RealTime IT News

Privacy Advocate Calls on Congress to Act

Amid the hacking problems plaguing DoubleClick again in as many days, Jason Catlett, president of Junkbusters.com, is urging Congress to investigate online profiling companies.

"These profiling companies are gathering information on consumers, keeping that vast amount of data in secrecy and then are unable to keep the same data secure from hackers," Catlett told internetnews.com. "This is a total outrage."

In an open letter, addressed to Congressional Privacy Caucus Co-chairs Rep. Joe Barton (R-TX), Rep. Edward J. Markey (D-MA), Senator Richard Shelby (R-AL), and Senator Christopher Dodd (D-CT), Catlett stated that online profiling companies:

  • Refuse to allow people to access there own files.
  • Develop consumer profile exchange technology without any commitment to observe fair information practices in their use of it.
  • Have long-standing security flaws in many of their computer systems.

"In brief, we have a group of companies bent on collecting hundreds of millions of enormous electronic dossiers, keeping them secret from the people they concern, intending to exchange and sell them using advanced technologies, but unable to keep them secure from criminals," according to Catlett. "This is unfair and is moving our society into a level of surveillance that most Americans find unacceptable.

The president of the Greenwood, N.J.-based consumer advocacy firm urged Congress to consider action to protect the privacy of Americans "in the face of this unprecedented surveillance effort," he said.

"Today's events reinforce the need for consumers to have control of data that companies have on them," Catlett told internetnews.com. However, he noted that the recent hacking/security events occurred after he sent the open letters. The letter to Congress is dated for Thursday, while correspondence on related matters is dated Wednesday, March 27.

Catlett yesterday penned an open letter to Microsoft criticizing the cookie defaults on its new browser as well as a letter to DoubleClick calling for publication of security audits.

He called on DoubleClick to:

  • Publish all existing auditors' reports and attestations on DoubleClick's privacy compliance and the state of its security. (DoubleClick announced in February 2000 that PriceWaterhouseCoopers would conduct privacy audits.)
  • Commission a specific independent investigation of this incident and the current state of DoubleClick's security, and publish the report.
  • Show me all the data it has about me, and then permanently destroy it. Do the same for anyone else who asks.

"There is a great risk for accidental or intentional disclosure of this data," Catlett said. "I want to know what the hackers may have obtained. DoubleClick did not have my permission to gather that information and now they are holding it hostage."

Officials at Microsoft and Doubleclick weren't immediately available.