CLOG: The Samuelson Clinic Blog
Every couple of years, members of various content industries approach the Federal Communications Commission (FCC) to engage in a dialogue about ways to regulate access to media. In particular, groups like the Motion Picture Association of America (MPAA) and Recording Industry Association of America (RIAA) see the FCC as a vehicle for controlling both what new technologies consumers can buy and how they can use them.
While much of the rhetoric used to justify these regulations is couched as preventing the “theft of intellectual property” or “piracy,” many of the regulations proposed restrict legitimate and otherwise legal uses of content, often by consumers who have purchased the actual movie or song directly from the movie studio or record label.
Recently, the MPAA approached the FCC to ask for permission to engage in “selectable output control” (SOC). Under SOC, whenever consumers purchased special video-on-demand movies over cable, the MPAA and its member companies would be allowed to “turn off” parts of the consumer’s TV or digital video recorder that might allow them to record the movie for later viewing — a practice often called “time-shifting” and one that the United States Supreme Court has held is legal under the Fair Use doctrine of copyright law. Thus, even though consumers would have a legal right to make these recordings, the FCC and the MPAA would restrict the technology available to the public so that no one could exercise this right, even if they wanted to.
More on SOC and the battle over it can be found here.
Public Knowledge, a DC-based non-profit that represents consumer interests in technology, has also put together a nice two-minute video on the subject:
Savage Nation
Originally uploaded by Steve Rhodes.
Several months ago, radio personality Michael Savage sued the Council on American-Islamic Relations (CAIR) for copyright infringement (plus some RICO charges) because they rebroadcast just over four minutes from his radio show on their website in order to point out his use of anti-Muslim messaging, encourage advertiser boycotts, and raise awareness and money for CAIR’s activities. CAIR (represented by EFF and Tom Burke of DWT) moved to dismiss claiming among other things that the use of the clip was a fair use.
Today, Judge Illston of the Northern District of California dismissed the suit, agreeing that the use of the material for commentary and criticism was a classic fair use.
Specifically, Illston held:
The complaint affirmatively asserts that the purpose and character of [CAIR’s] use of the limited excerpts from the radio show was to criticize publicly the anti-Muslim message of those excerpts. To comment on [Savage’s] statements without reference or citation to them would not only render [CAIR’s] criticism less reliable, but be unfair to [Savage]. Further, it was not unreasonable for defendants to provide the actual audio excerpts, since they reaffirmed the authenticity of the criticized statements and provided the audience with the tone and manner in which plaintiff made the statements.
Check out the opinion here.
The Southern District of New York issued an order recently in the Tiffany v. eBay case, where Tiffany had sued eBay under a variety of trademark theories over the actions of users who sold knock-offs using the “Tiffany” name in their auction titles or descriptions.
There’s lots to write about this 66-page decision, including the standard for contributory trademark infringement, duties to police, etc., but I thought I would post a little on the issue of nominative fair use, since I thought the court’s analysis was rather on point with some of the thinking I’ve been doing about information economics lately.
Nominative fair use is the doctrine that allows people to use trademarks when they are speaking or writing about those marks. So, for example, if I review the new Harry Potter movie, I can use the trademark “Harry Potter” in my review without fear of liability because it is both descriptive of the source of the film (the Harry Potter franchise co-owned by Warner Brothers and J.K. Rowling) and necessary in order for people to know what I am describing. Without the name, referencing the good or service you are describing become cumbersome at best and impossible at worst.
In the Tiffany case, Tiffany had accused eBay of infringing its “Tiffany” mark because the name appeared in various places on its home page, in its emails, and in search results. (Apparently, this was even for legitimate Tiffany goods, not just knock-offs). eBay defended this, saying that when Tiffany notified them that use of the name was associated with a knock-off, they removed it entirely and when it was associated with sale of a legitimate Tiffany item, the use of the name was necessary under the doctrine of nominative fair use because, as far as they were concerned, there was no other way to let users know something was a Tiffany good without using the name.
The Court sided with eBay. In doing so, it held:
[T]he Tiffany name is what gives the jewelry the cachet it enjoys. Absent the Tiffany brand, a silver heart necklace or a silver bracelet with an ID chain would simply be a piece of jewelry instead of a symbol of luxury. Indeed, were eBay precluded from using the term “Tiffany” to describe Tiffany jewelry, eBay would be forced into absurd circumlocutions. To identify Tiffany jewelry without using the term Tiffany — perhaps by describing it as “silver jewelry from a prestigious New York company where Audrey Hepburn once liked to breakfast,” or “jewelry bearing the same name as a 1980s pop star” — would be both impractical and ineffectual in identifying the type of silver jewelry available on eBay.
Besides showing a sense of humor (not to mention some good 80s pop culture trivia skills), the Court gets it exactly right here. Network architecture is premised on efficient descriptions of objects. Both people and machines like short, direct, and accurate names for files, images, links, etc. These can come both from the host of a site, but also from users in the form of tags, comments, and titles. Thus, one of the most efficient ways to describe something on the web that is trademarked is to use the trademark as the descriptor. To force web companies and users into “circumlocutions” — as the Court suggests — is not only inefficient but also obfuscating. No one searching the web wants to search for something using 1,000 different descriptions; they want to search for it using a single description, taking advantage of the network effects a single descriptor enables. Here, as the Court recognizes, that single best description is the brand name of the product line. Wisely, it holds that trademark law cannot and should not stand in the way.
Eric Goldman has his write-up here.
Today’s Wall Street Journal reports that malware for smart phones (e.g., Windows CE- and Symbian-based devices, and Blackberries) is real and on the rise.
The article quotes states that the economics of cell phone malware doesn’t look so good for malware-writers because of the lack of a dominant hardware platform. Still, the mobile segment of the anti-malware market seems to be developing, and proprietors of phone platforms are somewhat famously exerting control over which third-party applications can be installed. (For a synopsis, see the excerpt from Jonathan Zittrain’s The Future of the Internet — And How to Stop It on the book’s home page.
But, at the same time, the points out that mobile devices present a broader range of hazards than susceptibility to malware: unrestricted file transfers can poke holes in network security mechanisms that apply to the rest of an enterprise network, and lost devices may contain troves of sensitive information. So organizational policies and practices must complement technical approaches, and there are dimensions of cybersecurity that technical solutions (including platform control) won’t solve.
The 2008 Computers, Freedom, and Privacy conference is just a few weeks away: it’ll be held May 20-23 in New Haven, CT.
You can view the program — with an election-year focus on technology policy — and register for the conference here. The program is outstanding, with plenary panels on the “National Security State and the Next Administration” and “The 21st Century Panopticon?” There are also panels on social networking, online activism, network-level copyright filtering, spyware, patents, electronic voting, and … well there’s a panel on nearly everything.
Act fast: discount registration at the conference hotel ends May 1, and early-bird registration for the conference ends May 2. There are reduced rates for students and academics.
According to the Washington Times, the Government Printing Office has been outsourcing the creation of e-Passport covers, which contain the contactless smart card chip (a.k.a. RFID chip) and antenna, to companies in Europe and Thailand. Apparently the GPO did this due to cost concerns, and it’s paid handsomely: over $100 million in profits claims the Times, due to the huge mark-up. Passports used to cost $60 - now they cost $90, and the cost of using outsourcers is around $7.97 per passport for the GPO, who then marks them up for the State Department to $14.80. Quite a tidy profit.
What’s especially disturbing about this (besides the concern that the government is supposed to be a break-even operation that doesn’t make substantial profits off of its citizens), especially in light of the strict manufacturing processes outlined by the REAL-ID act looming for state IDs, is the fear that outsourcing the creation of one of the US government’s gold standard of documents to multiple foreign countries is rife with security holes. The Times reported at least one - apparently, within the U.S. the passports were shipped from the GPO to the State Department via FedEX, and only later was that upgraded to an armored car company. Just the shipping process alone (which the article gives no indication of how secure it is) from the Netherlands, to Thailand, and then to the U.S. leaves plenty of opportunity for both dumb mistakes and deliberate targeting. How secure are the facilities abroad? Do the workers undergo background checks? Etc, etc, etc.
Remember, this is from an administration who is threatening to tell states that refuse to comply with REAL-ID that their residents will not be able to board planes at airports with their state issued IDs because they will not be deemed sufficiently secure enough. Yet, the federally issued e-Passport, deemed to be incredibly secure due to the inclusion of RF technology and far more valuable than a state-issued driver’s license, is potentially vulnerable to being stolen in its most valuable form: as a blank book (printing apparently occurs here in the U.S.).
I must note that we have no reports yet of there having been any problems with this process, but this reported lack of control over the manufacturing process inspires little confidence.
The Berkeley Center for Law & Technology and the High Tech Law Institute at Santa Clara Law School are sponsoring The Law & Business of Online Advertising Conference at the Bancroft Hotel on Friday, April 18, 2008. Panelists include Samuelson Clinic Associate Director Jason Schultz and staff attorney Chris Hoofnagle:
With the explosive growth of online advertising, businesses and their counsel must be aware of new technologies, their legal implications, and evolving legal risks in the field. The Law and Business of Online Advertising brings together academics, practitioners, business leaders, and technology experts to discuss legal, policy, and technical developments in online marketing. This intensive event begins with two tutorials led by Professor Hal Varian (Chief Economist, Google) and Microsoft’s Kim Howell on the economics and technology of online advertising, followed by panels exploring online advertising issues faced by consumers, publishers, and advertisers. In-house and outside legal counsel who represent or will represent businesses with online advertising should attend, as should those developing or implementing online advertising technologies. Registration is free and CLE credit is available.
Today’s TRUST Seminar featured Rebecca Herold, a privacy and security consultant with Information Shield.
Herold covered many of the challenges of shielding a business against data security breaches, including the difficulties of convincing executives to invest in security (a topic of substantial interest to the Clinic). A tool that Herold developed would help in that effort: a privacy breach calculator.
She shared an interesting anecdote—Herold said that in a former job, she made sure that she read the Wall Street Journal early in the morning, before the senior executives did. Why? Because if there was a breach at another organization, the executives at her organization would want to know whether procedures were in place to avoid a similar problem. This is consistent with a major finding of a recent paper published by the Clinic on security breaches. In it, we found that organizations had a “that could have been us” moment when learning about breaches at other businesses. This knowledge mobilization helped organizations avoid breaches at their own business, and supports the need for centralized reporting of breaches.
MIT’s Technology Review reports on “reality mining” — mining your everyday social interactions — with mobile phone sensors to build an inferential portrait of who you interact with, what you do, and where you go. As Professor Sandy Pentland describes:
Today’s cell phones are on us all the time, and they come with hardware that can act as sensors for your environment. For instance, if Bluetooth is turned on, then the phone can see and be seen by other Bluetooth devices. You can start to make a record of the Bluetooth-enabled devices you encounter throughout the day. Then you can figure out, based on the frequency [with which] you encounter other people’s Bluetooth phones, what sort of relationship you have with them.
The iPhone also has an accelerometer that could tell if you are sitting and walking. You don’t have to explicitly type stuff in; it’s just measured. And all phones have built-in microphones that can be used to analyze your tone of voice, how long you talk, how often you interrupt people. These patterns can tell you what roles people play in groups: you can figure out who the leader is and who the followers are. It’s folk psychology, and some of the stuff people may already know, but we haven’t been able to measure it, at such a large scale, before these phones.
Cool stuff — the kind of data gathering that makes social scientists very excited. But as the Technology Review reporter is apt enough to point out, “this all gets very creepy very fast,” and Pentland wisely points out the need for privacy in this type of data gathering, even recommending that they should be opt-in, or that personal data is stripped out.
Admittedly, it feels like progress to see privacy issues mentioned front and center in a story like this. With any luck, that spirit won’t get lost when projects such as these make it into the design phase.
The Ponemon Institute and TRUSTe have just released their annual Most Trusted Companies for Privacy report. As part of this report, the groups asked consumers about the factors—positive and negative—that shaped their perceptions of companies’ privacy practices. (Full disclosure: I am a fellow of the Ponemon Institute.)
Bar Charts 3 and 4 in the Ponemon/TRUSTe survey are instructive. In Chart 3, we see that the strongest indicators for trust among consumers is reputation, respect for consumers, and product quality. This explains why certain information-intensive companies, such as Amazon.com and American Express, are routinely top-ranked for privacy trust. A smaller number of consumers is evaluating companies on actual privacy practices—limits on sharing of data, disclosures around policies, and the presence of third-party reputation seals.
Chart 4 shows what factors decrease privacy trust, and the most influential factor is a data security breach. “Irresponsible marketing” is next, which I assume means that one receives some type of advertising pitch from the company. Again, these constitute the information most available to consumers, and are not truly indicative of a company’s respect for consumer privacy.
Studies such as Ponemon’s help us understand why companies do not compete on policies that maximize privacy rights. One problem is that consumers don’t possess the best information to evaluate and compare companies’ practices. Privacy policies go unread, but even when read, they have other shortcomings. They can be beyond comprehension, contradictory, or simply vague about actual practices. As a result, other characteristics of a company are used as shorthand to assess “trust,” and this introduces unfairness and arbitrariness into the evaluation of a company on privacy.
Submitted by Chris Hoofnagle on February 12, 2008 - 9:57pm.
I’ve spent the last few months working with an excellent journalist on the Anonymity Experiment, which will appear in this month’s Popular Science magazine. In it, Catherine Price attempts to live a normal life without revealing personal data:
…when this magazine suggested I try my own privacy experiment, I eagerly agreed. We decided that I would spend a week trying to be as anonymous as possible while still living a normal life. I would attempt what many believe is now impossible: to hide in plain sight.
[…]
[Hoofnagle]…laid out my basic tasks: Pay for everything in cash. Don’t use my regular cellphone, landline or e-mail account. Use an anonymizing service to mask my Web surfing. Stay away from government buildings and airports (too many surveillance cameras), and wear a hat and sunglasses to foil cameras I can’t avoid. Don’t use automatic toll lanes. Get a confetti-cut paper shredder for sensitive documents and junk mail. Sign up for the national do-not-call registry (ignoring, if you can, the irony of revealing your phone number and e-mail address to prevent people from contacting you), and opt out of prescreened credit offers. Don’t buy a plane ticket, rent a car, get married, have a baby, purchase land, start a business, go to a casino, use a supermarket loyalty card, or buy nasal decongestant. By the time I left Hoofnagle’s office, a week was beginning to sound like a very long time.
Her week is very interesting, and she experiences some funny anecdotes in buying a wireless phone anonymously, getting to and from San Francisco, and using the internet with anonymous proxies. Worth a read!
Submitted by Chris Hoofnagle on February 11, 2008 - 5:25pm.
A recent Gartner study, authored by Avivah Litan, Phishing Attacks Escalate, Morph and Cause Considerable Damage, finds that phishing attacks rose in 2007, costing the economy $3.2 billion.
The report in part relies upon data obtained by the Clinic through Freedom of Information Act Requests. These requests sought data from federal banking agencies on security breaches. Data released from the FDIC (PDF | XLS) and the Board of Governors of the Federal Reserve (PDF) indicate that the federal agencies are not tracking breaches in a consistent or useful way. As Gartner stated in the press release accompanying the study, the data shows serious shortcomings in regulators’ surveillance system:
Ms. Litan said bank regulators appear to be in the dark when it comes to measuring damage from phishing attacks. The University of California at Berkeley conducted a Freedom of Information Act request, asking the Federal Deposit Insurance Corporation for all bank-reported data on fraud attacks between January 27, 2005 and May 30, 2007. Gartner and UC Berkeley analyzed these data and found spotty, unreliable and unstructured data reported by U.S. banks to the regulator. Just 451 unique incidents were reported in this period. “The data quality was so poor that it was impossible to draw any conclusions from it other than that the regulatory reporting on fraud attacks is severely lacking,” Ms. Litan said.
I came across this statistic the other day while doing some research on marketing fraud:
In recent years, despite the creation of a national “do not call” registry, the legitimate telemarketing industry has grown, according to the Direct Marketing Association. Callers pitching insurance plans, subscriptions and precooked meals collected more than $177 billion in 2006, an increase of $4.5 billion since the federal do-not-call restrictions were put in place three years ago.
This all sounds very unlikely. And I recall from years of working on telemarketing regulation that the DMA used suspicious revenue numbers in order to influence the FCC and FTC, and prevent the creation of the Telemarketing Do-Not-Call Rule. You’ll note that many of their numbers concern 2001, the year before Do-Not-Call was being considered by the FTC.
So, I did a quick search of the DMA’s website, noting all the times they they made a claim to regulators or in a press release about revenue from telemarketing. The result? Not only are the numbers suspiciously high, they seem to change…in the same year:
- “Telemarketing Sales” 1996: $63,100,000,000
- “Telemarketing Sales” 2000: $86,900,000,000
- “Telemarketing Sales” 2001: $93,800,000,000
- Sales to consumers in 2001: “nearly $270 billion”
- Sales to consumers in 2001: $296,000,000,000
- “Telephone Marketing Generated $668 Billion in 2001 and Employed Six Million”
- “The teleservices industry employs more than four million people and provides product offerings directly to consumers that resulted in $275 billion in sales in 2001.”
- “In 2001…customers purchased $661 billion in goods and services - accounting for almost six percent of Gross Domestic Product (GDP).”
- Sales to consumers in 2001: $274,200,000,000
- Sales to businesses in 2001: $390,000,000,000
- “Telemarketing Sales” 2002: $100,000,000,000
- “We will protect the integrity of the American teleservices industry, which generated over $700 billion last year [2002] for the U.S. economy, by respecting consumer preferences.”
“Keep in mind historically, telemarketing is an easy way to money launder and commit fraud. To knowingly bank a customer who is perpetrating fraud places the bank at great exposure,” wrote that [Wachovia] executive, Tim Brady, according to documents that are part of the lawsuit.
This raises an excellent point, one that I’m attempting to develop and articulate here at the Samuelson Clinic: we know that some business models are routinely employed for fraud. Shouldn’t consumer protection law and enforcement efforts routinely scrutinize these business models to reduce the incidence and severity of frauds against consumers?
One reason why we’re failing to quickly address these problems is that businesses can profit by facilitating others’ frauds. As explained by Charles Duhigg, reporting in today’s New York Times, Wachovia knew that fraudulent telemarketers were using account at the bank to steal money from others, and that it was good for business at Wachovia:
But newly released documents…show that Wachovia had long known about allegations of fraud and that the bank, in fact, solicited business from companies it knew had been accused of telemarketing crimes.
Internal Wachovia e-mail, for example, show that high-ranking employees at the nation’s fourth-largest bank frequently warned colleagues about telemarketing frauds routed through its accounts.
Documents also show that Wachovia was alerted by other banks and federal agencies about ongoing deceptions, but that it continued to provide banking services to multiple companies that helped steal as much as $400 million from unsuspecting victims.
“YIKES!!!!” wrote one Wachovia executive in 2005, warning colleagues that an account used by telemarketers had drawn 4,500 complaints in just two months. “DOUBLE YIKES!!!!” she added. “There is more, but nothing more that I want to put into a note.”
However, Wachovia continued processing fraudulent transactions for that account and others, partly because the bank charged fraud artists a large fee every time a victim spotted a bogus transaction and demanded their money back. One company alone paid Wachovia about $1.5 million over 11 months, according to investigators.
“We are making a ton of money from them,” wrote Linda Pera, a Wachovia executive, in 2005 about a company that was later accused by federal prosecutors of helping steal up to $142 million.
We all know that telemarketing is a major vector for fraud. Yet, major banks have allowed them to operate on the network in such a way that they can withdraw money from accounts without authorization. For instance:
In 2005, a Wachovia fraud investigator wrote to colleagues that 79 percent of the checks submitted by one Wachovia client, Suntasia, had been returned in August because of unauthorized withdrawals and other problems. Regulators say return rates in excess of 2.5 percent is evidence of potential fraud.
“I have good reason to believe that all of the deposited items are unauthorized drafts,” wrote the fraud investigator, Bill McCann in a 2005 e-mail message.
But Wachovia continued doing business with Suntasia until last year, when the company was shut down by a court order, according to the lawsuit.
These frauds are predictable and preventable. They lack novelty and complexity. But they still occur, in part because the incentive structure rewards processing these transactions.
Submitted by Chris Hoofnagle on January 26, 2008 - 11:42am.
David Enrich reports in today’s Wall Street Journal that banks are recouping losses from the slowdown in the economy by raising fees. Fees have risen faster than inflation, and larger banks are leading the charge in imposing the biggest fees:
Nuisance fees have long been a sore point for bank customers, consistently rising much faster than the U.S. inflation rate. Five years ago, out-of-network ATM fees — imposed on customers who make deposits or withdrawals at a machine that isn’t owned by their bank — averaged slightly more than $1 a transaction, according to a Federal Reserve survey. The average now is about $1.78, says Greg McBride, a financial-services analyst at Bankrate.com in North Palm Beach, Fla.
[…]
Bank of America Corp., the country’s largest bank in stock-market value, pioneered the $3 fee in August. The Charlotte, N.C., company has nearly 19,000 ATMs. Other big banks followed, with Huntington Bancshares Inc., Columbus, Ohio, increasing noncustomer ATM fees to $2.50 from $2 at most of its 1,400 ATMs, spokeswoman Jeri Grier says. Wachovia Corp. has fattened its surcharges at 200 of its 5,100 ATMs to as much as $3, according to Liz Costa, spokeswoman for the Charlotte, N.C., bank. Wachovia hasn’t decided whether to roll out higher fees throughout the U.S.
This is relevant to privacy, because one of the explicit promises in passage of the Gramm-Leach-Bliley Act (GLBA) was that greater information sharing would result in more products, better products, and lower fees. That law allowed banks, insurance companies, and brokerage houses to merge and use your personal information to an almost unlimited degree.
But since passage of the Act in 1999, fees have increased precipitously and services have decreased at financial institutions. And it seems that every few years, a new news article bemoans higher and more widespread fees.
In August 2005, Jane J. Kim reported in the Wall Street Journal that credit card penalty fees have reached yet another new high:
Being late on your credit-card payments has never been more expensive, as penalty rates among major credit-card issuers hit new highs.
Some major issuers, including J.P. Morgan Chase & Co., Citigroup Inc.’s Citibank and Bank of America Corp., are now charging maximum penalty rates that have edged past 30%…
Although some subprime issuers have been charging penalty rates above 30%, this is the first time that the major issuers’ interest rates have crossed that threshold, says Robert McKinley, chief executive of CardWeb.com, a payment-card industry Web site…
The higher rates come at a time when the overall cost of using a credit card is on the rise, and banks are increasing their charges on everything from late fees to cash advances in an effort to generate revenue.
In an article titled, “Fees Fees Fees,” Businessweek reported in September 2003 that financial institutions would get $50 billion in fees that year (today’s article by Enrich estimates that it’s now between $60-70 billion):
Nobody beats the banks and other financial services companies when it comes to adding on the fees. Banks will get $30 billion this year from customers paying extra for bounced checks, using automated teller machines, and other added charges. Credit-card issuers will rake in an estimated $20 billion in extra charges such as late-payment fees, which have been rising. And that doesn’t even include fees that online brokers charge small-time investors.
In April 2003, New York Times writer Jennifer Bayot reported:
Many fees and business practices that were considered unusual only a few years ago are quickly becoming widespread as the card companies seek to build revenue at a time of low interest rates.
Because of the competitive climate, “you cannot charge an annual fee and you have to offer a low interest rate,” said Robert B. McKinley, chief executive of CardWeb.com, which tracks the credit card industry, “so there’s been this fee frenzy.”
In June 2004, Mitchell Pacelle of the Wall Street Journal reported:
Cardweb.com, a consulting group that tracks the card industry, says credit-card fees, including those from retailers, rose to 33.4% of total credit-card revenue in 2003. That was up from 27.9% in 2000 and just 16.1% in 1996. The average monthly late fee hit $32.01 in May, up from $30.29 a year earlier and $13.30 in May 1996, the company said. In 2003, the credit-card industry reaped $11.7 billion from penalty fees, up 9% from $10.7 billion a year earlier, according to Robert Hammer, an industry consultant.
“As competitive pressure builds on the front-end pricing, it has pushed a lot of the profit streams to the back end of the card — to these fees,” says Robert McKinley, chief executive of CardWeb .com. Over the past two years, he said, “it’s become much more aggressive.” At industry conferences, he notes, talk often turns to “what the market will bear.”
In 2003, the Federal Reserve issued a Congressionally-mandated report (PDF) on fees that found:
Of the fourteen fees for which comparisons are available…multistate banks charged significantly higher fees in eight cases and in no case charged a significantly lower fee…
Of the twenty-four measures that may be considered indicators of service availability, six changed a statistically significant amount, and five of these were in the direction of less service availability.”
Overall, this means that information sharing alone won’t guarantee more consumer welfare. One needs to get beyond the facile reasoning that more availability of information causes more competition, because banks have engaged in other behaviors to prevent their services from competing (such as “shrouding” fees).
 Catalog Choice is a project of the Ecology Center that enables individuals to easily remove themselves from the mailing list of specific catalogs at no charge. One simply signs up, provides their mailing address, and Catalog Choice automates the process of sending opt out messages to retailers.
From a privacy perspective, junk mail is interesting because environmental, rather than privacy groups, have gained more traction in creating interventions to curb unwanted mailings. The green appeal of opting out of junk mail has been very successful, and now over 400,000 people have created accounts on the site.
For fee privacy services, such as Private Citizen have existed for some time, and are very effective at reducing junk mail. But, B2B magazine reports that Catalog Choice has become so popular that the Direct Marketing Association has eliminated the $1 fee for its competing service, the poorly-named Mail Preference Service (MPS). While MPS is now free, the Direct Marketing Association still requires one to provide a credit card number for identification purposes.
Another unintended consequence of government database consolidation — per this article in the North Carolina News & Observer, NC residents (and doubtless others across the US) are being denied driver’s licenses as a consequence of intra-state DMV data sharing due to old, minor infractions such as unpaid parking tickets, or in some cases just due to error.
North Carolina drivers who haven’t had a ticket in years are being denied new licenses because their names have popped up in a national computer database that has flagged 42 million Americans as “problem drivers.”
States are supposed to use the National Driver Register to warn each other about dangerous drivers who lost their licenses for impaired driving and other motor vehicle offenses.
But the register also penalizes good drivers for unresolved paperwork that is sometimes decades old. Some motorists describe the register as a blunt instrument that combines the clumsy weight of 50 state bureaucracies.
Clumsy, indeed. How on earth do you contest an unpaid parking ticket from a state you haven’t lived in for twenty years? (Answer: you can’t. You get stuck paying the fine.) And more importantly, at what point should your past sins finally be forgiven? Why should you be denied a license in 2008 for a parking infraction in 1988?
While the intent of this initiative is noble — after all, we don’t want chronically unsafe drivers moving between states in order to get licenses — why are the states releasing data that have nothing to do with the types of violations that are indicative of unsafe driving? Why doesn’t this data merely lapse out of the system after some reasonable amount of time?
This is indicative of a growing problem: the eternal life of data. Some of our Berkeley iSchool colleagues were quoted recently in a Boston Globe article discussing the benefits of digital forgetfulness. In short, by not developing policies governing what we collect and how long we keep it for, we run the risk of keeping too permanent a record of our activities.
Submitted by Chris Hoofnagle on August 13, 2007 - 3:17pm.
Tricia Duryee reports in the Seattle Times that Intellius, a commercial data broker, is about to amass a database of 240 million wireless phone numbers:
People who visit www.intelius.com can enter a person’s name to get a cellphone number, or do the reverse by entering a number to get the subscriber’s name. Each search costs $15.
Ed Petersen, Intelius co-founder and senior vice president of sales and marketing, said the company has 120 million listings but expects to increase that to 240 million in the next two weeks. If that is true, Intelius is claiming to have nearly every single subscriber’s digits in the U.S.
While the carriers have proposed to create a wireless 411 database, and Congress has threatened to regulate it, commercial data brokers have been quietly amassing cell phone numbers. In addition to Intelius, Experian sells wireless numbers (PDF). These data-broker created databases will circumvent true opt-in protections being considered by Congress and the states.
How have these companies obtained the numbers?
Petersen declined to give much detail but said Intelius gets data from marketing companies and public records — all sources people have opted in to, he said.
Petersen said Intelius connects names to numbers by putting together billions of pieces of information. For example, one piece of information might link a name to an address; another source might tie that address to a phone number.
While a portion of the data, such as addresses, may have come from public sources, it’s likely that the wireless numbers were purchased from other companies. For example, if a consumer gives a wireless number to a business, in most circumstances, that business is free to sell it to others.
Petersen’s quote illustrates a tension present in many privacy debates, which I believe is definitional—”all sources people have opted in to…” In this context, what does opt in mean? An argument could be made that when a consumer provides a phone number to a company, the consumer welcomes some communication from that company. The telemarketing rules recognize such an act as an “established business relationship.” On the other hand, who would believe that giving a wireless number to a business would also be giving consent to all uses, including future resale by Intelius or other companies?
|
