[At least the ACLU has said consistently that most anti-spam laws suffer from First Amendment problems, so it can't be accused of hypocrisy here. :) More seriously, groups that deal with privacy should tread carefully when sending out bulk email to those who didn't explicitly request it. Previous Politech message: http://www.politechbot.com/p-04497.html --Declan] --- Subject: RE: ACLU replies to Politech, says exposed email was not to members Date: Mon, 24 Feb 2003 19:09:32 -0500 Thread-Index: AcLcYJHq1cFIjvApTOO5v2bgSZ/+twAAI7IA From: "Kelly Talcott" <KTalcottat_private> To: declanat_private Oh, so none of the recipients actually asked for the ACLU to send them its newsletter, just as none of them asked for information about curing erectile dysfunction, working from home, curing credit ills, or performing strange acts with farm animals. Do spam filters check for "civil liberties"? And what do those of us concerned about the assault on our e-mail boxes do in the meantime? Kelly D. Talcott --- Date: Mon, 24 Feb 2003 16:29:05 -0800 From: Brad Templeton <btat_private> To: Declan McCullagh <declanat_private> Cc: politechat_private, EWHITFIELDat_private, jim.harperat_private Subject: Re: FC: ACLU replies to Politech, says exposed email was not to members Organization: http://www.templetons.com/brad On Mon, Feb 24, 2003 at 06:46:37PM -0500, Declan McCullagh wrote: > Previous Politech message: > > "Whoops! ACLU exposes email addresses -- just like Eli Lilly?" > http://www.politechbot.com/p-04494.html > > What, no double opt-in? :) > > -Declan > I have to say that you can't put a smiley face on there. What the ACLU did was indeed a spam. Repurposing of mailing lists, though of course very common in the postal service direct mail world, is simply something that doesn't scale (or rather scales way too well) in the E-mail world. If I give you my E-mail address for some purpose, and you feel you can pass it on for others to put on their mailing lists, our mailboxes quickly become full of messages, even if they are not offers of Nigerian money. It is just too easy to send mail, there is nothing putting any limit on it. Sadly, even double opt-in is not enough. Double opt-in is a defence against people using mailing lists to annoy folks. They submit my name to a mailing list, with a forged mail from me, it makes sense for the mailing list to confirm with me because of the insecurity of the method by which my name arrived. However, in this case, my name is coming from a reliable source. There is little doubt that I gave my E-mail to organization A for mailing list A. The only doubt is whether I intended that to mean that A could pass it around to other orgs and other mailing lists. Problem is, I don't want a lot of mail saying "We found your name at source X, can we add it to our mailing list about great Viagara sources?" Source X should be the one knowign that, and not giving out my name unless it knows I am open to that. I just can't see any way we can have mailing lists be repurposed without the express consent of the owner of the mailing addresses within them, without creating a bloat problem in our mailboxes even from so called legitmitate mailers. There are tricks you can do (I give out a different address to each company so I can tell if they do this, and they usually don't) but you should not have to. When you give out your mailing address, it should be just for the folks you give it to, and they should not had it out -- even to others who want to query if they can add you to their list -- unless you said that's what you want. It's OK if _they_ mail you to ask if they can hand you out, and hopefully do it only once. You voluntarily entered into a relationship with them, you have some market power over them. But once they pass out your name, you have little recourse. I wish I could see a way to make it scale, but even the ACLU doesn't get an exemption from this. This is spam by all the definitions and the ACLU should be paddled on the backside soundly for it. --- From: "McCloskey, Bill" To: "'declanat_private'" <declanat_private> Subject: RE: Whoops! ACLU exposes email addresses -- just like Eli Lilly? Date: Mon, 24 Feb 2003 14:44:39 -0600 Not the first time. I have at home a nice list of all ACLU's Maryland activists garnered from a TO: list from about two years ago. I can say that since I called them on it, it has not recurred. Bill McCloskey 4709 Overbrook Road Bethesda, Md. 20816-3029 301-652-7583 bmcclos325at_private --- Date: 24 Feb 2003 19:21:28 -0500 Message-ID: <Pine.BSI.4.40.0302241703180.19770-100000at_private> From: "John R Levine" <johnlat_private> To: "Declan McCullagh" <declanat_private> Cc: "jim.harperat_private" <jim.harperat_private> Subject: Re: FC: Whoops! ACLU exposes email addresses -- just like Eli Lilly? > [ ACLU, having gotten the FTC to spank Eli Lilly for disclosing e-mail > addresses, makes exactly the same mistake ] > Everyone who e-mails large groups is at risk for this kind of error. Actually, I'm with the FTC here. The problem is that people at both Lilly and the ACLU appear to be confusing their Outlook address books with a database. >From a technical point of view, the addresses in the To: line of an e-mail message have nothing to do with the actual addresses to which the mail is sent. (This is a deliberate and useful feature.) Any sort of mailing list management system, even the simplest freeware ones, never put the list of recipients anywhere where it could leak into the message. I manage lists here with thousands of addresses using the freeware Majordomo2 list manager, addresses have never leaked into messages, and it's unlikely they'll ever do so. If an organization has valuable mailing lists, it should treat them like any other valuable data and manage them with software that's appropriate to do the job. The FTC was exactly right when it said that Lilly "failed to maintain or implement internal measures appropriate under the circumstances" and the ACLU was just as negligent. This needn't involve spending lots of money (or any money), but it does require a little thought. Regards, John Levine, johnlat_private, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner "More Wiener schnitzel, please", said Tom, revealingly. ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ ------------------------------------------------------------------------- Declan McCullagh's photographs are at http://www.mccullagh.org/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Feb 24 2003 - 17:16:20 PST