1 ad14.doubleclick.net
127.0.0.1 ad15.doubleclick.net
127.0.0.1 ad16.doubleclick.net
127.0.0.1 ad17.doubleclick.net
127.0.0.1 ad18.doubleclick.net
127.0.0.1 ad19.doubleclick.net
127.0.0.1 ad20.doubleclick.net
___
The Star Chamber (Score:2)
Not quite; check your facts (Score:4)
That ASPSESSION cookie is set by any site using IIS and ASP. It's one of the "features" of Microsoft's web server. In order to keep track of things like session variables, ISS sets a cookie in your web browser. There's no way around this, except to not use IIS and ASP.
As proof, I run a web server locally (PWS, the Win98 version of IIS), and occasionally use Lynx (yes, there's a Windows version). I have Lynx's startup page set to localhost, and tell it to ask me about cookies. Every time I start Lynx, I get:
localhost cookie: ASPSESSION=FANJPPAAJCAA Allow? (Y/N/Always/never)
Or some similar string.
One subpoena away . . (Score:2)
Should any company keep tracking data?
no.
Should I get to view my tracking data?
yes.
Should I have the right to contest the acuracy of that data?
yes.
Should the company have to seek my informed consent before loging my tracking data?
yes.
These are just a few of the rights that are being eroded every day.
___
Re:My HOSTS file (Score:2)
Given MSs speed at fixing bugs, you have about 5 years to complete your vbs add blocking script.
___
Re:Is it that hard to block doubleclick's cookies? (Score:2)
Here's an idea. Since Netscape, soon to be AOL 6.0 hopefully, is open, can't someone smarter than I write an add-on, plugin, something to stop, fuck-up, or otherwise make Double-click et alls data worthless?
Re:Is it that hard to block doubleclick's cookies? (Score:2)
I think we're in agreement. I wasn't meaning to say that each person must individually deal with this problem. What I was trying to say is that a technical solution is superior to a governmental solution, especially considering the international nature of the Internet.
--
Agreed. (Score:2)
Now, perhaps it's OK on slashdot, given this site's status as a quasi-journalistic, quasi-advocacy discussion board.
But it just seemed a bit too much like a pure rant, without any attempt to be fair.
--
Sometimes They Really Are Out To Get You (Score:2)
There are some things that are totally ridiculous to worry yourselves about. And then there are things where worry, even paranoia, are justified. It seems obvious then that matters of privacy are something that we have every right to worry about, and even be paranoid about.
Even before the internet we had enough to contend with in terms of privacy; Echelon and the widespread (ab)use of our social security numbers had been going on for a while. Now with the internet and all of its hidden code, which few of its millions of users understand or know how it works, it is far easier to invade individuals' privacy.
I should hope that the need for privacy is obvious to all of you. Without privacy, the right and ability to keep your personal information and your personal life to yourself, individual rights have no meaning. We might as well live in 1984's Oceania.
Of course, the most direct threat to our privacy has long been corporations, NOT the government. This does not mean that I have forgotten about the FBI or CIA or the NSC, they do have their abusive tendencies. But they keep their files sealed and don't sell them to the highest bidder. And most governmental agencies, even the FBI and CIA, do have some respect for the rights of privacy of Americans, even if they forget those rights too often.
The corporate sector, though, has no incentive to respect privacy. They are driven by profit alone, not any sense of public service (however warped it might be in some gov. agencies). The government can be easily regulated, yet we seem to have trouble regulating corporations.
People on the right will argue that corporations should be free of regulations in order to do better business and keep the economy afloat. These are the same politicians, of course, who rail against the government for not respecting individual rights enough (i.e. the Elian case). Their contradictions are amazing, and it has long been clear that most politicians will do what their pimps in big business want them to do.
Still, government regulation is the only way to rein in corporate abuse of privacy. The FTC has realized this and many on /. have also realized this. Corporations will never regulate themselves, they're only interest is in profit, and so it is up to us to show the government just how important our privacy is.
Lori Fena and the EFF (Score:2)
Umm, besides being "chairman of Web privacy organization TrustE... an advertising executive by trade", isn't Lori Fena still Chairman of the EFF Board of Directors and EFF Executive Director (President)? At least that's what it says at http://www.eff.org/homes/ [eff.org]. I would assume that's at least as relevant to this discussion as her "trade", right?
Disclaimer: this is just what I got from a Google search for Lori Fena. I met Ms. Fena a couple times years ago, but I don't know much about her professional career.
Jeremy
Mozillas' sweet cookie blocking abilities. (Score:3)
Now doubleclick, and a slew of others, aren't able to set cookies on my machines. This really is the only thing you can do. If you visit a site, they have every right to record your having been there, and it will never change (and it shouldn't).
Re:Silly paranoia (Score:2)
What is THAT supposed to mean? If I implement P3P 1.0, Space Aliens are going to magically cause my credit card and Social Security Number to be uploaded? I DON'T THINK SO.
If MS moved the incompatibility part of their Kerberoes specification into a new spec called "Microsoft Kerberos Specifications" or something like that, you could now say, "Microsoft's Kerberos specification doesn't include any incompatibility," and saying that would be truthful on the surface but only because of its narrow focus.
Are you saying that browser developers are implementing or have implemented extended versions of P3P that include data uploading? IF SO, WHO???
Previous P3P specifications did include a protocol to transmit data
There have been NO previous P3P specifications, only draft working documents. This facility has been removed from the earlier draft versions of the specification. The fact of the matter is that you have been caught with your pants down. No matter how you try to wriggle out of the facts, P3P DOES NOT INCLUDE THE CAPABILITY TO TRANSMIT USER INFORMATION TO SERVERS.
If it did, I would be happy to condemn it. I run filtering proxy servers and cookie management software on my home systems. I also believe that government privacy regulation on the internet is a necessary evil in this case. But I do not think you should make up stories about something that are flat out untrue.
Re:Govt regulation (=loopholes)will eliminate priv (Score:2)
But seriously, folks-
Obviously, I didn't use the internet to do any of these things. We are talking about internet privacy aren't we? I don't use the internet to pay my bills, Having worked in IS for 30 years has given me a respect for what can go wrong with auch online transactions. Bill paying is to important to leave to a machine. I pay and I get a receipt which I can show if necessary. This is usually not possible online
That's all good and well for you today, but what about those of us who DO get jobs online? Who do pay bills online? In 20 years it's highly likely that many items or services will have to be paid for online. There are many companies in existance today that will take nothing but a credit card for payment -- unthinkable 20 years ago. They don't want cash, they don't want checks, they want a credit card or won't do business with you. There are too many good reasons for them to operate this way -- it provides more protection for everyone involved in the transaction. Some companies have already reached that point online, many others will quickly be reaching that point.
The option of going offline simply to protect privacy (which of course is ridiculous, since your bank shares information with your insurance company anyways) is rapidly going away. And while we may be specifically talking about online provacy here, why NOT expand the policies to cover offline companies as well?
Bill paying is to important to leave to a machine
Well, having worked in IS for 30 years I assume you're aware that pretty much every dollar in the country (and world) gets automatically swapped by machines every second of the day. If that's your big concern, then you'd better pull your cash out of the bank because they're paying all their bills with machines, and they pay your checks with machines, and the IRS does your taxes with machines. Paper checks are convenience items only -- the actual monetary transaction is handled by machines, just the same as with cash.
Of course, sometimes it IS necessary but I am aware that it will probably be used in ways I hadn't intended. This is a choice I freely make and a risk I freely take.
While I congratulate you on your yogi-like wisdom, I have to ask the obvious question: why should giving my information to a company have "unintended" consequences? Should I expect that buying a carton of milk, I may also be adopting an orphan? Or by signing a check to the phone company it may have the unintended consequence of voiding the warranty on my toaster?
We're not talking about Acts of God here, where needless court battles are fought when someone trips on the sidewalk, we're talking about human beings (corporations) deliberately making the decision to use information in a way they were never authorized to use it. Why should giving my social security number to the DMV for the sake of getting a drivers license give them the right to sell it to auto insurance companies, or Kraft Foods, or any guy whon walks in with a check? That's not an "unintended consequence", it's people selling my information without my permission against my wishes! It's completely intended by the people doing it.
I don't need the government nanny state to "protect" me. In fact, it is the government which requires me to disclose my SSN (the mark of the beast) to get a job. It is the government which requires me to have a license to travel. It is the government which now seeks to fix a problem which the government created in the first place.
I assure you that there is no law on the books anywhere in this country that requires your employer to sell your social security number. There is none that requires insurance companies to have it at all (though they will need it to pay benefits, for tax purposes). It is the insurance companies' policies that demand your social security number to buy a policy not the law. There are VERY, VERY, few organizations on this planet that have the legal abligation to collect your social security number, and fewer still with any obligation to share it with anyone outside the IRS and the Social security administration.
It is private companies that have built this tangled mess of SS numbers being used as "personal identifiers" for everything from credit cards to the warranty on your car.
You seem to be asserting that a crime needing a government solution is being committed by companies which use personal information of their customers which is freely given and which people have been amply warned about.
This may be the crux of our disgreement. I don't believe the information has been given voluntarily or that customers have been "amply warned" about it. If that is the case, then no one would be violating this proposed law. But unilaterally selling the information to a third party with no relationship or logical interest in my transaction does not, to me, seem "voluntary". And accurate disclosure of what will happen to information has always been the greatest sticking point -- why do companies fear so having to disclose WHAT and TO WHOM they are giving this information?
DoubleClick changed from "we will never connect this online information to offline identities" to "we will do everything in our power to connect this information to offline identities, if you don't like it, too bad, we've already got your info". Do you consider that "disclosure", or even remotely honest?
Well maybe not because of building codes, alas - another freedom lost
I'm sure the people who died in the hi-rise apartmnent building collapse in Cairo last week (due to a dramatically deteriorated foundation and other structural problems with the building) will rest easy in the afterlife knowing that they died for the sake of freedom. After all, everyone should be a structural engineer and be able to tell for themselves the difference between a load-bearing beam of 6 tons and 8 tons.
Yes it is true that government has it's self interest at heart as do corporations. The difference is that governments seek to regulate and rule and always do this with a heavy hand.
And what is to prevent corporations from functioning with a heavy hand? Or governments from operating with a light hand? I personally would suggest that the FTC is one of the lightest-handed government groups on Earth. They generally keep their heads down due to the influence and dollars of the folks they regulate, and as I said before will send about a hundred cease-and-desist letters before they get really nasty and tell you to "stop doing that or we'll write even nastier letters".
Whan the feds get these databases of online transactions, how long do you suppose it will be before these records are shared with the state governments?
I dunno, but considering most transactions are electronic already (thanks to credit cards), we should already be seeing the effects of the government having this huge dossier on our spending habits. Of course if the governemnt ever asked for the information, every company would sue (since this is valuable property).
Privacy concerns can be worked out by people interacting in a voluntary way.
I think I've heard that song before. Doesn't the second verse go something like "if we took the guns away from both sides, no one would be able to fight". Nice in theory, but how efficient is it going to be for DoublClick to negotiate privacy policies with 250 million individual people? Isn't it a lot easier for us to just vote on a baseline standard and if you want to give more information, put it on a t-shirt to wear around town. I'm sure people would be happy to have your social security number -- no one is suggesting you can't give it out.
If your concern is for the sheeple who can't protect their privacy then you could mount a campaign to inform them of how to do it but don't think I will react kindly to your asking the government to trample anyone's rights, especially mine.
My concern is not for the Sheeple (though I do have some concern for the regularity with which some people feel it necessary to portray other human beings as sub-human by using such phrases). No, in good American style I'm in it for myself -- I'd rather not spend every second of every day holding a lengthy negotiation with every business over my personal privacy policy. Purely selfish, I know, but despite some folks' assertations that businesses are always receptive to customers' demands, I've found that very few businesses are interested in negotiating my privacy concerns...
hostsing 2click causes a lot of pages to 404 (Score:2)
Re:I know people hate Microsoft here, but... (Score:2)
And if sites won't let you in 'cause the banner won't load... did you really need them ANYWAY?
Yes, I need my Slashdot.
Re:Silly paranoia (Score:2)
It is difficult, if not impossible, to prove beyond any shadow of a doubt what someone's intentions are, and some of Michael's guesses are (as I imagine he'd agree) just guesses. This is especially difficult when dealing w/ astro-turfers and PR typess who *never* get to the point! But all anyone can really do when they see a corporate action that "smells-fishy" is try to raise suspicions and awareness, and start a dialog, asking pointed questions. IMHO, Michael's story does make a case for public scrutiny of DoubleClick within the limits of a one or two page post. The act of posting a story on slashdot is logically equivalent to suggesting that people discuss the issue and present thier own evidence/arguments/research.
Michael's point is that this board is being presented as one advocating for consumer privacy(a), while being wieghted with people who have an anti-privacy slant(b) and without containing any representatives of any of the established (with large member bases) grassroots consumer groups that regularly address privacy issues(c), and therefore the DoubleClick's sincerity is questionable.
(a) We could all decide for ourselves if the linked press release give the impression that this is all about protecting consumer privacy, if the site wasn't slashdotted (or maybe I munged resolution of the double click domain
(b) There are 8 board members that we know about. I will be up front about my personal bias agains lawers and PR people
(c)The CDT, EPIC, EFF CME or ACLU have no representatives on this board.
RealityMaster - Bear in mind that no one said anything about DoubleClick or their board being "evil" or never having anything valid to say. Although their honesty, sencerity and commitment to privacy is certianly called into question. I fail to see how putting words in people's mouths can foster a healthy debate. You may want to and ask yourself why this story raised so much of your ire (calling it "Knee-jerk" and "immature" and such).
BTW
-bridgette
*** DETAILS ***
Robert Abrams, while his connections could prove valuble if he agrees w/ Double Click, we don't know if he does.
Robert Litan - In the linked speech he is lobbying against having a legal opt-in requiremet (so you aren't tracked by default) and against having opt-outs for use/transfer of personal data anything other than marketing purposes (why - what else do they want to do?). He provides the most irrelevent reasons supporting these views - i.e. limiting credit reporting and fraud detection will raise interst rates (nevermind that no one is proposing this) and opt-in will make marketing more expensive and cause general inflation(!) Most of his work is in the area of federal economic regulations and economic globablization. But he has published a book and lobbied congress with the thiesis that an EU privacy law was detrimental to trade.
Harriet Pearson - Online Privacy Alliance is into voluntary corporate self regulation. This sounds really nice until you note that they didn't start work till 1998 when on-line privacy legislation was already frequently introduced to congress. Are they trying to protect consumer privacy (as claimed in their mission statement) or trying to promote voluntary self-regulation as a means of avoiding manditory federeal regulation? Perhaps I should start a group that advocates voluntary self-regulated abstinance from mind altering substances so the government need not add any new chemicals to the regulated substances list! If I had thought of this in 1982, maybe we'd all be wearing big "I don't do ectacy" buttons
With known privacy violators like DoubleClick, Intel, Microsoft, Real Netwoks and Yahoo on the roster, it obviously dosen't require it's membership to live up to it's pledge. The member groups incude the MPAA and the Direct Marketing Association but not the CDT, EPIC, EFF CME or ACLU.
Lori Fena - The chairman of Web TrustE has a strong incentive oppose govenment privacy regulation, since a policy like that of the EU would make her company irrelevent. And TRUSTe is a member of Online Privacy Alliance.
Daniel Weitzner, the P3P thing could lead to a reduction of privacy, but I don't know enough to be sure. Although it seems like something that just automatically filled out forms for you, at your request (like in IE), would be more useful and flexable and far less risky.
Elizabeth Lascoutx, her only work listed has nothing to do with privacy. If you have counter examples, do share.
David Stazer, his only work listed has nothing to do with privacy. Again, if you have counter examples, do share.
Stewart Baker, while verifying the claim about PIII ID I found some other info. He seems IMHO to have been pro-clipperchip, pro-gov-key-escrow, defensive of past govenment wiretap warrents and claimed that he was only against the regulations against strong crypto-export because such laws were uneforceable.
Re:Silly paranoia (Score:2)
I do agree that saying that the TRUSTe chick won't bust DoubleClick is unfair, and it would have been better to just point out the potential conflict of interest.
I also think that it's unfair to assume that the former attorney general will lobby for DoubleClick, but it's not unfair to point out that he is in a good position to lobby for them is he wanted to.
Which raises the question: how much (if anything) are these guys payed?
Just for the sake of argument: You could argue that since there is significant public opinion against advertisers, PR folks and lawers, that mentioning someone's profession in a bio would vilify them, kinda like bringing up someone's race or sexual orientation. Since in this case, occupation is a crieterion for selection and relevent to ones qualifications, as opposed to an irrelevant descriptive detail, that argument probably dosen't hold water. But I can think of a few counter examples, if a Phd canidate in public policy was supporting herself by stripping then descrbing her as a stripper and neglecting to mention the academic work would be deliberately misleading.
Way around the registration... (Score:2)
Just replace "www" with "partners."
raunchola (at) hushmail (dot) com
Harriet Pearson must be REALLY REALLY old! (Score:2)
Re:Govt regulation (=loopholes)will eliminate priv (Score:2)
Just submit everything as "plain old text" and use basic HTML (such as the and ) to do simple formatting. And two enters or a or a will give you paragraphs; much easier to read and follow.
My assertion is that this problem can be worked out between the customers and the companies who are doing the gathering WITHOUT government interference
Well to that i can only say that nothing indicates you are correct. We've had this probelm for several years now, and it's not a secret. The companies have been complained to numerous times, and they've been warned by individuals, other companies, and government agencies (such as the FTC) that they need to get better privacy policies. They insist that self-regulation will work (essentially what you are suggesting). but it hasn't. They've made industry groups (like TrustE, etc) but nothing has changed. They still wheel and deal with our personal data while saying that those who complain have nothing to worry about.
So when does all this magical self-regulation take place? When do they suddently start listening to us? They haven't so far -- what will be different in the future (other than them having even more data on us)?
An example - try to buy insurance wihtout giving your social security number. It's impossible. No company in america will sell you insurance without having a social security number. But they don't need it. Try telling that to the guy on the phone, or his boss, or his boss, or HIS boss. It doesn't matter, because "we don't make the rules, sir." Write a letter, phone, whatever you like, it doesn't matter -- people have been telling the insurance companies for a few decades now that they don't need a social security number for anything, but they still demand it. And once they have it, they are more than happy to sell it to anyone willing to pay.
Many people seem to think that government is benevolent and that it can solve this problem and save us all from the scourge of data mining. It isn't and it won't. It will only make the problem worse
I don't think too many people believe the government is benevolent, or that it can save us all from much of anything. But it is a useful tool that can be used by society to push or pull in a direction. It's a useful way for us to say, "hey, our information is private, and unless you ask someone first you're not allowed to use it."
As for making the problem worse, I'm not sure how putting information merchants under the jurisdiction of the FTC would make them sell MORE of our information, or sell it with less discrimination, or for a lower cost. They already sell it to pretty much anyone who asks.
As an example of the so-called benevolence of government data-gathering, made oh so easy by forcing us all to have numbers and licenses, is the misuse of the census data to round up Japanese Americans and herding them into concentration camps during WWII. An activity which is and was completely illegal I might add. Where was the protection you seek the government to provide?
Obviously it wasn't there, but again, no one claimed the government was a benevolent overlord. We could just as easily point to the poor working conditions and slave labor of the same time period and ask where the benevolence of the corporations was.
The utopian world envisioned by those who think government will protect our privacy is nothing but a fantasy. Government has and will continue to abuse our rights and has nothing but bad intentions for the use of the data
Again, i doubt many people think the government will "protect" our privacy any more than they will "protect" out physical safety. Murder is illegal but there's still a lot of it going around. The most the government can do is make laws, and enforce them as best they can. The imperfect nature of the laws (and the enforcement) is no reason to claim the entire system is flawed. Fortunately we have the tools to tune it up as we see fit.
Giving the FTC regulatory ability over online privacy will not solve our problems forever, but it's a push in the right direction. Companies will push in the other direction, other laws and organisations will push in still other directions. You can push with technology (I push in my own way by using Cookie Pal to refuse most cookies, and using Freedom to surf when i really want to be anonymous.)
I'll stay with my own methods for protecting my privacy even though I must give up many benifits of "modern society" because I refuse to be a number.
And I have no doubt people who use more than one method of protecting privacy will be more successful at it than those who rely on any one method (wether it be the benevolence of a company, a government, or others).
I know folks who drink nothing but bottled water, even though the tap water is perfectly healthy. For whatever reason they want that extra feeling of comfort, and they're entitled to it. But I'd still like for the water supply plant to have to meet minumum standards of quality and sanitation. Not because I'm incapable of boiling the water, but because it's a waste of my time when they can process it there.
Can you say "BAAAAA!"
It's funny, I'm so cynical and pessemistic, but on Slashdot I'm practically Mary Poppins (relatively speaking). I've never seen so many people so convinced that everyone else is brainwashed (presumably by "The Man") and the world is coming to a fiery end. I've met suicides with more hope for the future of our country! (g)...
Re:Don't like Doubleclick? Use Junkbuster! (Score:2)
You make a good point, but like all things, it's possible to take a good point too far. Saying
is a little like saying "Why complain about car thieves? Their actions need not have any effect whatsoever on you. You have every right to protect yourself. Have you installed an anti-theft device yet? Do you keep a Doberman in the back seat?"
See, thing is, you are completely free to do those things -- but we have and enforce laws against car theft anyway. Why? Because
The same points apply to privacy on the Net. No security measure is 100% secure -- if you filter out cookies, for example, watch as Microsoft rolls out some new tracking mechanism in IE7 that does an end-run around your proxy. And more and more, a societal consensus seems to be forming that violation of privacy online is a Bad Thing. (If it wasn't, you can bet the FTC wouldn't be moving in this direction.)
Point being, yes, you can and should defend your personal privacy on the Net. But this does not obviate the potential improvement we could see if privacy was protected by law as well as by individual action. Not to mention that the vast majority of people aren't technically proficient enough to install and configure Junkbuster, or edit their HOSTS file -- are you saying that their privacy is somehow less sacrosanct than yours?
The bottom line -- saying "don't rely on the government to protect you" is silly. Of course there are things individuals can do to enhance their own privacy. But there is also room for reasonable regulation in this space. We have laws settling lots of other disputes that used to get settled by individuals duelling in the streets, and we're generally better off for having them, I think. I have yet to hear any persuasive argument why the outcome will be any different on this issue.
-- Jason A. Lefkowitz
Re:Silly paranoia (Score:2)
(c)The CDT, EPIC, EFF CME or ACLU have no representatives on this board.
Only if you conveniently ignore the fact that Lori Fena is the former executive director of the EFF.
Why does no one mention this?
No one mentioned it because no one knew/realized/remembered. I doubt that anyone was delibereately supressing this info.
In fact I'm really glad that you pointed this out! It looks like Lori is still Director of EFF: http://www.eff.org/homes/ but I would think that being chair of TRUSTe would be a full time job. In checking on this I saw that the EFF founded TRUSTe (!) http://www.truste.com/about/about_faqs.html
Given TRUSTe's track record, I find this pretty distunbing and wonder if the EFF sold out or has had a lapse in judgement. Too many grassroots organizations have lost all credibility when a move to partner/comprimase with industry turns into taking it up the a**.
Re:The long and drawn out death of privacy (Score:2)
I am not familar with the exact rules on how much is allowed but only a few weeks ago there was a lawsuit which commercial tv didn't like: any movie shorter than 110 minutes can only be broken up by commercials once. since the lawsuit, this is for the bare movie, without the commercials. before the lawsuit, the 110 minutes included the commercials.
makes for a bit less commercial shit.
//rdj
Re:What's wrong with P3P? (Score:2)
I wish it was true, but it isn't. See the Social Security Number FAQ [faqs.org]. Private organizations are free to request your SSN and may decline to provide service if you refuse to give it to them. The legal restrictions (Privacy Act) on gathering SSNs only apply to government agencies.
Re:European Privacy Laws (Score:2)
The only situation worse than 1000s of Corporations gathering information, is trusting a government to be the sole gatherer and protector of your personal information
So... the government buys your data from the corporations instead of doing their own data gathering, big gain there...
In *my* HO 1000s of corporations gathering and interchanging data is far worse than one central database. The amount of information about me is at least as large, my insight is zero (my control over a govenment database record might be small indeed, but at least not zero) as are the chanses of correcting incorrect data.
Look at the DeCSS case. If MPAA can't fight a distributed system, how am I supposed to do it?
Re:Don't like Doubleclick? Use Junkbuster! (Score:2)
That you don't know better is no excuse. Yes, Doubleclick could tell you more about the information they collect -- but they don't have to. The Coors beer company would prefer you not to know that there are better beers in the world than theirs -- and yet they are not defrauding you by failing to tell you this.
Not at all. Did you read the part of my post where I recommended to sysadmins that they set up and configure Junkbuster as an option for their users? Collective action does not imply government action; people can cooperate to advance their mutual self-interest without bringing the evils of government into play.Doubleclick's vision of the Web is not my vision of the Web -- nor is it Microsoft's, Junkbuster's, Sun's, RMS's, or AOL's. Each of these parties may be tempted to try to bring the forces of government into the marketplace on its side. But do you recall Aesop's fable of the horse and the man? The horse is harried by a wolf, and permits a man to ride him in order that together they may hunt down and kill the wolf. Once the wolf is dead, though, the horse asks the man to get off his back -- but the man has no intention of doing so, and digs in with the spurs, laughing.
That's what government does when you invite it into your industry. Look at radio. Big radio stations went to government to sort out the problems of contesting for frequencies -- and ended up with the censorious FCC on their backs, telling them what words they may use on the air. We only recently managed to rid ourselves of the Communications Decency Act -- do you want to give government's evil another shot at the Net, this time under cover of "privacy protection"?
Government isn't about cooperation. Government is about violence. Every government action, no matter how benevolent, is based on violence: if you try to choose not to go along with it, you get shot or put in jail. Can radio stations now go to the FCC and say "Yes, thank you for helping us resolve our bandwidth disputes, but we really don't want any of this censorship stuff, thank you"? They could try, but they'd get laughed at, just like Aesop's horse. If they went ahead and started saying "fuck" on the air when they felt like it, they would have their stations invaded by policemen and forcibly taken off the air. Any deejay or engineer who resisted would be shot and killed.
Nobody here is duelling in the streets. There is contention, yes: there is a debate on over what the future of the Web should look like; that debate is being played out in software, data, and protocols. Yet there is no violence going on. Nobody is forced to fund Doubleclick or to use a browser s/he doesn't want. You, OTOH, seek to introduce violence to the situation. Let us suppose that your proposals are put into effect -- Doubleclick's current behavior becomes against the law. If Doubleclick & co. continue to do what they have been doing, policemen with guns will show up at their offices and arrest them. If the Doubleclick people say to the policemen "Please do go away; we are peacefully conducting business," and refuse to go along, they will be shot and killed quite dead.I for one believe that escalating violence is a highly non-optimal way to resolve a peaceful contention. It's certainly not something I want to deal with in the industry in which I work. So I find that private, cooperative solutions to contentions are much, much more desirable than government-based ones. This works in the case of spam (as I argue here [slashdot.org]) and it can work in the case of unwanted advertisements on the Web as well. So rather than spending your time calling for policemen to come and shoot people with whom you disagree, I entreat you to do something productive instead -- maybe go out and help some newbies use a Junkbuster proxy.
Re:Govt regulation (=loopholes)will eliminate priv (Score:2)
The US Constitution is nothing like regulations. It isn't even written like most law. Much high level, and devoid of detail. More like Frech "Code Civile" than English law. This would work.
Oddly, I think I would be more comfortable with a Surpreme Court decision establishing that data privacy was part of the controversail "Right to Privacy" in 9th Amendment.
Re:Don't like Doubleclick? Use Junkbuster! (Score:2)
I'm not sure why I'm bothering to reply to this, since nobody ever reads a thread on Slashdot for more than a day or so after it was posted anyway, but you make some points that I felt should not stand uncommented on...
Your analogy is flawed. When Doubleclick violates my personal privacy, they do not merely hide from me information that would allow me to make more informed consumption decisions (as in your Coors example). They do violence to me by taking something of value from me -- my personal information -- without my consent, or even my knowledge. More and more, we are seeing the acknowlegement that an individual's personal information has economic value -- witness the SEC's recent decision that trading demographic information for stock constitutes a monetary transaction, not a "get something for free" transaction. Viewed in this light, DoubleClick's actions are theft, not mere misdirection.
I see. When government, which (in the United States, at least) is elected and guided by popular consensus, steps in to mediate a dispute, we are introducing armed thuggery. I would contend that, when someone takes something of value from me without my knowledge, they have done violence to me. When a corporation seeks to do violence to the broad population for its own profit, I see no moral problem with calling on the common defense of law. The situation is really no different than if Union Carbide decided to dump toxic chemicals into the rivers that provide my groundwater. Should my only recourse be to invest in Poland Springs?
I usually don't have a beef with informed libertarianism, but knee-jerk libertarianism is another matter. If you really believe this, then tell us -- under what circumstances would government action be called for? Rape? ("If only she hadn't dressed so provocatively...") Murder? ("If only he hadn't mentioned that huge life insurance policy...") Yes, government is about violence. That's because, in many ways, life is about violence. Reasonable governments deploy violence in the defense of the well-being of their citizenry. This is a moral and justified application of violence. The alternative is the "every man for himself" anarchism in which life is nasty, brutish, and short, and nobody has time to code Open Source software because they are too busy preying upon each other for food and shelter. You may disagree with some ways in which government acts on our behalf, but to dismiss government entirely because it uses violence is to turn yourself over to the tender mercies of all the other violent forces in the world, which you can't vote out of office or impeach.
-- Jason A. Lefkowitz
Re:Govt regulation (=loopholes)will eliminate priv (Score:2)
Would that be the case that was settled out of court? Cases are settled out of court all the time, and no precedent (or even legal nuance) is generated by them. Keep in mind that all the SS# cases that have gone past the first round of claims were all based on religious freedom under the EEOC (odd that a government so hell-bent on destroying us all stands up for religious freedom).
I work for an offshore company which provided a company credit card.
Ah, is this Personnel Supply Co? Forgive me, but I'd rather not entrust my employment and finances to an "offshore company" just to avoid whatever percieved evils the guv'ment is perpetrating on us Sheeple.
Thirdly, you DO NOT own your automobile UNLESS you have the "Manufactor's Statement of Origin."
Actually, I don't own it because I haven't paid off the loan yet. But I'm sure you know a way around that, too?
It is your right to refuse giving out personal information
Of course it is, who is arguing otherwise? All I'm saying is that people shouldn't be allowed to sell it if you do give it to people voluntarily for a specific purpose. Not ebveryone believes the 16th amendment is a fraud and there are really only 49 states, but we should be able to agree that selling personal information without informed consent is a Bad Thing (tm)...
Re:Don't like Doubleclick? Use Junkbuster! (Score:2)
What, you mean that sending that information was in your broken browser's broken defaults? Fix it, or take it up with your vendor for shipping you a trojan -- er, I mean, "integrated undocumented feature". Help out your fellow human beings by setting up a Junkbuster proxy and letting them use it, or by teaching them to set one up themselves. In no case is it a misdeed on the part of a server operator to store information which you transmit to that server. Such a position is completely untenable -- would you forbid the keeping of access logs next? -- and that you would call for police to arrest or shoot people for storing such information is truly frightening.
It ain't knee-jerk; it's just more radical than you're comfortable with. Yes, I do really think that calling for government "intervention" against peaceful people is calling for violence. Mumble mumble jack-booted thugs mumble Waco mumble Ruby Ridge mumble COINTELPRO HUAC MK-Ultra mumble ECHELON mumble mumble.And yes, violence is a quite justified response to attempted rape or to other acts of violence. It is not a justified response to the ordinary collection of ordinary information which you transmitted to the collector's Web server.
Re:Keeping your enemies close (Score:2)
I have to agree with you on my lack of research into the history of the new advisory board at double-click. I haven't taken time to get to know their work, and I should.
I am judging them (and basing my comments about them) on their decision to advise doubleclick alone.
Some would say that the best way to effect change is from the inside out. Working together with the offender to help them understand the error in their ways can , indeed be a productive tool. A publicly traded company is not a good target for this particular aproach. Effecting change from the inside would be more effective in a comunity based .org.
Publicly traded companies have a duty and obligation to their shareholders to maximize returns or suffer the wrath of the market. Given this obligation, it is the responsibility of the CEO and board to do everything within the law to bring these returns to their investers. Currently,the laws in place allow doubleclick to do what ever it damn well pleases with your tracking data and digital biography. Thus they are obligated to employ these methods to maximise shareholder return.
So in the end, what you have here, is 1/2 a dozen of the most well respected minds in the industry taking time to advise a course of action doubleclick can't follow. For the advisors, this is career suicide at worst, and fruitless at best.
If they want to effect change from the inside, I would sugest they put their efforts toward lobbying congress to address privacy concerns so that their advice can be put in place by doubleclick.
___
Grow up. (Score:2)
Furthermore, I have occasionally analyzed my packets, and generally evaluated the situation. I know full well what information they can gather on me, and what they can not. There is no further benefit to be had by me analyzing my packets regularly. I know the furthest extent of what they CAN do; the only thing you do is confirm that they ARE doing it. Why bother? Anyone who spends inordinate amounts of time worrying about this type of crap probably isn't a terribly worthwhile customer anyhow.
Does that extra worry help you much? No. Does it hurt DoubleClick much? No. In other words, you're spinning your wheels.
I, on the other hand, as a worthwhile customer, can wield quite a bit more influence simply by choosing to not deal with certain organizations or websites. If enough people like me start giving them the finger, then action might be taken.
The bottom line is that your efforts are largely wasted. What you're saying is nothing new, and the incremental costs for DoubleClick are slim to none. IFF you care about this as much as you claim, I suggest you pursue alternative methods. Such as joining the rest of society, and spending your dollars elsewhere, or making a persuasive argument (for other worthwhile customers) other than the proverbial "fuck you".