packetscan
Premium
join:2004-10-19
Bridgeport, CT
clubs: | Privacy
IF you want privacy.. Don't choose these isps.
Oh wait that's right many isps has a strangle hold on areas.
and force out competition so we really have no choice.
Thanks FCC!
--
Reach out and Tap someone! |
|
amigo_boy
join:2005-07-22
Tempe, AZ
 ·Cox HSI
 ·magicjack.com
| said by packetscan  :IF you want privacy.. Don't choose these isps. I know you're being sarcastic. But, the ability to shop with your feet doesn't justify everything. Laws were passed describing under what circumstances communications companies can reveal details about their customers. I'm surprised this practice isn't covered by such laws. Even if it's aggregated behavioral information, it's still a detail about you. It's intended to target marketing to you.
I'm surprised 18 U.S.C. 2511 and 2702 don't apply. They're not limited to just disclosure to law enforcement.
»www4.law.cornell.edu/uscode/html···00-.html
»www4.law.cornell.edu/uscode/html···00-.html
Mark |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| reply to packetscan
The important issue is not whether it's opt-in or opt-out. The real problem is that the ISP is diverting the customer's traffic into the 3rd-party machine. (See this link »www.theregister.co.uk/2008/03/07···rtegrul/ for a full explanation of how it works.)
Yes, Phorm claims that it anonymizes the data, and that the company is audited, and so on. But I predict that as soon as the publicity fades, the company will change the terms and start data-mining without any restraints - including personal information. Besides, the ISP can at any time contract with some other company that offers money for subscribers' data, and it may not even promise respect for privacy like Phorm.
This does need to be restrained by law. I don't think many users would agree to it if they were given a chance to opt in or out, with full information, separately from the ISP contract. |
|
factchecker
@cox.net
| reply to amigo_boy
said by amigo_boy :I'm surprised 18 U.S.C. 2511 and 2702 don't apply. They're not limited to just disclosure to law enforcement. For a poster that likes to play lawyer, you forget the myriad of state privacy laws that exist and muddy the waters even more... It isn't as simple as posting those two parts of the U.S.C., which may or may not apply, especially when you take into account that there are other federal laws that deal with privacy issues.
It would be nice if the legal ground was as simple as the links you have posted, but privacy legislation in this country is a disaster. |
|
amigo_boy
join:2005-07-22
Tempe, AZ
·Cox HSI
·magicjack.com
| said by factchecker :
you forget the myriad of state privacy laws that exist and muddy the waters even more... Federal laws supersede state laws (Art. VI, Const.).
said by factchecker :
It isn't as simple as posting those two parts of the U.S.C., which may or may not apply, Remind me again, why don't they apply?
Mark |
|
factchecker
@cox.net
| said by amigo_boy :said by factchecker :
you forget the myriad of state privacy laws that exist and muddy the waters even more... Federal laws supersede state laws (Art. VI, Const.). Basic civics... However, you have missed the point entirely. The laws you posted are only a part of the question of privacy in the US.
As well, federal privacy laws on a whole are both vague and general, while state laws are more specific, the exceptions being certain laws governing finance and HIPAA. Privacy laws vary from state to state because there are no federal statutes that supersede all of the points covered by state laws.
said by factchecker :
It isn't as simple as posting those two parts of the U.S.C., which may or may not apply, Remind me again, why don't they apply? |
|
amigo_boy
join:2005-07-22
Tempe, AZ
·Cox HSI
·magicjack.com
| said by factchecker :
Partly because you have not demonstrated that they apply, you have only stated that you interpret them in such a manner. References and judgments that interpret the law the same way that you do would help.
Theofel v. Farey-Jones, 341 F.3d 978, 982 (9th Cir. 2003). It "reflects Congress’s judgment that users have a legitimate interest in the confidentiality of communications in electronic storage at a communications facility." Id. at 982.
That's why I said "I'm surprised 18 U.S.C. 2511 and 2702 don't apply."
Mark |
|
factchecker
@cox.net
| said by amigo_boy :Theofel v. Farey-Jones, 341 F.3d 978, 982 (9th Cir. 2003). It "reflects Congress’s judgment that users have a legitimate interest in the confidentiality of communications in electronic storage at a communications facility." Id. at 982. That's why I said "I'm surprised 18 U.S.C. 2511 and 2702 don't apply." Okay, I see where you are going...
The reason I think they can currently get around that, based on the quick research I did on the case and a second glance at the law is because (a) the full contents of the message and information intercepted are never disclosed or recoverable and (b) the information intercepted can not be traced to a specific person (there are no names or user names to track down people). IP addresses could be used, but in most system, they change often enough that using them isn't reliable means of getting someone's identity, especially since providers probably (that we know of) are not giving Phorm, NebuAd and other companies wholesale access to their RADIUS servers.
The data is basically "anonymized" to a point that must be sufficient under law. As well, the intercepted packets are processed auto-magically and then deleted, meaning that no one actively digs through them. Since no one actually sees what is intercepted, they could legally argue that they aren't in violation of the law because technically, "privacy" still exists.
Whether that is right or wrong or people agree/disagree with it, I'd wager that is how they comply with or circumvent the law... |
|
amigo_boy
join:2005-07-22
Tempe, AZ
·Cox HSI
·magicjack.com
| said by factchecker :
(a) the full contents of the message and information intercepted are never disclosed or recoverable and (b) the information intercepted can not be traced to a specific person (there are no names or user names to track down people).
Regarding "divulge content," would aggregated or anonymized information (relatable to an individual by IP or cookie) be covered as a "customer record" by Section C? It says a communication provider "may divulge a record or other information pertaining to a subscriber to or customer of such service" under enumerated conditions.
I guess it boils down to whether disclosing a summary of someone's activity and content (where they go, what they say or buy) is disclosure of content. If I summarize to you that Mr. Jones goes to certain types of sites, and uses certain IDs, and says certain things, and buys certain types of books... Is that what Congress had in mind as protecting your privacy because the actual content wasn't divulged?
I'm surprised it doesn't apply. If it doesn't, it seems like it should be (relatively) easy to amend. The spirit of the law is there. It just was written at a time when the envelope wasn't being pushed like it is now.
Mark |
|
