-Caveat Lector-
From: PRIVACY Forum <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Tue, 30 Nov 1999
Subj: PRIVACY Forum Digest V08 #17
PRIVACY Forum Digest - Tuesday, 30 November 1999 - Vol 08, Issue 17
(http://www.vortex.com/privacy/priv.08.17)
Moderated by Lauren Weinstein ([EMAIL PROTECTED])
Vortex Technology, Woodland Hills, CA, U.S.A.
http://www.vortex.com
CONTENTS
-- Animated Cursors Silently Collecting User Browsing Data
(Lauren Weinstein; PRIVACY Forum Moderator)
-- Big Brother Wants Your Medical Records (Dawn Richardson)
-- Group formed to oppose supermarket "loyalty" cards
(Katherine Albrecht)
-------------------------------------------------------------------
From: [EMAIL PROTECTED] (Lauren Weinstein; PRIVACY Forum Moderator)
Date: Tue, 30 Nov 99 12:32 PST
Subject: Animated Cursors Silently Collecting User Browsing Data
Greetings. The "Spies in Your Software" saga continues onward,
as analysis of various software's network activities in various
quarters continue to reveal new (but unfortunately not really
unexpected) surprises.
In the latest chapter, users of the popular Comet Systems' animated
cursors (for Microsoft Windows systems) have learned that the
cursors (reportedly in use by many millions of persons) have
silently been feeding information concerning the sites they visit
back to Comet for the firm's analysis and use. Unlike the more
common situations where Global Identifiers and related data are
passed only to the particular server to which a user connects,
in this case the information is being fed back to Comet itself,
whenever the user visits any of the many 10's of 1000's of
affiliated sites. The vast array of sites involved include many
oriented towards children, as well as popular comic-strip sites
(such as "Dilbert" and others).
I spoke at length today with Comet's marketing director, who
defended their practices. He contends that the information
collected is "anonymous" since they do not collect names, e-mail
addresses, or other personally-identifiable information, and that
the information they do collect is maintained only in aggregate
form for their paying clients, and is purged of other data before
distribution to those clients. He stated that he feels concerns
about *possible* abuse of collected data in the future (say, after
an acquisition, or other policy change) are purely theoretical and
are not realistic.
One of my main concerns is that it would not seem obvious to most
users that an animated cursor should or would be sending *any*
information back to a central point. His reaction to my suggestion
that the software clearly inform users that there would be
information flowing back to Comet was fascinating. He expressed
the opinion that there was no need for this since the information
was "anonymous"--and that since most people just "click through"
license agreements anyway without reading them, there wasn't any
point to bothering people with lots of stuff to read through before
installation. He also suggested that forcing vendors or sites to
provide such information on a routine basis would create a "police
state" (his exact words) environment. He did however agree that
the lack of regulation creates a situation where each company has
to make these determinations on their own, and admitted that it
would be a lot easier if it were clearly spelled out what they
could or couldn't do.
In response to the current furor, Comet has posted a new privacy
policy, with links that appear on the main download pages for the
cursors and at other points. However, they have chosen not to
provide information on those pages to clue people in to the fact
that there is anything about the cursors which might relate
specifically to privacy concerns, so how many people will choose to
read the privacy links is unclear. Also, depending on Javascript
and browser security settings (*particularly* of concern with
Microsoft Internet Explorer), it is possible that the cursors might
be downloaded automatically without the user ever seeing the
privacy link information.
Comet has also posted instructions regarding removal of the cursors
from your system. The main information is at:
http://www.cometsystems.com/download/cleaner.shtml
Microsoft IE users would need to take some additional steps
detailed at:
http://download.cometsystems.com/no_nag/nonag.asp
to avoid having sites continue to bug them about downloading the
cursors. Unfortunately and ironically, you apparently must have
cookies enabled to activate this latter function, so you may want
to think twice before using it.
The saga continues...
--Lauren--
[EMAIL PROTECTED]
Lauren Weinstein
Moderator, PRIVACY Forum - http://www.vortex.com
Co-Founder, PFIR: People for Internet Responsibility -
http://www.pfir.org
Member, ACM Committee on Computers and Public Policy
-------------------------------------------------------------------
From: "Dawn Richardson" <[EMAIL PROTECTED]>
Date: Wed, 3 Nov 1999 02:30:37 -0600
Subject: Big Brother Wants Your Medical Records
The Medical Privacy Scam: Big Brother Wants Your Medical Records
by Dawn Richardson
On Friday, Oct. 29th, President Clinton announced U.S. Department
of Health and Human Services Secretary Donna E. Shalala's proposed
rules which claim to protect the privacy of Americans' personal
health records that are either transmitted or maintained
electronically. These rules were published in the Federal Register
today, November 3rd.
America is being scammed by HHS initiated press releases into
thinking that these proposed rules, if adopted, will keep us in
control of our intimate medical details. While HHS's rules spell
out clear regulatory restrictions for how doctors and health plans
use our personal medical data, they also dangerously grant federal,
state, and local government health bureaucrats broad unrestricted
access and control of our private medical information without our
consent for anything that can be linked to the self-defined
"national priority purposes" of research, public health, government
health data systems, law enforcement and oversight of the health
care system. (see summary http://aspe.hhs.gov/admnsimp/pvcsumm.htm )
The section of greatest concern in the rules is "Uses and
disclosures permitted without individual authorization."
Unconsented disclosures are rationalized for "public health
surveillance, investigations and interventions." Immunization
and cancer registries are also cited as beneficiaries of this
governmental information grab. HHS states in the rules, "We
considered requiring individual authorization for certain public
health disclosures, but rejected this approach because many
important public health activities would not be possible if
individual authorization were required."
Specific government agencies listed as being granted access to
individual identifiable medical records under the pretext of
"oversight" include "State insurance commissions, State health
professional licensure agencies, Offices of Inspectors General of
federal agencies, the Department of Justice, State Medicaid fraud
control units, Defense Criminal Investigative Services, the Pension
and Welfare Benefit Administration, the HHS Office for Civil
Rights, the FDA, the Social Security Administration, the Department
of Education, the Occupational Health and Safety Administration and
the Environmental Protection Agency."
HHS also proposes "to permit covered entities to disclose protected
health information to a law enforcement official without individual
authorization for the conduct of lawful intelligence activities."
HHS will accept public comment on the proposed rules for 60 days
from the publication date of November 3rd. Public comments can be
submitted electronically to http://aspe.hhs.gov/admnsimp/, and all
631 pages of the proposed rules are posted at this same location.
We are working on our formal comments/objections to the proposed
rules and will be distributing them to our email lists and posting
them on our web site for reference soon.
-----------------
Dawn Richardson, President
PROVE(Parents Requesting Open Vaccine Education)
P.O. Box 1071
Cedar Park, TX 78630-1071
(512) 918-8760
[EMAIL PROTECTED] (email)
http://vaccineinfo.net (web site)
[ I would urge PRIVACY Forum readers with opposing
points of view, particularly concerning the public
health aspects of this issue, to e-mail submissions
expressing the details to the PRIVACY Forum. This
is a complex area where meaningful debate would
be particularly useful.
-- PRIVACY Forum Moderator ]
-------------------------------------------------------------------
From: Katherine Albrecht <[EMAIL PROTECTED]>
Date: Wed, 17 Nov 1999 14:20:28 -0500
Subject: Group formed to oppose supermarket "loyalty" cards
Hi,
I am the founder of CASPIAN, a consumer group dedicated to fighting
supermarket "loyalty cards" or "club cards." Since your
organization is concerned with consumer privacy issues, I invite
you to visit the CAPSIAN website, at www.nocards.com, and to let
your readers know of the movement to fight these invasive
registration and monitoring programs.
The CASPIAN website contains a comprehensive set of arguments
against shopper cards and provides evidence that these programs
do not save shoppers money. Also, to the best of my knowledge,
the CASPIAN site contains the most comprehensive listing of United
States grocery retailers on the Web. It lists the URL, locations,
and card status of over 400 stores and supermarket chains. In the
four weeks since it was publicly released, the CASPIAN website has
received thousands of visits from shoppers around the world in
addition to being featured on NBC news and the Seattle Times.
I applaud you for your efforts to protect consumer privacy.
Keep up the good work!
Sincerely,
Katherine Albrecht
Founder/Editor
CASPIAN - Consumers Against Supermarket Privacy Invasion
and Numbering - www.nocards.org
------------------------------
End of PRIVACY Forum Digest 08.17
************************
** Please include a RELEVANT "Subject:" line on all submissions! **
*** Submissions without them may be ignored! ***
-------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion
and analysis of issues relating to the general topic of privacy
(both personal and collective) in the "information age" of the
1990's and beyond. The moderator will choose submissions for
inclusion based on their relevance and content. Submissions will
not be routinely acknowledged.
All submissions should be addressed to "[EMAIL PROTECTED]"
and must have RELEVANT "Subject:" lines; submissions without
appropriate and relevant "Subject:" lines may be ignored.
Excessive "signatures" on submissions are subject to editing.
Subscriptions are via an automatic list server system; for
subscription information, please send a message consisting of the
word "help" (quotes not included) in the BODY of a message to:
"[EMAIL PROTECTED]". Mailing list problems should be
reported to "[EMAIL PROTECTED]".
All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate
to be distributable without limitations.
The PRIVACY Forum archive, including all issues of the digest and
all related materials, is available via anonymous FTP from site
"ftp.vortex.com", in the "/privacy" directory. Use the FTP login
"ftp" or "anonymous", and enter your e-mail address as the
password. The typical "README" and "INDEX" files are available
to guide you through the files available for FTP access. PRIVACY
Forum materials may also be obtained automatically via e-mail
through the list server system. Please follow the instructions
above for getting the list server "help" information, which
includes details regarding the "index" and "get" list server
commands, which are used to access the PRIVACY Forum archive.
All PRIVACY Forum materials are available through the Internet
Gopher system via a gopher server on site "gopher.vortex.com".
Access to PRIVACY Forum materials is also available through the
Internet World Wide Web (WWW) via the Vortex Technology WWW server
at the URL: "http://www.vortex.com"; full keyword searching of all
PRIVACY Forum files is available via WWW access.
DECLARATION & DISCLAIMER
==========
CTRL is a discussion and informational exchange list. Proselyzting propagandic
screeds are not allowed. Substance�not soapboxing! These are sordid matters
and 'conspiracy theory', with its many half-truths, misdirections and outright
frauds is used politically by different groups with major and minor effects
spread throughout the spectrum of time and thought. That being said, CTRL
gives no endorsement to the validity of posts, and always suggests to readers;
be wary of what you read. CTRL gives no credeence to Holocaust denial and
nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://home.ease.lsoft.com/archives/CTRL.html
http:[EMAIL PROTECTED]/
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
