From: "Harry Lewis"
Date: Fri, Apr 28, 2000 2:48 PM
Subject: Advisory Committee on Online Access and Security, Comment, P004807


The Advisory Committee clearly has considered my earlier comments carefully, and I thank you for that courtesy and consideration.

Further review of the current version of the draft report suggests a few other points important enough to highlight:

1. Because the new technologies have the potential for extremely intrusive and perfectly covert collection and retention of personally identifiable information, consumers themselves ought to control the level of intrusiveness (if the technology is to serve their interests), and ought not  be subjected to covert collection and retention at all.

2. Given the rapid evolution of the technology, it's folly to attempt to establish "best information practices" at this time, at least as a matter of government regulation. Rather, government regulation and enforcement ought to be directed primarily at the "bad actors" in the marketplace, meaning that the current focus should be on "minimum standards", rather than on optimal practices industry-wide.

3. Covert collection and retention of personally identifiable information is the most noxious practice, and the one most likely to lead to a backlash against the industry, closely followed by excessively intrusive collection and retention practices.

4. Government enforcement ought not be considered solely in the context of privacy, access, and security, but also in the context of the other varieties of fraud, deceit, industrial espionage and sabotage, and other misconduct that a few miscreants are inflicting on the rest of us.

5. Speaking solely as a consumer, sites that misstate or lie about their real policies, lie about the incentives I'll receive if I provide certain information to them, or fail to implement their stated policies (such as removing my name from a spam e-mail list if I click on the designated button) are the greatest source of grief and anger to me. Lack of accountability on the part of web vendors and spamming e-mail marketers remains a recurring problem.

Harry Lewis
Voicemail: 212-894-3703 ex. 9711