Return-Path: <sentto-279987-2627-1002077856-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 02 Oct 2001 20:01:12 -0700 (PDT) Received: (qmail 28468 invoked by uid 510); 3 Oct 2001 02:59:24 -0000 Received: from n1.groups.yahoo.com (216.115.96.51) by 204.181.12.215 with SMTP; 3 Oct 2001 02:59:24 -0000 X-eGroups-Return: sentto-279987-2627-1002077856-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by n1.groups.yahoo.com with NNFMP; 03 Oct 2001 02:59:09 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 3 Oct 2001 02:57:36 -0000 Received: (qmail 13005 invoked from network); 3 Oct 2001 02:57:36 -0000 Received: from unknown (10.1.10.142) by l9.egroups.com with QMQP; 3 Oct 2001 02:57:36 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 3 Oct 2001 02:57:36 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id TAA10370 for iwar@onelist.com; Tue, 2 Oct 2001 19:57:35 -0700 Message-Id: <200110030257.TAA10370@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 2 Oct 2001 19:57:35 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Companies.rethink.Net.privacy.after.attacks] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Companies rethink Net privacy after attacks By Stefanie Olsen Staff Writer, CNET News.com October 2, 2001, 4:00 a.m. PT Companies are scrambling to ensure their online privacy policies do not run afoul of the sprawling investigation into last month's terrorist attacks, a move that could prompt some to rewrite their published statements, privacy experts said. Most online privacy policies contain provisions for sharing customer information with law enforcement agencies in the event of a criminal investigation or suspected illegal activity. Nevertheless, some companies that have been cooperating with authorities investigating the Sept. 11 suicide hijackings that destroyed the World Trade Center and damaged the Pentagon are now reviewing their actions for possible privacy violations, according to people familiar with their concerns. A key issue, privacy advocates say, has come from companies that worry they may have gone too far in handing over complete databases to law enforcement in the immediate aftershocks of the attacks without requiring a court order or a subpoena. "I've never seen a privacy policy that says that we will make all of our records available to authorities in a case of national emergency, and I think as a result of this, you're probably going to see companies adjust their privacy policies to take this into consideration," said Ray Everett-Church, senior privacy strategist at the Los Angeles-based ePrivacy Group. While companies typically require a warrant or a court order before relinquishing the contents of e-mail or electronic files to federal authorities or in civil cases--procedures mandated under the Electronic Communications Privacy Act--Internet companies can provide information about consumer identities without a court order. Many major companies have legal departments to handle such requests. But in the aftermath of the terrorist attacks, some companies may have ignored normal procedures for working with law enforcement, privacy experts said. Larry Ponemon, CEO of the Dallas-based Privacy Council and former head of PricewaterhouseCoopers' privacy practice, said he's spoken with some companies that admitted giving over their databases to authorities wholesale, without a valid court order or subpoena. He declined to disclose the names of the companies but said consumers may soon begin receiving notifications and apologies informing them of possible privacy violations. "In some cases, trying to participate and cooperate with authorities led to the other extreme of actually violating all the privacy rights of customers and employees," said Ponemon. "It's scary. We have no assurances they are going to delete (this information). Are they going to return it? Are they going to make any warranty that they won't use it again?" Legal experts said that the risks of liability in such cases are small. "Suppression of evidence would be the most serious consequence of the government obtaining information in violation of privacy rights," said Dave Kramer, a partner in the Internet counseling group at Wilson Sonsini. "The likelihood of there being financial consequences...is limited." In the event that the FBI obtained information from a company without probable cause and a search warrant, the evidence would most likely be inadmissible in court under Fourth Amendment rights, lawyers say. But if the company volunteered the data, particularly in the event the act did not contradict its privacy policy, the evidence would be acceptable. Nevertheless, some companies seem to be taking precautions in their cooperation with authorities. Dave Steer of Truste, a company that vouches for Internet privacy policies, said his company is getting calls from members inquiring about the need to revise their policies after the attacks. "Members are asking, 'Does what happened impact our privacy policy, and does that change the way we should communicate to customers?' (Also), 'How do we insert a clause into the privacy statement that allows for such national incidents?'" ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:53 PST