Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Beware of Paypal and eBay Practices

0 views
Skip to first unread message

The Magnificent Bastard

unread,
Jul 2, 2003, 7:44:48 PM7/2/03
to

Click here to return to the browser-optimized version of this page.

Buyer Beware

by JONAH ENGLE - The Nation Magazine
June 20, 2003


Speaking at a conference this winter on Internet crime, eBay.com's
director of law enforcement and compliance, Joseph Sullivan, offered
law-enforcement officials extensive access to personal customer
information.

Founded in 1995 as a niche site for collectibles, eBay quickly grew
into one of the Internet's largest websites, currently boasting 69
million daily visitors, who place an average of 7.7 million bids each
day. The company, now valued at $29.6 billion, has become synonymous
with online shopping, and is rapidly expanding overseas.

The talk, "Working with Law Enforcement," was delivered at the
CyberCrime 2003 conference in Mashantucket, Connecticut. Sullivan, who
left the Justice Department to become senior counsel for rules, trust
and safety at eBay last year, told the audience of law-enforcement
officials and industry executives that he didn't "know another website
that has a privacy policy as flexible as eBay's," seemingly meaning
that eBay acts particularly quickly to grant law enforcement extensive
access to user information without regard to established legal
procedures that protect individuals from civil rights abuses by the
state.

Brags Sullivan, "If you are a law-enforcement officer, all you have to
do is send us a fax with a request for information, and ask about the
person behind the seller's identity number, and we will provide you
with his name, address, sales history and other details--all without
having to produce a court order." (eBay itself goes further than this,
employing six investigators who are charged with tracking down
"suspicious people" and "suspicious behavior.")

Seventy percent of eBay customers, as well as a significant portion of
the rest of the online commercial world, make their purchases using
(eBay-owned) Paypal, which provides clearing services for online
financial transactions. Through Paypal, eBay has access to the
financial records of tens of millions of customers. "If you contact
me," said Sullivan to assembled law-enforcement authorities, "I will
hook you up with the Paypal people. They will help you get the
information you're looking for.... In order to give you details about
credit-card transactions, I have to see a court order. I suggest that
you get one, if that's what you're looking for."

Sullivan even offered to conscript eBay's employees in virtual sting
operations: "Tell us what you want to ask the bad guys. We'll send
them a form, signed by us, and ask them your questions. We will send
their answers directly to your e-mail."

Sullivan's statements were first reported by Yuval Dror in the Tel
Aviv-based daily Ha'aretz; surprisingly, they have received no
coverage in the US media. And, while they may seem extreme, Sullivan's
eBay policies seem to fit into a larger pattern of eroding online
privacy.

In the fall of 2001 a Stanford-educated Pakistani scientist, a
permanent resident of the United States, was visited at his home in
the Bay Area by the FBI, who asked about several books he'd recently
purchased on eBay. The man's lawyer said the FBI agent reported having
been alerted by eBay. eBay denied having provided the information to
the FBI, and the bureau refused to comment.

eBay avoids legal trouble with its customers by giving itself carte
blanche to divulge any and all personal information. Its hard-to-find
privacy policy says: "Due to the existing regulatory environment, we
cannot ensure that all of your private communications and other
personal information will never be disclosed in ways not otherwise
described in this Privacy Policy."

Until recently, in the Internet world "cooperation with government was
seen as a betrayal of the unwritten contract between the user and
service provider," says Nimrod Kozlovski of the Information Society
Project, a Yale-based center that studies democracy and freedom in the
digital age. This understanding held that the "provider would protect
the consumer from government snooping." Kozlovski believes that
"September 11th changed things dramatically," much as it did for
privacy and civil-liberties issues in other realms. He observes that
eBay followed the trend by rebranding itself and changing its privacy
and policy statements "to accommodate this new vision of the company
as one which was [not only] cooperative with the government [but]
actually a private law enforcement entity." eBay has also felt the
sting of tough new laws: On March 28 its unit PayPal was charged by
the Justice Department with violating the Patriot Act for providing
money transfer services to gambling companies. eBay may be wary of
turning down law-enforcement requests, and in this political climate,
being pliant to law enforcement may be sound business in the sense
that it can lead to better treatment from government and lower
administrative costs associated with a company's security division.
There is also the genuine anxiety surrounding the potential
consequences of not following up on a perceived terrorist threat.

Company spokesperson Kevin Pursglove calls eBay "a pioneer when it
comes to customer privacy" and denies that eBay's privacy rules are in
any way influenced by increased concerns about homeland security or
that eBay has been the subject of increased pressure from law
enforcement.

The attack on Internet privacy, like all civil liberties, has been
growing since September 11 in the form of the Patriot Act and other
federal and state-based legislation. Many provisions in the new laws
undermine online privacy, and are in keeping with eBay's
information-sharing policies. The Patriot Act allows ISPs to
voluntarily hand over all "non-content" information to law enforcement
without the need for a court order or subpoena. It also expands the
category of information that law-enforcement figures can seek with a
simple subpoena (no court review required) to include, among other
things, IP addresses and credit card and bank account numbers.

While Sullivan's statements are the most extreme examples of the
blurring between law enforcement and private corporations, eBay is not
the only large online companies to have diluted its customer-privacy
provisions. Traditionally, it was standard practice not to reveal
customer information to third parties; now, however, Internet
companies are making exceptions for the government. And massive online
vendors from Travelocity to Amazon are using vague language to give
themselves virtually complete discretion as to what customer
information they will turn over to law-enforcement officials. Whether
there will be a consumer backlash against these relaxed privacy
policies remains to be seen.

If so, then companies like eBay may have to question their current
willingness to become quasi-private law-enforcement agencies
themselves. In liberal democracies it is assumed that criminal
investigation and law enforcement are the sole domain of government.
But the trend in the United States, as evidenced by eBay, among many
companies, now sees huge private-sector commercial entities becoming,
in effect, agents of law enforcement. It's an arrangement between
government and the private sector, which Kozlovski calls the
"invisible handshake"--Internet companies promise to open their files
to law enforcement, while law enforcement insures that citizens stay
in the dark. This new relationship raises crucial questions regarding
civic life in the United States, and our rights as citizens and
consumers. According to Sullivan, "when someone uses [eBay's] site and
clicks on the 'I agree' button, it is as if he agrees to let us submit
all of his data to the legal authorities..." Is this more than we bid
for?


This article can be found on the web at
http://www.thenation.com/doc.mhtml?i=20030707&s=engle

0 new messages