My comments. I am a resident of Massachusetts and live in the Town of Boxford.

In regards to:

15 November 1999
DRAFT INTERNATIONAL SAFE HARBOR PRIVACY PRINCIPLES
ISSUED BY THE U.S. DEPARTMENT OF COMMERCE

located at:

<http://www.ita.doc.gov/ecom/Principles1199.htm>

I find this alarming:

"CHOICE: An organization must offer individuals the opportunity to choose (opt out) whether and how personal information they provide is used or disclosed to third parties, ....."

I am totally taken aback by the basic premise that one has to opt-OUT rather than opt-IN.  Should there not be the most basic and fundamental right of privacy that a person has the right to offer via opt-in rather than a premise that they have no privacy right and must - in every single case - opt out?? The latter says that everything about you is fair game until you opt-out.

Patently absurd!

Those who have been active on the Internet are simply sick an tired of opting out of junk email also referred to as UBE (Unsolicited Bulk Email) or spam. Moreover, it is not just the Internet. People are getting sick and tired of telemarketers calling them day in and day out.

Here is a recent example in California by a group called Voter Revolt:

<http://www.dmnews.com/articles/1999-11-29/5516.html>

"Voter Revolt, a California consumer organization, yesterday launched a ballot initiative campaign to ban unsolicited telemarketing calls and e-mails. In addition to prohibiting unsolicited sales calls and e-mails to California residents, the measure would give victims of such calls or e-mails the right to sue violators in small claims court for $500 to $1,500
per violation. "

And what recourse is there with respect to telephone telemarketing? Why one must opt-out on a one by one basis and use only exactly these words "place me on your do not call list". One cannot say "please don't call me again" or "remove me from your calling list". And who do we have to thank for that? Why the Direct Marketing Association ("DMA").

As I review your FAQ. I see this:

"Draft Frequently Asked Questions (FAQs)
FAQ 12 - Choice - Timing of Opt Out

Q: Does the choice principle permit an individual to exercise choice only at the beginning of a relationship or at
any time?

In the United States, individuals may be able to exercise this option through the use of a central "opt out" program such as the Direct Marketing Association's Mail Preference Service..."

I would note that this same organization is doing everything in its power to place the same restrictions on people with respect to Internet email - that is opt-out versus opt-in. For some excellent summary comments regarding the Internet community's view of the DMA's position on opt-out versus opt-in for email see:

<http://mail-abuse.org/rbl/anti-dma.htm>

For more general background, see:

<http://www.salonmagazine.com/tech/feature/1999/11/12/spam/index.html>

For email this is simply untenable - The Small Business Administration estimates there are more than 20 million businesses in the US - let alone the rest of the world. I own one of them. Under the provisions of opt-out, any business could send me email and I would be forced to opt-out - I would have to ask to be removed from every single one.

What if five tenths of a percent decided to spam over the course of a year? I'd be faced with 100,0000 remove requests - 274 per day, and my businessand personal correspondence will be rejected because my ISP in box will be full of this "legal", "respectable", and "non-fraudulent" email.

More importantly - your Draft is also premised on "self regulation" which, again with respect to the Internet is in many instances a farce. Web sites everywhere are now sporting links to Privacy statements and in particular TrustE links (<http://www.truste.org>). Trust E has been shown to be a dog with no teeth. To wit, the recent fiasco with Real Networks
(<http://www.real.com>). Real networks violated individual's privacy by sending user information back to Real via its JukeBoxPlayer.

<http://www.nytimes.com/library/tech/99/11/biztech/articles/01real.html>

And the reactions from TrustE? They chose to do nothing.

<http://www.wired.com/news/technology/0,1282,32388,00.html>

<http://www.truste.org/about/about_software.html>

An earlier fiasco with Microsoft's Hotmail also showed the the TrustE seal is meaningless.

<http://www.junkbusters.com/ht/en/new.html> Search for - "Junkbusters slams Microsoft Hotmail audit"

http://www.wired.com/news/news/business/story/21490.html

Self regulation is not the answer. Far be it from me to want more Federal regulation of anything - but with respect to industry self regulation of:

bulk mail - mostly a failure

telemarketing - failure

email - looks to be a train wreck in the making
 

See:

<http://mail-abuse.org/rbl/sham.htm>

Finally, one of my most significant concerns is that this Draft also appears to be a dog with no teeth. The technology involved in the Internet allows many to do dastardly things - until they are caught. Even when they are caught, self regulation does what? See the examples above. There are so many examples recently of invasions of privacy that the mind swirls - these are just from the past week:

Comet systems cursor tracking:

<http://news.cnet.com/news/0-1005-200-1474252.html?tag=st.ne.1002>

<http://www.vortex.com/privacy/current>

Email tracking:

<http://www.vortex.com/privacy/priv.08.16>

<http://www.tiac.net/users/smiths/privacy/wbfaq.htm>

Web & Email tracking:

<http://www.usatoday.com/life/cyber/tech/ctg802.htm>

<http://www.tiac.net/users/smiths/privacy/cookleak.htm>
 

Thank you for the opportunity to express these concerns.

Charles D. Laderoute