In response to a national campaign led by EPIC and other consumer groups, with the support of state Attorneys General and consumers nationwide, Qwest Communications announced today that it is withdrawing plans for opt-out marketing with customer telephone records, or "CPNI." Citing numerous customer concerns, the company has stated that it will wait until the Federal Communications Commission (FCC) has proposed a final rule on the issue.
Two recently launched ventures underscores the growing commercial interest in protecting privacy. Privacy seal group TRUSTe will announce the launch of a new service to help police unsolicited commercial e-mail, or spam. Under Truste's new program, participants can obtain an e-mail seal if they comply with four criteria. The sender must adhere to Truste's fair information practice principles and e-mail best practices, which include giving consumers notice and choice about receiving e-mail solicitations. The subject line of the e-mail must be accurate and the message text must always allow consumers to opt out of further communications. And if any of these criteria are overlooked, the sender is accountable to Truste's dispute resolution program, in which consumers can complain about a company's e-mail practices. In the other venture Hewlett-Packard Co. will preinstall privacy-protection software from Zero-Knowledge Systems in its Pavilion personal computers sold in North America. Spurred by growing concerns about online privacy and security, the software will allow users control and block cookies used by Web sites to track surfing habits. They will also be able to activate a feature that scans outgoing Internet traffic for credit card numbers and other private information that might be sent unknowingly. Other features include an ad blocker, a personal firewall to guard against hacking and anti-virus protection.
Vice-President of the European Parliament, Gerhardt Schmid, is expected to argue that the Echelon system is used for industrial espionage next week. Dr Schmid compiled the European Parliament's report on Echelon, which is believed to intercept millions of telephone calls, faxes, e-mails and other electronic communications and pass confidential information to the US National Security Agency. Although the US Government has denied the existence of Echelon, it is known to be shared with Canada, Australia, New Zealand and Britain. UK Government sources justify it as a means of gathering information on terrorist organisations and international drug cartels. But Dr Schmid is expected to argue that Echelon is also used by the United States Government to gather sensitive economic data from European countries, which is allegedly being passed on to benefit industrial rivals across the Atlantic.
The Federal Trade Commission today proposed changes to the Telemarketing Sales Rule (TSR) to reduce the annoyance of unwanted telephone solicitations and protect consumers from unauthorized charges on their credit-card bills. The proposal is a key component of the privacy initiative that FTC Chairman Timothy J. Muris announced in early October. Chief among the agency's proposals is the creation of a national "do-not-call" registry; consumers could make a single call to this registry to get their names removed from many telemarketing lists, and telemarketers could face a fine of up to $11,000 for calling homes that were on this list. Additionally, the FTC proposed that telemarketers would be barred from exchanging, selling or buying any billing information about customers. In many cases, consumers are not aware that telemarketers already have their credit card number so consumers don't realize they've agreed to buy something. The Commission is accepting public comments via e-mail and a web page.
Eli Lilly, a pharmaceutical company, has settled a privacy violation investigation with the FTC. Last year, Lilly inadvertently exposed the e-mail addresses of individuals who had signed up for updates on a mental health drug. Lilly had made prior guarantees of privacy and confidentiality in the e-mail addresses. The settlement calls for remedial measures, however, Lilly will not pay monetary damages.
Governor Davis of California has proposed new wiretap legislation modeled along the federal USA Patriot Act, which would give police officers the ability to spy on phone and email conversations without a search warrant. The two op-ed columns linked below highlight the grave dangers of such a dramatic expansion of police power at the state level. Update: Gov. Davis has withdrawn his wiretapping plan after California legal counsel advised him that the proposal would be illegal.
President Bush today signed into law a massive education reform bill that aims to strengthen children's Internet privacy rights in public schools, and makes more than $7 billion in school technology grants. The privacy language would put a damper on a growing practice among companies that offer IT equipment and Internet access in public schools in exchange for the ability to monitor online usage and solicit information about surfing and buying habits. Some of the information that companies compile, such as the American Student List, includes religious affiliation, as well as surfing and spending habits for children as young as two years old. The education package, however, puts the burden on the parents to notify schools if they do not want information on their children collected rather than an 'opt-in' regime where the company has to get the parent's consent to collect the information.
Online advertising company DoubleClick has got out of its Internet ad profiling service proving consumer tracking doesn't pay. Active consumer privacy protection efforts and the lack of significant returns from tracking users prompted the change in the company's strategy.
Two recent stories highlight the attempt to transform the state drivers license into a de facto national ID card by requiring the driver's biometric data to be electronically stored on the license and creating a national standard for machines to be able to read that data on the license. The risk is that a a well-defined form of identification, used for a
particular public safety function, will be transformed into a general
purpose ID that could be used routinely for policing
and surveillance.
A report published by the ACLU has found that Florida�s experimentation with facial recognition technology to be a failure. The ACLU found that the system never correctly identified a suspect, that officials suspended the system on August 11, 2001, that many false positives were made by the system, and that the suspect database contained the names of persons who were sought for police intelligence rather than for committing a crime.
Court documents in a lawsuit filed against an online information brokerage company have revealed that the practice of pretexting led a killer to Amy Boyer. The information brokerage company used by the killer, Docusearch, hired another person to obtain Amy Boyer�s personal information through pretexting.
New York�s Internet Privacy Policy Act will require state agencies to develop online privacy policies. The bill also prevents the collection of personal data from individuals without opt-in consent and grants individuals access their personal information collected from state web sites.
A federal court ruled last month that the FBI did not need a special wiretap order to place a keystroke logging device on a suspect�s computer. Also, the judge allowed the FBI to keep details of the device secret, citing national security concerns. The defendant in the case, Nicodemo Scarfo Jr., used encryption to protect a file on his computer. The FBI used the keystroke logging device to capture Scarfo�s password and gain access to the file.
Toys R Us, a toy company, has agreed to change its privacy policy and pay $50,000 as a result of a New Jersey inquiry into the company�s information collection and sharing practices.
Qwest, a telecommunications company, has sent a notice to customers describing information collection and sharing that the company will engage in unless the customer opts-out. Qwest�s notice describes policies regarding the sharing of Customer Proprietary Network Information (CPNI). This includes customers� subscription plans, and a list of telephone numbers called by the customer. In November 2001, EPIC filed comments with the Federal Communications Commission urging the agency to create opt-in protections for customers� CPNI.
