Privacy groups ask FTC to close e-mail loophole
WASHINGTON (IDG) -- Privacy and consumer groups are asking the U.S. Federal Trade Commission (FTC) to require software makers to close what they say is a security loophole in browsers that leaves people who read unsolicited e-mails vulnerable to the loss of their anonymity as they surf the Web.
A letter and a detailed report about the security hole was sent to the FTC by organizations including the Electronic Privacy Information Center (EPIC), the Electronic Frontier Foundation (EFF) and anti-spam group Junkbusters, according to a joint statement by these bodies.
The FTC will give the petition "serious review," an FTC spokesman said. Microsoft and Netscape spokesmen said their companies are also examining the claim.
The petition is the latest in a series of efforts by Internet privacy groups to get the U.S. government to regulate online privacy. Net advertisers and companies that closely monitor Web surfers' habits are resisting regulation in favor of policies that allow them to police themselves. So far, the FTC has adopted a wait-and-see approach.
The problem brought to light by the privacy organizations affects people with e-mail readers formatted in HTML, which includes popular programs such as MS Outlook, MS Outlook Express, Netscape Messenger, Eudora and Hotmail, according to the report, written by Richard Smith, a security consultant.
The cookie is created when users read an unsolicited e-mail with graphics in it, such as a banner advertisement off the Web, Smith said in a conference call. These banner ad companies typically "hide" the recipient's e-mail address in the Web address of the graphic, so that their servers can later match the cookie to the recipient's e-mail address, Smith said.
This information is often sold to spammers, or senders of unsolicited commercial e-mails.
"When you go to a Web site they will not only know your cookie, but also your e-mail address," Smith said. "Bottom line, you lose anonymity when you go to a Web site."
Smith said he hasn't discovered any companies that are abusing the information they gather. However, he added that the current cookie situation is disturbing nonetheless because it's difficult for the average consumer to know they are being "slipped a marked bill" that will identify them as they move around the Web.
"It's intolerable that e-mail can be used to silently zap a name tag onto you that might be scanned by a site you visit later. It's like secretly bar-coding people with invisible ink," Catlett said.
He said the equivalent in the nonelectronic world would be a catalog that is sent to a home in an envelope with the ability to send out the recipient's address to other stores the minute the envelope is opened.
"They all find out that you opened the mail and they get an invisible tracking number, so if you go to a store ... that number is reported to them and they can build that information into a database," Catlett said.
Catlett said he expects both Microsoft and Netscape to close the loophole willingly. Nevertheless, he said, the petition was submitted to the FTC in order to make sure that the software companies do so.
Catlett also sees the petition as a test of the FTC's willingness to take the lead on the Internet. "If they don't act on this, it will show that they're asleep at the watch," Catlett said. "This is an opportunity for the FTC to show that they are alert."
Margret_Johnston is Washington correspondent for the IDG News Service. Keith Perine writes for The Industry Standard. Mary Lisbeth D'Amico of IDG News Service contributed to this story.
Australia data warehouse raises privacy concerns
RELATED IDG.net STORIES:
Spam watchdog floats new service ideas
Electronic Privacy Information Center (EPIC)
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.