Stefek Zaba Stefek ZabaHi. This is a homepage for Stefek Zaba. I'm a researcher at Hewlett-Packard Labs in Bristol, England. I work on privacy and security, at both the technical and public policy levels. My public policy involvement started as far back as 1997, critiquing the UK government's proposals for controlling cryptography.
Tell me about it :-( There is such a thing, but it's nothing to do with me. Sometime in March 2005, a US company launched a new people-search site. They thought a cool name for it would be
| z | a | b | a | s | e | a | r | c | h | . | c | o | m |
|---|
Their front page (no, I'm not going to link to it!) claims they chose the word zaba 'from the Greek word, "tsaba"'; but no on-line reference I've tried has any knowledge of such a word. ζαβα (that's zeta, alpha, beta, alpha for those of us whose knowledge of the Greek alphabet is a bit rusty) might be the name of one of the more obscure US college sororities, I suppose. You can barely imagine just how heartily I wish they'd chosen some other word than my surname...
(A knowledgeable Greek speaker kindly informs me the relevant Greek word is really τζαμπα which in the Roman alphabet is 'tzampa', to be pronounced (roughly) 'tzaba'. And indeed Google has lots of hits on 'tzampa' and 'free' together. If only they'd called it 'tzampa', I wouldn't be getting all those misdirected, desperate REMOVE ME emails. They could even have the tzampa.com domain name - it's free as of 26 May 2005...)
As of about November 2006, the bald statement from Zabasearch is, you can't.
They used to publish some removal instructions: you were supposed to send a written request to a P.O. Box in Omaha, Nebraska (previously in Salinas, California). For historical purposes, those addresses, and associated phone numbers, are archived here. However, their most recent (January 2007) "privacy policy" statement says,
At this time, Zaba, Inc. does not offer any means of opting out
one's records from the service.
Charming, huh?
As I said in one of my two emails to them to date,
It's disingenuous, at best, for you not to acknowledge the significant difference in impact between 'this information's on file at the County Offices/DMV/whereever' - requiring anyone who wants access to travel in person to multiple sites, and trawl through records not necessarily indexed by name; and 'we have done all the grunt work of aggregating multiple sources of personal info, just type the name you're interested into this webform'. By making aggregated personal information available for free, your operation represents a significant further erosion of effective privacy for US residents, even beyond that already created by its availability from 'hundreds of online companies for a few dollars'.
If you'd like to assess for yourself how deeply the company's founders care about privacy, there's a long interview with them at wired.com.
In my opinion, their operation is a gross and flagrant violation of US residents' reasonable expectations of privacy, and of the internationally endorsed principles on privacy and fair information handling. However - unlike the UK, and indeed most of the economically developed world as detailed in Privacy International's annual survey, the US has legislation only about some specific sectors (medical, and some federal) but no general data-protection or privacy legislation. If you're a US citizen who wants to change that, contact your Congressional representative, and/or consider supporting the work of such organisations as the Electronic Frontier Foundation.
There's a useful-looking collection of information on "how to get off information brokers' lists" which I came across recently. It's part of the US Privacy Rights Clearinghouse website. (Sadly, their table is a bit garbled if you're using Mozilla Firefox, a less insecure alternative to Internet Explorer.)
There are a few "let's organise an online petition and get really angry" sites aiming at if-only-it-was-called-tzampa-search.com in particular, such as stopzaba.atspace.com, which provides some more detailed names and addresses for State and Federal officials to lobby. I don't know the US political process well enough to be sure whether a specific campaign about this one people-search service is better or worse than a longer-burning "why no data protection law" campaign...
Funny you should ask.
Some of the most anguished REMOVE MEs
I've received - and I've had over a hundred in April alone - have been
from people in those occupations. (In the US, 'peace officers' generally
wear name-badges; in the dear old UK we pseudonomise through a constable's
epaulette (shoulder-tag) number.) When I included that concern in one of
my two emails to i-wish-they-weren't-using-my-surnamesearch.com,
here's what they said:
e-mail opt outs received from law enforcement related
agencies are treated with priority. We have been in touch with the FBI, the
Secret Service, the Department of Homeland Security and the U.S. Department
of Justice in this regard. We have offered all of them to opt out their
entire roster. That obviously can get very complicated, so they have opted
instead to circulate memos internally.
Just fancy that: the above-named agencies didn't think it would be an unqualified brilliant move to share the 'entire roster' of their staff with the people at it-means-frog-in-Polish-and-that's-where-mine's-fromsearch.com.
I have neither resources, standing, nor serious grounds, sadly. It's a royal pain in the fundament, to be sure; but they haven't libeled me, and they assure me they've never linked to my zaba.com domain. (That's a domain I've had since the late 90s, and I'm certainly not going to sell it - either to them (that would be profiting from what I consider to be their deeply unethical behaviour), nor to Croatia's principal commercial bank, the Zagrebačka banka, for which I sometimes also receive misdirected mail.) I do think my professional reputation's suffered, but I don't have a way to put a figure for monetary damages on that. I've spent several days when I should have been doing productive work on chasing down this stuff, and replying to all the REMOVE MEs I spot; but the direct economic loss incurred doesn't begin to come close to the costs of legal action. Oh, and I'm neither a resident nor a citizen of the US.
If you've had email, an office memo, or other source of information telling you that you should use
| s | o | m | e | - | a | d | d | r | e | s | s | - | o | r | - | o | t | h | e | r | @ | z | a | b | a | . | c | o | m |
|---|
or stefek_zaba@hplb.hpl.hp.com or some other address of mine, please pass the corrected information back up to your source. You're welcome to copy this page to them, or point them at its address, www.zaba.com. Thanks!
Last updated: 12 Jan 2007
