Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!samsung!sol.ctr.columbia.edu!cunixf.cc.columbia.edu!cs.columbia.edu!abrams From: abrams@cs.columbia.edu (Steven Abrams) Newsgroups: comp.org.eff.talk Subject: Re: What is private information? Message-ID: Date: 26 Dec 90 02:35:39 GMT References: <13284@milton.u.washington.edu> <1990Dec22.040101.26926@ddsw1.MCS.COM> <13444@milton.u.washington.edu> <1990Dec25.062336.16836@looking.on.ca> Sender: news@cs.columbia.edu (The Daily News) Organization: Columbia University Department of Computer Science Lines: 37 In-Reply-To: brad@looking.on.ca's message of 25 Dec 90 06:23:36 GMT In article <1990Dec25.062336.16836@looking.on.ca> brad@looking.on.ca (Brad Templeton) writes: [ Excellent list of "levels of privacy" deleted...] >However, I think we might not feel too bad about classes C through F as >standard default rules for transactions. > >I would suggest that a default be set of C through E based on the type of >transaction, allowing vendors to specify F just by announcing it (implicit >agreement) and explicit agreement required for G and beyond. > >Comments? In level D, where the vendor keeps semi-permanent records (for customer support, etc) and perhaps gives info to a delivery service or something, we need to guarantee that the third party service bureau maintains class C privacy (destroys information after transaction is complete), but other than that, I think the classes are very well defined. It seems fair to allow solicitation by the original vendor by implicit agreement, so long as the customer has a method of discontinuing this "service." And it is also important that a customer's failure to agree to a worse level of privacy can not be sufficient to refuse that customer a sale. ~~~Steve -- /************************************************* * *Steven Abrams abrams@cs.columbia.edu * **************************************************/ #include #include