|
CitX BREAKTHROUGH? A new software-supported system to help protect children's privacy on the internet was announced this week by CitX Corporation of Quakertown, Pa. Soon to be on the market, "ChildGuardIt" is described as a "privacy management and de-identification system designed to guard against solicitation or 'spamming' of children's email accounts by unauthorized senders. . . . The system incorporates the use of digital certificates and CitX's proprietary pseudonymous Opt-In and de-identification technology. It will be available to parents under a subscription plan." These quotes are for a June 22nd PRNews release. A striking aspect of the promised innovations in ChildGuardIt deals with how your children will interact with advertising materials on the internet. ChildGuardIt will include a process to hide children's identities when they click on advertising banners and otherwise interact with advertising and promotional literature. ChildGuardIt could be of great interest to a huge number of adults who are acting on their own behalf, in addition to parents concerned with their children's privacy, if it is effective as promised and if setting up this system will be easy for those who are not computer geeks. Ease of use should be defined here as implying little disturbance of pre-existing settings on your PC; because this disturbance can cause an easy installation to become a source of nightmares due to a PC that refuses to run correctly. ('Mac folks' can smile here.) JUDGES AND ATTORNEY GENERALS ARE IN THE FRAY The announcement of ChildGuardIt by CitX takes on enhanced significance in the context of recent aggressiveness in favour of privacy protection being shown by key players in the judicial system. In a June 11 New York Times article, Professor Jeffrey Rosen, George Washington University Law School, has recounted several recent Supreme Court decisions that show unusual consensus among the justices about the importance of privacy protections. He says: "What can explain the recent victories for privacy? Perhaps the justices are beginning to recognize how much is lost when citizens cannot record their thoughts and share intimate information without fear of exposure. . . . Perhaps, regardless of their dramatically different views about abortion and contraception, both liberal and conservative justices are returning to the original understanding of the Fourth and Fifth amendments, which had guaranteed all Americans the right to control personal information." None of the rulings he cites deals with a case that has clear implications for internet snooping done by private firms. Only time will tell whether Supreme Court will create a basis for class-action suits against known proven purveyors of secret internet snooping, on the grounds provided ultimately by the Fourth and Fifth Amendments to the Constitution. Another recent initiative from a judicial system leader deals directly with the internet. In a June 14th USA Today story, according to a file now sold by NewsBytes, "Michigan Attorney General Jennifer Granholm has threatened legal action against four Web sites that she says have not told consumers whether their privacy rights are being protected under state law. Granholm said Monday that she notified the companies after lawyers in her office found that Internet advertising agencies were tracking site visitors with digital IDs known as ''cookies'' deposited on users' hard drives. . . . Greater disclosure of privacy practices will allow companies to avoid prosecution, she said. " The four web sites were using "[a well-known] ad agency to help understand how consumers behave when exposed to various kinds of advertising, " and named two others that may be using the infamous 'tracking cookies'. Apparently, it is not the tracking (snooping) being facilitated by the web sites that was the issue. Rather it was that the sites did not adequately explain to surfers how their practices constituted de facto participation in the snooping activity. It seems that the Attorney General is of the view that this silence on the part of web sites leaves them open to prosecution -- perhaps by or on behalf of persons that get proof they are the subjects of snooping. (This is a fallible opinion.) If all the web sites that facilitate use of the 'tracking cookies' stated this fact clearly to surfers as they arrived at each site, and especially stated the name of the company responsible for the tracking cookies, consumers who wish to vote against those companies with their wallets would have received some significant help. That help would be potent if many people of Attorney General status began to speak out about the grounds for prosecution that are laid when web sites fail to be fully informative about how they are supporting, even if only indirectly, internet snooping
WHERE IS THE REAL ADVANCE IN ChildGuardIt? "Anonimizing" your out-going email, i.e. hiding your identity, has been available for several years (a key WWW link is given below). Indeed, spammers have been using it heavily. So what's new and useful about the ChildGuardIt system? How does it work? Parents' subscription to the service will include access to a special e-mail service that will be a gateway between their children and internet email. Apparently, a parent will have several 'good-guy' addresses on a database maintained by CitX, and good guys' email will be allowed to go through. Unauthorized email will, it seems, be blocked at the CitX computer, long before the child even knows it was sent. There are some technical issues on which CitX may need to go public fairly soon. For example, exactly how would the identity hiding be achieved -- what is the strategy, without revealing trade secrets? The available literature offers no guide to the answer to this question. To be fully effective, I think, this de-identification process will need to include hiding a fixed IP address the home computer may be using, as well as blocking the outflow of hardware-identification data now routinely provided to web servers by web browsers running on peoples' home computers. If these are known to the party serving up the web pages then they would create a notable loophole in the process designed to block identification. (I would be happy to learn why this opinion is wrong.) One theoretically possible route would be a public firewall. Instead of going directly to web sites, you first log on to a server that is maintaining the firewall software. All your interactions with the internet would go through channels set up in the firewall software. That software would show to marketers only the I.P. address of the server (hiding yours), and it might further 'anonymize' any family-identifying information the web surfer enters at her/his keyboard. It might also block all cookies, and Javascripts containing suspicious code. One big issue here, though, is how much traffic such a gateway could handle before it broke down from overload. However, this issue would not arise if the firewall is portable software installed on each surfer's computer. Such software is already in the marketplace, it seems. Reviews of their effectiveness need to be developed and widely disseminated. The key innovation of the email service in ChildGuardIt needs to be clarified, given the variety of email filtering software and 'anonymizers' already in the marketplace. The news release puts some emphasis on the idea that a list of authorized senders of email to your child is maintained at a central gateway. Email addressed to your child goes through that gateway before your child knows it exists, so that unauthorized stuff can be removed before it gets to the child. Again, exactly how this would be effective across all possible email routes needs to be clarified. If the parent uses CitX as the sole ISP, this service is easily made effective. But if there some other ISP, I would guess that the only way this would be effective is for you to arrange for your information to be routed from your ISP's server to the CitX server before it goes to the net, and for all in-coming email to first go through a CitX gateway before it gets to your ISP. This would again raise issues as to how much traffic the CitX server could handle. An alternative would be that the email functions are all done by portable software that is installed in each person's home computer. But whether this is a worthwhile advance over a combination of Eudora's now powerful scriptable filtering function along with use of very good out-going-mail 'anonymizer' service needs to be clarified. That these remarks might come across as an accidental review of software not actually used or on the market is recogniszed. My aim here is to pin-point some general issues that need to be stated and addressed in efforts to put in place an effective privacy-protection system. And these concerns affect both children's and adult's use of the internet. TWO KEY SITES FOR EDUCATION AND HELP For an excellent review of several of the
relevant technical issues go to Also, among the variety of services offering to 'anonymize' your out-going email, one that seems be high-class in sophistication, protection against misuse by spammers, and protection of your own identity is at www.anonmail.net. This organization is "SkuzNET . . . a small, privately owned company whose business is privacy. " While loudly warning spammers to stay away, they offer multiple email addresses, each of which is valid and will re-route your mail to the correct place. "However, we only provide casual anonymity, meaning that we do not provide the advanced functions of type 1 and MixMaster remailers such as chaining and user controlled latency times to prevent 'traffic analysis'. If you are really afraid that someone will go through a lot of trouble to track the times you send and recieve mail and use that information to try and figure out where and who it's going to, use a chained remailer system, preferably chaining multiple remailers inside and outside the US, and stick your return address inside the message, send it completely anon, not through a nym server (or chain several remailers before the send message gets to the nym server). . . . We also supply a web-based email service, which allows you to access your accoun from any computer with an Internet connection. There is also a mail forwarding service available." Another notable feature is that this is not
one of those "free" services. You must pay real dollars
up front. This means that their service is less likely than the
free ones to be in the pockets of the Banner Bucanneers who are
leading the way in internet snooping. Finally, credits for sources for this article are also due to Individual.com services (www.individual.com). A serious effort has been made here to respect peoples' copyrights. Any lingering violation will be corrected promptly, as soon as someone points out where the violation takes place. Contact lestone@arawak.net. © 2000 Arawak Enterprises. All rights reserved. |