May 30, 2001
I've enclosed Tim Redman's response to your comments.
Please read the enclosed material, and send your final comments to the USCF office no later than June 6, 2001. You may respond by e-mail. A reminder: all relevant material must be included with your response. There must be no references to other materials (newsgroup postings or websites). The Ethics Committee will consider only material that is directly submitted to the Committee.
After receiving your comments, the USCF office will send all material pertaining to Mr. Redman's complaint to the Ethics Chair.
If you have any questions, please contact me. My telephone number is (845)-562-8350, extension 125. My e-mail address is firstname.lastname@example.org
Ratings and Technical Manager
cc: Tim Redman
ref # 01-0424-01
-------------------------[ Next Page] -------------------------------
U.S. Chess Federation
3034 Brookshire Drive
Plano, TX 75075
To: USCF Ethics Committee
From: Tim Redman
Date: April 18, 2001
Re: Response by Mr. Sam Sloan
Mr. Sloan's response contains much smoke and little light. I will confine myself to addressing what appear to be his salient points and explaining why I am not addressing others.
His first page and the first paragraph of page two Executive challenges the authority of the Ethics Committee to act on the complaint. I believe that the Committee itself solely determines what lies in its jurisdiction.
The next five paragraphs discuss the general and ambiguous term "spyware," which is not the subject of the complaint. Definitions about spyware vary.
In the seventh complete paragraph of page two, Mr. Sloan finally gets to the heart of his argument. He states:
I have never stated that the software in US ChessLive does in fact read credit card numbers, bank account passwords and the like on user's [sic] hard drive. I merely stated that they could do that if they wanted to. That is a true statement.
Here is what Mr. Sloan actually said, in a mailing to more than five hundred Delegates and Alternate Delegates, which was widely posted to various chess (and other) groups on the world wide web:
US CHESSLIVE software is infected with spyware. It installs spyware into your system, enabling the operators to read your entire hard drive, including your credit card numbers, your bank account passwords and the like.
There is no use of the conditional in his statement. The governing verb is the present indicative "installs," used here to show repeated and continual action. The participle "enabling" modifies "installs," but is not itself the verb -- it serves to expand and amplify the present indicative. Further, the use of the verb "infected" makes his intent quite clear. You have all received a copy of Mr. Sloan's mailing that contains that statement.
Mr. Sloan cites a posting by James B. Shearer on the top of page three to bolster his claim that it might be theoretically possible to write such a program. But Mr. Sloan's public statement does not say that it might be possible to write a program to capture anything that looks like a credit card number. He states that US CHESSLIVE is doing that and reading your bank account passwords as well.
The rest of pages three through eight contain a great deal about the general notion of "spyware," none of which is relevant to my complaint. "Spyware" is a term that encompasses a great deal. I append the report from the Chair of the USCL Subcommittee that discusses the general point. I will note Mr. Sloan's statement on page four: "Dr. Eric Schiller . . . holds a degree in a computer related [sic] field." Eric Schiller holds a Ph.D. from my alma mater, the University of Chicago, in Linguistics. He specialized in Southeast Asian languages. Mr. Sloan's claim, that linguistics is a "computer-related field," has about as much truth as the statement that linguistics is a theology-related field. Such a misleading claim is typical for Mr. Sloan; I trust that the Committee will not be deceived.
The section "AS AND FOR A COUNTER ETHICS COMPLAINT" is immaterial, but I will observe two glaring misstatements. I informed the Board that I would be making the complaint against Mr. Sloan and no one raised an objection though one Board member disagreed with the approach. The Board waited to make a formal motion about the matter until after it had received the report of the Chair of the USCL Subcommittee. After it had received the report, it passed a motion that "the statement by Mr. Sam Sloan is false and has materially damaged the USCF and GamesParlor." I append my copy of the motion.
My comments about Mr. Sloan's behavior with Ms. Birkedahl were made after hearing indirectly from two team members. They were confirmed, in substance, though modified in one detail, after a conversation with Ms. Birkedahl's mother. In any professional environment, Mr. Sloan's actions would be grounds for a complaint of sexual harassment. His statement about "a well established ethical principle in journalism" refers to rape, not sexual harassment. The days of silence about these matters are over; such behavior merits public denunciation. However, as I said, this section is immaterial since the Committee has not accepted Mr. Sloan's countercomplaint.
Finally, I would like to say that my complaint does not attempt in any way to muzzle Mr. Sloan's participation in political debate. I have commented about his statements about me and other prominent chess figures in a recent mailing to the Delegates and Alternate Delegates. But reckless statements that act to materially harm the U.S. Chess Federation must be challenged.
------ [End of Letter] [Note: Letter does not end with a signature or a name. The following are the two attachments to the letter] -----------
Executive Board Conference Call, Monday, March 26, 2001.
Motion by Tim Redman (note this is an unofficial version of the motion; the Secretary will release the official version based upon the transcript):
Mr. Sam Sloan has mailed and posted the following statement:
"US CHESSLIVE software is infected with spyware. It installs spyware into your system, enabling the operators to read your entire hard drive, including your credit card numbers, your bank account passwords and the like."
After consulting with various volunteer and staff professionals, including the Chair of the US ChessLive Subcommittee of the USCF Computer and Internet Committee and the USCF On-Line Manager, and relying on the statements of the CEO of GamesParlor, Inc., the Executive Board has concluded:
1) The statement by Mr. Sam Sloan is false and has materially damaged the USCF and GamesParlor.
2) The Conducent software used by US ChessLive does not collect personally identifiable information.
3) The new software, Valueclick, whose use had been planned at the point where US ChessLive reached 10,000 subscribers, carries no more risk to users than most major web sites on the internet that carry ads.
The Board endorses the report of the US ChessLive Subcommittee, the statement by the USCF On-Line Manager in the May issue of Chess Life, and the statements on Conducent vs. Radiate advertising by the CEO of GamesParlor on the USCF website and his statement regarding Valueclick software as to the safety of US ChessLive.
In favor: 5 (Redman, Pechac, Barry, Ippolito, Warren)
Abstaining: 1 (McCrary)
Absent: 1 (Smith)
--------------------------------- [New Page] -------------------------
PRIVACY - WHO GOES THERE? FRIEND OR FOE
As there still I seems to be some misunderstanding of Internet privacy issues, the USCL Subcommittee offers the following comments:
When someone rings your doorbell do you answer it automatically or do you first try to figure out whether it is a friend or family member or a traveling sales. person, a religious or political zealot wanting to convert you, a poll taker, or a delivery person?
If you are like most people you are more likely to answer the door without question if you expected a visitor.
Do you invite people into your home to spray for insects, repair plumbing or electrical problems, deliver merchandise, or perform other services for you?
Most people do. Some are concerned about privacy. Whoever enters your home knows a lot more about you than you might want them to know. Can a service person use that knowledge against you? Sure. Will they? Probably not in most cases. Is it worth the risk? Each person may answer that differently. Nonetheless your privacy has been compromised. If you are standing in a foot water you may be more willing to let an unknown person in to your home to fix the plumbing than you would be if there was less urgency. There is no correct answer. Each person must decide whether the goods or services they receive are worth some degree of compromised privacy. The same is true on the Internet.
The broadcast television industry has often referred to the people on TV shows "being invited into your living room". That's not quite true. When you are watching television it is one-way communication. You can see and hear what is being broadcast, but they cannot see or hear you. It is not an invasion of privacy. You aren't a challenge to their privacy and they aren't a challenge to your privacy. If you don't like what you see you can either turn to another channel or shut the television set. Nobody knows you were even watching the show unless you chose to participate in a survey.
When you are connected to the Internet you are in your home in a global community (Marshall McLuhan, where are you now that we need you?). Like any community, it is populated by a wide range of people and businesses. It is like being on a network at work - in fact it IS being on a network. The Internet is a very large network that covers the globe.
Privacy issues are very important because, unlike television, the Internet involves two-way communication. You can see and talk to the person or business on the other end - but they can see and talk to you as well. You have indeed invited any person or business that you contact on the Internet into your living room. When a person delivers a piece of equipment or furniture he or she sees your home and knows something about your interests even if you don't tell them anything. They can report your interests to their employers (or anyone else), who can then make use of the information in a helpful or harmful manner. It doesn't happen all the time, but it can happen. Do you tell them "Don't deliver that piano, I'd prefer to carry it myself?" Probably not. Taxi drivers who have just taken a person to the airport have been known to later burglarize their homes. It doesn't happen often, but it has happened.
When you visit a website, the web host, the company visited, and the ISP will know something about you even if you don't tell them anything. That's life in the biggest city on the planet.
Let's put some of these concerns in perspective. You have a meal in a restaurant and pay with a credit card. This is so ingrained in our society that there are people who will not frequent a restaurant that doesn't accept credit cards. They physically hand the credit card to a waiter or bus person, who then takes it to a cashier, prints at least two vouchers (one for the customer and one for the restaurant/bank) and often three. The vouchers usually (but not always) contain the cardholder's name, credit card number, and expiration date of the credit card. The transaction is rarely if ever conducted at the diner's table. The credit card is taken away and returned later with the vouchers. It has usually been handled by at least two and often more people at the restaurant, let alone at the bank, etc. Usually it is not the restaurant owner that handles the card. 'ne card is usually handled by employees that are on the low end of the pay scale. Do we know that someone doesn't mark down the account information and sell it to someone else or steal your identity for themselves? No. We trust them.
On the other hand, the same people that are comfortable with this constantly talk about how unsafe credit card transactions on the Internet are. They would never think of purchasing something on the Internet over a secure server using their credit card. They may be right or wrong, but the attitudes aren't consistent. It is human nature to be afraid (or at least cautious) of the unknown and to the general public the Internet is still unknown. Education is important.
The Spring 2001 (Released in February - Volume 5 # 1) issue of "Smart Computing Reference Series" magazine is dedicated to "How the Internet Works Part 1". It contains a number of articles written for the general public, including good section on security from pages 150-181. Security related articles from this source are available on the web currently at >
http://www.smartcomputing.com/editofiaVarticle.asp?article=articles/archive/rO5Ol/37rOl/37rOl.asp&guid=dnir79ri (web tracking),
http://www.smartcomputing.com/editoriaVarticle.asp?article=articles/archive/rO5Ol/38rOl/38rOl.asp&guid=dnir79fi (digital signatures), http://www.smartcomputing.com/editoriaVarticle.asp?article=articles/archive/rO5Ol/39rOl/39rOl.asp&guid=dnir79fi (encryption)
http://www.smartcomputing.com/editoriaVarticle.asp?article=articies/archive/rO5Ol/4OrOl/4OrOl.asp&guid=dnir79fi (credit card transactions)
http:Hwww.smartcomputing.com/editoriaVarticle.asp?article=articles/archive/rO5Ol/4lrOI/4 IrOl.asp&guid=dnir79ri (the dark side of scripts)
http://www.smartcomputing.com/editorial/article.asp?article=articles/archive/rO5Ol/42rOl/42rOl.asp&guid=dnir79fi (personal firewalls)
http:Hwww.smartr,ompudng.com/editoriaVarticle.asp?articie=articwarchive/rO5Ol/43rOl/43rOl.asp&guid=dnir79ri (spam filtering)
They are worth reading for anyone unfamiliar with Internet security issues.
Does US Chess Life's proposed use of ValueClick's software, which may include cookies, put your computer at more risk than it is without it?
That depends on your point of view. Please consider that:
1. Your browser will allow you to turn off cookies, so ValueClick cookies will not be on your system if you don't want them there. Of course, the software may not function properly without them.
2. If you are running Window95 or later (and you are if you are using the cur- rent USCL software), you will probably find a folder in your Windows directory called "Cookies". Inside the folder you will find very small text files that are often identified by your name @ some location. These text files, which can be read by Notepad or any text editor or word processor, are cookies that have been placed o your system by sites other than US Chess Live.
3. Next do a search for 'cookie". You will probably find files in the program files folder that either are cookies or are programs that deal with cookies, possibly both.
Can cookies contain information that you consider personal? Yes.
Can anyone who gains access to the file read and understand the information? The information is encoded. Hackers may be able to read it, but generally not. Try it yourself with the cookies already on your system. Can any one company's cookie read everyone else's cookie and gain information? The information is encoded and each company has a different key to its code.
Do you trust the cable guy? If so, let him install or repair your cable system. If not, don't - and do without cable service.
Do you trust the pizza deliveryman? If so, go ahead and order the pizza. If not cook or eat out.
Do you trust USCL? You get the idea.
The security issue is not with USCL or ValueClick. The security issue is with the Internet. Is the reward worth the risk?
Joel Berez of Games Parlor points out that USCL, with Valueclick or any similar provider, will use the same technology and carry the same "risks" as most major web sites on the Internet that contain ads. Simply spending a few minutes casually browsing around the Internet will often expose a person to dozens of instances of exactly the same cookie/tracking behavior.
If you want to check this out for yourself you can set your browser to notify you when it encounters a cookie. After you've seen enough you can reset your browser to either turn cookies on or off.
The number of people currently on the Internet would indicate that they are either unconcerned or believe the reward is greater than the risk.
Chairman, USCL Subcommittee
My Home Page