[LINK] RFC: Privacy-Intrusive Address-Book/SNS Services

Chirgwin, Richard Richard.Chirgwin at informa.com.au
Tue Feb 3 08:18:11 EST 2004 

Roger,

On my first read of the paper, the first observation I'd make would be
regarding how Plaxo uses data provided to it.

Because I'm a journalist, I seem to have made it onto rather a lot of Plaxo
lists held by other people. As a result, I can tell you that Plaxo analyses
the outgoing addresses; so the message coming from "Roger Clarke at Plaxo" (so
to speak) would include "This is the 5th message you've received from Plaxo.
Why not sign up now?"

This means that "richard.chirgwin@" has a database entry independently of
those created by other Plaxo users; and that database entry was used for
marketing purposes; even though I have no 'existing business relationship'
with Plaxo, nor had I given any permission to Plaxo to use my information in
any way.

This crosses over with an ambiguity in our privacy legislation; did Roger
Clark at Plaxo "authorise" a Plaxo marketing message to Richard Chirgwin? What
is the extent of the "authorisation" a Plaxo user has given in the form of
message Plaxo generates to a non-user?

The only good news is that when I finally found Plaxo's opt-out, it seemed
to work - at least to the degree that I no longer receive Plaxo messages.
However, that doesn't prevent me from existing in the Plaxo database, and a
future owner may change its mind about how it treats me!

Finally, there's the matter of commercial secrets. I can think of plenty of
places where the wholesale upload of an address book would breach the user's
employment contract.

Richard C 

-----Original Message-----
From: Roger Clarke
To: link at anu.edu.au
Sent: 2/02/04 17:17
Subject: [LINK] RFC:  Privacy-Intrusive Address-Book/SNS Services


I expressed concerns a couple of days ago about Plaxo.  I've now 
flung together a draft privacy analysis of address-book and social 
networking services (SNS) generally, with particular reference to 
Plaxo.

As always, I'd appreciate constructively negative criticism, 
particularly if I'm being unfair to anyone.

If you know other people with background on the topic, or if you're 
plugged into e-lists whose subscribers would be interested in the 
paper, or could help improve the analysis, feel free to pass this 
message onwards.


                     Very Black Little Black Books
       http://www.anu.edu.au/people/Roger.Clarke/DV/ContactPITs.html

                   First-Cut Draft of 2 February 2004

                               Abstract

Technology and human ingenuity continue to pose new privacy 
challenges. During 2003, a new dot.com fashion arose from an odd 
amalgam of Rolodex address-books, e-communities and dating. Users of 
these services store personal data on a central server, which can be 
accessed by other people, and, potentially at least, exploited by the 
service-operator. There are privacy concerns, of a kind that has been 
analysed many times before.

The new dimension that these services bring is that they entice users 
to disclose personal data about their friends, business contacts or 
acquaintances. That is a disturbing feature, and it requires careful 
analysis.

-- 
Roger Clarke              http://www.anu.edu.au/people/Roger.Clarke/
			            
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                 Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au            http://www.xamax.com.au/

Visiting Professor in the eCommerce Program, University of Hong Kong
Visiting Professor in the Baker Cyberspace Law & Policy Centre, U.N.S.W
Visiting Fellow in Computer Science, Australian National University
_______________________________________________
Link mailing list
Link at mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

More information about the Link mailing list