Notes on Security and Anonymity
The PBT Profiler was developed to provide persistence, bioaccumulation, and
toxicity data on chemical compounds in a widely available format using the
Internet and World Wide Web (WWW). Security issues have been carefully addressed
during the development of the PBT Profiler and a number of steps have been taken
to preserve confidentiality. The following operational aspects of the PBT
Profiler are provided to allow users to better understand what happens to
information entered during its use:
- All connections to the PBT Profiler are anonymous. Users
are not required to log in or identify themselves in any way;
- Page requests (hits) to the computer serving the
PBT Profiler are not logged (web-server log files have been turned off) and
user statistics are not collected. A user’s connection to or movement through
the PBT Profiler cannot be determined using the industry-standard methods
employed to analyze traffic at a web-site.
The PBT Profiler does count the number of times it is used
for administrative purposes.
Only the initial "hits" on the home page and the
number of profiles run are counted by collecting
the date (e.g., 3/12/2000) these events occurred.
All information obtained by the PBT Profiler
as well as the
computer code that collects this information
can be viewed by interested users;
- The PBT Profiler requires the user’s computer to accept
a “cookie” in order to operate properly. This cookie contains only a randomly
generated number created by the server software and it expires within minutes
after the connection with the PBT Profiler is terminated;
- No user identification, chemical information, screening
results, or any other electronic information entered into or generated
by the PBT
Profiler are purposefully tracked, stored, or collected;
- All databases used by the PBT Profiler are locked as
“read only” and cannot be written to (except for one database that counts
how often the PBT Profiler is used, as discussed above);
- No chemical information from the PBT Profiler is purposefully or systematically
written to a disk drive or other permanent storage device. Information entered
by the user and required by the PBT Profiler to perform its calculations is
stored in the server’s memory while the browser is connected to the server.
This memory is released when the user’s connection (session) terminates. It is
possible that the operating system and server software running the PBT
Profiler (Windows NT running IIS version 4, service pack 4) may write some
information to temporary swap files on the disk drive. However unlikely
obtaining access to this information may be (it would be very difficult even
for a skilled operator sitting at the keyboard), it does represent a possible
instance where information from the PBT Profiler resides on the computer after
the user has requested their last page.
It is important to note that information is transferred from the user’s
computer to the PBT Profiler, and back, through standard Internet protocols.
What happens to this information during this transfer stage is, like during the
use of email, outside of the control of both the user and the developers of the
PBT Profiler. Future versions of the PBT Profiler may use encryption technology
if this will help provide additional access to the PBT Profiler. Please contact
the developers of the PBT Profiler if you
have any questions, comments, or suggestions on this issue.
Many companies have specific guidelines on what types of information can, or
can not be sent over the Internet. The developers of the PBT Profiler encourage
users to discuss the technical information contained herein with computer and
network experts within their organization to more fully explore potential
security and confidentiality concerns.
Developed by the
Environmental Health Analysis Center under contract to
Office of Chemical Safety and Pollution Prevention
U.S. Environmental Protection Agency
Computer Resources Donated by
Last Updated September 28, 2016