[LINK] HTML email "bug", of sorts (fwd)

[Irene Graham]

On Tue, 21 Aug 2001 10:58:13 +1000 Craig Sanders <cas@taz.net.au> wrote:

[...]
>i've got confirmation from another subscriber, btw.  the same story from
>the same edition of Ping but with a different URL....so that's pretty clear
>that it does encode the userid in the URL.
>
>
>> Nevertheless, mis-use of personal information, spying etc, is going
>> to continue even by organisations who claim to respect privacy
>> preferences, at the very least until many more people start making a
>> louder noise.
>
>i suspect that many (most?) people wouldn't give a damn.

Research conducted by Federal Privacy Commissioner's office this year
strongly suggests many Australians do (surveying done by Roy Morgan's).
Results are available at:
http://www.privacy.gov.au/research/index.html#1.1

Quoting from the Exec Summary of the report:
	"Attitudes reflected a desire among the community to gain control
over how their personal information was used with more than 9 in 10 people
wanting businesses to seek permission before using their personal
information for marketing. ... Similarly high proportions of people (around
9 in 10) thought it was important that organisations advise customers who
may have access to their personal information and how that information
might be used."
...
	"Business practices such as transferring personal information
without the individual's knowledge, and using personal information beyond
the purpose for which it was originally collected, were practices that
caused concern among the vast majority of the community, with large
proportions registering the strongest level of concern. These findings were
supported by further results which showed that over 90% of the adult
population regarded each of the above practices as an invasion of privacy."

[...]
>i am subscribed under a different email address (one of the benefits of
>running my own domain is that i can have as many addresses as i want :).

Yes, ditto - this was a bonus I hadn't thought of before I got mine :-)

[...]
>> - If you get any, you'd very likely have grounds to lodge a complaint
>> with ADMA,
>
>i doubt if that would make any difference at all.

Maybe, maybe not. However, I found it very interesting that when I sent a
complaint to a member of ADMA (pre lodging a complaint with ADMA), the
reaction of their member was to have their solicitor to write to me. Now,
is that an attempt at intimidation, or concern that it's claimed they're
not complying with the Code they claim to. Who'd know, but ADMA staff claim
members *are* concerned about complaints, because they get named in ADMA's
Annual Report and this doesn't help their reputation at all.

>an "industry watchdog" made up of members/representatives of the
>industry? yeah, sure, that's going to protect the interests of the
>public.
>
>they don't even pretend to be anything but toothless.

Oh, they claim to have teeth, but I've yet to see actual evidence that they
do. However, it's worth bearing in mind that ADMA will be attempting to
have their Code registered by the Federal Privacy Commissioner as compliant
with the laws that become effective 21/12. After 21/12, individuals will
have the option to complain to the Fed PC re breaches of approved Codes. 

Fwiw, under the existing ADMA code, it would seem to me that eservices,
who've evidently collected your address, ought to have advised you'd they'd
collected it and what the purposes of collection are (if News Interactive
didn't/hasn't). Also, under the ADMA Code, if you ask eservices what info
about you they've collected, they're required to tell you. (eservices may
or may not be required to comply with the forthcoming law, depending on its
annual turnover and how it uses personal info, but it would seem News
Interactive will have to comply and this seems likely to affect their
collection, use and disclosure practices).

[...]
>there may be something to that. they are using data (email address etc)
>for a purpose other than that which it was provided for (subscription to
>a mailing list). they are not disclosing use of that data, and they are
>deliberately obscuring the fact that they are making unauthorised use of
>that data (i.e. encoding the URL prevents non-geek subscribers from even
>suspecting that there's something shady going on)

Yep, and the ADMA Code states (as does the to-be law) that members shall
only collect personal info "by fair means and not in an unreasonably
untrusive way". Imo, it's highly arguable the means under discussion is not
fair, not to mention probable breaches of other parts of the Code.

Irene