Notes on Security and Anonymity

The PBT Profiler was developed to provide persistence, bioaccumulation, and toxicity data on chemical compounds in a widely available format using the Internet and World Wide Web (WWW). Security issues have been carefully addressed during the development of the PBT Profiler and a number of steps have been taken to preserve confidentiality. The following operational aspects of the PBT Profiler are provided to allow users to better understand what happens to information entered during its use:

• All connections to the PBT Profiler are anonymous. Users are not required to log in or identify themselves in any way;
• Page requests (hits) to the computer serving the PBT Profiler are not logged (web-server log files have been turned off) and user statistics are not collected. A user�s connection to or movement through the PBT Profiler cannot be determined using the industry-standard methods employed to analyze traffic at a web-site. The PBT Profiler does count the number of times it is used for administrative purposes. Only the initial "hits" on the home page and the number of profiles run are counted by collecting the date (e.g., 3/12/2000) these events occurred. All information obtained by the PBT Profiler as well as the computer code that collects this information can be viewed by interested users;
• The PBT Profiler requires the user�s computer to accept a �cookie� in order to operate properly. This cookie contains only a randomly generated number created by the server software and it expires within minutes after the connection with the PBT Profiler is terminated;
• No user identification, chemical information, screening results, or any other electronic information entered into or generated by the PBT Profiler are purposefully tracked, stored, or collected;
• All databases used by the PBT Profiler are locked as �read only� and cannot be written to (except for one database that counts how often the PBT Profiler is used, as discussed above);
• No chemical information from the PBT Profiler is purposefully or systematically written to a disk drive or other permanent storage device. Information entered by the user and required by the PBT Profiler to perform its calculations is stored in the server�s memory while the browser is connected to the server. This memory is released when the user�s connection (session) terminates. It is possible that the operating system and server software running the PBT Profiler (Windows NT running IIS version 4, service pack 4) may write some information to temporary swap files on the disk drive. However unlikely obtaining access to this information may be (it would be very difficult even for a skilled operator sitting at the keyboard), it does represent a possible instance where information from the PBT Profiler resides on the computer after the user has requested their last page.

It is important to note that information is transferred from the user�s computer to the PBT Profiler, and back, through standard Internet protocols. What happens to this information during this transfer stage is, like during the use of email, outside of the control of both the user and the developers of the PBT Profiler. Future versions of the PBT Profiler may use encryption technology if this will help provide additional access to the PBT Profiler. Please contact the developers of the PBT Profiler if you have any questions, comments, or suggestions on this issue.

Many companies have specific guidelines on what types of information can, or can not be sent over the Internet. The developers of the PBT Profiler encourage users to discuss the technical information contained herein with computer and network experts within their organization to more fully explore potential security and confidentiality concerns.