Contact details included below
FOR IMMEDIATE RELEASE
Washington, December 2, 1999-- Privacy and consumers groups and a leading security expert today asked the Federal Trade Commission to require software makers to close a technical loophole in many popular email systems that allows senders of bulk commercial email to track the surfing behavior of people who merely read the email.
Security expert Richard M. Smith of Brookline Mass., said ``Web browser cookies and email messages don't mix. Web surfing is supposed to be anonymous, but with the cookie leak security hole, companies can easily match our Email addresses to the Web sites we visit. I hope that Netscape, Microsoft and other software makers will quickly patch this hole.'' Smith also sent a report to the FTC this week detailing the technical details of how companies do this, which is now available at http://www.tiac.net/users/smiths/privacy/cookleak.htm on the Web.
Many email readers display email messages using a Web browser. If the message contains graphics retrieved from the web when the mail is opened, the loophole allows the recipient to be assigned a unique serial number in a ``cookie,'' which will later be silently transmitted as the recipient surfs the Web. Many companies encode the recipient's email address in the URL (web address) of the graphic, so that their servers can match the cookie to the email address.
Jason Catlett, President of Junkbusters Corp. said ``Cookie leaks are the bug from spammers that keeps on bugging. It's intolerable that email can be used to silently zap a nametag onto you that might be scanned by a site you visit later. It's like secretly barcoding people with invisible ink.''
At the FTC's hearings on online profiling last month privacy groups called for an immediate halt to the practice. Andrew Shen, Policy Analyst at the Electronic Privacy Information Center (EPIC) said that "The lack of government action continues to place the average user -- unaware of the tracking and surveillance technologies at work -- at the mercy of companies that often abuse their privacy."
The groups calling for the security loophole to be closed are listed below in the contact information.
Jason Catlett, President, Junkbusters Corp. 908-753-7861
Jeff Chester, Executive Director, Center for Media Education (202) 331-7833
Richard Smith, Security Consultant, http://www.tiac.net/users/smiths/
Beth Givens, Privacy Rights Clearinghouse, 619-298-3396
Jamie Love, Consumer Project on Technology, 202-387-8030
Gary Ruskin, Commercial Alert, 202-296-2787
Robert Bulmash, Private Citizen Inc., 1 800 CUT-JUNK
Shari Steele, Electronic Frontier Foundation, 301-283-2773
Andrew Shen, Policy Analyst, Electronic Privacy Information Center, 202-544-9240
This document is http://www.junkbusters.com/ht/en/nr31.html