Re: 3 Proposals: session ID, business-card auth, customer auth

Hello,


Dan wrote:
> Who said that? Not me. I would certainly expect anybody collecting
> business cards to write up their policy for access to that data
> and make it available. I would probably even mandate that in
> the spec.
> 
   Well then, this is way cool.  The policy that you mention is along 
the lines of what I want too.  The problem is that in the US,
no such policy currently exists.  Companies are able to gather data
and then broker it for whatever purposes they want, without your 
consent.  Certain companies are sensitive to this and enable you to
not be put on other mailing lists, etc.; but even then, it's a box
at the bottom of the page the default is assumed that you want this.
I think it needs to be the other way around.  You're privacy is the
default and if you feel like relinquishing it, then you give
your consent to do so.  As it turns out, in many European 
countries, it is this way.  Companies are not able to use
data in a manner other than it was initially intended without getting
consent.  

   Another interesting thing to ponder is that courts in certain states 
in the US found that caller id was unconstitutional.  Basically, the
broadcasting of your number is an invasion of privacy was their ruling.
So, in a sense, any information that can uniquely identify you or be
used to discriminate for or against you, can fall under this line of thought. 
Having a default interface that enables business cards to be 
exchanged without consent or user interaction, may very well be deemed
unconstitutional.  

   So, I think we agree that sites can use the information gathered,
but when it comes down to exchanging this information, they need 
to acquire consent or inform the user a priori (and not in a H6 tag).  
Additionally, information gets broadcasted only upon the user's 
decision to do so, not by default.

Regards,
Jim.

Received on Thursday, 20 July 1995 13:29:35 UTC