Draft Of Privacy Bill Introduced... And Pretty Much Everyone Hates It
from the is-that-a-good-sign? dept
Rep. Rick Boucher released a draft internet privacy bill that's getting plenty of attention. You can read the draft on Boucher's site (pdf) or embedded below:Covered information (information that sites can collect, but users will have the right to "opt-out" if they don't like it) includes:
- The first name or initial and last name.
- A postal address.
- A telephone or fax number.
- An email address.
- Unique biometric data, including a fingerprint or retina scan.
- A Social Security number, tax identification number, passport number, driver's license number, or any other government-issued identification number.
- A Financial account number, or credit or debit card number, and any required security code, access code, or password that is necessary to permit access to an individual's financial account.
- Any unique persistent identifier, such as a customer number, unique pseudonym or user alias, Internet Protocol address, or other unique identifier, where such identifier is used to collect, store, or identify information about a specific individual or a computer, device, or software application owned or used by a particular user or that is otherwise associated with a particular user.
- A preference profile.
- Any other information that is collected, stored, used, or disclosed in connection with any covered information described in subparagraphs (A) through (I).
- medical records, including medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional;
- race or ethnicity;
- religious beliefs;
- sexual orientation;
- financial records and other financial information associated with a financial account, including balances and other financial information; or
- precise geolocation information.
Perhaps I'm missing something, but this seems like the kind of bill that's designed to say "hey, look, privacy law!" but that doesn't really do anything to protect people's privacy. I could see it causing a lot of trouble for sites, though, for no good reason. For example, saying that IP address information can be "opt-out" could create a massive hassle for pretty much any site that keeps log files. Imagine the fun someone could cause by visiting sites and then demanding the site remove his or her IP address from their logs. I understand the general thinking behind this, but I just don't see it doing anything good, while I could see all sorts of unintended consequences from it.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: laws, privacy, rick boucher
Reader Comments
Subscribe: RSS
View by: Time | Thread
Privacy belogns to the Receiptient
I like this gloom and doom quote from The Hill. The quote below points to what is wrong with how we view privacy and why legislation to supposedly protect your privacy will never work. Companies do NOT have a right to your information nor do they have a right to always be-in-your-face to sell you something.
“It would kill hundreds of thousands of jobs in America, and it would disproportionately put small publications out of business, because consumers won’t opt in,” said Zaneis, who later noted a series of positive aspects of the current legislation. His organization, the Interactive Advertising Bureau, represents 375 organizations and includes such members as Microsoft, Google and a host of publishing firms.
[ link to this | view in chronology ]
Re: Privacy belogns to the Receiptient
One of the things i could do with this bill is clean up my credit by forcing them to remove information from my credit that i dont like or is damageing to my credit, and bam, now i would have excelent credit.
[ link to this | view in chronology ]
Younger Generation's views?
I know that times used to be different in the US (and still are in many countries) but I can only hope that as time goes on we are more accepting of cultural differences. We find the idea that something as simple as skin color can be used to be mad at somebody as ridiculous. We would rather be mad at them for something they have done that demonstrated to us that they are not "nice" people (its a relative term).
The only things that make us mad in general are when certain groups start demanding special rights for their stuff. Practice whatever you want as long as it doesn't negatively impact us.
Oh, and how is our Social Security Number not sensitive, but sexual orientation is?
Lastly, to all of us gay marriages should be allowed too. We don't understand why they aren't completely legal yet everywhere. I know I am starting to veer off topic but these seem to be the prevalent views amongst my generation and a few things on that list seem odd being from the group that thinks this way.
All of my friends either feel this way, or don't care. None of them that I hang out with are against the ideas I mentioned here. Is it just a younger generation's views with how times are changing, or is it just because of the area from which I hail?
[ link to this | view in chronology ]
Re: Younger Generation's views?
[ link to this | view in chronology ]
Re: Re: Younger Generation's views?
I would love to see how they determined what was super private and what was okay for corps to hold onto.
[ link to this | view in chronology ]
Re: Younger Generation's views?
Otherwise, I'm totally with you... ethinicity, race, cultures... those lines are becoming more blurred over time. But this is a very slow process...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Nice try though.
[ link to this | view in chronology ]
IP Adress
IP Addresses are very rarely unique, but there are privacy advocates that would opt out of as much as possible, including IP addresses. Your conclusion that "Masnick's Basic Concept" is "out the window" is incredibly uninformed. I don't really believe that you will read this though. Chances are you are just a troll looking for someone to bait.
[ link to this | view in chronology ]
Re: IP Adress
[ link to this | view in chronology ]
Re: Re: IP Adress
So I have thought passed my nose to the reality of the way IP works, Rather than concluding that if a bill states that I can remove IP addresses from my personal information on a site, then those people who are knowledgeable about IP are wrong about how it works.
[ link to this | view in chronology ]
Re: Re: IP Adress
[ link to this | view in chronology ]
Re: Re: Re: IP Adress
[ link to this | view in chronology ]
Re: Re: Re: Re: IP Adress
Most people already know this, but just for the few that might not, the above statement is not even close to true. I have never said anything along the lines that an IP address is not "unique." I have merely said -- correctly -- that an IP address does not identify who the user is.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: IP Adress
[ link to this | view in chronology ]
Re:
There is also a question as to whether the phrase "unique persistent identifier" would apply to dynamic IP addresses or just static IPs since dynamic IPs are not persistent. The language used in this document is, at best, questionable to anybody with technical knowledge.
"an ip address is at least a temporarily unique identifier?"
If by unique, you mean that only one computer can have said address at any one time? No, it's not. That's how they're intended, but not how they actually work - an important distinction.
"damn, another of the masnicks basic concepts out the window!"
Nope, it's upheld, perfectly.
[ link to this | view in chronology ]
Re:
Since none of us are disassociative, I think not.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
That's your idea of "The Masnicks" concept out the window? Why am I surprised...
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Awesome.
[ link to this | view in chronology ]
Re: Re: Re:
So, how does a company identify the user making the opt-out request? What if one member of the household wishes to opt out of privacy and the others want to opt in? How would a 3rd party even know there are other users on the line?
Hell, what if the address in connection is PATed address utilised by a single employee of a 200 seat office? How exactly can someone identify a user for privacy purposes? What if a modem was rebooted mid-connection and a different dynamic IP was assigned? What a nightmare to work out whether you're complying with this rag!
"all of the masnicks claims that ips are not unique"
Except that's never what's being claimed. An IP address is only unique enough to confirm the sending and receipt of a piece of data (and only then assuming that the IP is not being spoofed or intercepted). They're unique enough to identify a device *temporarily* and not enough identify a person. Even geographical IP location is error prone (people all over the world use VPNs to connect to Hulu from outside the US, for example).
This is not good enough for a person's internet connection to be terminated by a biased 3rd party - the thing that's usually being refuted here. It's also not good enough for a company which had neither the resources nor the data to uniquely identify a user to ensure they're complying with the law. therefore, the law should not be passed in its current form, just as passing 3 strikes laws is a mistake with a much higher burden of evidence.
Since the law demands a "unique persistent identifier" and an IP address does not meet that criteria then it should be deemed invalid.
"he likes to pull things both ways, and sometimes gets caught doing it!"
Assuming you're the same moron who always refers to "the Masnicks", I don't think I've ever seen you post an internally coherent argument, let alone one that "catches" anybody else doing anything.
[ link to this | view in chronology ]
the website is able to collect this information and store it. for covered information, you then have the ability to opt of them selling your information to a 3rd party. For sensitive information, you have to explicitly tell a website (opt-in) that you approve of them passing on the data to 3rd parties.
Now, why are SSN, biometric data, and financial account data only classified as covered information. I would consider that information sensitive, but that's just me.
[ link to this | view in chronology ]
Um, too bad this likely doesn't mean the stakeholders that count, you and me.
Will there be protection for people who opt-out or refuse to opt-in? Or will companies then deny service?
Nothing is better than government making more work for itself.
[ link to this | view in chronology ]
Misunderstanding Privacy
Privacy is not the privilege of constraining the disclosure or circulation of 'sensitive' information by those it has been confided to.
No doubt many would like such a privilege over their fellows, to prosecute them if they betray their confidence, but it has no natural basis.
Corporations (being immortal psychopaths) may well need to be tightly regulated, but that's not the same as the folly of granting unnatural powers to mortals.
So, create regulations applying to corporations by all means, but don't corrupt the meaning of privacy in the process.
[ link to this | view in chronology ]
Of course, there is a huge problem with enforcement. There are a large number of bars in downtown Vancouver which require you to scan and log your drivers license on their database when you come in (you don't need to log my driver's license to check my age). They've been doing it for years and nobody is doing anything about it, despite complaints to the privacy commissioner.
[ link to this | view in chronology ]
Can't store an IP?
[ link to this | view in chronology ]
Boucher proposed bill
[ link to this | view in chronology ]