What's News at JUNKBUSTERS

  Privacy groups oppose DoubleClick acquisition

EPIC, CDD, and US PIRG filed a complaint with the Federal Trade Commission (FTC), urging the Commission to open an investigation into the proposed acquisition of DoubleClick by Google. (4/20)

  AOL apologises for releasing search log data on subscribers

AOL apologized for releasing search log data that might link to individual subscribers to their web searches. (2006/8/7) [News.com] [Reuters] Some employees later left the company. It has a long history of privacy blunders.

  FTC fines against evaders of telemarketing rules

The FTC charged two telemarketing companies over attempts to use rules about corporate affiliates to evade the national Do-Not-Call registry. (2006/6/15) [FTC release] [DM News] Junkbusters founder Jason Catlett applauded the action.

  iTunes update criticized as spyware

An update of Apple's iTunes software has been criticized for transmitting information about the user's songs and a unique iTunes account ID to Apple without the user's knowledge or consent. (2006/1/11) [MacWorld] [Slashdot] [Real Tech News] Apple responded by saying that the company "does not save or store any information used to create recommendations for the MiniStore." [CNET] [PC Pro]

  Spyware prosecuted

The FBI brought various charges against a man it said covertly installed pop-up-generating adware on some 400,000 PCs, Wired News reported. (2005/11/3)

In 2004 the Federal Trade Commission filed suit against a software company that it claims unfairly deluged users' computers programs with ads. (2004/10/14) [Times Argus]

  Book on RFID published

The publication of Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID by Katherine Albrecht and Liz McIntyre has been met with widely differing reactions. [EPIC Alert] [CNET] [Boston Globe] [RFID Journal] [Wired]

  Court rules against cellphone spam

An Arizona court ruled that the Telephone Consumer Protection Act prohibits unsolicited calls and e-mail text messages to cell phones. (2005/9/21) [Wired News] [DM News] [PC Mag] [AP]

Other later laws also ban unsolicited commercial text messages to cell phones. [Wired on SMS spam] [CNET on Joffe cell text spam]

  Congress makes junk faxes easier

Congress passed a law that will make it easier for businesses to send junk faxes, by introducing an exemption based on an existing business relationship. (2005/7/1) [Inc.]

Rep. Fred Upton (R-Mich.) introduced the bill in 2004, titled the Junk Fax Prevention Act. Junkbusters founder Jason Catlett said the name is misleading, and that ``the exemption it creates from the general ban on faxes is way too broad.'' No consumer advocates were invited as witnesses to the House hearing. (2004/7/20) [KR] [JWR] [Wired] [Consumer Watchdog]

  Identity thieves buy wholesale from ChoicePoint

Criminals bought personal dossiers on thousands of people from ChoicePoint Inc., according to MSNBC. (2005/2/14) [NPR 1] [NPR 2] [Washington Post] This is not Choicepoint's first public instance of mishandling data. According to ChoicePoint CEO Derek V. Smith, "ChoicePoint's core competency is verifying and authenticating individuals and their credentials." The company appears not to have accurately verified and authenticated the criminal individuals who opened accounts with it using fake documentation. The company subsequently agreed to pay penalties of $15M. [FTC release] (2006/1)

  Do-not-mail registry proposed for New York

A bill was reintroduced in the New York Assembly that would establish a statewide Do-Not-Mail registry. (2005/1) [DM News] Junkbusters has long campaigned for a national Do-Not-Mail registry.

Earlier, several privacy groups wrote to Congress urging improvements in postal privacy. (2004/1/19 )

  Shopper's card leads to arrest

A Washington state firefighter, Philip Scott Lyons was arrested that based on purchases made with a supermarket loyalty card. After several months he was found innocent. The story is told in detail at the site of Richard M. Smith. Smith concludes that the ``moral of this story is that even the most innocent database can be used against a person in a criminal investigation turning their lives completely upside down.'' (2004/2)

  Junkbusters and Guidescope combine

From 2005, this web site, junkbusters.com will be maintained by Junkbusters' sister company Guidescope Inc. Junkbusters' founder Jason Catlett is an Executive Vice President of Guidescope. (2005/1/1)

  Telemarketers lose appeal in Supreme Court

The Supreme Court rejected an appeal by the American Teleservices Association (ATA) on constitutionality of the National Do-Not-Call registry. (2004/10/4) [Washington Post]

The appeal was filed in May 2004. (2004/5/18) [DM News] Junkbusters founder Jason Catlett predicted that the court would dismiss the telemarketers' claim that the Registry violates the First Amendment. ``The appeal shows a combination of desperation and wishful thinking usually only seen in the terminally ill,'' Catlett said.

The Direct Marketing Association earlier said it would abandon its legal action against the national Do Not Call Registry. (2004/3/3) [AP] [Reuters] [AdAge] Junkbusters founder Jason Catlett was suprised by the DMA's decision. ``It's like seeing Wile Coyote give up trying to catch the road runner. The DMA's lawyers must have lapsed into a moment of candor and told them that they would lose in the Supreme Court, and that any first amendment claims for other cases in the future would look even more preposterous.''

Separately, the FTC took its first enforcement action using the DNC regulations (and other laws) against National Consumer Council, a debt-consolidation agency posing as a nonprofit group. (2004/5/5) [FTC Announcement] [DM News]

Two polls indicate that the DNC Registry is working well. A Harris poll found that more than half of all U.S. adults say they have signed up and they now receive far fewer telemarketing calls or none at all. [WSJ] [Harris] A different survey by the Associated Press and Ipsos Public Affairs that 45 percent of those surveyed have signed up for the registry, and of these, 74 percent say they've gotten fewer marketing calls as a result. [Boston Globe] (2004/2/21) The lower figure for signups in the latter survey may be due to the fact that it was conducted by telephone, and non-responders seem more likely to have signed up to avoid telemarketing calls.

A federal appeals court upheld the national Do-Not-Call list. [NY Times] [Court's opinion] [Reuters] [Washington Post] [FTC Statement] [AP] (2004/2/17) This overrides an Oklahoma City court ruling that FTC exceeded its authority in creating its do-not-call list. (2003/9/25) [DM News] [IHT] [CNN] [USA Today] Despite the approval of Congress in February for funding the list, the judge ruled that this did not grant the FTC authority to create the list, but said that Congress could pass legislation granting the FTC the necessary authority (which they did in near-record time). The FTC's chairman said that ``This decision is clearly incorrect. We will seek every recourse to give American consumers a choice to stop unwanted telemarketing calls.'' The FTC filed a motion for a stay pending an appeal. The following day the House voted 412-8 to approve the registry, the Senate without no dissenters and the president expected to sign the bill Monday. (2003/9/26) [AP]

Telemarketers had filed two separate suits against the FTC to try to stop restrictions on their calls. (2003/1/29) [Reuters] The court that found the FTC exceeded its authority was the Western District of Oklahoma (Docket 03-122) petitioned by the Direct Marketing Association and four telemarketing companies: Global Contact Services, InfoCision, [NY AG on InfoCision] U.S. Security, Inc., [KY AG on USS] and Chartered Benefit Services. The court in Colorado that ruled the registry unconsitutional was petitioned by the American Teleservices Association (Docket 03-184), Mainstream Marketing Services Inc., and TMG Marketing.

The telemarketers chose courts that have often been sympathetic to business interests. Junkbusters founder Jason Catlett commented: ``Telemarketing is an idea whose time has gone. This line of business should just die quietly. Their ridiculously inflated figures claiming that the average American gives a thousand dollars a year to telemarkers just don't pass the smell test. Their First Amendment claims have been repeatedly rejected by courts in other analogous cases such as junk faxes. The suits are simply a desperate delaying of the the overdue.''

The FTC says consumers filed approximately 1500,000 complaints in 2003 against telemarketers who continue to call them after the Do-Not-Call registry came into effect. Over 55 million numbers have been registered. (2004/2/13) The agency also issued a new information sheet on DNC topics such as how to file a complaint.

Separately, the FTC announced a suit against a company that bombarded consumers with pop-up ads, mostly offering to sell a product that stops the ads. (2003/11/7) [AP]

The FTC's Do-Not-Call registry is in effect, at least for now, following the 10th U.S. Circuit Court of Appeals blocking U.S. District Judge Edward Nottingham's order barring the FTC from enforcing the law. (2003/10/7) [Reuters] [SJ Merc] [CNN] [WSJ] The judges concluded that "there is a substantial likelihood that the FTC will be able to show ... that the list directly advances the government's substantial interest and is narrowly tailored."

Various courts produced discordant opinions on the registry. (2003/9/26) Companies that fall under FCC rules such as banks and telcos were required to respect the list when it came into effect October 1st, but the FTC had said that others falling under its jurisdiction could call numbers on the list. [Reuters] [AP] [USAToday] A U.S. Appeals Court in Denver refused on Friday to block the registry, Reuters reported. For details and history see EPIC's DNC Timeline.

A Denver court found the registry unconstitutional. (2003/9/26) [Reuters] [Washington Post] [WSJ] Junkbusters founder Jason Catlett commented at the time: ``This decision will take longer to correct, but it'll get done eventually. Lower courts have occasionally sided with marketers' free speech arguments, but correctly crafted restrictions prevail. The telemarketers' litigation confirms their public reputation as a pack of sleazy hustlers.'' Catlett told Reuters the telemarketers ``won't take 50 million `no's for an answer.'' (2003/9/26)

Junkbusters released an open letter to members of Congress suggesting a national Do-Not-Mail registry, analogous with the Do-Not-Call registry. (2003/9/26) State lawmakers in New York and Massachusetts introduced legislation this year to establish state do-not-mail registries, DM News reported. (2003/11/10) Several trade associations have been lobbying against such a registry, including the Association for Postal Commerce and Envelope Manufacturers Association.

The national Do-Not-Call registry began operations in July 2003, and the first registrations became effective October 1st. (2003/6/27) [Reuters2] [WSJ] [AP] [Slashdot discussion] [Reuters] [DM News] In the first few days more than 20 million telephone numbers had been added to the registry. In addition, 14 million numbers will being automatically transferred to the federal list from various state lists. [Washington Post on whether your state will transfer] Residential and cellular phone numbers may registered at http://donotcall.gov or by calling 1-888-382-1222. (Heavy demand made the service sometimes sluggish and unavailable on its first day, but since then the web site has been only occasionally slow.)

The previous day the Federal Communications Commission (FCC) announced new restrictions on telemarketers, which appear to be consistent with the FTC's new rules, including the registry. (2003/6/26) The FCC's coordination is significant because the FTC does not have statutory authority over two of the largest industries that use telemarketing, telecommunications and financial services. Junkbusters founder Jason Catlett commented:

``With the FCC's cooperation, the Do-Not-Call registry will have the breadth and clout to eliminate most of the nation's junk calls. Aluminum siding installers may be weeping, but the 99%+ of Americans who are not employed to pester people by long distance calls can rejoice. The registry is surely one of the most significant consumer protection measures ever implemented by the federal government. It will save the equivalent of thousands of lifetimes wasted picking up the phone on unwanted calls. The FCC was late for the party that they should have thrown a decade ago, but they have now said, a weekend in advance, that they'll come to the ball with the FTC. American consumers who hear about it will be in such a rush to register that they may not think to ask why their interests were disregarded the FCC for so long. FTC Chairman Muris will go down in the history of consumer protection as the savior of the American dinnertime.''

The two agencies' operational details seem to have converged, with the FTC running the registry via a subcontractor. Both online and telephone registration is are now available nationwide. Only residential telephone numbers (including wireless numbers) may be registered; business numbers are not covered by the law.

There is no cost to consumers to register. Telemarketers will pay the government a fee for the list. The inital funding for the registry was provided by Congress and signed into law by the President (the Do-Not-Call Implementation Act, Pub. L. No. 108-10). (2003/3) The registry will be effective October 1, 2003. Californians can already ``pre-register'' at http://nocall.doj.state.ca.us online. [MSNBC]

Consumer groups have fought for the registry for years. The main recent political battle had been in the House. [Washington Post] (2003/2/13, p. E7) The Wall Street Journal recounted the heroic efforts of FTC chairman Muris to save the project from the underhanded lobbying of the Direct Marketing Association. (2003/4/4)

The Federal Trade Commission was planning implementation of the restrictions in late 2002. (2002/12/18) [Reuters] [DM News] [SF Chronicle] Junkbusters founder Jason Catlett praised the move.

The FTC proposed the national Do-Not Call list in January 2002. (2002/1/22) [FTC announcement] [AP] [ABCnews] ``Why even expend the energy to oppose [a national DNC list]?'' asked an editorial in DM News. The Direct Marketing Association opposed it. For more than a decade privacy advocates have urged the FTC and FCC to implement a national DNC list. Junkbusters founder Jason Catlett said Congress plainly stated they wanted one in the Telephone Consumer Protection Act of 1991 , but the FCC gave in to lobbyists for telemarketers. The FTC received over 40,000 comments from the public, Reuters reported.

Separately, the Federal Communications Commission (FCC) held a public meeting to announce its intention to modify its rules on telemarketing, considering a national Do-No-Call list. (2002/9/12) [Reuters/ABC] [FCC Release] [FCC Notice of Public Rulemaking] [RealAudio of meeting - the topic begins about 20% into the file] [Statement of Chairman Powell] [Statement of Commissioner Abernaty] [FCC agenda notice] [DM News] Junkbusters founder Jason Catlett welcomed the move, saying that he hopes the FCC will work with the FTC to produce an effictive DNC list. ``The FCC's role is significant because due to limits in statutory authority the FTC can't cover telephone companies and some financial institutions, which are the major sources of junk calls. But FCC can cover them, as well as intrastate calls. The FCC is more than a decade late in obeying the stated intent of Congress of having a national do-not-call list. It's a welcome change that the Commissioners seem unanimous in their desire to protect consumers from this systematic long-distance harrassment.''

The commissioners ``said they were concerned that local number portability -- which in November 2003 will allow consumers to transfer their home phone numbers to their wireless phones -- would bring an increase in telemarketing calls to consumer cell phones,'' DM News reported.

Separately, the Onion, a satirical newspaper, reported that the CIA ``has acquired a videotape showing suspected al-Qaeda operatives engaging in what appears to be telemarketing.'' (2002/9/18)

The FTC held a public workshop on its proposed amendments to the Telemarketing Sales Rule (TSR). (2002/6/3) [FTC Agenda] [FTC Release] [USAToday] [AP] [DM News] [Scripps Howard] [Chicago Tribune] The meeting supplied oral public comment to a January 2002 proposal by the FTC to amend its previous rule. Among the proposed changes is the establishment of a national do-no-call list. The proposal already drew more than 42,000 written comments from consumers and businesses. Junkbusters, EPIC, and other privacy groups filed joint written comments responding to the FTC's questions. Junkbusters founder Jason Catlett was one of the participants at the meeting.

In 2001 Texas mother April Jordan filed a class action suit against SandStar Family Entertainment over the use of prison labor in telemarketing operations. (2001/11/13) [Salt Lake Tribune] [DM News]

At an earlier forum in July 2000 at the Federal Trade Commission, two leading privacy organizations called on the FTC and State Attorneys General to halt illegal and abusive practices that are prevalent in the telemarketing industry. (2000/7/27) [FTC Agenda] [CBSMarketwatch] Private Citizen Inc. and Junkbusters held a press conference spotlighting two objectionable practices. ``Prison labor is still often used in telemarketing, despite incidents where convicted felons have abused personal information,'' said Junkbusters founder Jason Catlett. [AP on April Jordan] [FTC comments of Jordan] [Hutchinson News on Jordan, August 9] The second practice has been nicknamed ``dead ringers,'' calls placed by large automatic dialing systems but abandoned after being answered because no representative was available to speak, or because the system was simply testing for an answering machine, modem or fax. ``Few consumers know the reason for these abandoned calls, and many fear they are being stalked as they are left saying "Hello? Hello? Hello?",'' Catlett said. Privacy advocates say these calls are illegal under the Telephone Consumer Protection Act of 1991 and should be stopped completely. The advocates also discussed the widespread practice of banks selling account information about their customers to telemarketers.

Separately, Direct Marketing Association CEO Robert Wientzen told the 2000 annual DMA Telephone Marketing Conference that a survey revealed that people don't like telemarketing calls, DM News reported. [The Onion] (2000/6/22) Wientzen cited a recent DMA-funded study finding that most consumers said telemarketing calls were "always intrusive." ``People are very curious -- and they're increasingly irritated -- about how we got their phone number, as well as other information we seem to have at our fingertips,'' Wientzen said. Privacy advocates were not available for comment.

In 1999 the Wall Street Journal reported that some telemarketing companies have started targeting answering machines exclusively. (1999/8/16, p. B1) If their ADRMPs (Automatic dialing and recorded message players) detect a live voice, they hangs up and try again later; if they detect an answering machine, they play a prerecorded message. For people who spend the day at home, it can result in a very large number of "abandoned calls," also known as dead ringers, long criticized by privacy advocates. ``This practice is highly annoying, often deceptive, and plainly illegal under the Telephone Consumer Protection Act,'' said Junkbusters President Jason Catlett. The companies named by the Journal include Voice Mail Broadcasting Corp. of Irvine, CA. and the Broadcast Team Inc. of Ormond Beach, LA.

Subsequently, ABC started using a similar tactic, ZD reported. (2000/7/24) The New York Times reported that the Bush campaign was using the same technique from Voice Mail Broadcasting. (2000/8/6)

In November 1998 the American Telemarketing Association changed its name to the American Teleservices Association. Its president told DM News: ``There are many companies with call centers that don't think of themselves as telemarketers. Many have call centers they use for customer service in a very professional way.'' As opposed to using call centers for customer disservice in an unprofessional way? ``Let's face it, most people would prefer to get a housecall from a dentist than a telemarketing call,'' said Junkbusters founder Jason Catlett. ``Outbound telemarketing should be on its way out, and even the people making the calls are starting to get the message.''

In April 1998 GTE, California's second-largest telephone company, included about 50,000 unlisted numbers and addresses in the lists that they routinely sell to telemarketers, the AP reported.

In 1997 fifty people at thirty telemarketing companies in Tennessee were convicted of fraud, the New York Times reported. (1997/6/29, p. 17) The Federal Trade Commission estimates that Americans are bilked out of $40 billion dollars annually by fraudulent telemarketers. ``I've been a widow for 19 years,'' an 80-year-old victim told the Times. ``It's very lonely. They were nice on the phone. They became my friends.'' Junkbusters founder Jason Catlett later commented on the surprisingly widespread fallacy that because no physical violence is involved, telefraud isn't really a serious crime. ``These criminals are long-distance muggers,'' Catlett said. ``They use lies instead of guns to rob trusting people of their livelihood. They deserve prison far more than houseburglars.''

In 1997 MCI was accused of breaking a Kansas law on telemarketing that provides for a maximum penalty of $5,000 for each violation, AP reported. (1997/3/28) The company is said to have made 2.4 million calls in Kansas last year. The trade magazine Telemarketing and Call Center Solutions reported in its March '97 issue that Kansas had imposed a $225,000 fine on another major telecommunications company.

Separately, Private Citizen Inc. reported that one of its members was paid $5,500 in settlements from two telemarketing companies.

Separately, Louisville Comedian Tom Mabe called conference attendees at a telemarketing convention in the middle of the night offering to sell them a sleep aid and pretending he was calling on behalf of the "Telemarketers with Insomnia Foundation," the AP reported. (2002/4/22) Mabe torments telemarketers, telling one caller ``trying to sell him a burial plot that the man had perfect timing, because he was considering killing himself. The telemarketer asked him for credit card information, Mabe said.''

  Spammer charged with stealing personal data from Acxiom

A Florida man, Scott Levine of Snipermail.com, Inc., has been charged with stealing 8.2 gigabytes of data from the servers of personal data vendor Acxiom (ACXM) between April 2002 to August 2003 (2004/7/22) [FBI release] [Reuters] [AP]

``Eight gigabytes is a lot of personal data,'' commented Junkbusters founder Jason Catlett. ``That's enough to hold every residential address in America, along with a name, email, SSN, and some other miscellaneous information.'' People who would like to know what data about them was stolen from Acxiom's servers can write a letter such as this one. People don't want Acxiom to sell data about them can write Acxiom an ``opt-out'' letter (such as the one that JUNKBUSTERS DECLARE drafts for several such companies) or call them on 1-877-774-2094, or email info@acxiom.com.

The theft was discovered during the course of investigating another unrelated breakin in 2002 by an Ohio resident named Daniel Baas. The AP quoted an Acxiom spokesperson as saying: "We are committed to safeguarding our systems and the data that we store and manage on behalf of our clients. Since evidence of this crime was uncovered and halted in the summer of 2003, Acxiom has made a strong security system even stronger." The FBI says that that Levine made 137 separate intrusions during the period April 2002 to August 2003. Acxiom disclosed an intrusion in its SEC filings for 2003Q4, which seems to relate to the 2002 theft by Baas. Here is Acxiom's statement to investors:

In early August 2003 management determined that Acxiom had experienced unlawful security breaches of its file transfer protocol ("FTP") server. Unauthorized access to certain files occurred as a result of information being exchanged between Acxiom and a number of clients via the FTP server. Acxiom was among several companies whose security was breached. Law enforcement authorities have arrested and charged a former employee of one of Acxiom's clients and are investigating another company. Thus far, one individual has pled guilty and is awaiting sentencing. Acxiom continues to fully cooperate with the investigation, which involves multiple law enforcement agencies.

Only FTP files on a server located outside of the Acxiom firewall were compromised, and not all FTP files nor all clients were affected. No internal systems or databases were accessed, and there was no breach that penetrated the Acxiom security firewall. Based on the facts known to management, the Company does not believe that there is any risk of harm to individuals, and the Company does not expect any material adverse effect from this incident.

Acxiom has a longstanding commitment to systems and network security. The Company undergoes internal security audits on a regular basis, and many clients perform audits on the Company's systems as well. The Company has begun an additional comprehensive review of its systems and procedures to guard against similar incidents in the future. Based on this incident, management is implementing improvements to its systems and procedures.

Acxiom data was involved in the JetBlue airline profiling scandal in 2003.

  FTC charges company with privacy policy switch

Gateway Learning, which markets and sells products under the Hooked on Phonics brand name, settled with the Federal Trade Commission over charges that it violated federal law when it rented consumers' personal information to telemarketers after changing its privacy policy. (2004/7/7) [FTC Announcement] [Computerworld] [Reuters]

In a column in DM News, privacy expert Robert Gellman wrote ``This type of FTC privacy enforcement is a joke because it has no teeth. If the rare enforcement action doesnt hurt, then the deterrent effect is zilch and little has been accomplished. Its as if a bank robber's only penalty was that he had to give back the money he stole.'' (2004/11/2)

  English-speaking governments cooperate against spam

Consumer protection agencies in Australia, the US and UK have signed a memorandum of understanding (MoU) concerning enforcement of spam laws. (2004/7/4) [Computerworld] [ZDUK] [CBR] [FT] [TechWeb] The MoU requires cooperation between agencies the countries when the spamming is "prohibited by a country's Commercial Email Laws that is substantially similar to conduct prohibited by the Commercial Email Laws of the other countries". Whereas the UK and Australia have an opt-in laws, the US has a lower standard with its opt-out law, so the US would only be required to prosecute spammers who violate the the weaker law. Junkbusters founder Jason Catlett said that international cooperation of law enforcement against spammers is an important and necessary step. ``Eventually spamming should be prohibited by international treaties, just as copyright violations are. But right now the big hole in the boat is the fact that U.S. law explicitly and deliberately permits spamming.''

  FTC recommends against National Do Not Email Registry

The Federal Trade Commission gave Congress its opinion that a National Do Not Email Registry ``would fail to reduce the amount of spam consumers receive, might increase it, and could not be enforced effectively.'' (2004/6) [FTC press release] [FTC report (PDF)] [Arizona Republic] Junkbusters founder Jason Catlett said he agreed with the report's main conclusion, but said the FTC should endorse an opt-in law or a registry that would allow whole domains to prohibit spam and sue violators.

Separately, Michigan passed a law to establish a registry of children's email addresses aimed at stopping spam unsuitable for children. (2004/7/4) [Detroit News]

  Who knows if you read their email?

A new web site called http://www.DidTheyReadIt.com allows individuals to track whether you opened email they sent you. (2004/5/20) [USAToday] [CNET] The company will also tell the sender when the email was opened. how long it remained opened, the geographical area that you were in when reading it. Here's an illustration of the kind of tracking information DidTheyReadIt.com provides:
   Sent On: 05/20/04 (09:31AM)
   1st Opened: 05/20/04 (09:32AM)
   Tracking Summary
   Total: Opened 1 time by 1 reader
   Tracking Details (latest first)
   Opened: 05/20/04 (09:32AM)
   Read Duration (approx.): 00:01:18
   Location: (US) UNITED STATES, NEW JERSEY, WASHINGTON Show Map
   Organization (ISP): VERIZON INTERNET SERVICES
   Opened On: pool-141-153-129-237.nwrk.east.verizon.net (141.153.129.237)
   Language: en-us,en;q=0.5
   Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b)
   The tracking technology used is not new; email marketers have been using web bugs for years to monitor who opens their mass mailings. Other services for tracking individuals include: http://www.confirm.to and http://www.msgtag.com/ and OpenTrace. Junkbusters founder Jason Catlett said that ``trying to monitor when and where your correspondents open their mail is rude, disrespectful and violates their privacy. Tell anyone who tries it you're insulted that they tried it.''

How can you avoid being tracked in this way by people who send you mail? The simplest way is not to use HTML mail. There's also technological countermeasure: to block the web site of the company that does the tracking. If you are using the Internet Junkbuster or Guidescope this is simply done by placing lines such as
   didtheyreadit.com
in the local block file. It may also be necessary to ensure the mail reader is using the proxy. With any of these techniques you can then read the email, but the monitoring company (and the person who emailed you) will not be able to detect that you have.

  Google's Gmail criticized by privacy advocates

Over thirty privacy and civil liberties organizations have jointly urged Google to suspend its Gmail service, which would use the contents of users' email to target advertising. (2004/4/6) [Open Letter] [NJ Star-Ledger] [Wired] [Brad Templeton]

  Survey finds Federal spam law unhelpful

A survey by the Pew Internet and American Life Project found that the new federal spam law has not helped. (2004/3/17) [KR] [AP] [Bergen Record]

Several Internet companies under the name of the Anti-Spam Technical Alliance (ASTA) announced technical cooperation and lawsuits against spammers. (2004/3/10) [Search Google News] [Reuters] [WashingtonPost.com] [Star-Ledger] [Boston Globe] [MSFT Press Release] [USA Today] [NY Times] [IDG] [Wired] [Bloomberg] [Internet News] Junkbusters founder Jason Catlett said that ``although the ISPs use of filtering helps reduce spam, and suits against spammers are generally a good thing, these companies deserve to be mistrusted by consumers. Microsoft, AOL and Yahoo all opposed provisions in Federal law that would make spamming illegal, and removed the right of individuals to sue spammers. They gave us the current bad Federal law that permits spamming and protects big email marketers. The CAN SPAM act is generally a bad law that the major ISPs wanted, making sure that they are the only ones who have the right to sue.'' The lawsuits filed also use many other state and Federal laws, not just CAN SPAM.

Microsoft earlier proposed a system for licensing and monitoring senders of email that it says would allow spammers to be cut off. [Boston Globe] [MS Release] [Washington Post] [IDG] (2004/2/24) One of the proposals, "Caller ID for Email," was criticized by analyst Gartner as taking years to implement and not even then being ineffective. [VNUnet] Some questioned Microsoft's patent licensing terms. [InfoWorld] [PC World] Catlett said that ``proposals for "safelists" maintained by industry-captive organizations such as TRUSTe amount to creating an self-protecting cartel controlled by big email marketers for the benefit of those companies, with no legal rights for consumers.''

  Law proposed to protect children from list vendors

U.S. Senators Ron Wyden and Ted Stevens have introduced legislation to require companies to obtain parents' consent before selling personal information about their children. (2004/3/2) [Text of Bill] [Floor Statement] To support S. 2160, the Children's Listbroker Privacy Act, call your senator's office and tell them.

  California Access law passed

California passed a law, SB 27, requiring disclosure to consumers of the kinds of information companies collect and shared about them. [Internet News] The law takes effect at the beginning of 2005. (2004/1/1)

  U.S. Congress says: You CAN SPAM

President Bush signed the CAN SPAM Act. (2003/12/16) [DM News] [Reuters] [Internet News] Junkbusters founder Jason Catlett said that the law is likely to make the spam problem worse. ``This is an opt-out law that overrides any state that tries to truly ban spam. It says to spammers: "You Can Spam. And you can keep spamming the 99% of people who don't complain. And states shouldn't be able to stop you spamming." It's a bad law. Americans wanted a law that says "no spamming," and this does the opposite.'' The Coalition Against Unsolicited Commercial Email also expressed similar concerns.

Congress passed the bill a week earlier. (2003/12/9) [Reuters] [USAToday] Various versions had been going back and forth between the Senate and the House. (2003/10/25) [Reuters] [WSJ] [SJ Merc]

The Senate Commerce Committee had approved an early version of the bill in July 2003. (2003/6/19) The Committee held hearings in May. (2003/5/21) [AP] [MSNBC] [Internet News] [InfoWorld] [Washington Post] Microsoft said it would only support a law that provides special exemptions for marketers who electronically call themselves ``trusted senders'' [Washington Post]. The only witness representing consumer interests was EPIC, whose testimony urged opt-in and a private right of action. Spammer Ronald Scelson told the committee "I agree with having laws governing bulk e-mails," Internet News reported. Junkbusters founder Jason Catlett testified before this committee on this topic in 2001.

A diverse group of companies and organizations launched a global consumer awareness campaign against spam. (2003/9/26) [IIA News Release] [Network World/IDG] [Info World/IDG] [Computerworld/IDG] The campaign aims to make spamming less economical by cautioning the small number of people who might respond to spam. Participants include several Internet trade associations, Microsoft, AOL, Yahoo!, Junkbusters, and Consumers International (representing 250 consumer organisations in 110 countries).

A strong anti-spam bill was signed into law by the governor of California. (2003/9/23) [Internet News] [NY Times] [DM News] S.B. 186 states that no one may "[i]nitiate or advertise in an unsolicited commercial e-mail" either sent from California or to a California e-mail address. (An exemption is granted where the sender has a pre-existing business relationship with the recipient.) It gives individuals the right to sue. The law effect was due to take effect January 1st, but its important provision have been preempted by the federal CAN SPAM Act. Junkbusters founder Jason Catlett praised the bill, commenting that it is the kind of law that federal legislators should have passed. Separately, California's Attorney General sued a spammer under one of the state's earlier laws. (2003/10/27) [Infoworld]

The competing pro-spam bill from the House, misleadingly titled the RID SPAM Act, has been ``weakened even further to provide near-perfect immunity to the big companies who are virtually dictating the legislation to their compliant congressmen,'' said Junkbusters founder Jason Catlett [Washington Post] (2003/9/18, p. E01) The Post quoted a spokesman for Rep. Tauzin saying that ``the self-regulation plan improves the bill because it creates a grievance process for individual consumers who might otherwise have trouble getting the attention of law enforcement authorities when marketers are continuing to target them.'' Catlett replied that consumers should be able to sue spammers themselves. ``One of the key deficiencies of this bill is that consumers can't sue companies, and a large new section virtually stopping law enforcement from suing them isn't going to help. An Attorney General would have would have to prove that the company knew they were repeatedly spamming people who told them to stop. That might happen if they found a discarded company memo saying "We bad. We spam. We won't take no for an answer." Otherwise it's a pretty unattainable level of proof, which is what the companies want. And class action damages are excluded. The seal program should read "Immune to Lawsuits". Or maybe "How's my spamming? Call 1-877-FTC-HELP."''

Here is a sample of the new language in the bill.

``A person that participates in a self-regulatory program... made shall not be liable ...unless such participant has actual knowledge of the noncompliance with the guidelines.. of the self-regulatory program.''

Catlett continued: ``The worst deficiency in the Tauzin bill is that it is an it is an opt-out bill that preempts state law and gives no rights to consumers, therefore it will make the spam problem substantially worse. The self-regulatory exemption for Microsoft and their fellow lobbyists is merely adding an insult to the widespread injury that the public will suffer.

``This is an awful bill for so many reasons. The one that strikes you first is that it's so long and complicated. Contrast it with very short law that outlawed junk faxes in 1991, ``No Person May... send an unsolicited advertisement to a telephone facsimile machine.'' The Tauzin bill takes thousands of words to avoid doing what needs to be done: making spam illegal.''

Federal legislators have ignored all the main points proposed for effective spam legislation by the many public interest groups in the Privacy Coalition. (2003/7/18)

Senators Hatch and Leahy introduced the Criminal Spam Act (CSA), which includes a penalty up to five years in prison for certain spamming practices, but would not cover simple spamming as even a civil offence. (2003/6/19) [CNET News.Com] Junkbusters founder Jason Catlett said that although he supports stronger penalities for spamming, `It would be a mistake for Congress to criminalize some practices while leaving spamming legal, giving people who are spammed no rights against the spammer.''

Senator Schumer introduced his long-anticipated SPAM Act (Stop Pornography and Abusive Marketing Act), S.1231. (2003/6/11) [Washington Times] [Atlanta J-C] An unusual feature of the bill is a registry of email addresses that do not want spam. Junkbusters founder Jason Catlett said he would only support an opt-out registry if it worked on the level of domain names, covering all email addresses at the domain. (The current draft of the bill seems ambiguous on this point.) ``less than 1 person in 100 wants spam, so why require the other 99 to expose their email addresses in some huge database? Spammers have a long and shameful record of using opt-out registries as lists email addresses to spam.'' Catlett said that a registry would also would also be difficult and costly to operate if based on individual email addresses. Like many bills, the SPAM Act includes labeling requirements. Junkbusters opposes labeling because it caters to an unsatisfactory combination of opt-out and filtering technology rather than opt-in, and it leaves legislation open to constitutional challenges based on the First Amendment.

Separately, Reps. Heather A. Wilson (R-N.M.) and Gene Green (D-Tex.), plan to introduce another opt-out bill with fewer loopholes than other proposals, the Washington Post reported. (2003/6/17, p. E01)

The leading pro-spam bill was introduced into the House by Representative Burr, cosponsored by Reps. Tauzin, Sensenbrenner, Goodlatte, Stearns and others. (2003/5/22) [Reuters] [News.com] [Infoworld] [Detroit Free Press] H.R. 2214 is titled the Reduction in Distribution of Spam Act of 2003 (RID SPAM). Junkbusters founder Jason Catlett commented that it should have been called the Rapid Internet Demise Act.

A broad coalition of privacy, anti-spamming and consumer groups immediately released an open letter to key congressional committees calling for a consumer-enforcable Federal prohibition against spamming. (2003/5/22) [Reuters] The groups argue that anti-spam measures such as H.R. 2214 currently being considered by Congress are too weak because they don't actually prohibit spamming (merely require an opt-out), and don't allow consumers to sue spammers.

"People are drowning in spam, and the proposals Congress has been producing just tell people to swim harder and apply to the government for the occasional life raft," said Junkbusters founder Jason Catlett. ``These opt-out laws are nowhere near strong enough to reduce spamming. People should to be able to sue spammers in small claims court for the first spam they get, just as they can with junk faxes.''

An editorial in the San Jose Mercury News commented: ``They think the best way to curb spam is for Internet users who are fed up with useless solicitations to nicely ask each of America's 23 million or so businesses to take them off their junk e-mail lists. We ask nicely that Congress junk this legislation.'' (2003/5/27)

Separately, the California State Senate approved an opt-in bill that would allow individuals to sue spammers, Reuters reported. (2003/5/22) Junkbusters founder Jason Catlett applauded its passage, commenting that ``California is setting an example that the federal Congress should notice. In the late eighties, California banned junk faxes ahead of the 1991 Federal law. I hope the corresponding time lag for junk email will not be measured in years.''

H.R. 2214 was long anticipated. (2003/5/12) [Reuters] [Internet News] [Philadelphia Inquirer] [Washington Post] (2003/5/13, p. E1) Junkbusters founder Jason Catlett denounced the draft and introduced forms of H.R. 2214 as a "federal license to spam." "The bill shamelessly ignores consumer interests and common sense in favor of spammers. It says ``Go ahead and spam people until they scream, they can't sue you. Just follow these easy guidelines, and if you have any trouble with them, try one of our many handy exemptions.'' Early drafts of the bill would completely override stronger state laws that prohibit spam or allow individuals to sue spammers. ``This bill should be called the Spam Preservation and Protection Act,'' Catlett said.

``At the Federal Trade Commission's workshop held at the end of April, a substantial majority of the expert participants very clearly articulated that to be effective, spam legislation would need to be opt-in with a private right of action. (Dissenting opinion came from spammers and the Direct Marketing Association.) Yet the Tauzin bill not only ignores this consensus and sides with spam, it include exemptions that seem to have been designed to make life easier for spammers. For example, it makes an opt-out last only three years and includes an exemption for "separate business lines" that basically allows all of a company's affiliates to spam. Consumers don't want to opt out from spam for every brand that a company might trademark. They don't even want to have to opt out from each of the hundreds of thousands of companies in the world. And they shouldn't have to. They want a law that says "Don't spam." Period.''

``Many of the provisions in bills that are supposed to be anti-spam will be at best ineffective. Even criminal penalties for certain common spamming practices will not substantially reduce the volume of spam if the basic provisions permits spamming. Compulsory labeling such as ADV and ADULT in the subject header is not necessary if unsolicited email is prohibited, and it may even cause constitutional challenges to the law. Provisions against "harvesting" of email addresses may be too late, as many such lists have been compiled, and spammers are now moving on to "dictionary attacks" which simply use systematic guesswork.''

People who want to tell the House committee leaders that spamming should be prohibited, not just regulated, can send letters such as these samples addressed to Representatives Tauzin and Sensenbrenner.

Separately, the FTC announced actions against 45 spam scams. (2003/5/15)

Earlier, a broad coalition of privacy, anti-spamming and consumer groups called on the Federal Trade Commission (FTC) to recommend a consumer-enforcable Federal prohibition against spamming. (2003/4/30) The FTC held a major public workshop on Spam April 30-May 2 and will deliver a report to Congress by early July. [Reuters] [DM News] [AP] [Internet Week] [Newsday] [CS Monitor] [WSJ] Junkbusters founder Jason Catlett was a panelist.

In an open letter the groups argue that anti-spam measures currently being considered by Congress are too weak because they don't actually prohibit spamming (they merely require an opt-out), and don't allow consumers to sue spammers.

"It has been demonstrated that an opt-out law such as that proposed by S. 877 will exacerbate the problem - the volume of spam from Korea increased by a factor of 11 in three months after a similar requirement was introduced there," said Scott Hazen Mueller, Chairman of CAUCE.org.

"Consumers should to be able to sue spammers, just as they can sue junk faxers and telemarketers who phone them at 10pm." said Jason Catlett, President of Junkbusters Corp. "Enforcement actions by the FTC and other agencies are welcome, but they will never be enough to turn back the rising tide of spam."

The signatories to the letter are: privacy groups Junkbusters Corp. and and the Privacy Rights Clearing House; anti-spam groups SpamCon Foundation and CAUCE.org (Coalition Against Unsolicited Commercial Email); and consumer groups Consumer Action, the Center for Digital Democracy, Commercial Alert, and Consumers Union, publishers of Consumer Reports.

A survey by filtering company Surfcontrol indicated that 82% of business users consider unsolicited mass e-mail from legitimate or well-branded companies to be spam. (2003/4)

Separately, the Governor of Virginia signed a law criminalizing certain spammer behavior. (2003/4/30) [Computerworld] [Governor's Press Release]

A bill that would prohibit certain kinds of typical spammer behavior was reintroduced in the Senate, as S.877, the CAN-SPAM Act of 2003. (2003/4/10) [Reuters] [PC World] An earlier version of the bill passed the Senate Commerce Committee in May 2002, but its defects are that it is an opt-out bill with no private right of action. (2002/5/1) [Washington Post] [Reuters] [Infoworld] Junkbusters founder Jason Catlett testified on an earlier version of the bill saying that an opt-out approach will not solve the spam problem, and that people should only receive commercial email from companies they have given permission to send it.

Although the Senate bill is currently the most prominent, a separate bill has been considered in the House for years. In May 2001, the House Judiciary Committee further weakened H.R. 718, the Unsolicited Commercial Electronic Mail Act of 2001, by removing the right of consumers to sue, among other anti-consumer measures. (2001/5/23) [Release by Rep. Wilson] [DM News] The U.S. Public Interest Research Group had already objected in a letter to the prohibition against class action suits. The House Energy and Commerce Committee had earlier approved this bill, where it has been opposed by privacy advocates as too weak, and industry lobbyists as too strong. [Newsbytes] It is a weakened version of H.R. 3113, which was almost passed by Congress last year. (2001/3/28) [Newsbytes] [WSJ] Junkbusters, which had supported H.R. 3113 and H.R. 718, withdrew its support of H.R. 718 because the bill has been weakened to an ``opt-out'' spam bill that offers no ability for individuals or ISPs to prevent the first spam from any organization. (2001/3/28) [IT World] Its findings suggest a pro-spamming attitude, said Junkbusters founder Jason Catlett.

(3) Unsolicited commercial electronic mail can be an important mechanism through which businesses advertise and attract customers in the online environment.

Earlier, the Direct Marketing Association announced that it would pursue anti-spam legislation. (2002/10/20) [Press release] [Ecommerce Times] [Newsfactor] The AP quoted a DMA official saying ``the DMA supports unsolicited e-mail marketing as long as it targets a certain demographic or interest group -- say, 25- to 35-year-olds or homeowners -- and isn't merely sent to every e-mail address one can gather.'' Junkbusters founder Jason Catlett said that ``The DMA has finally admitted after years of denial that legislation is needed to control spam. But they are still supporting spamming. Instead of promoting a law that would really reduce spam, they are trying to redefine spam as slightly-targeted non-fraudent email with an opt out. Wrong. Spam is unsolicited commercial email, no matter whether the spammer had any demographic information on the spammee, whether it contains lies or truth, removal instructions or not. All spamming should be illegal.''

In February 2002 the DMA announced what it considers acceptable behavior for spamming by its members. (2002/2/4) [DMA Release] [Full DMA Guidelines] [DM News] [Reuters] [CNET] In their own words, they ``promulgated groundbreaking online marketing guidelines to assist consumers in identifying legitimate commercial e-mail from spam and promote higher ethical standards among marketers.'' Junkbusters founder Jason Catlett said that ``Consumers don't need any help from the DMA to distinguish spam from email that they asked for.'' The DMA continued its "opt-out" policy, under which spammers can send email to people unsolicited, provided they include instructions to ask the sender to stop. ``Spam with an opt-out is still spam,'' said Junkbusters founder Jason Catlett. ``The DMA is condoning practices that are unacceptable to the vast majority of online users, are prohibited by almost alls ISPs, and are illegal in many jurisdictions. Its compliance program is as silly as the Guild of Burglars saying it will expel housethieves who steal from the same home twice.''

The Federal Trade Commission and 12 federal, state, and local law enforcement and consumer protection agencies announced various enforcement actions against deceptive spam and Internet scams. (2002/11/13) [FTC press release] [WSJ] [FTC on address harvesting] Junkbusters founder Jason Catlett applauded the efforts, but said that spamming won't be substantially reduced until a law gives individuals the right to sue spammers directly.

Separately, New York's Attorney General sued MonsterHut, Inc., to stop them sending unsolicited e-mails that they claim was requested, Internet News reported. (2002/5/28)

In January 2000 the DMA launched its "Electronic Mail Preference Service" (e-MPS) at http://www.e-mps.org/ (2000/1/10) [Wired News on eMPS's flop] Leading anti-spam groups called on Internet users and companies to reject this attempt to change email marketing from an "opt-in" to an "opt-out" system. Junkbusters founder Jason Catlett contrasted the DMA's position with its sister organization, the Canadian Marketing Association, which since 1997 has prohibited its members from sending unsolicited commercial email. "Most businesses and industry groups have long understood that spamming is bad for consumers, bad for the Internet, and bad for business. The e-MPS from the DMA is a really rotten idea, as awful as a trade association of oil companies maintaining a list of people who don't want petroleum waste dumped near their property. It just shouldn't happen. People shouldn't register, and companies shouldn't use it." [Press Release] [SJ Merc] [Press release from http://www.OptInk.com] [DM News] Even an editorial in the industry trade magazine DM News said the e-MPS isn't the answer. ``Spammers won't use E-MPS, and the companies responding properly to current market conditions don't need it. Those conditions? Opt-in e-mail marketing. ... The old 99-percent-who-don't-respond-don't-matter rule doesn't work anymore.''

The Internet Alliance, a DMA subsidiary said of the e-MPS in a press release ``While, as DMA acknowledges, it will not eliminate all UCE abuses, it will help. It is clearly a useful component of a combined industry/public/government response.'' Catlett rebutted this statement, saying ``The DMA's e-MPS isn't part of a solution, it's part of the problem.''

H. Robert Wientzen, President and CEO of the Direct Marketing Association addressed members at the DMA's 1999 annual conference with the following words ``Well, let me begin by recognizing that bulk unsolicited commercial e-mail is not real popular with consumers. And to date, very few of you are employing it. However, we also feel that most of those who push for an opt-in-only regime have very little understanding of the incredibly negative impact it would have on the future use of e-mail as a marketing tool.'' (1999/10/25) Junkbusters President Jason Catlett commented: ``The DMA knows people hate spam, and that almost all of their member companies are afraid to do it. Yet they are continuing their pig-headed push to impose an opt-out system on the Internet community.''

The DMA had been negotiating with anti-spammers, trying to push back the near-unanimous view of people online that they should only get email marketing messages if they explicitly ask for them. [Wired News] [Interactive Week] The DMA's president told DM News ``We have for a long time said [the spam debate is] not about opt-in as opposed to opt-out.'' Catlett retorted: ``That's exactly what it's about.'' [Salon] For more on the DMA's spam policies, see our filings with the FTC in 1997.

A Washington state court ruled against a spammer who used misleading subject lines such as "Did I get the right e-mail address?" (2002/9/13) [Seattle PI] [DM News] [Portland Business Journal] Junkbusters founder Jason Catlett commended the Attorney General for ``going after a commonly despised practice of spammers and winning. I particularly dislike the burden of having to open spam to determine whether it's spam. Although this suit is not going to solve the spam problem, I think this action will resonate with a lot of people. If this kind of suit deters a few spammers from using the tactic, it could save a lot of human time wasted.''

Sprint has been sued under a recently-enacted Utah law requiring the label "ADV". The suit, Terry Gillman v. Sprint Communications, is a class action. (2002/8/1) [CNET] [AP]

Separately, an Ohio spam law was signed by the Governor. (2002/8/1) [AP]

The Federal Trade Commission announced it caught and sued seven spammers who sent deceptive chain letters promising extravagant amounts of money in return for five dollars. ``This chain letter deceptively claims the program is legal and urges recruits who question its legitimacy to contact the FTC's Associate Director for Marketing Practices. Well, I am the Associate Director for Marketing Practices,'' said Eileen Harrington, the FTC's Associate Director for Marketing Practices, ``and these chain letters are illegal.'' (2002/2/12) [FTC announcement] [Reuters 2] [Reuters 1] [Newsbytes] Junkbusters founder Jason Catlett praised the Commission's action, saying that suits against spammers should be brought more broadly and more often, including suits for fake return addresses and opt-out instructions. ``The FTC is fortunate in having a strong statutory basis to defend their name against spammers. But they're not the only ones being abused. Members of congress and businesses have been victims. All Americans deserve a law that lets them easily sue spammers. Government enforcement alone is not going to keep spam down to tolerable levels.''

Separately, a consortium of banking, insurance and securities firms mounted an opposition campaign to anti-spam legislation, which they claim would have a "chilling effect" on expanding e-commerce. The consortium includes Bank of America Corp., Merrill Lynch & Co., Chubb Corp.'s Chubb Group of Insurance Cos. and Credit Suisse First Boston. ``Shame on these companies,'' said Junkbusters founder Jason Catlett. ``They want to keep the door open for themselves to spam, just as they pester us with telemarketing calls and credit card solicitations.'' Two congressional representatives responded by asking the Securities and Exchange Commission to investigate whether the use of spamming by securities firms. (2001/3/26) [Reuters/CNET] "In order to better understand financial services industry e-mail spamming practices, we request that the commission initiate an immediate investigation into securities industry use of unsolicited 'spam' e-mails," wrote Reps. John Dingell (D., Mich.) and Edward Markey (D., Mass.)

Earlier, several consumer groups wrote a letter to Congress calling for a law prohibiting unsolicited commercial email, with strong legal rights for individuals who are spammed. (2001/4/26) [Internet News] [PC World] [Scripps] [DM News] [Ecommerce Times] [CNET] [UPI] The Senate Commerce Committee's Communications Subcommittee held a hearing on spamming and bill S.630 . Junkbusters founder Jason Catlett testified and opposed the present form of the bill as insufficient to stop spam. [Catlett's written testimony] The Coalition Against Unsolicited Commercial Email (CAUCE) also released a statement opposing the bill.

Separately, California resident Ellen Spertus successfully sued Kozmo for spamming her. (2001/4/19) Kozmo has ceased operations.

  Airline data used to profile passengers

Data on millions of JetBlue passengers was used in a study on profiling, Wired News reported. (2003/9/18) [NY Times] [AP] [News.com] [News.com on EPIC complaint] [NY Times letters] The case is being investigated by two federal agencies. [NY Times] The flight data was matched with data from the giant personal data vendor Acxiom. Acxiom denied to the AP that it had violated its privacy policy.

A litigation web site has been established for the class of people who flew JetBlue Airways between February of 2000 and September of 2002. A suit has been filed in Utah. [Fox]

  MIT shuts down RFID Center

MIT closed its Auto-ID Center. (2003/10/23) [CNET] Some of its activies are being handed off to EPCGlobal.

Protesters against RFID tracking attempted to get their message to business decision makers at the EPC Symposium, a trade show touting the tiny tracking devices. (2003/9/15) [AP] The ACLU petitioned a local court to suspend the conference center's policy of keeping dissenters at least 200 feet away from facility.

A Wired News report quoted Kevin Ashton, the Auto-ID center's director, ``A draft proposal recommends that retailers disable the RFID tags at checkout, but only when shoppers ask them to do so.'' Junkbusters founder Jason Catlett called this socially irresponsible, and unacceptable threat to privacy. (2003/9/12)

The Auto-ID Center accidentally leaked confidential internal documents about its plans to influence lawmakers and the public to accept the tracking devices it promotes. (2003/7/10) [AP] [No Cards Site] [Search Google News] (2003/7/16) [AFP]

Earlier, Junkbusters started a campaign aimed at stopping retailers from selling consumer goods such as clothing containing live tracking devices. It also aims to alert the public to the privacy threat that RFID (Radio Frequency ID) technology poses. (2003/4/4) [Junkbusters RFID info page] [Junkbusters RFID poster images] [Audio from CFP in streaming or MP3 formats]

The campaign was spurred by Benetton's plans to include the tiny, washable RFID devices in their garments. [SF Chronicle] [EE Times] [out-law.com] In dialog in early April, Junkbusters told Benetton it should either abandon its plans to plant identifying "bugs" inside its garments, or guarantee to permanently disable each transmitter at the point of sale before the article is taken out of any retail store. Mr Terry Phipps, Benetton's consulting CIO told Junkbusters it would disable them. However, Benetton's chief spokesperson later stated that Phipps ``didn't have the authority to speak on behalf of Benetton about whether the company planned to use the tags.'' (2003/4/7) [Computerworld] Benetton's press office earlier issued a statement that it has not made any decisions about deployment. (2003/4/4) [More on this] The AP subsequently quoted a spokesman as saying ``If the tags are introduced, Benetton will give customers the option of having the tags disabled or removed.'' (2003/4/8)

The model of RFID device that Benetton had been planning to use, called I.CODE and made by Philips Electronics, can be instructed to temporarily cease transmitting its unique identification number, but can be re-enabled and cannot be permanently disabled.

Benetton had earlier stated in newspaper reports that it had no plans to track the garments post-sale themselves, and claimed there would be technical difficulties in doing so. But in reality any other organization would have been able to do it independent of Benetton, with little difficulty or expense. For more detail see our section on Benetton and RFID. A Benetton technical officer has told Junkbusters it will not deploy RFID devices that it cannot permanently disabled. Junkbusters is suspending its decision to boycott or campaign against Benetton pending a public statement by the company. For more detail see our section on Benetton.

Junkbusters aims to make universal among retailers the sensible policy of permanently disabling such bugs at point of sale. Junkbusters is publishing a series of "fake ads" aimed at drawing attention to the privacy threat of RFID in consumer items, and at putting companies on notice that they face a backlash if they sell privacy-damaging goods. The ads, which may be viewed and downloaded at http://www.junkbusters.com/jamming.html somewhat parody the "United Colors of Benetton" advertisments, although they do not presently criticize or mention the company. ``If Benetton or any other company ever sells a consumer item containing a live RFID device they can expect to become the direct target of a campaign against their brand,'' said Junkbusters founder Jason Catlett. The fake ads are initially intended for news reports, consumer organizations' newsletters, and grassroots websites.

Catlett says that all manufacturers of consumer durable goods should ensure that any RFID-tagged items they make can be permanently disabled, and retailers should always do this at the point of sale. ``If common items such as clothing, wallets and car tyres become trackable, marketers will certainly start installing RFID readers in entrances to stores and car parks, to obtain more information about visitors,'' he predicted. ``Once any company associates your identity with a bugged item you're carrying, that item can give you away anywhere. If you make a purchase with a credit or loyalty card, the seller could link your identity with the RFID number of any tagged articles you are carrying, and use it later or even sell that linking information to other organizations. Vast databases of records of people's movements would become available to telemarketers, government investigators and divorce lawyers. Suppliers must be told now not to pollute our private possessions with indestructable bugging devices. These are privacy land mines, being manufactured in their billions. If these digital bugs escape live they will remain active for decades. They must be disarmed.''

For more details see our RFID page. To view the fake ads, see our image gallery.

  The fight for financial privacy

Consumers Union, the non-profit publisher of Consumer Reports, has launched a financial privacy campaign and website at http://www.financialprivacynow.org where consumers can join the fight for better financial privacy.

The banking lobby succeeded in killing a Californian finanical privacy bill, the San Francisco Chronicle reported. (2003/7/10, p. A15) [SFC Editorial] [SJ Merc] This is the latest in a long-running campaign by banks to stop privacy laws. A petition may bring the issue to a referendum in 2004.

In 2002 the California Assembly voted narrowly against State Senator Jackie Speier's financial privacy bill, San Francisco Chronicle reported. (2002/9/1, p. A1) [SFC earlier] [SFC on Ads] [Text of California Senate Bill 773] [PRC on 773] The Assembly committee earlier made an amendment that the bill's author called ``hostile'' to privacy. [SF Chronicle] (2002/8/23) Banks and insurance companies have been furiously lobbying against the bill, contributing millions of dollars to legislators and the governor Davis. ``Citibank and its executives recently have given Davis nearly $100,000,'' the Chronicle reported. Our opt-out letter to Citibank and Wells Fargo asks the companies to stop spending money opposing privacy rights and to lower fees instead. For more ways to stop financial institutions selling your personal information, see our opt out page. If you're a Californian who wants more privacy, send our sample letter to Governor Davis.

In 2001 California Governor Gray Davis tried ``to weaken a consumer measure that would prevent financial information from being sold to telemarketers or traded among corporations,'' the San Francisco Chronicle reported. (2001/8/29, p. 1) [Earlier SFC story] [SJ Merc Editorial 9/6] The changes proposed by the banking lobby would allow "contact information" such as addresses and telephone numbers to be sold to outside organizations. (Banks nationwide can do this now unless you tell them not to.) Also according to the Chronicle, "banking and insurance interests have spent $7.04 million in the first six months of the year to defeat various consumer and privacy bills" and have given more than half a million dollars to Davis.

Two major Californian banks are continuing their fight against a local government law that would require banks to obtain customers' consent before disclosing information about them, the San Francisco Chronicle reported. (2003/5/30) [Earlier SFC] (2002/9/13, p. A23) If you're a customer of Bank of America or Wells Fargo and think your bank should be lowering its fees instead of spending millions lobbying against your privacy, click on the name of your bank above for an opt-out and protest letter.

Separately, Financial services firm CapitalOne Corp is marketing a credit card with the promise that they will not receive telemarketing calls as a result of their relationship with the company, DM News reported. (2001/11/2) The company telemarkets to its other customers, the trade magazine said.

Separately, a lawsuit alleges that Citibank unlawfully disclosed to telemarketers and vendors private financial information about customer accounts. [Information Week] (2001/10)

A federal rule requiring financial institutions to provide notice to customers about what they do with their customers' personal information took effect on July 1st. [Washington Post] Consumer groups and congressional leaders have accused the banks of making the notices difficult to understand. The groups launched a site called http://www.PrivacyRightsNow.com to help people understand the notices. (2001/6/20) [Washington Post] The federal rule implements a 1999 law with some weak privacy requirements. Many banks have already sent notices, some of which contain instructions on how customers can ``opt out'' of certain disclosures, such as having their personal details sold to telemarketers. The law has been criticized by privacy advocates, who called for an ``opt in'' approach requiring affirmative consent, particularly because it allows banks to share data between members of the same corporate family, even in unrelated businesses. Junkbusters publishes a generic opt-out letter that can be sent to any financial institution, as well as letters for specific banks and credit card companies. The Privacy Rights Clearinghouse publishes a Fact Sheet.

The American Banking Association announced a survey claiming that ``nearly two out of three consumers read their banks' privacy notices.'' The survey figures show that about 36% read their notice, and the remainder either didn't get it or didn't read it. ``Let's hope their accountants can add better than their PR people,'' commented Junkbusters founder Jason Catlett. (2001/5/6)

A law that would significantly improve the privacy of consumer financial data and medical data was introduced by Sen. Paul Sarbanes, the ranking Democrat on the Senate Banking Committee. (2001/1/23) Titled the Financial Information Privacy Protection Act of 2001, it is co-sponsored by several Democrats and opposed by Senate Banking Chairman Phil Gramm (R-TX). [Congressional Record transcript] Junkbusters and many consumer groups have broadly supported the bill.

The Financial Services Modernization Act of 1999, HR 10 (also known as Gramm-Leach-Bliley, or GLB, after its sponsors), was a stunning victory for industry lobbyists who wanted businesses to be able to sell consumer's personal data with minimal impediment. The law provides for closer integration of banks, securities firms, credit unions, savings and loans, and insurance companies. (The Privacy Rights Clearinghouse publishes a Fact Sheet for consumers on on GLB.) Privacy advocates sought an ``opt-in'' system where conglomerates would have to obtain consumers' permission before ``sharing'' data between affiliates; for example an insurance division getting details on the balances of a banking customer. Instead, the law allows through loopholes the selling of data without customers' permission to other businesses, and doesn't give consumers a way to stop having their data sold, even if they try hard. A bipartisan coalition led by Rep. Edward Markey (D., Mass.) and Sens. Richard Shelby (R., Ala.) and Richard Bryan (D., Nev.) said that the committee and the White House had caved in to special interests. The Wall Street Journal quoted Bryan as saying ``The complete lack of adequate protections is simply unacceptable.'' Their earlier attempts at amendments merely requiring effective opt-out was rejected. ``Congress has again shown its callous disregard for the privacy of Americans in its latest deal on bank legislation,'' said Junkbusters President Jason Catlett. The AP reported that Ralph Nader called on President Clinton to veto the package, calling it ``a threat to the safety and soundness of the nation's financial system and a reckless assault on basic protections for consumers and communities.'' [AP] [WSJ on Privacy] However the Wall Street Journal reported that the President ``has signaled that he will sign it into law, pending a review of final language.'' Privacy advocates say they will pursue a separate financial privacy law. [NY Times] [CBS] [DM News] [Chicago Trib]

The law requires financial institutions to create privacy policies but as we have seen on the Web, these needn't protect privacy. House testimony by the US PIRG showed that most major banks already have privacy policy, but they do not protect privacy. U.S. Bank's privacy policy, printed in their Customer Agreement, stated ``We share your concerns about the privacy of your personal information and strive to maintain its confidentiality.'' Clearly they didn't strive very hard against the flood of millions of dollars from the telemarketers they sold it to.

The law seems to require that customers be allowed to out of having their data sold to unaffiliated third parties, but this provision is rendered ineffective by loopholes for business partners: a polite way of describing anyone who will give them enough money.

So what can you do? Tell your representative you want your privacy better protected by law. If you don't know your elected official in Washington, look up your representative online. [US PIRG guide] And you can try hard to get as much privacy as your bank deigns to give you by writing them a letter like this one. (Please tell us the address for your bank.) [Washington Post column]

Several recent incidents illustrated the need for comprehensive privacy protection in law. In June 1999 Minnesota Attorney General Mike Hatch sued U.S. Bank (USB), objecting on various legal bases to the bank's provision to Member Works Inc. the following information for its customers: ``name, address, telephone numbers of the primary and secondary customer, gender, marital status, homeownership status, occupation, checking account number, credit card number, Social Security number, birth date, account open date, average account balance, account frequency information, credit limit, credit insurance status, year to date finance charges, automated transactions authorized, credit card type and brand, number of credit cards, cash advance amount, behavior score, bankruptcy score, date of last payment, amount of last payment, date of last statement, and statement balance.'' In a statement U.S. Bancorp's CEO Jack Grundhofer characterized this kind of transaction as an ``industry-wide practice.'' The bank settled without admitting the charges, but a class action suit is in progress, with an interesting FAQ:

Q: ``Can you tell me with whom [U.S. Bank] shared my information?
A: Unfortunately, the lists of customers whose information was provided to the third party partners for marketing are not retained after the program is completed. Therefore, we cannot pinpoint which partners may have received your information.''

Another conspicuous incident was at Charter Pacific Bank of Agoura Hills, which sold 3.7 million credit card numbers to a convicted felon. In 1999 the Federal Trade Commission filed suit against Kenneth H. Taves, accusing him and related companies with illegal billing practices; in September 2000 the FTC announced it had won a $37.5M verdict against the scam. After reporting on a scam allegedly bilking 900,000 credit card holders, the LA Times ran an editorial opening: ``Banks have been selling detailed financial information about their customers to just about anybody,'' Under current US law the bank has done nothing wrong, the editorial says. ``That provides the strongest argument yet for a federal privacy law to protect consumers from their own banks.'' (1999/9/14) As Bank Rate Monitor reported, that many of the credit cards were not issued by the bank, but merely processed by the bank. Junkbusters President Jason Catlett commented that ``This illustrates how the "opt-out" system is unworkable: you don't know who will process your data so you can't tell them not to disclose it. Consumers can't keep their details out of the Internet pornographers' databases merely by avoiding the Internet and not buying pornography, because the banks that sell the information to them process transactions for all kinds of businesses.'' Charter Pacific Bank processes approximately $11.5 million a month for the ``adult industry'' -- accounting for 46 percent of the bank's credit card business, Business 2.0 reported in 1999. The bank was later acquired by First Banks America (FBA). (2001/9/17) Privacy Times pointed out that whereas the majority of a bank's revenue typically comes from lending, most of Charter Pacific's came from credit card processing. Adult Web sites use two types of lists of credit card holders, according to the California Department of Financial Institutions: list of consumers who dispute charges, and list of those who use adult sites but don't cause these ``chargebacks'' The latter is obviously valuable as a ``sucker list'' for criminals. In an overview of fraud methods, a University of Minnesota academic points to the low incidence of these frauds in Germany, where banks have very rigorous security for transactions and strong privacy laws. ``By allowing banks practically free trade in personal financial information, Congress is enabling these undesirable and dangerous practices to become widespread,'' said Catlett.

  Microsoft gives up pushing Passport

EBay said it will drop support for Microsoft's Passport. Microsoft said it will stop marketing Passport to other sites. [Info Week] (2004/12/30)

Yet another security lapse by Microsoft left Passport users open to intruders, the AP reported. [Microsoft statement] (2003/5/8) Junkbusters founder Jason Catlett commented: ``Microsoft has demonstrated again and again that their ambition to be the world's gatekeepers is not matched by the technological competence.''

European privacy commissioners announce a settlement with Microsoft involving changes to Passport, according to Reuters and the Wall Street Journal. [Globe Mail] [Reuters] (2003/1/31)

Security analysts at research firm Gartner urged companies to stop using Passport, Internet News reported. ``Microsoft failed to thoroughly test Passport's security architecture, and this flaw -- uncovered more than six months after Microsoft added the vulnerable feature to the system -- raises serious doubts about the reliability of every Passport identity issued to date," Gartner said. The report said that financial institutions, credit card issuers, retailers and other enterprises that use Passport for any meaningful business purpose should immediately break all Passport connections "until Microsoft can prove that its security is adequate." (2003/5/18)

The FTC earlier investigated Microsoft's Passport and reached a settlement with the company. [Reuters] [FTC announcement] [Microsoft Press Release] [WSJ] [Bloomberg] [AP - Bridis] [AP - Hopper] [Infoworld] [Seattle PI] [CNET] [Geeknews] [Washington Post] [CBS Marketwatch] [MSNBC] [SF Chronicle] [Guardian] [Search Google News] (2002/8/8) Over a dozen privacy and consumer groups had petitioned the FTC to investigate more than a year prior. Junkbusters founder Jason Catlett commended the FTC for its investigation and Order, calling it ``a landmark case for online privacy and security.'' However, he did express disappointment that many areas of the the groups'