ad info
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards




Privacy groups ask FTC to close e-mail loophole

December 6, 1999
Web posted at: 11:25 a.m. EST (1625 GMT)

by Margret Johnston and Keith Perine


WASHINGTON (IDG) -- Privacy and consumer groups are asking the U.S. Federal Trade Commission (FTC) to require software makers to close what they say is a security loophole in browsers that leaves people who read unsolicited e-mails vulnerable to the loss of their anonymity as they surf the Web.

A letter and a detailed report about the security hole was sent to the FTC by organizations including the Electronic Privacy Information Center (EPIC), the Electronic Frontier Foundation (EFF) and anti-spam group Junkbusters, according to a joint statement by these bodies.

Online privacy

The FTC will give the petition "serious review," an FTC spokesman said. Microsoft and Netscape spokesmen said their companies are also examining the claim.

The petition is the latest in a series of efforts by Internet privacy groups to get the U.S. government to regulate online privacy. Net advertisers and companies that closely monitor Web surfers' habits are resisting regulation in favor of policies that allow them to police themselves. So far, the FTC has adopted a wait-and-see approach.

  Make your PC work harder with these tips
  U.S. legislators take hard look at spam bills
  Spam bill backers focus on porn's products pages
  Reviews & in-depth info at
  E-BusinessWorld's Windows software page
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletters
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

The problem brought to light by the privacy organizations affects people with e-mail readers formatted in HTML, which includes popular programs such as MS Outlook, MS Outlook Express, Netscape Messenger, Eudora and Hotmail, according to the report, written by Richard Smith, a security consultant.

Many Web sites are set up to create a cookie, or unique serial number, on the PC of the person browsing. The cookie allows their surfing behavior to be traced, but it doesn't identify them. Smith said the latest use of cookies, however, is that they can be created when someone reads an unsolicited e-mail in a Web browser, and that is alarming because it means the user can be identified.

The cookie is created when users read an unsolicited e-mail with graphics in it, such as a banner advertisement off the Web, Smith said in a conference call. These banner ad companies typically "hide" the recipient's e-mail address in the Web address of the graphic, so that their servers can later match the cookie to the recipient's e-mail address, Smith said.

This information is often sold to spammers, or senders of unsolicited commercial e-mails.

"When you go to a Web site they will not only know your cookie, but also your e-mail address," Smith said. "Bottom line, you lose anonymity when you go to a Web site."

Smith said he hasn't discovered any companies that are abusing the information they gather. However, he added that the current cookie situation is disturbing nonetheless because it's difficult for the average consumer to know they are being "slipped a marked bill" that will identify them as they move around the Web.

Jason Catlett, president of Junkbusters, said he was also very disturbed by the new "Orwellian" use of cookies.

"It's intolerable that e-mail can be used to silently zap a name tag onto you that might be scanned by a site you visit later. It's like secretly bar-coding people with invisible ink," Catlett said.

He said the equivalent in the nonelectronic world would be a catalog that is sent to a home in an envelope with the ability to send out the recipient's address to other stores the minute the envelope is opened.

"They all find out that you opened the mail and they get an invisible tracking number, so if you go to a store ... that number is reported to them and they can build that information into a database," Catlett said.

Catlett said he expects both Microsoft and Netscape to close the loophole willingly. Nevertheless, he said, the petition was submitted to the FTC in order to make sure that the software companies do so.

Catlett also sees the petition as a test of the FTC's willingness to take the lead on the Internet. "If they don't act on this, it will show that they're asleep at the watch," Catlett said. "This is an opportunity for the FTC to show that they are alert."

Margret_Johnston is Washington correspondent for the IDG News Service. Keith Perine writes for The Industry Standard. Mary Lisbeth D'Amico of IDG News Service contributed to this story.

Australia data warehouse raises privacy concerns
December 3, 1999
N.Y. Times fires workers for 'inappropriate' e-mail
December 3, 1999
Commerce chief issues privacy warning for Web firms
November 9, 1999
Web firms say they're ready for FTC child-privacy rules
October 25, 1999
Internet community debates wiretapping
October 19, 1999
More managers monitor e-mail
October 19, 1999

Spam watchdog floats new service ideas
(Network World Fusion)
The spam wars
(The Industry Standard)
CommuniGate Pro: Arm your server with filters, blacklists, rules and spam traps to screen out unwanted mail
Senate hears FTC's position on spam
(PC World Online)
Service helps users stop spam
U.S. legislators take a hard look at spam bills
(Network World Fusion)
War on spam claims legit e-mail
(Network World Fusion)
Spam bill backers focus on porn
(Network World Fusion)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

Electronic Privacy Information Center (EPIC)
Electronic Frontier Foundation (EFF)
Junkbusters Corp.
Federal Trade Commission (FTC)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.