JUNKBUSTERS Presentations at Internet World


Talks at the world's largest Internet conference


[Feedback]  Future events

If you need a speaker for an event concerning privacy and marketing, please send us details.

[Feedback]  Past events

Catlett moderated a panel titled Privacy Policies, Strategies and Processes for eCommerce sites at Spring Internet World 2000 on April 7 in Los Angeles.

Catlett chaired a panel titled Internet Privacy Laws: Where Do We Stand? at Fall Internet World 99 in New York October 6-8. [News Coverage] An outline is given below and is included in the conference proceedings site.

Catlett presented The Privacy Arms Race in Stockholm on November 12, 1998.

Catlett chaired a panel at Fall Internet World '98 in New York on October 7 titled The Privacy Trade Wars of 1999? about the European Union's Directive on personal data privacy. A synopsis of the panel is given below.

Catlett criticized privacy-invasive drafts of the Digital Millennium Copyright Act during panel at a keynote address at Internet World Summer 98. [CNET] [Followup - House Committee approves] He also gave a presentation of The Privacy Arms Race. Version 2.0 of the Internet Junkbuster was formally announced there, although it has already been shipping for some time [News Release].

At Spring Internet World '98 in Los Angeles, Catlett debated ``Spam King'' Sanford Wallace, moderated by Mecklermedia Editor Andrew Kantor, and presented The Privacy Arms Race, which was also presented in London on May 13, Berlin on May 27, and Chicago on July 16.

Catlett also debated Wallace at Internet World moderated by Mecklermedia conferences VP Jack Powers. Wallace and Catlett both appeared the Federal Trade Commission's hearings on spam.

[Feedback]  Outline of panel: Privacy Policies, Strategies and Processes for eCommerce sites

This panel was presented at Spring Internet World 2000 on April 7 in Los Angeles.

Millions of e-shopping carts are being left empty at the checkout page because of privacy concerns. What can business-to-consumer ecommerce sites do individually and collectively to stop that money being left on the surfer's table? What should privacy policies say, and how can business processes be kept in line with them? A panel of experts and practitioners will discuss both the crisis du jour and enduring principles for preventing them happening in your back yard.

Panelists:

  1. Jason Catlett, President, Junkbusters Corp. [Bio] (Moderator)
  2. David Kramer, Attorney, Wilson Sonsini Goodrich & Rosati. [Bio]
  3. Steve Lucas, Chief Information Officer, Privaseek, formerly Chief Information Officer, Excite, Inc. [Bio]
  4. Bob Lewin, CEO and Executive Director, TRUSTe [Bio]

Topics for discussion (partial list):

  1. What are the costs of privacy and the lack of it?
  2. Privacy policies: what should the contain?
  3. Information practices: how to keep them in sync with policies
  4. The Principles of Fair Information Practice
  5. Examples of what not to do:
    1. The Doubleclick firestorm
    2. The RealPlayer data collection scandal
    3. The Hotmail flaw
    4. The GUID in Microsoft Office documents
    5. The Intel Pentium III Processor Serial Number

[Feedback]  Outline of panel: Internet Privacy Laws: Where do we stand? (1999)

Goal: to understand impact of present and prospective law on Internet business. Panelists will aim to produce actionable conclusions for the practical problems of the audience, rather than to have a debate on ethics.

Panelists:

  1. Jason Catlett, President, Junkbusters Corp. [Bio] (Moderator)
  2. Steve Lucas, Chief Information Officer, Privaseek, formerly Chief Information Officer, Excite, Inc. [Bio]
  3. David Medine, Associate Director for Financial Practices, Bureau of Consumer Protection, Federal Trade Commission. [Bio]
  4. Christine Varney, Partner, Hogan and Hartson, former Federal Trade Commissioner. [Bio] [Legal Times Profile] [Bio 2] [Industry Standard on Varney] [NY Times on Varney/OPA] [Varney's earlier career]

Topics for discussion (partial list):

  1. The Children's Online Privacy Protection Act (COPPA, 1998)
  2. Status of rulemaking for COPPA
  3. The Electronic Communications Privacy Act (ECPA, 1986) [AOL/Navy incident]
  4. Prospective Federal legislation [EPIC Bill Track]
  5. Senate Bill 809, the Online Privacy Protection Act .
  6. Possible effects of mandated Fair Information Practices (FIPs), especially Access and Secondary Use
  7. Junk email laws (Washington, California [Miller] [Bowen] Arizona, Virginia, others)
  8. Other state laws
  9. Actions by the FTC based on privacy policies (Geocities, Liberty Financial)
  10. The European Union's Directive on personal data privacy
  11. Legality of cookies in Germany
  12. Tort and common law risks
  13. General privacy laws affecting the Internet (e.g. data spills, Avrahami v. US News and World Report)
  14. Other topics suggested by questions from the audience

[Feedback]  Outline of panel: The Privacy Trade Wars of 1999?

Jason Catlett chaired a panel discussion at 4:30 pm on October 7 at Fall '98 in New York.

The European Union's Directive on Personal Data takes effect on October 23, 1998, a date some fear may be a black day for transatlantic e-commerce. Might member states use it to prohibit transfer of data to the United States? How is it affecting US initiatives for legislation versus industry self-governance on privacy? What should companies and government authorities do to avoid damage? A diverse panel of leading experts give a timely assessment as the deadline approaches.

Panelists:

  1. Simon Davies, Privacy International
  2. Lori Fena, Electronic Frontier Foundation
  3. Steve Lucas, MatchLogic
  4. Ron Plesser, Piper & Marbury
  5. Peter Swire, Ohio State University [USAToday profile]
  6. Patrick Vittet-Philippe, European Commission (DG 13) [was unable to attend]
  7. Duaine Priestley, US Department of Commerce (ITA)

Links to key resources:

  1. Text of the directive
  2. EU Report on P3P
  3. Amazon link for None of Your Business: World Data Flows, Electronic Commerce, and the European Privacy Directive
  4. Article by Swire in CIO Magazine [longer]
  5. A survey of privacy laws by GILC (Global Internet Liberty Campaign).

List of companies that Privacy International has said it will be monitoring:

AT&T, American Express, Andersen Consulting, Bayer, British Telecom, Cable & Wireless, Cap Gemini, Chase Manhattan, Citicorp, Coca Cola, Disney, EDS, Federal Bureau of Investigations, Ford Motor Company, Hilton International, Mariott International, McDonalds, Merrill Lynch, Microsoft, Monsanto, Motorola, Proctor & Gamble, Shell, United Airlines, Visa International.

Recent news on this topic: [IDG] [USA Today] [Industry Standard] [Washington Post] [TechWeb] [American Reporter] [Wired] [Interactive Week] [InfoWorld] [AP] [AP - 2] [TechWeb] [CNET] [InfoWorld] [ZDNet] [ZDNet - Wellbery] [SJ Merc] [DMA] [Clickz] [ZD UK] [AFR] [AFR - Internet group wants privacy laws] [Press release] [Internet.com - IBM] [Internet Magazine] [DM News] [DM News - GBD] [IDG - German States] [NY Times] [Wash Post - Safe Harbor] [PWC]

[Feedback]  Outline of talk: The Privacy Arms Race

As advertisers and destination sites deploy ever more sophisticated methods for tracking and targeting, consumers are retaliating with new ways to protect their privacy. This presentation surveys the current and impending weaponry and practices on both sides.

  1. How Web sites track visitors
  2. Countermeasures and disinformation from consumers: how widespread are they?
  3. Cookies and cookie-busters
  4. Emerging standards: RFC 2109, P3P, and OPS
  5. Will ad blockers sap revenues?
  6. Email address ``harvesters''
Slides from the talk are available below.

[Feedback]  Remarks by Jason Catlett at Spam Debate at IW Spring '98

These are the prepared opening remarks for a debate at Internet World Fall '97 against "Spam King" Sanford Wallace. [Kirby on UDHR]

This year is the fiftieth the anniversary of an historic event with fundamental relevance to our topic today. In 1948, the United Nations General Assembly adopted the Universal Declaration of Human Rights. It consists of 30 Articles, of which two are especially relevant to us here: Article 12, which asserts the right to privacy, and Article 19, which asserts the right to freedom of expression. Discussions about junk email often come down to the balance between these two sometimes conflicting rights. Spammers in the US sometimes claim rights under the First Amendment, so later I'll present the legal details on why courts are dismissing such claims. But before we immerse ourselves in the topic of the moment, let's reflect briefly on the progress that humanity has made in the 49 years since the UN adopted its Declaration.

Half a century ago, Western Europe lay in a state of economic ruin after the War, and Eastern Europe was imprisoned behind the Iron Curtain, its people deprived of the most basic liberties. Today those liberties have largely been restored, and the West is enjoying a period of unprecedented economic and technological prosperity. It is exactly that high level of wealth, knowledge and freedom that have created the problem we're addressing today. Junk is a symptom of affluence and of choice. So let us begin on a note of gratitude that we are faced with a problem that would have be the envy of people half a century ago, and is only a dream to the unwired half of the present-day world. Of course, we're still going to fix that problem, because that's the American Way: give thanks for what you have, but keep on trying to make things better.

So how can we fix the spam problem? There five basic ways: new legislation, legal action under existing laws, economic disincentives, social pressures, and technical means. Choosing the best mix of this cocktail is difficult, not only for public policy makers, but also for companies and individuals. I don't think we'll ever be able to eradicate spam, but I'm optimistic that we will be able to contain its growth sufficiently that it does not become a cancer on the body of the Internet. The challenge is to find treatments that aren't worse than the disease.

New legislation is in my opinion the most risky and uncertain of all, because of the possibility of unanticipated side-effects. In 1997 four bills were introduced in Washington to try to restrict spamming. They are very diverse, and the result of passing any of them would be difficult to predict. Many people have concerns about government control of communications. The most recent bills have been in California, where legislators are taking a new strategy of establishing "statutory damages" so that ISPs can more easily sue spammers. There will be a meeting to discuss this legislation with the two members of the State Assembly who proposed the bills, tomorrow at 5:30. If you're interested to join in, perhaps because you work for an ISP or if you're a journalist or are just concerned about this issue, see me after the talk for details.

However, existing laws may be sufficient to prosecute large numbers of spammers. This was made clear at Federal Trade Commission's hearings on junk email in July. Wired News called the event a "Spam Roast" because several spammers were present. Commissioner Christine Varney asked questions such as: "[does] the majority of unsolicited E-mail [have] inaccurate removal instructions?" After being told it does, she then openly asked her staff "Isn't that fraud or deception under our existing authority?" Her attorneys agreed that it was. In subsequent meetings I've attended, FTC staff have stated that from an analysis of the spam they've received personally, a large fraction are immediately prosecutable without any need for further legislation. Last month the FTC sent out a thousand warning letters to spammers that they risk being prosecuted for their get-rich-quick schemes, regardless of how they promote them. And last week the FTC filed its first suit against one of these scamming spammers.

In addition to government prosecution, spammers also face a series of civil suits brought by companies and coalitions that have been injured by spammers. In case after case judges have found in favor of the plaintiffs. Some courts have awarded substantial monetary damages, and seven figure sums are now frequently sought. In an early important case with Compuserve a Federal judge ruled that the first amendment "provides no defense for such conduct" and that spam can constitute an "actionable trespass". Those spammers now know the risks of persisting after they have been told to stop.

Turning to economic disincentives, many schemes for shifting the cost of spam back on spammers have been proposed. One major ISP (EarthLink) has added a clause to their sign-up contract that enables them not only to cancel the accounts of spammers for violation of the terms of their service, but also to charge $200 immediately to their credit cards.

Under the heading of social pressure, a big factor working against spam is that almost everyone who reads about the Internet has by now heard of spamming and knows that it's extremely unpopular. Most legitimate businesses today are scared to do anything that looks remotely like spamming, for fear of permanently damaging their brand. There have been some spectacular exceptions, but the beatings these offenders have taken tends to confirm the rule. Of course most spam is produced by people with no established business to protect. Only a very small percentage of spam concerns to religious or political (rather than commercial) goals.

The last method is technical means. Here ISPs have been leading the fight by taking a increasingly "get tough" attitude towards spam. The people and companies who provide Internet access to millions of consumers bear the brunt of complaints about spam, and every day they fight hundreds of unseen battles to stem the flow of spam. A highly sophisticated arms race of blocking and filtering software is being waged, and administrators are starting to gain the upper hand, with updates of blacklists being propagated in real time before spammers can switch to their next target. Unfortunately this requires constant vigilance and is very expensive to maintain because of the high level of expertise required to continuously adapt filters to new spamming tactics. And like intelligence agencies, their failures are trumpeted while their victories go unnoticed. Large companies are also finding that they have to use similar measures to prevent their employees' time being wasted by spam.

So those are the principal ways of containing junk email. I'd now like to look at spam in the broader contexts of technology, junk communications, and the future of commerce.

Junk email is just one of the many forms of junk communication that people are finding increasingly intrusive and offensive. Junk mail and junk phone calls grow continually; the current U.S. totals are about 10 billion telemarketing calls and 70 billion pieces of direct mail per year.

The communications revolution has given us a lot of wonderful things, but it's also given us a disproportionate amount of junk. And the question more and more people are asking is: will we drown in it? How many of you feel an "information overload" in your lives? Do you feel that a large part of the overload is stuff you don't need? Do you ever feel a sense of frustration over having to slash through all the junk in order to just do your job? Or even just to find your electricity bill when you get home? For information workers, junk is a major barrier to productivity, and the barrier is constantly getting higher. Now, spammers will cheerfully tell you: "you can just delete it." Well, you can certainly delete just one message a day and you can probably delete ten messages a day and maybe even a hundred. But how would you cope with a thousand or more? It's technically and economically possible for spammers to send perhaps a million times as much spam as they do now, but if they succeeded in doing so, most people would simply abandon email. And that would be a tragedy.

The power of computers to scale up beyond the capabilities of human beings has provided great benefits, but it also has a dark side: it can create a world that is uninhabitable by humans. Let me illustrate this with an analogy. Imagine that you live in an apartment on a high floor just below a water tower. Normally the water tower is a good thing: it lets you fill the bathtub quickly and it protects you in the event of a fire. But when you notice drops of water falling through the ceiling, you get concerned. So you call up the building's superintendent. Suppose he says "You can always just wipe it up", or "It's someone else's fault and there's nothing that can be done about it," or "Get on with your life, loser." Do you feel comfortable? How many gallons a day should you allow to pour through the roof before you move out to the suburbs? Taking the analogy back to junk email, how much spam should a person be expected to put up with before they give up and go offline? The reason that the Federal Trade Commission started investigating junk email is that they foresaw the possibility of a crisis that could permanently damage Internet commerce. We are already seeing a loss of opportunity in people who are afraid to start using email or to participate in discussions in public forums like Usenet for fear of being spammed. Their freedom of expression in this medium has been diminished by spam.

Now this sort of crisis has several historical precedents, and history is probably the best guide to what will happen with junk email. So in my remaining few minutes I'll examine a few milestones in the containment of junk communications this century.

The medium closest to email is the facsimile transmission. When fax machines started becoming popular in the late 1970's, a few enterprising advertisers seized upon it as a kind of "postage due" junk mail where the recipient pays for the paper. Congress outlawed junk faxes in 1991, but they remain disturbingly common. The same act, called the Telephone Consumer Protection Act, also prohibited machines that dial residential numbers and play recorded solicitations. These were becoming increasingly widespread and intrusive, and again the law has not succeeded in eradicating them.

The TCPA also places restrictions on telemarketing calls made by live human beings, but these are quite complex, and the average person doesn't know a simple and easy way to take advantage of the protection it provides. The same may turn out to be true of the some of the 1997 legislation; the bill proposed by Chris Smith of NJ, which is in my view by far the best of the federal bills, was modeled on the TCPA.

Going back to the 1960's, the main form of junk communication was junk mail. Computerized databases of mailing addresses were starting to be widely used at that time, and they created a problem that we are reliving today in electronic form: people got mail they didn't want. It was sometimes pornographic or otherwise offensive, and many people wanted to be able to get their address off the senders' lists. Under a law from the 1950's that is still in force, you can go to a post office, fill out USPS Form number 1500, and attach it to any piece of junk mail you don't like. If the sender continues to mail junk to you they are subject to criminal prosecution. Needless to say the junk mailers objected to the inconvenience of having to remove names from their lists, but courts were unsympathetic to this complaint. They took their case to the Supreme Court in 1971, claiming that the law violated their constitutional rights. Their argument is almost perfectly analogous to the arguments we hear from spammers today, so I'm going to end my remarks by simply quoting verbatim from the Supreme Court's opinion and order, which rejected all their appeals.

The essence of the appellants' argument is that the statue violates their constitutional right to communicate. One sentence in the appellants' brief perhaps characterizes their entire position:
``The freedom to communicate orally and by the written word and, indeed, in every manner whatsoever is imperative to a free and sane society.''...
Without doubt the public postal system is an indispensable adjunct to every civilized society and communication is imperative to a healthy social order. But the right of every person ``to be let alone'' must be placed in the scales with the right of others to communicate.

Today's merchandising methods, the plethora of mass mailings subsidized by low postal rates, and the growth of the sale of large mailing lists as an industry in itself have changed the mailman from a carrier of primarily private communications, as he was in a more leisurely day, and have made him an adjunct of the mass mailer who sends unsolicited and often unwanted mail into every home.

Everyman's mail today is made up overwhelmingly of material he did not seek from persons he does not know. And all too often it is matter he finds offensive.

[It] seems to us that a mailer's right to communicate must stop at the mailbox of an unreceptive addressee. To hold less would tend to license a form of trespass and would make hardly more sense than to say that a radio or television viewer may not twist the dial to cut off an offensive or boring communication and thus bar its entering his home.

Nothing in the Constitution compels us to listen to or view any unwanted communication, whatever its merit; we see no basis for according the printed word or pictures a different or more preferred status because they are sent by mail. The ancient concept that ``a man's home is his castle'' into which ``not even the king may enter'' has lost none of its vitality, and none of the recognized exceptions includes any right to communicate offensively with another.

And that is the opinion of the Supreme Court of the United States of America.

[Press release]

[Feedback]  The Privacy Arms Race

The Privacy Arms Race

Presented by Jason Catlett
President, Junkbusters Corp.

http://www.junkbusters.com/world.html
catlett@cut-this-word.junkbusters.com
Sweden's best-known technology entrepreneur: Alfred Nobel (1833-1896)
  1. His father Immanuel devised naval mines used during Crimean war
  2. Dynamite: a ``dual use'' technology (construction and munitions)
  3. City of Stockholm prohibited experimentation with nitroglycerine
  4. His friend Bertha von Suttner wrote Lay Down Your Arms
Data Privacy: the claim of individuals to control information about themselves

Arms: tools for taking or thwarting possession

Arms race: an ongoing competition among tools

Many tools used for personal privacy are also used for corporate confidentiality
Who cares about privacy anyway?
  1. Sweden's constitution, Data Act of 1973, Access to Public Records Act of 1776
  2. UN, EU's constitution: Directive on Data Protection
  3. ``the right to be let alone ... the right most valued by civilized man'' - Justice Brandeis
  4. Georgia Tech's 1997 survey shows privacy is #1 concern on 'Net
  5. Status quo ``unacceptable'' ... improvements ``crucial'' to avoid ``stranglehold'' if government forced to regulate - Ira Magaziner
Loss of opportunity
  1. What would make non-participants start using Internet? lower cost=51%; less complicated=53%; privacy protected=61% (Harris '98)
  2. e-commerce revenue would double ($12B in 2000) (BCG-96)
  3. ``If there is a void, the political process will take over'' - Daley
  4. Transatlantic ``privacy trade war'' in 1999?
Disinformation from consumers
  1. 40% admit to having provided false information while registering (GVU-97)
  2. Most people either go elsewhere or provide false information (BCG-96)
  3. Most sites abandoned registration requirements (e.g. Wired)
  4. Metromail's cooloffers.com checks registrations in real time
The Privacy Time Bomb
  1. ``people dislike telemarketers, fear losing control, worry about child exploitation''
  2. ``The masses will suffer repeated invasions of privacy until an acute event triggers an explosion.''
  3. ``Leaders will adopt consensual marketing to survive.''
What is disclosed as you surf?
  1. IP address (dynamic or static)
  2. User Agent [Browser] (attacks on bugs)
  3. Referer [where clicked] (search queries, file names)
  4. (rarely) Email address or login name
  5. Cookies (covered later)
  6. Various demo scripts will show you
Web log file analysis tools
  1. Generally aggregated statistics
  2. Trends to help tailor content, capacity planning and management
  3. e.g.: Nettracker, NetIntellect, net.Analysis, Bazaar Analyser [reviews]
  4. Few features track individuals: users logged in with password or employees
  5. Typical visitor path analysis
(Persistent) Cookies
  1. Typically a random identifying number
  2. Server sets in header, stored on client side
  3. Returned with each request to site
  4. Uses: shopping carts, personalization, reach/frequency analysis
  5. ``Third-party cookies'' (off the site visited) RFC 2109
Why cookies offend
  1. Most people don't think possible, don't like
  2. Violates belief that sites can't change hard drive
  3. Introduced without informed consent
  4. Couldn't say never until 4.0
  5. Dislike of surveillance of sites visited
Effects of using a privacy-enhancing proxy
  1. No cookies (unless site permitted)
  2. No banner ads (if blocked)
  3. No referer (or bogus value)
  4. Different user agent (bogus)
  5. Different IP address (near or far)
How do Banner Killers work?
  1. Some look for 468x60 GIF, "click here",...
  2. Some use lists of ad network sites
  3. Some match patterns in URL e.g. /banners/
  4. Some also rewrite textual content (copyright?)
  5. Some companies and amateurs distribute lists
Historic Milestones in Banner Ad Filtering
  1. First banner (HotWired.com) 1994/10
  2. WebFilter (ne้ NoSh*t), 1995/9
  3. Internet Fast Forward (Privnet/PGP) 1996/4
  4. Internet Junkbuster Proxy 1997/2
  5. Dozens of plug-ins and cookie-crushers 1997
  6. Cybersitter expands1998/2
Do ad filters spell the end of the Web as we know it?
  1. Did the remote control kill TV?
  2. Most (especially newbies) don't hate ads
  3. Forrester: 7 million privacy-enhancing by Y2K
  4. Most people are unaware technologies exist
  5. 76% viewing free offer don't download
  6. Extrapolating: vast majority remain unfiltered
  7. 64% of Web users never click anyway
What do ad networks actually do anyway?
  1. Buy and sell space, serving (the best) ads
  2. Choice must be made in milliseconds
  3. Based on site, clickthroughs, history via cookie
  4. Typically do not know identity of surfers
  5. Targeting: ``rules'' vs adaptive
  6. Specialists: Aptex, Engage, MatchLogic
Are ad networks really a likely privacy menace?
  1. Licking inside the open hydrant?
  2. Data reduction to manageable vectors
  3. Vectors can't be ``reverse engineered'' to URLs
  4. Reassurance? Published, audited practices and opt-out cookies
  5. Sale of user profiles and TRUSTe ad program 1998/2
  6. Specters: bad actors, accidents and future capabilities
Other Privacy-Enhancing Proxy Servers
  1. The Anonymizer - new IP, drops cookies (now charges)
  2. AT&T's Crowds - anonymizes via a randomly chosen participating proxy
  3. Lucent Personalized Web Assistant (LPWA) - generates unique ID, password, and email address for each site
  4. Email forwarding can be revoked
How did that spammer get my email address?
  1. Almost no legitimate company spams
  2. Incalculable damage to consumer trust
  3. Email address ``harvester'' (scavenger) bots on Usenet and Web pages
  4. Arms race of ``bot bait''
  5. Basic safety: disguise your email address
  6. Consider using an alias from a remailer
  7. Spam filters (PC vs server level vs ``RTB'')
Voluntary Self-Identification
  1. e.g. Filling out form with email, address
  2. Fine because informed consent
  3. Do sites "share" or "exchange" info?
  4. Few say, hence TRUSTe
  5. Do people trust policies? Harris '98: completely=9%; somewhat=58%; not at all=33%
Personalization
  1. A quid pro quo for personal information
  2. ``There is a fine line between customer service and stalking'' - Tara Lemmey
  3. ``The challenge is to provide enough value to the stalkee'' - Jim Sterne
  4. Informed consent first, then value
  5. Collaborative filtering: Firefly and Net Perceptions recommendation engine
Platform for Privacy Preferences Project (P3P)
  1. Ways of standardizing statements of Web sites' privacy practices and visitors' ``preferences''
  2. Automating the negotiations in browsers
  3. Could then exchange information using the Open Profiling Standard (OPS)
  4. User configures browser with identifying and demographic information to be transmitted after OK
  5. See also: trust certification of cookies
Future issues to monitor?
  1. Countermeasures to blocking (withhold content) - unlikely
  2. The ``Frankenbrowsers'' - limited distribution
  3. Java-based invasions: Finjan, Intracept, muffin.filter.Decaf
  4. Bandwidth jostling
  5. Attention economy battles e.g. cache busting
Privacy and corporate confidentiality
  1. Competitive intelligence increasing on Web
  2. Many sites provide different content for competitors
  3. Alternatively, truncated or stale info
  4. Server logs analyzed for competitors' activity
  5. Many corporates use proxies configured for ``stealth browsing.''
Conclusions

Your family and friends: inform and protect

Your company:
  1. Develop its corporate privacy strategy
  2. Assess exposure to privacy time bomb
  3. Ensure competitive intelligence isn't compromising
Learn data self-defense: forewarned and forearmed

[Feedback]  Slides used only at the Chicago Summer '98 Show

Which most threatens your organization's confidential information?
  1. Teenage hackers
  2. Industrial espionage (dumpster diving etc.)
  3. Investigative journalists
  4. U.S. government (DoJ, FTC, etc.)
  5. Your own web site(s)
  6. Your employees browsing of competitors' web sites
Which organization is currently collecting the most revealing information about you personally?
  1. U.S. Government (IRS, CIA, NSA...)
  2. Your local phone company (Ameritech, Bell Atlantic...)
  3. Your employer
  4. DoubleClick (or your least favorite banner network)
  5. The Stay-Puft Marshmallow Man
What is DoubleClick?
  1. ``The global Internet advertising solutions company''
  2. Reach: 1:AOL, 2:Yahoo, 3:DoubleClick (MM 98/6)
  3. Places ads from 170 high-traffic sites
  4. About 1.5 billion ads/month to 35 million people
  5. (= 42 ads/person/month, > one every day and growing)
From every page you view with one of their ads, the ad network is told the URL and gets cookie identification from browser
Of those five (Government, Phone Company, Employer, DoubleClick, Mr Stay-Puft) which:
  1. Collects the most revealing info?
  2. Are you least legally protected from?
  3. Has most incentive and opportunity to exploit data?
  4. Poses greatest threat to your privacy in the next century?

[Feedback]  Slides used only at the Berlin Show

Arms race? Huh? Is this a war?

Karl von Clausewitz (1780-1831)
In On War (1832) defined war as
  1. ``a continuation of politics by other means'' (``Der Krieg ist nichts anderes als die Fortsetzung der Politik mit anderen Mitteln.'') or (in another variation) ```nothing but the continuation of politics with the addition of other means'' (``Der Kreig ist nichts als eine Fortsetzung der politschen Verkehrs mit Einmischung anderer Mittel'')
  2. ``force to compel our enemy to do our will'' (``Der Krieg ist ein Akt der Gewalt, um den Gegner zur Erfuellung unseres Willens zu zwingen.'')
Clausewitz says war arises from the defensive: the goal in the offensive is ``not so much fighting as the taking possession of something.''

``Wenn wir uns die Entstehung des Krieges philosophisch denken, so entsteht der eigentliche Begriff des Krieges nicht mit dem Angriff, weil dieser nicht sowohl den Kampf als die Besitznahme zum absoluten Zweck hat, sondern er entsteht erst mit der Verteidigung, denn diese hat den Kampf zum unmittelbaren Zweck, weil Abwehren und Kaempfen offenbar eins ist.'' (Book 6, Chapter 7)

[Feedback]  Slides used only at the Los Angeles Spring '98 Show

Closing historical perspective

First banner ad 1994
``Privacy Time Bomb'' explodes 200X?

British East India Company 1600-1858
Indian Mutiny (Sepoy Rebellion) 1857

Clausewitz's trinity: policy, force and chance

--- Back to Top of Page ---

Home · · Site Map · Legal · Privacy · Cookies · Banner Ads · Telemarketing · Mail · Spam · Opt Out
  ·  Surf The Web Faster Without Ads, Free!

Copyright © 1996-2006 Guidescope Inc ®. Copying and distribution permitted under the GNU General Public License. 2006/04/03 http://www.junkbusters.com/world.html