Re: 3 Proposals: session ID, business-card auth, customer auth

James Pitkow (
Thu, 20 Jul 1995 13:29:29 -0400 (EDT)


Dan wrote:
> Who said that? Not me. I would certainly expect anybody collecting
> business cards to write up their policy for access to that data
> and make it available. I would probably even mandate that in
> the spec.
Well then, this is way cool. The policy that you mention is along
the lines of what I want too. The problem is that in the US,
no such policy currently exists. Companies are able to gather data
and then broker it for whatever purposes they want, without your
consent. Certain companies are sensitive to this and enable you to
not be put on other mailing lists, etc.; but even then, it's a box
at the bottom of the page the default is assumed that you want this.
I think it needs to be the other way around. You're privacy is the
default and if you feel like relinquishing it, then you give
your consent to do so. As it turns out, in many European
countries, it is this way. Companies are not able to use
data in a manner other than it was initially intended without getting

Another interesting thing to ponder is that courts in certain states
in the US found that caller id was unconstitutional. Basically, the
broadcasting of your number is an invasion of privacy was their ruling.
So, in a sense, any information that can uniquely identify you or be
used to discriminate for or against you, can fall under this line of thought.
Having a default interface that enables business cards to be
exchanged without consent or user interaction, may very well be deemed

So, I think we agree that sites can use the information gathered,
but when it comes down to exchanging this information, they need
to acquire consent or inform the user a priori (and not in a H6 tag).
Additionally, information gets broadcasted only upon the user's
decision to do so, not by default.