Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!isi.edu!woolf From: woolf@isi.edu (Suzanne Woolf) Newsgroups: comp.org.eff.talk Subject: Re: Information Control Message-ID: <17246@venera.isi.edu> Date: 21 Mar 91 02:24:32 GMT References: <3622.27d4c133@iccgcc.decnet.ab.com> <1991Mar11.070712.4223@cs.ucla.edu> <3778.27dd2150@iccgcc.decnet.ab.com> <1225@airs.UUCP> <17230@venera.isi.edu> Sender: news@isi.edu Reply-To: woolf@dca.isi.edu (Suzanne Woolf) Organization: USC-Information Sciences Institute Lines: 76 In article guest@geech.ai.mit.edu (kevin young) writes: >In article <17230@venera.isi.edu> woolf@isi.edu (Suzanne Woolf) writes: > > I'm generally uncomfortable with suggesting "more laws" as an > answer to anything, but what would people want to see in a > "Propagation of Private Information" law? What should the > principles behind it be? We have specific laws that cover specific > types of information (e.g. credit); how, and to what, should they > be extended? > >I would not want to see a law such as this. I don't want to see >George Orwell's world become reality. A law such as this will require >the information police to enforce it. This is somewhat true, which is why I'm uneasy with "more laws". (I don't feel that privacy protective laws *necessarily* lead to "information police", but I'm willing to stipulate it's not a good idea to trust the government with this sort of thing.) It seems more like what's needed is attitude adjustment-- new customs to arise in society, new ways of looking at the problem. Perhaps we need more of a sense among people that privacy is both important and threatened. >When I have a conversation with >someone, I don't want to have to worry about what I can and can not do >with the information they give me. Please note I'm talking about people/organizations I do business with. Personal relationships and casual conversation are a different realm entirely. My concern is primarily with situations where there are no personal incentives to respect my preferences (which I hope isn't the case with most of my friends) and where there are incentives to sell information about me without my consent ($3 per name per mailing list, in many cases). >The simplest solution is to take >responsibility for your own privacy. Become informed. Don't rely on >government to cover your ass. Use the free flow of information to >your advantage by finding out which companies will help you to protect >your privacy. Part of the inspiration for my original post is that I *am* "informed", and mostly what I'm informed of is that *everyone* is selling information about me, and that most of them don't care what I think of it. I'm not relying on the government to cover my ass, but my own efforts are demonstrably not adequate; I'm finding that if I want any privacy at all, the list of things I must not do keeps getting longer. And it is unfortunate but currently true that the only "free flow of information" is from me to them-- in general, in my experience, simply asking a representative of a business you're dealing with "Is your company selling customer information, if so to whom?" doesn't get you anywhere. (Ask the Customer Service people at your bank who they've sold your name to lately. They won't know, or they won't tell you.) Again, I don't like the "more laws" solution much, except I could see a law that requires people to get my consent before they sold personal information about me, and tell me if I ask what they've done with such information. I'd settle for that "free flow of information" going both ways. I suspect that if most people knew how much information about them is benig passed around behind their backs, they'd be fairly concerned; many people appreciate getting targetted advertising mail, but many don't. Informed customers can make up their own minds-- which is why the marketers and database builders seem to be trying so hard to make sure people aren't informed. I'd like to see the default assumption change from "You can do whatever you want with information about me" to "Information about me belongs to me, and you can't propagate it outside our business transaction without my consent". I'm more than happy to start with "You have to tell me." --Suzanne woolf@isi.edu