Previous Politech message: "Charles Platt on privacy and FTC's do-not-call database" http://www.politechbot.com/p-04902.html --- Date: Sat, 28 Jun 2003 15:16:24 -0400 From: Robert Gellman <rgellmanat_private> To: declanat_private Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database References: <5.2.1.1.0.20030627221430.047ebd20at_private> Declan McCullagh wrote: > > I would say with confidence that I believe the folks at FTC have no > ulterior motives in creating this registry. But administrations can > change and policies can shift, and in any case the FTC may have > little power to resist requests from law enforcement agencies for the > complete database. While I think that you are probably correct about motive, the issue is open to some question. Let's look at what the FTC actually did. Here is a routine use (disclosure authority) for the do-not-call system of records: "Records may be made available or referred on an automatic or other basis to other federal, state, or local government authorities for regulatory, compliance, or law enforcement purposes." IMHO, this routine use is overbroad and inconsistent with the Privacy Act of 1974. Here is a quick argument: First, the FTC collects records for a do-not-call database. Allowing disclosures to ANY government authority for ANY regulatory, compliance, or law enforcement purpose (other than as relevant to the do-not-call activity) fails to meet the statutory test that disclosures be compatible with the purpose for the information was collected. Second, the notion of an "automatic" disclosure is very troubling and questionable. Disclosures by routine use are discretionary. An agency that allows an automatic disclosure of personal information without some review is abusing its discretion and could be violating the Privacy Act in other ways as well. Third, as written, the routine use appears to allow the agency to establish a directory of email addresses and telephone numbers and to make that available for automatic search by virtually any government agency for any regulatory, compliance, or law enforcement purpose. For the FTC to have reserved that authority is appalling as well as illegal. There is more that could be said about this routine use, but I doubt that you or your readers want to wallow in Privacy Act caselaw and minutia. However, I do have some advice to those who want to add their names to the do-not-call list. Do it by phone and not online. I don't believe that you have to give your email address on the phone. I am sorry now that I registered online. By the way, it took four tries before my registration resulted in the email response from the FTC that was necessary to complete the process. If anyone registered online and didn't get an email from the FTC (which requires a further response), then the registration probably didn't take. There are other problems and loopholes with the do-not-call list, but those are subjects for another day. Bob -- + + + + + + + + + + + + + + + + + + + + + + + + Robert Gellman + + Privacy and Information Policy Consultant + + 419 Fifth Street SE + + Washington, DC 20003 + + 202-543-7923 <rgellmanat_private> + + + + + + + + + + + + + + + + + + + + + + + + --- Date: Sat, 28 Jun 2003 02:58:01 -0400 Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database To: declanat_private Mime-Version: 1.0 From: "Chris Hoofnagle" <souvarineat_private> Dear Declan, Fwiw: If the telemarketers had their way, only the line subscriber (not even the spouse of the subscriber) could enroll, and you'd only be able to enroll by mail after sending a copy of your DL. I'm not kidding here--the industry recommended every barrier possible to enrollment. They didn't even want the roommate of a subscriber to enroll. Law enforcement access is a continued concern, but some govt access is necesary for enforcement of the rule. In order to avoid enrollment, we recommended that all telemarketers be required to send CNID--that way you could avoid calls through tech measures. But in any case, most of the privacy concerns dissolve when one moves to an opt-in system. Cell phone telemarketing already is opt-in, and those who are wireless only experience far less marketing annoyance. C -- Sent from Chris' Mobile --- From: Freematt357at_private Message-ID: <ea.3a883e8f.2c2edc32at_private> Date: Sat, 28 Jun 2003 07:55:30 EDT Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database To: declanat_private CC: otherat_private, politechat_private In a message dated Fri, 27 Jun 2003 14:22:48 -0400 (EDT), otherat_private writes: I'm not sure exactly what someone could do with a huge database that links phone numbers with email addresses. But it triggered a reflexive concern, especially since I didn't see any notes about how the database is secured. Hi Charles and Declan, I almost added my phone numbers as well, but my paranoid other self thought better, not about any worry if the Feds have my number, as they probably have everyone’s number who subscribes to Politech- But the donotcall list would make a great database for foreign marketers lets say the Chinese who wouldn’t pay any attention to our law- Such a list would be ripe to call as it virtually ensures that the list would be devoid of domestic competition and give a foreign telemarketer unfettered access. Regards, Matt Gaylor http://www.freeohio.us/ --- From: Vance Kochenderfer <vkochendat_private> Message-Id: <200306292323.h5TNN2sY013291at_private> Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database To: declanat_private Date: Sun, 29 Jun 2003 17:23:02 -0600 (MDT) The Privacy Act notices for the do-not-call registry seem to be located at 68 FR 37491 and 68 FR 37494. You can bring them up from the GPO's site at <http://www.gpoaccess.gov/fr/advanced.html>. Later, Vance --- From: "Bazeley, Michael" <MBazeleyat_private> To: "'Declan McCullagh '" <declanat_private> Subject: RE: Charles Platt on privacy and FTC's do-not-call database Date: Fri, 27 Jun 2003 23:12:46 -0700 Asking for the email address eems a bit much, if you ask me. Interestingly, you can also sign up for the federal list through the California Attorney General's office, and they ask for nothing more than your name and phone number and zip code. The FTC says they use the email address to confirm the registration. But the AG's office makes no such requirement. Michael Bazeley --- Date: Fri, 27 Jun 2003 22:35:27 -0700 To: declanat_private From: "Brian W. Antoine" <briana@nas-kan.org> Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database At 07:14 PM 6/27/03, you wrote: >I would say with confidence that I believe the folks at FTC have no ulterior motives in creating this registry. But administrations can change and policies can shift, and in any case the FTC may have little power to resist requests from law enforcement agencies for the complete database. Also consider that the email address you give then isn't required to stay valid for your registration to stay valid. Give them a throw away address to use to confirm your registration and then toss it. I wonder how many new signups hotmail got today. *grin* -- (UniKyrn on IM, ICQ#27068798) Brian W. Antoine http://www.nas-kan.org/ --- Date: Fri, 27 Jun 2003 23:27:30 -0700 Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v552) From: Tom Collins <tomat_private> To: declanat_private On Friday, June 27, 2003, at 07:14 PM, Declan McCullagh wrote: >I'm not sure exactly what someone could do with a huge database that links >phone numbers with email addresses. But it triggered a reflexive concern, >especially since I didn't see any notes about how the database is secured. I wasn't comfortable with the email address requirement, so I used the toll-free number to register my two phone lines. It took about 2 minutes per line. > Consumers can register for the free government service by visiting the Web >site www.donotcall.gov. Telephone registration using a toll-free number -- >1-888-382-1222 -- is available in states west of the Mississippi River, >including Minnesota and Louisiana, starting Friday, and nationwide by July >7, the Federal Trade Commission said. -- Tom Collins tomat_private --- Date: Sat, 28 Jun 2003 01:10:12 -0700 From: "James J. Lippard" <lippardat_private> To: Declan McCullagh <declanat_private> Cc: otherat_private Subject: Re: FC: Charles Platt on privacy and FTC's do-not-call database Note that no email address is required to register a phone number via phone call, you simply must call from the phone number that you wish to add to the registry (presumably they are using ANI to validate requests). The email address is only required when registering through the web site (or requesting verification that a number is on the list through the website--in which case there's clearly no necessary connection between the email address and the telephone number, since anyone could request verification of any phone number using any email address--a fact which could be possibly exploited to cause the sending of unwanted email). --- Date: Sat, 28 Jun 2003 11:05:54 -0400 To: <declanat_private> From: "Lawrence R. Ware" <larryat_private> Subject: Charles Platt on privacy and FTC's do-not-call database >I wonder if any politech recipients have added their phone numbers to this >interesting new database. Yes. >If they did, I wonder if they felt the momentary >misgiving that I experienced myself when the government-run system refused >to list my phone numbers as do-not-call until I provided a valid email >address for confirmation. Crossed my mind, but I wonder how else Mr. Platt expects an Internet web based sign up to work? Unconfirmed, (without a closed loop) would among other things allow me to un-subscribe his phone number, or yours for that matter. Want more interruption marketing? The telemarketer's will be jumping all over any number *not* on this list soon. The script kiddies would have a field day with it. Perhaps Mr. Platt would prefer to snail mail the FTC a letter, and include a photocopy of his phone bill to prove he has control over the number instead? He could just use a throwaway Yahoo or hotmail account for this if the idea of adding to a government database bothers him that much. Considering how often people change email addresses for other reasons, the value of this database would be limited anyway. -larry # larryat_private # Orlando, Florida ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 01 2003 - 01:19:10 PDT