IP: watch those trojan cards

[David Farber <farber () cis upenn edu>]

Date:    Sun, 10 Aug 97 13:31 PDT
From:    lauren () vortex com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Trojan phonecards / Internet opinion surveys


Greetings.  I wanted to bring two items to your attention of potential
importance that recently came within sensor range, about which I'm still
researching details.


First, the concept of "trojan phonecards" appears to have materialized. 
OK, get your mind out of the gutter--this isn't about a prophylactic debit
card.  But, it could be a real concern.  I've received reports of a firm
selling pre-paid telephone debit cards designed to be given as gifts.  So
far so good.  But the twist is that they reportedly provide the call detail
for all usage of the card to the party who *purchased* the card, allowing
them to track your calling patterns.  


Interestingly, under current law, which provides very little protection for
call detail data, this *may* be completely legal.  I'm attempting to get more
information about this, but in the meantime it might be a good idea to be
highly skeptical of any "free" phone debit cards which might appear, unless
you know for sure where the call detail is going and under what
conditions it will be released to outside parties!


----


On another note, I've received mailings from a new web service promoting
itself as an Internet "opinion gathering" site, through which persons would
be invited to make their opinions known to the powers-that-be on various
issues, with the apparent intent of influencing legislation and other
decision-making processes.


I had a number of polite exchanges with these folks, and I have to admit I
am singularly unimpressed.  They seemed unfamiliar with basic statistical
theory or practice, not even realizing the fundamental problems with
"self-selected" polls (which are notoriously inaccurate in terms of
extrapolation to larger populations).  They apparently plan to require fax
or physical mail verifications of opinion submissions, to try avoid the
problems of forged e-mail.  But they also seem to be planning to *release*
name and address information of respondents in mailing list form to
contracting outside entities.  


The whole situation is confusing at best.  Until there are reasonable
confirmable standards for such operations, I'd urge using a great deal of
caution dealing with any Internet-based opinion gathering service, both in
terms of giving any weight to their results, or in terms of providing any
name, address, or other personal information as part of the poll or other
opinion gathering system.


--Lauren--
Moderator, PRIVACY Forum
www.vortex.com