Slashdot Log In
TRUSTe Decides Its Own Fate Today
from the two-roads-diverged dept.
Unquestionably TRUSTe is the leader in third-party privacy assurance. Its only alternative is BBBOnline, which can boast only 100 members to TRUSTe's 750. But it's having a hard time living up to its motto, "Building a web you can believe in": sometimes it's hard to know what to believe.
TRUSTe's original idea was to allow a website to display one of three icons, indicating whether its privacy policy was good, ok, or bad. There turned out to be problems with this - strangely enough, no site wanted to post an icon saying that their privacy sucked - and the icons looked too similar anyway. So they went with one icon, a "badge" that every member site posts.
All the badge means is that the site has a privacy policy, and that, as far as TRUSTe knows, they haven't violated it.
If you think this is a questionable basis for a consumer advocacy group, you're right. But the real question is how it plays out in practice. Let's take a look at TRUSTe's track record.
Round I: TRUSTe and GeoCities. In June 1998, the FTC announced - to everyone's surprise - that it and GeoCities had come to a settlement regarding violations of consumer privacy.
Everyone was surprised because this was the first anyone had heard of it. Where was TRUSTe?
Caught flat-footed, TRUSTe scrambled for a few days, then made its own announcement. It pointed out that GeoCities had begun the alleged privacy violations before applying to become a member (in April) and being accepted (in May). Therefore, TRUSTe claimed, the violations were technically not under the scope of their investigation.
But turn that around and put it another way - it was able to become a TRUSTe member even while under investigation by the FTC, and TRUSTe said nothing.
It gets worse. The FTC and GeoCities issued conflicting releases about what the settlement actually meant. The FTC said that GeoCities had "misrepresented the purposes for which it was collecting personal identifying information" (including children's). GeoCities denied the charges.
So who was right? We still don't know. Despite this being precisely the issue that TRUSTe was set up to resolve, TRUSTe refused to confirm or deny the FTC's allegations.
In a 1998 open letter, I asked whether TRUSTe's initial review of GeoCities had included any really tough questions such as "are you currently under investigation by the Federal Trade Commission?" No answer. In fact, mention of the GeoCities incident seems to have been removed from TRUSTe's website.
The organization that wanted to make the FTC obsolete was not off to a good start.
Round II: TRUSTe and Microsoft. March 1999. This was the "Global User ID" case. It turned out Microsoft had been embedding a user ID into every document you created with their software. Since they put that ID on file when you registered their software, they have been capable for years of tracking authorship of even supposedly-anonymous documents.
And don't think it's just a theoretical concern. Just weeks later, the Melissa macro virus was unleashed, and its author was tracked down using this same ID. Any technology that can lead the cops to your door is potentially dangerous technology.
TRUSTe announced that this "compromises consumer trust and privacy" (duh), but said that since the Global User ID does not, strictly speaking, involve the Microsoft.com website, it had no jurisdiction. Their conclusion: "TRUSTe has determined that Microsoft.com was in compliance with all TRUSTe principles."
In reality, Microsoft's privacy page (prominently labeled with the TRUSTe seal) also discusses online registration of software products, and notes that the "personal profile" from their software registration appears on the website and is editable from the website. And that page claims that registration is covered by the TRUSTe guidelines. For TRUSTe to claim it's not requires some Clintonesque redefinitions.
CNET's headline was exactly right: "TRUSTe Clears Microsoft on Technicality."
Round III: TRUSTe and Deja News. April 1999. Again TRUSTe is taken by surprise when a computer sleuth discovers that Deja News has been collecting data on email sent by its users. When a reader clicked on an email link in a discussion posting, the destination email address was recorded, along with the presumable topic of discussion, the sender's IP number, and if registered, the sender's personal data.
This is not what one expects when sending private email! And this clearly involved Deja's website, so there was no question of another technicality.
TRUSTe's analysis of this situation was only two paragraphs long; here's all that happened:
"TRUSTe specified certain clarifying language to be included in the privacy statement. Deja News, independent of TRUSTe, then decided to discontinue the practice of tracking IP addresses in conjunction with the mail-to feature."
In fact, the situation was resolved long before TRUSTe even bothered to issue that statement. TRUSTe's suggestion of "clarifying language" had been obviated long before by Deja's indepedent action. See ZDNet's story of May 4th, which hopes that TRUSTe "will likely issue some sort of statement...this week." But TRUSTe stayed silent for four weeks.
Round IV: TRUSTe and Microsoft (again). A wide-open security hole in Microsoft's Hotmail is breached, and for a few hours everyone's inboxes are public domain. (If you don't think this is a serious privacy violation, read the stunning anonymous tale of cracking into an enemy's email, published on Salon.com the next day.)
TRUSTe's response is to call in an independent accounting firm to talk with Hotmail's programmers and security people, look over the source code, and generally try to make sure such a problem won't happen again. This isn't a bad idea - it just wasn't much of anything that Microsoft wouldn't have done on its own. Locking the barn door after the horse is gone doesn't help the people whose privacy has been lost. Microsoft is out of pocket a few bucks for the audit, and gets more than its money's worth by being able to say that TRUSTe still gives them a clean bill of health.
How can all these incidents have passed by without punishment of any kind? It's because of what TRUSTe is actually guaranteeing. Not that any company will actually keep its data private - but that the company is not lying in its privacy assurance.
That's right. You know those privacy promises you never read, the ones that are different on every website and all seem ten pages long? What TRUSTe does is promise you that, if you had read them, you'd know your rights.
If it wanted, a company could have its lawyers dress up "we will spam your email every day and sell your name and address to anyone who asks for them" in legalese, and get a TRUSTe badge on their homepage. Would you know you were being screwed? Not unless you speak fluent lawyer.
Is the FTC such a bogeyman that we really need to sell our privacy so cheap?
When Ralph Nader was pressing the government to impose strict safety standards on the auto industry, Henry Ford II complained that they were "unreasonable, arbitrary and technically unfeasible." After the laws were enacted anyway, a decade later he conceded: "We wouldn't have [these] kinds of safety ... unless there had been a federal law."
Imagine if our only automotive safety regulations were that Detroit must abide by its lawyers' fine print!
The usual argument is that requiring an actual guarantee of privacy would stifle business. The purpose in forming TRUSTe was to keep the internet corporation-friendly, by keeping the government out. TRUSTe was well-intentioned, no question. It was a noble experiment.
But, according to some influential people and groups, it has failed.
Forrester Research studies topics related to the internet and made privacy its concern in its September 1999 report, "Privacy Wake-Up Call." Its conclusions should not be surprising:
"Most privacy policies are a joke." Forrester says corporate privacy policies are legalese set up mostly to protect the corporations.
"Few companies meet key privacy protection principles." About 10%.
"Third-party programs show little traction." Hundreds of TRUSTe licensees don't amount to much on the billion-page net.
And, "third-party privacy firms...like TRUSTe...become more of a privacy advocate for industry rather than for consumers."
(Slashdot has more on this study.)
Even the Electronic Frontier Foundation, after years of straddling the fence on the issue, has finally recognized that self-policing just doesn't work. The EFF is not just the best-recognized internet rights advocacy group; it created TRUSTe.
Yet, in an October letter to the FTC, the EFF laid down its cards:
"Creation of TRUSTe and its seal program was one such early innovation of EFF. TRUSTe was successful in several areas. ... We now must move out of this awareness-raising mode and into an action mode where real protection can be achieved. Legislation is needed in order to achieve that goal. ... we think it is time to move away from a strict self-regulation approach to protecting privacy online."
The latest nail in the coffin came on November 1, when EFF Program Director Stanton McCandlish laid out the facts on the fight-censorship mailing list:
"Our stance has basically been that industry self-reg would be worth trying, but might or might not be enough. We did the 'proof of concept' ourselves, by launching and spinning off TRUSTe. But TRUSTe was intended to be and is a separate, independent entity, and was created as an experiment. The experiment is in many ways a failure..."
(McCandlish's personal opinion is even more scathing. Follow the link to read it.)
You wouldn't know this if you read the TRUSTe website. Their homepage proudly tells you about the six-month-old Georgetown study, but makes no mention of the Forrester Research report. It tells you that the FTC supports self-regulation (based on Georgetown), but won't tell you that its own parent, the EFF, thinks the ride is over.
If TRUSTe is a consumer rights and advocacy group, why are they only feeding us the feel-good stories? Aren't consumer groups supposed to be the ones that dig up dirt and tell us about potential problems?
The money trail leads to the answer. TRUSTe isn't a consumer advocacy group. TRUSTe doesn't get its money from consumers. Its money comes from corporate sponsors, and nobody wants to bite the hand that feeds them. Besides, those corporations want the message to be one of constant calm. Concerned customers are not good for sales.
Remember the GeoCities FTC findings that TRUSTe wouldn't comment on? GeoCities had just done an IPO and millions of dollars were at stake. GeoCities' sister corporation Engage Technologies (they are both subsidiaries of CMG Industries) was a Contributing Corporate Sponsor of TRUSTe. That conflict of interest was never mentioned.
(GeoCities has since been purchased by Yahoo.)
Remember the Microsoft incidents that TRUSTe waffled on? Microsoft is not just a member, but also a Premier Corporate Sponsor of TRUSTe. That conflict of interest totals $100,000 per year.
Round V. By now you've guessed that this is leading up to the current furor over Real Networks. Real is a TRUSTe member. Do I need to mention that it's also a Contributing Corporate Sponsor?
TRUSTe said that it would render judgement on Real Networks by the end of last week. Now it's saying today.
And it's making noises like they're actually going to do something this time:
"We could take the company to court for breach of contract, since they do have an agreement with us. Or, we can forward the case to the FTC... I guarantee that the damage to the reputation of the first company that we do that to will be big."
For its own sake, it had better. We're talking about a company whose product is a Trojan Horse that secretly scans your hard drive for valuable personal data. If TRUSTe doesn't unload with both barrels, its credibility will be negative zero.
Anything TRUSTe does may have a negligable effect in any case. Corporations only understand the bottom line, and RealNetworks stock shot up 25% in the five days following the privacy debacle. With the company's market cap $1.9 billion higher than it was a week ago, how much are they really going to care about some nonprofit gnat?
We can hope. Real.com today unveiled its new website, a music portal, which investors will be watching carefully. Also happening today is a conference held by the FTC and Commerce Department for data-profilers to announce what they're going to do to protect privacy. So if TRUSTe were trying to maximize the effect of their announcement, today would be the day they'd pick. It could be that the gnat will have a nasty bite that surprises everyone.
Still - you can dress an organization up in not-for-profit clothes, but that doesn't change that it's beholden to its revenue stream. TRUSTe says we can trust them to be objective, on the theory that their revenue stream will dry up if they don't do right by consumers. So far, there doesn't seem to be much truth to that. They haven't been doing us right, but their number of contributors and members just keeps growing.
I enjoy reading about the future envisioned by people like Gibson and Stephenson, where the net is totally unregulated and a "right to privacy" is a dim memory, or a joke. That doesn't mean I want to live in that future. Europe has consumer protection laws that are, from an American perspective, astonishingly strong. Maybe we should take a look at other countries' solutions, to see if there's something we could learn.
So far, all we've learned is what fails.
- Jamie McCarthy
Change the revenue stream (Score:4)
If this sounds stupid, please excuse...it's pretty early in the morning right now. :-/
--
Interested in XFMail? New XFMail home page [slappy.org]
Regulation (Score:3)
Well, to start with my reading of Gibson and Stephenson is a bit different than yours. The right to privacy as in "He looked at my email! Call the cops and let's file a complaint at the friendly Cybercrimes Court" doesn't exist for sure. However, the privacy in the cyberpunk world is completely in the hands of the individual. Basically, if you care enough about anonymity and have sufficient skills, you will make yourself anonymous. If you don't care or not smart enough, other people, if they care, can look at your data.
That's not so bad a future to live in (it's not that hard to learn to use encryption). I certainly don't want the cops to jump in any time somebody does a port scan.
Yes, Europe has strong consumer protection laws, but all they do is reassert the power of the political structure (government) over private entities. I am much more worried, Gibson's future nonwithstanding about the government power, than about the power of corporations. For example, I am quite confident of my abilities to thwart, mislead and generally disrupt the attempts of corporations to collect personal data about myself, unless I implicitly or explicitly agree (credit history is an intrusion of privacy but is a useful thing to have). However if a goverment, in the name of protecting the consumers, makes it a crime to, say, spoof personal data on the net, or much worse, establishes a registry of net users (mandatory ICQ, anyone?), it will make my life much harder and more unpleasant.
So I do have huge misgivings about the heavy and not particularly bright hand of government messing with the workings of the net.
Kaa
McCarthyism (Score:3)
Any technology that can lead the cops to your door is potentially dangerous technology.
It's this idea that has completely shackled law enforcement when it has come to dealing with computer crimes. The idea that people should be allowed to be completely anonymous in everything that they do is completely unparalleled in the real world. I, for one, am very happy that some method of accountability was unknowingly in Microsoft's products so that they could track down the author of the Melissa virus. People can and should have an identity on the Internet, and while that identity should be protected, it shouldn't be removed because people are afraid that law enforcement will be able to find you.
I also don't think that TRUSTe is as important an organization as it is made out to be in this article. It may shock some members of the Slashdot community, but I had never heard of TRUSTe until the Hotmail debacle, and even then, I didn't stop using Hotmail, nor did I start regulating my product usage by the TRUSTe symbol. I'm sure many others haven't, either.
I really think people are beginning to accept the fact that the growth of the Internet has resulted in a certain lack of online privacy. One may lament it and one may try and fight it, but the idea of a completely open but anonymous society is contradictory. Where there is a data stream, there is a way. People may have a right to certain information privacy, but they don't have a right to anonymity, and the only rights they have to what information a product sends back about itself are market rights. Somehow, I don't think Real Networks is going under because they sent back UIDs from their product. In fact, I'm happy they can track their software.
The constant attacks against companies that engage in marketing devices, information gathering schemes, and content labeling is akin to McCarthy's (Joe, not Jamie) crusade against Communists. Anything that doesn't fit into the ideal is suspect. Guess what? Direct marketers have been using these tools for decades and, *gasp* people have been able to go through your trash for even longer.
I say the Internet needs to start strengthening itself around responsibility. Protecting one's rights is important, but a certain accountability is expected with those rights. So far, I see very little accountability, both on the part of the commercial organizations with their rampant use of undocumented 'features' and with individuals who try to both use and separate their lives from the system. As with all things in life, the middle ground is where I think the answer is. Rampant positioning on either extreme just ruffles feathers and leads to no solutions at all.
Stanton McCandlish, TRUSTe, libel lawsuit threats (Score:3)
Two thoughts (Score:3)
Secondly, negative zero is the same as positive zero, is the same as zero squared, is the same as zero multiplied by infiniy. I understand the point being made, but if a point's worth making, it's worth making without being dressed up to look more than it really is.
The real solution (Score:3)
TRUSTe's main problem is that it's 'service' isn't what people want or even what is implied. The article correctly points out that you can sacn someone's hard drive and sell all the data you mine to the highest bidder and get the TRUSTe seal as long as you bury a description of what you do somewhere in a 10-100 page legalese document that can be downloaded from your site.
What is really needed is a definition of various levels of privacy ranging from active violation to absolute (and protected) anonymity. Then, allow a company to display a simple icon with a rating from 0-10 (10 being the best) which links to a page describing, in plain english (spanish, german, etc) what that means. Naturally, no campany will proudly display a 0, but hopefully, if a site displays a 10, the consumer can feel absolutely confident.
The advantage to that system is that there is a lot less room for weasel words and technicalities. BTW, a 10 should include all logs going directly to /dev/null, ssl, and don't even ask who you are or where you're coming in from. In other words, very rare but possable.
Nothing Wrong with the Goal (Score:3)
TRUSTe is not interested in privacy, but that doesn't mean that we should give in to regulation. The government will just be a bigger version of TRUSTe. The membership fees ( bribes | contributions ) will be stiffer, and the process more byzantine and slow, but the end result will be the same.
Re:McCarthyism (Score:3)
I trust your asbestos underwear is in good order...
The idea that people should be allowed to be completely anonymous in everything that they do is completely unparalleled in the real world.
Not everything they do, but some things they do, and that is completely reasonable in the real world. When I walk on a street in a big city, buy myself a cup of coffee, ogle the girls walking by -- I am completely anonymous. And think back to the XIX century -- that's when the basis for all the current laws on privacy and anonymity was being formulated. It was quite easy to be anonymous in those time.
People may have a right to certain information privacy, but they don't have a right to anonymity, and the only rights they have to what information a product sends back about itself are market rights.
Well, we have a serious philosophical disagreement here and it looks to be quite basic (as in, not solvable on Slashdot). I strongly believe in the rights to both privacy and anonymity. I would also argue that in better world, people would have copyright over their own personal info.
Somehow, I don't think Real Networks is going under because they sent back UIDs from their product. In fact, I'm happy they can track their software.
I am glad you are happy. You will probably be even happier to know that RealNetworks tracked not only their own software, but also all the tracks that you've listened to on the RealPlayer, all the music CDs that you've inserted into the CD-ROM drive, and a bunch of other stuff that I don't rememeber right now.
people have been able to go through your trash for even longer.
I don't think you understand the issue. Sure, for a long time anybody who had a lot of time and money was able to collect much info about you. But it was not cost-effective. Now the cost to collect, organize and process massive amounts of personal data is minimal -- it became cost-effective to go through you trash, and much more besides. This is the crucial difference, not whether information gathering was possible in the past.
So far, I see very little accountability
And, pray tell, why should I not separate my life from the system? I, actually, have stong objections to my life being tightly entwined with the system -- see, I don't trust the system at all (and I have my reasons). You have an implicit assumption that the 'system' is beneficial and, for all its warts, is trying to do the right thing. I am unwilling to make this assumption. My goals and values are likely to be different from the system's goal and values. I am perfectly willing to take responsibility for my own actions, but this is not the same thing as being under pressure from the 'system' for being different.
Kaa
Exposing the Why behind this debacle (Score:3)
The industry can police itself, if it's willing to do so. It merely needs what the government has traditionally provided: Cost.
In economic terms, TrustE could have been predicted to be irrelevant. Consider: Online organizations are almost always desperate for new lines of revenue, due to their ridiculously overstated stock valuations. (In the criminology world, that's called motive.) They're also tied to the hip to advertisers, who are often their primary source of income. (In walks Opportunity.) Aggregation of mass quantities of identifiable information, continually up to date and temporarily difficult to obtain elsewhere, proposes an attractive source of money for companies like RealNetworks.
However, the lack of a direct money trail doesn't immediately, necessarily, or even probably exonerate RealNetworks. It is more than likely that more than a few large media companies agreed to work with RealNetworks in return for "under the table" statistics on the spread(and contraction) of MP3s per Server per State/College/User. Situations like this are perfect for creating plausable deniability, and considering the strength of the Microsoft threat against RealNetworks(nothing short of total annihilation!), it wouldn't be surprising at all if RealNetworks felt blackmailed into violating their customers in such an obscene manner.
But then, Blackmail usually implies risk v. risk calculations--in other words, RealNetworks had to feel that they'd experience some tremendous loss by favoring their corporate partners above the trust of their customers. Thus the genius of sponsoring TrustE. TrustE was practically made-to-order for corporations--whatever the privacy policy happened to say was OK by them, and since they were dependant on the very companies they were supposed to attack for their very existence, the organization was forced to bend over backwards to avoid conflict with their sponsors.
As I argued in this post [slashdot.org], privacy policies can be twisted to say anything, and not obviously at that. Truly an ideal situation for companies like RealNetworks.
Add in the fact that the same companies who would demand privacy violations are those same companies who could get glowing stories of new privacy protections being quickly implemented, which of course had a nice +25% impact on stock price(ooh, even more ridiculous stock valuation!) when it finally happened, took what should have been a blackmail situation and converted it into a beautiful example of a Win/Win, with the public absorbing the cost.
But why? In the covert war against MP3, intelligence and co-option is everything. RealNetworks placing itself as the source for (much lower quality 96kbps) MP3s gives them the ability to control who encodes what, using which standard, and reporting back the ever valuable percentage of the population complying.
After all, knowing when to lower the boom on non-compliant MP3s, mainly by releasing players that suddenly refuse to play the finally-rare noncompliant MP3, is completely tied to knowing how many people are in violation.
So the strategy is exposed. The question is, what could have been done in advance to prevent such a situation? Legislation isn't necessarily the answer; laws aren't really that much more than a societally enforced contract with the government. Weak laws(which we already have in abundance) wouldn't have prevented this plan from going into effect.
The simple answer is that TrustE needs to make money for busting violators. Possibly that means a bounty system, paid by a FTC fund. However it works, right now TrustE makes money by pleasing its sponsors.
That not only has to change--it's going to.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Re:The real solution (Score:3)
Folk forget that the original "eTrust" (not "Trusty" as they call it now) was pretty close to that. As I recall:
Part of getting watered down to become the "Trusty" service we know and loathe was removing all levels except the useless one.
What moron thought that was useful for consumers?
The hard issue is that corporations want pure reward, with no responsibility or risk. And they just don't know how to protect data once they've collected it ... and it's too easy for any little team to start collecting that data, and big companies don't have that much control over the hundreds of teams that can represent them on the web by putting a site up. Control would restrict "innovation" (keyword cross-reference: "theft") and that's clearly bad, right?
Given that corporate incentives are exclusively to abuse private data, there is really no way that self-regulation can ever work.