FTC: Consumer Privacy Comments Concerning Russ
Smith--P954807
Secretary
Federal Trade Commission
Room H-159
Sixth Street & Pennsylvania Ave., N.W.
Washington, D.C., 20580
Consumer Privacy 1997 -- Request to
Participate, P954807
Second Set of Reply Comments Submitted by
Russ Smith
All three sets of FTC Comments are
reproduced at
http://consumer.net/FTCprivacy97.htm
http://consumer.net/FTCprivacy97reply.htm
http://consumer.net/FTCprivacy97replya.htm
BACKGROUND
This is a final set of three comments filed on April 15,
May 30, and these comments to be filed July 14, 1997. These comments are to clarify some
points raised at the hearings and to summarize events since the hearings.
Hearings
The FTC staff working on the hearings seemed
well prepared and fully aware of the issues. However, the structure of the hearings work
to limit the input of average consumers. The comment period was difficult and arduous
requiring six hard hard copies to the FTC's Washington office even though this was a
hearing on the Internet. Comments are being accepted via the Internet at Democracy.net,
but this was not publicized by the FTC and I expect the response to limited. I did
publicize this comment avenue both at my web site [ http://consumer.net
] and via the newsgroups. The Commissioners seemed somewhat informed on the issues. The
FTC Chairman did not appear to be involved in the hearings.
The time allotted clearly favored industry
representatives. Many members of both industry and consumer groups were named to panels
even though they submitted minimal comments. Some openly admitted they did not fully
understand the issues. Others discussed somewhat irrelevant points that involved other
agendas. Several junk e-mailers were given substantial amounts of time even though they
did not submit any comments. While this was going on several interested consumers who
wanted to simply attend the hearings were turned away by the guards. Some were later
allowed in while others had to sneak in during breaks and found empty seats.
I feel the Commission needs to have a comment
period open to the public via e-mail on these issues in addition to the current formal
proceedings.
E-Mail Relaying
The issue of e-mail relaying was not fully
discussed during the hearings. Commissioner Varney discussed e-mail 'bouncing' from one
computer the next making it sound like a random occurrence. However, this 'bouncing'
occurs at the network or 'backbone' level. An example message would go from my computer to
my Internet Service Provider (ISP) to their 'backbone' provider (say MCI) to the
receiver's 'backbone' provider (say Sprint) to his ISP and finally to the receiver's
computer. The 'bouncing' occurs within and/or between these 'backbones' and not at the
user level.
It is also possible to log into a mail server
from anywhere on the Internet. If you are away from home but want to get your e-mail you
can log onto your mail server using your password. This is how mail relaying is done. One
method is to simply find some user names from a domain by getting some e-mail addresses.
The next step is to use a program that checks all words in the dictionary (plus appending
them with the numbers 1 through 99) until one works as the password. Relaying to servers
overseas (presumably to avoid lawsuits) has drastically increased over the past few months
as discussed below. As a result, e-mail server software companies are upgrading their
products or are providing intricate instructions to restrict this relaying [such as http://www.software.com's Post.Office product and http://www.sendmail.org ] if their product is to remain
competitive. However, if relaying is completely restricted the legitimate user would no
longer be able to send e-mail if away from home.
Privacy at Sites
Another issue that was not fully discussed at
the hearings was what happens when someone rejects a site's privacy policy. Unless the
policy is published with some third party, the user's Internet Protocol (IP) address is
still captured by the site in their log file. The subsequent log file analysis is
described in my initial comments in the responses to 2.1 et al.
Privacy Policies
An excellent example of a privacy policy is
provided at the Riddler game site registration (©
1996, 1997 Interactive Imaginations, Inc.):
Privacy Policy Statement
Welcome to the Riddler Web site. The following summarizes
the conditions under which we will use information you may supply us while visiting
Riddler.
First off, you should know that you can remove your name,
address, and any other information we have for you by contacting us in writing.
Our postal address is:
Interactive Imaginations, Inc.
915 Broadway, Suite 1608
New York, NY 10010
We can also be reached for this purpose via email at removeme@riddler.com.
Please be sure to include your user name in the subject line of your email message, or in
your postal letter, to help us properly process your removal request.
As is true at all Web sites, our Web server automatically
recognizes the domain name from which you contact us. We do not automatically get your
email address. Only the domain name is recognized automatically.
We maintain aggregate information on what pages consumers
access or visit. This may include user-specific information volunteered by you in response
to survey questions we may ask. We also retain address information of those who register
at our site, post messages to our bulletin board, communicate with us via email, or post
to our chat areas.
The information we collect is used primarily to improve the
content of our Web pages and to notify users about updates to our Web site. From time to
time, we make the addresses of those who access our site available to other reputable
organizations whose products or services we think you might find interesting.
If you supply us with your postal address,you may receive
periodic mailings from us with information on new products and services or upcoming
events. You may also receive mailings from other reputable companies.
In all instances you can, at your discretion and at any
time, have your name put on our do-not-share list by sending email to us at the above
address or writing to us at the above address. If you have any questions, please contact
us directly at adhelp@riddler.com.
© 1996, 1997 Interactive Imaginations, Inc.
Unfortunately, many companies refuse to
develop a simple, understandable policy such as this. This is exemplified by the
telemarketing industry's failure to provide a clear written do-not-call policy as required
by the FCC rules Implementing the Telephone Consumer Protection Act of 1991 (TCPA) [47 USC
§227, 47 CFR §64.1200(e)(2)(i)]. Two of the pending lawsuits I filed (Bell Atlantic and
CompUSA/Warrantech) contain allegations of a failure to provide a clear policy to
consumers. Of course, anyone with a telephone can simply try this at home when they get a
call and see the results. I bring up these telemarketing examples as they are becoming
well documented since the TCPA went into effect in December, 1992. Also see the
Congressional TCPA 'Report Card' Reports at http://consumer.net/rptcard1a.htm
and http://consumer.net/rptcard2a.htm
where Congress gave the telemarketing industry a grade of 'F' and the securities industry
a 'C' for their do-not-call policies. Some telemarketers (pp. 4-5 of the telemarketing
report) refused to provide a policy to Congressional staff!
Industry Groups
Since the hearings I have attempted to conduct
a public inspection of the tax returns of several tax-exempt organizations. Namely, the
Direct Marketing Association (DMA), The American Telemarketing Association (ATA), and the
Interactive Service Association (ISA).
The DMA initially failed to have the
information available but agreed to mail it to me. They waited until after the FTC
hearings and mailed me their returns with the salary levels of their officers missing.
They also failed to include their application for tax-exempt status as requested. The ATA
is essentially the same story. The documents were not made available initially (ATA
claimed it was not required) and when it was sent, several attachments, including salary
information of key employees, was missing. Their tax exempt application was also missing.
The ISA will not even return my call to schedule the appointment so I can review the
records. Since there is no private right of action under this law I would need to convince
the IRS to institute any penalty.
As a side note, another Internet
self-regulatory body has emerged. The Intergov (short for Internet Government) and the
associated Web Police and Internet Consumer Commission web sites [ http://www.intergov.org ]. This site claims to have 2.3
million members and says it is the 9th biggest site on the Internet. When I questioned
this I was kicked out of the organization. When I put up an informational page about the
organization [http://consumer.net/Intergovfaq.htm],
Intergov put up pages listing me as an Internet crime suspect and placed me on a list of
dangerous persons. The list contained two people, an alleged child pornographer (according
to Intergov) and I. Even the DMA has not gone as far as listing me as a dangerous person
... as far as I know.
The IEMMC is discussed below.
Junk E-Mail Since the Hearing
During a break in the FTC hearings I asked Mr.
Wallace about the so-called Internet E-Mail Marketing Council's (IEMMC) filtering list and
why it has not gone into place. Mr. Wallace indicated, in the presence of Martha
Landesberg, that it would take another 2 days. Prior to this I discussed the remove
registration with Walt Rines (IEMMC spokesperson), sent their 'backbone' provider notice
[Apex Global Internet Services (AGIS)], and discussed the matter with an AGIS attorney. I
attempted to register the 'russ-smith.com' domain with their remove procedure.
The amount of junk e-mail to this domain has
increased. Most of it comes from CyberPromo 'customers'. Others have come from other IEMMC
members, including Mr. Rine's company Quantcom. Many of the messages contain IEMMC removal
instructions. Much of it is now relayed from servers outside the US. I have contacted some
of these foreign providers and they have indicated they did not give CyberPromo's
customer's permission to do this. This also violates the IEMMC guidelines.The amount of
messages for pornographic material, by percentage, has also increased. Much of it includes
a response address to a CyberPromo administered domain.
I finally sent AGIS an offer to send
additional messages to the russ-smith.com domain based on their standard of $25,000 [http://www.agis.net/reward.htm]. I discussed the
matter with their attorney so they fully understood the offer. They have accepted the
offer numerous times.
Mr. Rines, IEMMC spokesman, posted an
inflammatory message about me on a newsgroup during the week of the hearings. Other than
that I have had no contact. I have not received any response the the complaint I filed
against CyberPromotions for violation IEMMC guidelines. This is discussed in my first set
of reply comments filed May 30.
CDT Spam Summit
I understand the Center for Democracy and
Technology (CDT) recently held a spam summit. I made requests to both the CDT and the
Voter's Telecommunication Watch (VTW) that I participate in the talks proposed by CDT at
the hearings. However, I was not notified of the talks and only found out about the
meeting after it was over via Internet newsgroups.
I contacted both groups about this. CDT did
not have a chance to respond but VTW did. They indicated they only chose people on the
specific e-mail panels. They asked if I submitted comments and/or if I testifies. While I
did submit lengthy comments and I did testify, I do not understand why I need to explain
this to VTW or otherwise seek their approval. Particularly since the comments they
submitted themselves were minimal.
The CDT comments, and the testimony provided
by Ms. Mulligan at the hearings, were more in-depth but focused on the freedom of speech
issue. However, these comments fail to fully address the delineation between the freedom
to publish and forced speech and the unauthorized procurement of private equipment to send
these messages. According to CDT's own comments: "Many of the Commission's questions
regarding 'unsolicited commercial email' seek facts or quantitative data. CDT is unable to
provide such information..."
I have again requested that I be permitted to
participate in these proceedings.
Respectfully Submitted,
_______________________
Russell Smith
July 14, 1997
Hand Delivered To:
Secretary, Federal Trade Commission
Room H-159, Sixth Street & Pennsylvania Ave., N.W.,
Washington, D.C., 20580 |