--------------------------------------------------------------- EPIC DIGEST AT PRIVACY.ORG EPIC-DIGEST is a weekly update of news, information, and action items posted on privacy.org. January 13-18, 2001 TOC------------------------------------------------------------ NEWS Sex Offender Web Pages Insecure Supermarket Card Databases May Be Sold, Obtained By Police MI Attorney General Settles Complaint Against eGames Online Signatures May Eliminate Anonymous Web Surfing Electronic Court Filing Poses Privacy Challenges New Medical Regulations Allow Marketing to Patients Rep. Holt Introduces Bill to Regulate 'Information Collection Devices' Jon Katz: Privacy And Dignity Are Being Eroded By Technology Industry Association Develops Principles for Online Privacy Update Agents and 'Spyware' May Monitor Software Users Complaints Received Under New Canadian Privacy Act ACTION "ENO to ENUM" We are not numbers! NEWS----------------------------------------------------------- Sex Offender Web Pages Insecure A media investigation into the security of state-run sex offender sites has shown that nine of the sites are insecure. Even inexperienced computer hackers could breach the security of some sites, raising the issue of whether criminals could erase their records or add the names of innocent persons to the offender databases. Sex offender Web sites are insecure, MSNBC, January 11, 2001. http://www.msnbc.com/news/514284.asp --------------------------------------------------------------- Supermarket Card Databases May Be Sold, Obtained By Police Grocery store savings cards offer discounts to shoppers in exchange for tracking consumer behavior. David Sobel, of EPIC, points out that shopping records could be obtained by court subpoena or purchased by a health or life insurance company to monitor lifestyle habits including smoking, consumption of alcohol, and consumption of unhealthy foods. The Savings Swipe: What are you trading for discounts at the register?, Morning Call, January 11, 2001. http://www.mcall.com/cgi-bin/slwebsto.cgi?DBLIST=mc01&DOCNUM=1712 --------------------------------------------------------------- MI Attorney General Settles Complaint Against eGames eGames has settled a lawsuit alleging that the company failed to inform consumers of the presence of "spyware" in its programs. The company has agreed to stop producing software containing spyware, which included programs made by Conducent. The company has also agreed to post a privacy policy approved by the AG and provide a utility to remove the Conducent programs. Michigan AG Press Release, Michigan AG Office, January 10, 2001. http://www.ag.state.mi.us/AGWebSite/press_release/pr10203.htm Reaches Privacy Pact With eGames Over 'Spyware', Newsbytes, January 12, 2001. http://www.newsbytes.com/news/01/160454.html --------------------------------------------------------------- Online Signatures May Eliminate Anonymous Web Surfing Legislatures around the world are creating procedures for using legally-binding electronic signatures. The technology may bring convenience and security to e-commerce and business. However, EPIC's David Sobel notes: "If we get to the point where digital signatures are widely used, and everyone is expected to have one, it's likely to become a requirement for registering with Web sitesWe're likely to get into a situation where you can't use the Internet anonymously any more." New Laws on Online Signatures May Expand Trade by E-Mail, The International Herald Tribune, January 15, 2001. http://www.iht.com/articles/7525.htm --------------------------------------------------------------- Electronic Court Filing Poses Privacy Challenges The Judicial Conference of the United States has requested comments on the electronic case management system, which is to be adopted by the federal courts. The new system raises privacy challenges, as case information that had been previously stored in courthouses across the country may now be available to anyone with a computer. This information, including medical records, employment records, financial records, and social security numbers may be used for identity theft, data mining, and marketing. Courts consider privacy perils of electronic filing, Legal Times (Law.com), January 16, 2001. http://www.law.com/cgi-bin/gx.cgi/AppLogic+FTContentServer? pagename=law/View&c=Article&cid=ZZZSKZ08SHC&live=true&cst=1&pc= 5&pa=0&s=News&ExpIgnore=true&showsummary=0 Judiciary Privacy Policy Comment Page. http://www.privacy.uscourts.gov/ --------------------------------------------------------------- New Medical Regulations Allow Marketing to Patients The new federal medical privacy regulations allow the use of patients' information for marketing and fundraising purposes. Doctors, hospitals, and health services companies will be able to send targeted health information and product promotions to individual patients. Privacy Consultant Robert Gellman said that the rule "authorizes a kind of behavior that was once viewed as unethical or improper." Medical Privacy's Tangled Web, Wired News, January 15, 2001. http://www.wired.com/news/technology/0,1282,40989,00.html?tw=wn20010115 Patient Files Opened to Marketers, Fundraisers, Washington Post, January 16, 2001. http://washingtonpost.com/wp-dyn/articles/A63303-2001Jan15.html --------------------------------------------------------------- Rep. Holt Introduces Bill to Regulate 'Information Collection Devices' Rep. Holt (D-NJ) has introduced the Electronic Privacy Protection Act, which prohibits the manufacturing, sale, or use of information collection devices without proper labeling or notice and consent. The Act directs the FTC to establish rules for labeling and gaining consent from consumers using data-collecting devices. H.R. 112, the Electronic Privacy Protection Act, THOMAS Database. http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.00112: --------------------------------------------------------------- Jon Katz: Privacy And Dignity Are Being Eroded By Technology In the second installment of an essay on technology and privacy, Jon Katz reviews U.S. and international privacy policies. Katz writes: "The U.S. codified the idea of constitutionally-guaranteed privacy, but other countries do a much better job of protecting it these days." The Tightening Net: Part One, Slashdot, January 11, 2001. http://slashdot.org/article.pl?sid=01/01/05/1918200&mode=thread The Tightening Net: Part Two, Slashdot, January 16, 2001. http://slashdot.org/article.pl?sid=01/01/05/1923236&mode=thread --------------------------------------------------------------- Industry Association Develops Principles for Online Privacy The American Electronics Association (AEA), a trade association of high-tech companies, has announced support for federal privacy legislation. The AEA's principles call for legislation that supercedes the right of state legislatures to develop stronger protections than those set by the federal government. Electronics trade group backs privacy measures for the U.S., Wall Street Journal, January 18, 2001 (subscription required). http://interactive.wsj.com/articles/SB979780462212710450.htm --------------------------------------------------------------- Update Agents and 'Spyware' May Monitor Software Users Update agents, programs that may track browsing habits, computer configuration, or the availability of software patches, may extract personal and other information from a user's computer. Often, the user is unaware of the information transfer, as consent to the use of update agents and "spyware" is usually buried in the fine print of a user agreement. How to Keep Vendors From Quietly Violating Your Privacy, New York Times, January 18, 2001 (registration required). http://www.nytimes.com/2001/01/18/technology/18UPDA.html --------------------------------------------------------------- Complaints Received Under New Canadian Privacy Act Canada's privacy commissioner has received four formal requests for investigation under the newly enacted Personal Information Protection and Electronic Documents Act. The Act provides broad privacy protections for Canadians, including a requirement for express opt-in consent before businesses can collect, use, or transfer personal information and the right to access personal information held in private databases. Confidentiality fears swamping privacy watchdog, The Toronto Star, January 17, 2001. http://www.thestar.com/cgibin/gx.cgi/AppLogic+FTContentServer? pagename=thestar/Layout/Article_Type1&c=Article&cid=979619499113 ACTION--------------------------------------------------------- "ENO to ENUM! We are not numbers!" Learn more about ENUM, a system that has the potential to become a global unique identifier. The working proposal is at: http://www.ietf.org/internet-drafts/draft-ietf-enum-rqmts-01.txt The ENUM working group is at: http://www.ietf.org/html.charters/enum-charter.html More information on ENUM is available at: http://www.enumworld.com/ http://www.cybertelecom.org/teleph.htm#enum You can make comments on ENUM to Patrik Faltstrom (paf@cisco.com) or Richard Shockey (rshockey@ix.netcom.com). --------------------------------------------------------------- Privacy.org is a joint project of the Electronic Privacy Information Center (http://www.epic.org) and Privacy International (http://www.privacyinternational.org). For more information, e-mail Chris Hoofnagle at digest-editor@privacy.org. --------------------------------------------------------------- How to unsubscribe from EPIC-DIGEST: You can leave the EPIC-DIGEST by entering the subscription e-mail address at http://www.privacy.org/digest.php and selecting "unsubscribe." Or, you can send a blank e-mail message to EPIC-DIGEST@lists.epic.org from the subscribed address with the following text in the subject line: unsubscribe If you experience difficulty with subscription issues, send a message to digest-editor@privacy.org. --------------------------------------------------------------- EPIC-DIGEST Privacy Policy: http://www.privacy.org/privacy.php --------------------------------------------------------------- END EPIC-DIGEST