Re: Automatic Entry and Forms

Robert Hazeltine (rhazltin@bacall.nepean.uws.edu.au)
Mon, 26 Feb 1996 11:21:53 +1100 (EST)


Date: Mon, 26 Feb 1996 11:21:53 +1100 (EST)
From: Robert Hazeltine <rhazltin@bacall.nepean.uws.edu.au>
To: Derek Harding <derek@tpdinc.com>
Cc: Murray Altheim <murray@spyglass.com>, hallam@w3.org, www-html@w3.org
Subject: Re: Automatic Entry and Forms
In-Reply-To: <2.2.32.19960225044830.0069f1e4@mail.tpdinc.com>
Message-Id: <Pine.SUN.3.91.960226102259.21750F@bacall.nepean.uws.edu.au>

Hi Derek

On Sat, 24 Feb 1996, Derek Harding wrote:

> At 12:33 PM 25-02-96 +1100, Robert Hazeltine wrote:
> >
> >Maybe people two generations hence might find the ideas of transferring
> >data - both personal and business - without human intervention acceptable
> >as a principle.  I do not. 
> >
> > be linked with this sort of proposal that allows another systems to 
> > probe for information on a particular workstation.
> 
> Unless I have misread the proposal, this is not a part of it and is not
> being suggested at all! Furthermore nothing in this proposal allows any kind
> of "probing" as you seem to believe. (Hence my comment that perhaps you have
> misread the proposal). 

The proposal to provide a mechanism to allow templates within HTML seems
innocent enough and the proposal, as I understand it, does not provide a
mechanism for unwarranted intrusion into privacy.  But that's the rub - it
does not provide any security to prevent it either and people seem so
conscious of computer security, etc in other respects that I am surprised
that the same weight (at the very least) has not been built into this one. 

Already there are programs that 'roam' the Internet, and I assume that a 
particular kind of information would not be difficult to target, right?

Already there are some "interesting" applications like NetWatcher that 
can be called on by your local friendly sysop.  I do not see much protection 
of personal information once he/she takes over your session, do you?  How 
long will it be before the scope of such an application is extended and 
then into the hands of someone who less than scrupulous?

I assume that most, probably all, the subscribers to this are quite
computer literate and know the strengths and weaknesses of the technology
they are using.  However, not everyone is in the same position.  As I
expressed before, there is a volatile mix of technology and ignorance of
it in the community at large and used the example of the "Registration
Wizard" of Win95 where I see people push buttons without realising the
consequences of what they are doing or knowing what the application was
designed to do. 

> As I understand it the proposal is suggesting is that a protocol may be
> developed which allows common fields which many users fill in everyday to be
> pre-filled automatically should users wish them to be. Users will then be
> free to submit the form in the normal way or delete any fields they don't
> wish to send, or modify the information prior to submission, or finally, not
> any have fields automatically filled in.

The practical difficulty here is to determine what data set is going to be
used or, just maybe, standardised.  As I understand one of the later
posting to this group, w3 are going to pass the buck to a standardisation
organisation and, while expressing concern for privacy, seem to be
maintaining the line that this mechanism of providing templates is safe. 

If the mechanism is available, it will be used - standardisation or not.

From my experience with international standardisatiion bodies, they are 
more inclined to business information and not personal information, per se.
Apart from which that information is designed to be used in a CLOSED 
computing environment (SWIFT, for example).  I do not see why a government 
delegation (a western government, at least) would even let get to the agenda 
stage precisely because of the concerns I have raised in this forum.

> The proposal does not make *any* provision for automatic submission or
> transfer of information in any way shape or form or for any "probing" of
> machines either.

IMHO, the proposal is not only weak but it is also pernicious because a 
template mechanism does not provide any protection for the individual 
from unwittingly disclosing personal information, whether or not the 
information is encrypted or standardised is irrelevant.  As a matter of 
fact, it simply does not protect.

In short, I believe it to be faulty both in conception and design.  Even 
from a systems point of view, it would not stand up to much duress.

Rob...

Robert Hazeltine                    r.hazeltine@nepean.uws.edu.au
Library Web Support                 http://www.nepean.uws.edu.au/library/