ZDnet (UK) - Echelon -- World under watch.

Is it acceptable for the Post Office to send your mail to MI5 to read before dropping it through your letter box? Probably not. The mail has always had a universally accepted notion of privacy. Yet as most human communications move into the electronic sphere, privacy is under attack as never before.

In this detailed look at government cyber-snooping, ZDNet draws on the strengths of our global news network, with articles from ZDNN writers in the UK, US, Germany and France. Leading investigative reporter, Duncan Campbell, introduces 'Echelon -- World under watch'.

An interesting collection of ZDnet stories related to ECHELON. By the URL it looks like it was put together in June 2000.

SiliconValley.com - Security firm offers alternative to FBI's e-mail surveillance tool.

ZDnet (UK) - Anti-snooping gurus converge on London.

The world's experts on surveillance and privacy will converge in London this Friday to discuss the growth of government snooping in the Internet age.

The International Surveillance by Design conference to be held at the London School of Economics will see an international band of technical and political experts discuss how the average Internet user can fight back against laws like the RIP Act.

Political News from Wired News - Expert: Go Easy on Privacy Regs. "Privacy is not an area in which you should want to make highly dogmatic claims of rights on either side," Epstein said at a Capitol Hill event organized by George Mason University's Mercatus Center.

Newsbytes - Businesses, Privacy Groups Clash Over P3P's Effectiveness .

"At best this is a tool that allows a company or site to instantly know your privacy price," Mierzwinski, a consumer advocate for the US Public Interest Research Group (USPIRG), said.

Mierzwinski predicted P3P would ultimately fail, because consumers who want to take advantage of a high level of privacy protection under the P3P protocol will be faced with annoying pop-up warning screens as every turn, a familiar experience for anyone who has ever tried surfing the Web without the "accept cookies" box enabled in their browser.

CNN.com - Security firm tests FBI limits with e-mail surveillance tool.

A security company has designed an open and free alternative to the FBI's Carnivore e-mail surveillance tool that it hopes will provide a more palatable choice to wary Internet service providers and privacy advocates.

NetworkICE, a San Mateo, California-based computer security firm that makes software to protect computers from hackers, designed Altivore, which can be downloaded free from the company's Web site.

Yahoo News - Gore Turns to Medical Privacy.

CNET.com - News - E-Business - "CueCat" users' information let out of the bag. In the race to turn consumers on to digital scanners, DigitalConvergence stumbled on a security breach recently that left its new members' names and email addresses vulnerable to unsolicited email, or "spam."

BW Online | Online Banks Still Have Security Blinders On . Damaging, even catastrophic, breaches can happen just like that. Unfortunately, most financial institutions aren't adequately prepared

Slashdot (Book review) | a href="http://slashdot.org/books/00/09/17/1311241.shtml">Secrets & Lies: Digital Security In A Networked World. Bruce Schneier, well-known security and encryption expert, and author of Applied Cryptography has recently had his newest book published, entitled Secrets & Lies: Digital Security in a Networked World, which explores the world of security as a system. Read the entire review bt following the link.

Business News from Wired News - Expedia Rewrites Privacy Rules.

Unlike Amazon's policy change last week, Expedia's rewriting of its rules didn't get criticized by privacy advocates. But the ease of policy change and overall variability among sites has them clamoring for a legal standard.

"It's definitely an improvement," noted Jason Catlett, president of Junkbusters.

His praise came with qualification, however: "In a single bound, it has leapt from terrible to inadequate."

Computerworld (IDG) - Update: More.com defends its privacy policy in wake of lawsuit.

In a statement, San Francisco-based More.com said it couldn't comment specifically on the lawsuit because it was still investigating the claims made last week by the Missouri attorney general's office. The company said it has been unable to obtain the facts pertaining to the complaint.

"However, as a company policy, More.com does not give, sell or rent customers' personal information to third parties. Like numerous other resellers online and off, More.com uses third parties for fulfillment of some orders. In those cases, our fulfillment partners receive customer information for shipping purposes or verification of prescription information only. In the latter example, verification is done in conformance with established state and federal laws. Furthermore, we are confident that our actions regarding this claim are in accordance with our strict privacy policy, which is openly disclosed to customers on our site," the statement said.

Sounds to me like it basically comes down to, how obvious was it that the actual contact lens orders are farmed out to a third party for fulfillment? Did they just make a generic statement buried in legalese or were they upfront about it? OK I've taken a look at the privacy policy and found it to be another case of probably legal but somewhat unfriendly. You must read the entire thing to cover yourself. They play the standard legalese trick of modifying previous statements. Below are clips from their privacy statement (in order) with comments.

• We will not give, sell or rent your personal information or specific account activity to anyone for any reason except a when required by law.
  Sounds great!! and if it stopped at this point I'd love them. But read on...

• more.com uses a third party intermediary for order fulfillment, which is solely a link in our distribution chain
  OK a little closer to the truth, but still not there yet. After all in this clip they only mention a single third party. Many of you are probably thinking UPS or maybe FedEx for the shipping. But read on ...

• more.com uses a third party contact lens fulfillment partner
  OK now we get around to the juicy part. And lets see this was only six screens of legal talk away from that nice sounding statement saying "we don't share". At the bottom of the statement they have disclaimers telling you how two large parts of their product list (perscriptions and contact lens products) are actually handled by third parties.

So while they might be legal. They are not consumer friendly.

Yahoo News - Gore to Emphasize Protecting Medical Privacy.

Vice President Al Gore (news - web sites) turns his attention on Tuesday to medical privacy with a pledge to make it illegal for health insurance companies and others to sell personal medical records for profit.

"It's wrong for the insurance companies and the drug companies to sell your medical information -- putting profits ahead of people,'' Gore said in remarks prepared for a rally in Los Angeles.

"You have a fundamental right to privacy, and no powerful interest should be allowed to sell it off or take it away,'' he said. ``I'll fight to make sure your medical records are always kept private and secure.''

Hospitality Net - Expedia, Inc., Expedia.com Rolls Out New Privacy Policy and Becomes the First Online Travel Service to Successfully Complete a PricewaterhouseCoopers Privacy Policy Audit.

Tech Web: Special to the NewsFactor Network - Missouri Breaks New Ground with Privacy Suit.

In what may be the first example of a state taking action against a Web merchant for privacy violations, Missouri Attorney General Jay Nixon last week filed suit against More.com, claiming the health and nutrition retailer shares customer information with third parties in direct conflict with its stated privacy policy.

The suit, filed in Green County Circuit Court, follows an attempt by an investigator with the attorney general's office to purchase contact lenses from More.com under an assumed name. While the attempt to place that order failed, the investigator was subsequently contacted under that name by another retailer, LensExpress, for follow-up on the order.

CNET.com - News - E-Business - Commentary: Complex privacy issues demand enforcement .

A privacy audit by a Big Five accounting firm is a nice marketing move by Expedia.com, and such audits may give users of dot-coms some reassurance. But they hardly answer all the questions about online privacy, and their legitimacy in a court of law in the event an audited site is sued is questionable.

Companies need to go beyond a simple certification of privacy from a Big Five firm and make a strong privacy policy part of their normal business methodology. To do this, we recommend that Global 2000 companies appoint corporatewide chief security/privacy officers with the power to make and enforce strong privacy policy throughout the organization. Privacy needs to be part of all corporate activities, not just pasted onto the corporate Web site as an afterthought.