Fwd: consumer privacy bill of rights, request for comment, NTIA

[Terra Friedrichs]

Below is my letter to the NTIA after I stumbled on the request for comment regarding data privacy laws.

This is a part of an effort to protect consumer's from data abuse.

See below.  And if you want, send in your comments, too.  Sorry for the late notice, but the comments
are due "today", Monday March 26.

Terra


-------- Original Message --------

Subject:	consumer privacy bill of rights
Date:	Sun, 25 Mar 2012 20:49:04 -0400
From:	Terra Friedrichs <ter...@compuserve.com>
To:	privacy...@ntia.doc.gov

To the National Telecommunications and Information Administration:

I am responding to your request for public comment under the 
"Multistakeholder Process to Develop Consumer Data Privacy Codes of 
Conduct" Federal Register Notice, as part of your process to develop 
legally enforceable codes of conduct, presented at the following link:

http://www.ntia.doc.gov/federal-register-notice/2012/multistakeholder-process-develop-consumer-data-privacy-codes-conduct

Please make the following changes to the law:

1. "Automatic Opt-In" should be ONLY to provide the specific service 
that the consumer is opting in for.  Every provider using private data 
for inter-organizational sharing purposes should offer (in their initial 
"I accept these terms" choice) a "basic service option" that provides 
the consumer with protections against this sharing.  Sharing should be 
an "extra service", on top of the basic service.  The "basic service 
option" for an "automatic opt-in" should NOT include ANY sharing with 
ANYONE for marketing or other business/organizational development 
purposes, including companies within the same conglomerate.  If the 
consumer wants their data to be shared, there should be a special place 
for the consumer to go to "Opt-in" to the sharing program.  The current 
"Opt-Out" strategy is a trap because it requires the consumer to hunt 
down special tools to "opt-out", and the time it takes to find the tools 
is far longer than it takes the organization's computers to send our 
private information to their long list of "third party affiliates".  
Thus is makes even the most savvy technology users vulnerable.  Further, 
the current rules allowing for sharing of information among companies 
within conglomerates allows the common industry practice of preventing 
users from being able to opt out of this sharing.  This sets up an 
additional trap. That's because if you fill out a mortgage application 
with all of your personal information, and you get a mortgage from one 
company, your personal information can be sold along with the company as 
a conglomerate sweeps up industries worth of private information. 
Because it's so difficult to get out of services, such as mortgages, or 
even email services, these sales of our private data and the 
bait-and-switch of private terms must be stopped.

2. Make it illegal to share credit card transactions and location 
information for marketing and/or profiling/political purposes, unless 
the consumer specifically "Opts-In" in a special "value added" service 
on top of the "basic service", as described in my first comment above.  
Currently, organizations sell and otherwise share our private 
transaction data.  Please make this illegal.

3. Make it illegal to change the "original uses" of personal data when a 
company is sold.  A common trick to get our information is to start a 
company with some kind of social cause.  The company has strict privacy 
policies and so people share openly. THEN the owners sell the company, 
and the new owner changes the policies.  Please make this illegal.

4. Please require any changes in privacy policies for use of personal 
information to require 1 years notice.

5. Please mandate that our private information is OUR PROPERTY.  Not the 
property of the person or organization that gathered it.

6. Please develop a civil review panel to review what NSA is doing with 
our data.  Gathering it is one thing. But we need to have public 
oversight as to what the factors are being used for correlating and 
profiling the data, and what can be done with the data once it is 
correlated.  Civic organizations such as the ACLU can be sworn in to 
top-secret status for the review purposes.  So those civilian 
representatives would not be able to share the specific factors being 
used, but can act as our consumer-rights advocates when the processes 
are being developed/reviewed.

Thank you for your attention to these grave concerns.  As you state in 
your request for comment, because of the use of advanced cloud and 
correlation/data warehousing techniques, the risk of abuse is increasing 
dramatically... as we speak.

Sincerely,

-- 
Terra

*~*~*~*
Terra Friedrichs
Systems Engineer
InfoSec Consultant
Privacy Activist
978 808 7173 (cell)
978 266 2775 (desk)
978 266 2778 (home/messages)