TRUSTe Decides Its Own Fate Today

TRUSTe, the steward of the most visible symbol on the internet, is making a tough decision today. Today, it reveals what it intends to do about its client Real Networks. At stake is whatever's left of its credibility. (Update: 11/08 02:55: Real got off on a technicality: "because the transmission of user data ... did not involve collection of data on the RealNetworks Web site, the privacy incident was outside of the scope of TRUSTe's current privacy seal program.")

Unquestionably TRUSTe is the leader in third-party privacy assurance. Its only alternative is BBBOnline, which can boast only 100 members to TRUSTe's 750. But it's having a hard time living up to its motto, "Building a web you can believe in": sometimes it's hard to know what to believe.

TRUSTe's original idea was to allow a website to display one of three icons, indicating whether its privacy policy was good, ok, or bad. There turned out to be problems with this - strangely enough, no site wanted to post an icon saying that their privacy sucked - and the icons looked too similar anyway. So they went with one icon, a "badge" that every member site posts.

All the badge means is that the site has a privacy policy, and that, as far as TRUSTe knows, they haven't violated it.

If you think this is a questionable basis for a consumer advocacy group, you're right. But the real question is how it plays out in practice. Let's take a look at TRUSTe's track record.

Round I: TRUSTe and GeoCities. In June 1998, the FTC announced - to everyone's surprise - that it and GeoCities had come to a settlement regarding violations of consumer privacy.

Everyone was surprised because this was the first anyone had heard of it. Where was TRUSTe?

Caught flat-footed, TRUSTe scrambled for a few days, then made its own announcement. It pointed out that GeoCities had begun the alleged privacy violations before applying to become a member (in April) and being accepted (in May). Therefore, TRUSTe claimed, the violations were technically not under the scope of their investigation.

But turn that around and put it another way - it was able to become a TRUSTe member even while under investigation by the FTC, and TRUSTe said nothing.

It gets worse. The FTC and GeoCities issued conflicting releases about what the settlement actually meant. The FTC said that GeoCities had "misrepresented the purposes for which it was collecting personal identifying information" (including children's). GeoCities denied the charges.

So who was right? We still don't know. Despite this being precisely the issue that TRUSTe was set up to resolve, TRUSTe refused to confirm or deny the FTC's allegations.

In a 1998 open letter, I asked whether TRUSTe's initial review of GeoCities had included any really tough questions such as "are you currently under investigation by the Federal Trade Commission?" No answer. In fact, mention of the GeoCities incident seems to have been removed from TRUSTe's website.

The organization that wanted to make the FTC obsolete was not off to a good start.

Round II: TRUSTe and Microsoft. March 1999. This was the "Global User ID" case. It turned out Microsoft had been embedding a user ID into every document you created with their software. Since they put that ID on file when you registered their software, they have been capable for years of tracking authorship of even supposedly-anonymous documents.

And don't think it's just a theoretical concern. Just weeks later, the Melissa macro virus was unleashed, and its author was tracked down using this same ID. Any technology that can lead the cops to your door is potentially dangerous technology.

TRUSTe announced that this "compromises consumer trust and privacy" (duh), but said that since the Global User ID does not, strictly speaking, involve the Microsoft.com website, it had no jurisdiction. Their conclusion: "TRUSTe has determined that Microsoft.com was in compliance with all TRUSTe principles."

In reality, Microsoft's privacy page (prominently labeled with the TRUSTe seal) also discusses online registration of software products, and notes that the "personal profile" from their software registration appears on the website and is editable from the website. And that page claims that registration is covered by the TRUSTe guidelines. For TRUSTe to claim it's not requires some Clintonesque redefinitions.

CNET's headline was exactly right: "TRUSTe Clears Microsoft on Technicality."

Round III: TRUSTe and Deja News. April 1999. Again TRUSTe is taken by surprise when a computer sleuth discovers that Deja News has been collecting data on email sent by its users. When a reader clicked on an email link in a discussion posting, the destination email address was recorded, along with the presumable topic of discussion, the sender's IP number, and if registered, the sender's personal data.

This is not what one expects when sending private email! And this clearly involved Deja's website, so there was no question of another technicality.

TRUSTe's analysis of this situation was only two paragraphs long; here's all that happened:

"TRUSTe specified certain clarifying language to be included in the privacy statement. Deja News, independent of TRUSTe, then decided to discontinue the practice of tracking IP addresses in conjunction with the mail-to feature."

In fact, the situation was resolved long before TRUSTe even bothered to issue that statement. TRUSTe's suggestion of "clarifying language" had been obviated long before by Deja's indepedent action. See ZDNet's story of May 4th, which hopes that TRUSTe "will likely issue some sort of statement...this week." But TRUSTe stayed silent for four weeks.

Round IV: TRUSTe and Microsoft (again). A wide-open security hole in Microsoft's Hotmail is breached, and for a few hours everyone's inboxes are public domain. (If you don't think this is a serious privacy violation, read the stunning anonymous tale of cracking into an enemy's email, published on Salon.com the next day.)

TRUSTe's response is to call in an independent accounting firm to talk with Hotmail's programmers and security people, look over the source code, and generally try to make sure such a problem won't happen again. This isn't a bad idea - it just wasn't much of anything that Microsoft wouldn't have done on its own. Locking the barn door after the horse is gone doesn't help the people whose privacy has been lost. Microsoft is out of pocket a few bucks for the audit, and gets more than its money's worth by being able to say that TRUSTe still gives them a clean bill of health.

How can all these incidents have passed by without punishment of any kind? It's because of what TRUSTe is actually guaranteeing. Not that any company will actually keep its data private - but that the company is not lying in its privacy assurance.

That's right. You know those privacy promises you never read, the ones that are different on every website and all seem ten pages long? What TRUSTe does is promise you that, if you had read them, you'd know your rights.

If it wanted, a company could have its lawyers dress up "we will spam your email every day and sell your name and address to anyone who asks for them" in legalese, and get a TRUSTe badge on their homepage. Would you know you were being screwed? Not unless you speak fluent lawyer.

Is the FTC such a bogeyman that we really need to sell our privacy so cheap?

When Ralph Nader was pressing the government to impose strict safety standards on the auto industry, Henry Ford II complained that they were "unreasonable, arbitrary and technically unfeasible." After the laws were enacted anyway, a decade later he conceded: "We wouldn't have [these] kinds of safety ... unless there had been a federal law."

Imagine if our only automotive safety regulations were that Detroit must abide by its lawyers' fine print!

The usual argument is that requiring an actual guarantee of privacy would stifle business. The purpose in forming TRUSTe was to keep the internet corporation-friendly, by keeping the government out. TRUSTe was well-intentioned, no question. It was a noble experiment.

But, according to some influential people and groups, it has failed.

Forrester Research studies topics related to the internet and made privacy its concern in its September 1999 report, "Privacy Wake-Up Call." Its conclusions should not be surprising:

"Most privacy policies are a joke." Forrester says corporate privacy policies are legalese set up mostly to protect the corporations.

"Few companies meet key privacy protection principles." About 10%.

"Third-party programs show little traction." Hundreds of TRUSTe licensees don't amount to much on the billion-page net.

And, "third-party privacy firms...like TRUSTe...become more of a privacy advocate for industry rather than for consumers."

(Slashdot has more on this study.)

Even the Electronic Frontier Foundation, after years of straddling the fence on the issue, has finally recognized that self-policing just doesn't work. The EFF is not just the best-recognized internet rights advocacy group; it created TRUSTe.

Yet, in an October letter to the FTC, the EFF laid down its cards:

"Creation of TRUSTe and its seal program was one such early innovation of EFF. TRUSTe was successful in several areas. ... We now must move out of this awareness-raising mode and into an action mode where real protection can be achieved. Legislation is needed in order to achieve that goal. ... we think it is time to move away from a strict self-regulation approach to protecting privacy online."

The latest nail in the coffin came on November 1, when EFF Program Director Stanton McCandlish laid out the facts on the fight-censorship mailing list:

"Our stance has basically been that industry self-reg would be worth trying, but might or might not be enough. We did the 'proof of concept' ourselves, by launching and spinning off TRUSTe. But TRUSTe was intended to be and is a separate, independent entity, and was created as an experiment. The experiment is in many ways a failure..."

(McCandlish's personal opinion is even more scathing. Follow the link to read it.)

You wouldn't know this if you read the TRUSTe website. Their homepage proudly tells you about the six-month-old Georgetown study, but makes no mention of the Forrester Research report. It tells you that the FTC supports self-regulation (based on Georgetown), but won't tell you that its own parent, the EFF, thinks the ride is over.

If TRUSTe is a consumer rights and advocacy group, why are they only feeding us the feel-good stories? Aren't consumer groups supposed to be the ones that dig up dirt and tell us about potential problems?

The money trail leads to the answer. TRUSTe isn't a consumer advocacy group. TRUSTe doesn't get its money from consumers. Its money comes from corporate sponsors, and nobody wants to bite the hand that feeds them. Besides, those corporations want the message to be one of constant calm. Concerned customers are not good for sales.

Remember the GeoCities FTC findings that TRUSTe wouldn't comment on? GeoCities had just done an IPO and millions of dollars were at stake. GeoCities' sister corporation Engage Technologies (they are both subsidiaries of CMG Industries) was a Contributing Corporate Sponsor of TRUSTe. That conflict of interest was never mentioned.

(GeoCities has since been purchased by Yahoo.)

Remember the Microsoft incidents that TRUSTe waffled on? Microsoft is not just a member, but also a Premier Corporate Sponsor of TRUSTe. That conflict of interest totals $100,000 per year.

Round V. By now you've guessed that this is leading up to the current furor over Real Networks. Real is a TRUSTe member. Do I need to mention that it's also a Contributing Corporate Sponsor?

TRUSTe said that it would render judgement on Real Networks by the end of last week. Now it's saying today.

And it's making noises like they're actually going to do something this time:

"We could take the company to court for breach of contract, since they do have an agreement with us. Or, we can forward the case to the FTC... I guarantee that the damage to the reputation of the first company that we do that to will be big."

For its own sake, it had better. We're talking about a company whose product is a Trojan Horse that secretly scans your hard drive for valuable personal data. If TRUSTe doesn't unload with both barrels, its credibility will be negative zero.

Anything TRUSTe does may have a negligable effect in any case. Corporations only understand the bottom line, and RealNetworks stock shot up 25% in the five days following the privacy debacle. With the company's market cap $1.9 billion higher than it was a week ago, how much are they really going to care about some nonprofit gnat?

We can hope. Real.com today unveiled its new website, a music portal, which investors will be watching carefully. Also happening today is a conference held by the FTC and Commerce Department for data-profilers to announce what they're going to do to protect privacy. So if TRUSTe were trying to maximize the effect of their announcement, today would be the day they'd pick. It could be that the gnat will have a nasty bite that surprises everyone.

Still - you can dress an organization up in not-for-profit clothes, but that doesn't change that it's beholden to its revenue stream. TRUSTe says we can trust them to be objective, on the theory that their revenue stream will dry up if they don't do right by consumers. So far, there doesn't seem to be much truth to that. They haven't been doing us right, but their number of contributors and members just keeps growing.

I enjoy reading about the future envisioned by people like Gibson and Stephenson, where the net is totally unregulated and a "right to privacy" is a dim memory, or a joke. That doesn't mean I want to live in that future. Europe has consumer protection laws that are, from an American perspective, astonishingly strong. Maybe we should take a look at other countries' solutions, to see if there's something we could learn.

So far, all we've learned is what fails.

- Jamie McCarthy

He's dead, Jim

[Kaa]

Really. TRUSTe has no credibility left. I really don't care what they decide about RealNetworks, and I doubt that many other people do.

It may have been a good idea at the start, but right now their situation would make a good case study titled "The loss of virtue and the disadvantages of being a corporate whore".

Kaa

Privacy Rape and TRUSTe Approval

[Kintanon]

I'd say our online privacy is about to get raped hard by TRUSTe and Real Networks. I don't trust TRUSTe as far as I can spit them. Just because they have labeled themselves as non-profit doesn't mean they don't need money. TRUSTe is still out to get sponsors and make enough money to pay its employees, because of this it would be a very bad idea for them to actually take action against a company who violated a policy. Most likely it will just be an extortion case, TRUSTe will quietly hint to Real Networks that if they are willing to cough up a couple hundred grand in 'donations' they can be TRUSTe approved by tommorow. Nothing will change....

Kintanon

Change the revenue stream

[Brian+Knotts]

It seems to me that privacy is a pretty desirable thing among most Internet users. And, it's clear that an organization is most accountable to the people who fund it. So, why not have an organization somewhat like the AAA (American Automobile Association), that is funded (at least primarily) directly by the users? I'm guessing a lot of people would be willing to spend $25 per year for an organization of this type.

If this sounds stupid, please excuse...it's pretty early in the morning right now. :-/

--
Interested in XFMail? New XFMail home page

Re:Change the revenue stream

[plunge]

Not that I'm implying it's a good or bad thing, but there are plenty of regulatory agencies out there that operate off consumer money- via taxes. The fees are usually a bit over 25$ a year though... :)

Re:Change the revenue stream

[Brian+Knotts]

Well, I certainly don't claim to have all the answers. I was just suggesting that a user-funded organization may be somewhat more effective than an industry-funded one.

What I picture as a somewhat effective "International Internet Users Association:"

• Reasonable yearly fees: ~US$25-50/year
• Not primarily legal oriented; more of a "there are a lot of us, so you'd be wise to deal with us fairly" sort of thing
• User fees would fund arbitrators/negotiators who would help resolve conflicts
• Member benefits to encourage membership would probably include an email address and access to the association's database of vendor data

It might not work, but then again, it might be better than what we have.

I still don't think legislation is the answer, partially because the Internet is super-national; it exists beyond traditional national boundaries.

--
Interested in XFMail? New XFMail home page

Re:Change the revenue stream

[NatePuri]

We at ompages.com seek to do precisely that. Privacy is essentially a private matter. That means that the person in control of one's privacy is not some corporation with some policy. Rather, it should be the individual internet user.

The software and technology to secure privacy on the internet should be within the physical possession of the person seeking to retain privacy. One cannot give away personal information and expect the recipient to be trusted without some legal privilege to do so.

Regulation

[Kaa]

I enjoy reading about the future envisioned by people like Gibson and Stephenson, where the net is totally unregulated and a "right to privacy" is a dim memory, or a joke. That doesn't mean I want to live in that future. Europe has consumer protection laws that are, from an American perspective, astonishingly strong. Maybe we should take a look at other countries' solutions, to see if there's something we could learn.

Well, to start with my reading of Gibson and Stephenson is a bit different than yours. The right to privacy as in "He looked at my email! Call the cops and let's file a complaint at the friendly Cybercrimes Court" doesn't exist for sure. However, the privacy in the cyberpunk world is completely in the hands of the individual. Basically, if you care enough about anonymity and have sufficient skills, you will make yourself anonymous. If you don't care or not smart enough, other people, if they care, can look at your data.
That's not so bad a future to live in (it's not that hard to learn to use encryption). I certainly don't want the cops to jump in any time somebody does a port scan.

Yes, Europe has strong consumer protection laws, but all they do is reassert the power of the political structure (government) over private entities. I am much more worried, Gibson's future nonwithstanding about the government power, than about the power of corporations. For example, I am quite confident of my abilities to thwart, mislead and generally disrupt the attempts of corporations to collect personal data about myself, unless I implicitly or explicitly agree (credit history is an intrusion of privacy but is a useful thing to have). However if a goverment, in the name of protecting the consumers, makes it a crime to, say, spoof personal data on the net, or much worse, establishes a registry of net users (mandatory ICQ, anyone?), it will make my life much harder and more unpleasant.

So I do have huge misgivings about the heavy and not particularly bright hand of government messing with the workings of the net.

Kaa

Re:Regulation

[plunge]

How do you see corporations being reined in though? Europe is certainly not a good general example- their laws make their economies too brittle and stagnant, and their idea of government regulation may be too overbearing. But supposed watchdogs like TrusTe obviously aren't much good at this sort of thing. And the press? The giant media/home appliance conglomerates? No help there either. Corporations can make your life hell. I'm in favor of having a government sponsored industry of competing watchdogs. They would get to feed off corporate crime settlement money and compete for government subsidies (set by standard, not subject to politics), but there have to be several, so that its a working market. No direct government buerracracy, just true muckrakers who are free from corporate kowtows.

Re:Regulation

[plunge]

To repeat one of my fav ideas, giving individuals copyright over their personal data would go a looong way towards solving the problem.
Sounds good- what's the downside- I don't know much about copyright law- isn't that going to be tricky deciding what's yours and what's others? I'm all for me owning everything about me, from DNA to my slashdot comments.

They would probably have too much power and would end up blackmailing the industry.
But since there would be competing watchdog groups, they could easily call each other out on such things. The IRS is so incompetant because there's no alternative- it's their way or the highway. Not so if there'a market that serves people's need for privacy. Unfortunately, it's clear it would be a big enough market to hold enough watchdogs to make it a useful market.

Re:Regulation

[cjs]

Yes, Europe has strong consumer protection laws, but all they do is reassert the power of the political structure (government) over private entities. I am much more worried, Gibson's future nonwithstanding about the government power, than about the power of corporations.

I feel just the opposite way. Governments at least have some responsibility to the populace, and this is enforced through the elections and the political pressure that can be brought to bear against them by advocacy groups and individuals. Corporations, on the other hand, don't give a damn; their responsibility is only to their stockholders, who generally care about nothing but making money.

I've just moved from Canada to the US, and I'm amazed at how much worse off I am in the US in terms of privacy. There's a lot of tracking of individuals going on in the US, and much of that is driven not by the government (though they do their share, e.g., mandatory placement of SSNs on drivers licenses), but by corporations. The US has slowly been building a national identity system (based on Social Security Numbers) for a couple of decades now, and much of that is driven by corporations. (It's not only perfectly legal, but perfectly usual in the US for a corporation that has no tax-related relationship with you at all to refuse you service unless you supply an SSN.)

Sure, governments can and do abuse their power. But in democracies they are, to some degree, responsible to the people. Corporations never are.

Also, I'd like to note that this fear of government is a particularly American fear. (Perhaps some of it comes from those same Republican party politicians who, during the Regan years, more than doubled the size of the US government.) There are a lot of countries in the world that have had `big govenment' that do quite well, and do a much better job of protecting their citizens' rights and privacy.

cjs

Incentives

[dynarion]

TRUSTe's incentives are clearly bass-ackwards. The Consumer's Union model, where the evaluating organization takes no money from the evaluated, is clearly more ... trustworthy. All I can ask is, who in their right mind ever expected this to work?

McCarthyism

[Hrunting]

Let's begin by playing devil's advocate, and then we'll see what erupts.

Any technology that can lead the cops to your door is potentially dangerous technology.

It's this idea that has completely shackled law enforcement when it has come to dealing with computer crimes. The idea that people should be allowed to be completely anonymous in everything that they do is completely unparalleled in the real world. I, for one, am very happy that some method of accountability was unknowingly in Microsoft's products so that they could track down the author of the Melissa virus. People can and should have an identity on the Internet, and while that identity should be protected, it shouldn't be removed because people are afraid that law enforcement will be able to find you.

I also don't think that TRUSTe is as important an organization as it is made out to be in this article. It may shock some members of the Slashdot community, but I had never heard of TRUSTe until the Hotmail debacle, and even then, I didn't stop using Hotmail, nor did I start regulating my product usage by the TRUSTe symbol. I'm sure many others haven't, either.

I really think people are beginning to accept the fact that the growth of the Internet has resulted in a certain lack of online privacy. One may lament it and one may try and fight it, but the idea of a completely open but anonymous society is contradictory. Where there is a data stream, there is a way. People may have a right to certain information privacy, but they don't have a right to anonymity, and the only rights they have to what information a product sends back about itself are market rights. Somehow, I don't think Real Networks is going under because they sent back UIDs from their product. In fact, I'm happy they can track their software.

The constant attacks against companies that engage in marketing devices, information gathering schemes, and content labeling is akin to McCarthy's (Joe, not Jamie) crusade against Communists. Anything that doesn't fit into the ideal is suspect. Guess what? Direct marketers have been using these tools for decades and, *gasp* people have been able to go through your trash for even longer.

I say the Internet needs to start strengthening itself around responsibility. Protecting one's rights is important, but a certain accountability is expected with those rights. So far, I see very little accountability, both on the part of the commercial organizations with their rampant use of undocumented 'features' and with individuals who try to both use and separate their lives from the system. As with all things in life, the middle ground is where I think the answer is. Rampant positioning on either extreme just ruffles feathers and leads to no solutions at all.

Re:McCarthyism

[Kaa]

Let's begin by playing devil's advocate, and then we'll see what erupts.

I trust your asbestos underwear is in good order...

The idea that people should be allowed to be completely anonymous in everything that they do is completely unparalleled in the real world.

Not everything they do, but some things they do, and that is completely reasonable in the real world. When I walk on a street in a big city, buy myself a cup of coffee, ogle the girls walking by -- I am completely anonymous. And think back to the XIX century -- that's when the basis for all the current laws on privacy and anonymity was being formulated. It was quite easy to be anonymous in those time.

People may have a right to certain information privacy, but they don't have a right to anonymity, and the only rights they have to what information a product sends back about itself are market rights.

Well, we have a serious philosophical disagreement here and it looks to be quite basic (as in, not solvable on Slashdot). I strongly believe in the rights to both privacy and anonymity. I would also argue that in better world, people would have copyright over their own personal info.

Somehow, I don't think Real Networks is going under because they sent back UIDs from their product. In fact, I'm happy they can track their software.

I am glad you are happy. You will probably be even happier to know that RealNetworks tracked not only their own software, but also all the tracks that you've listened to on the RealPlayer, all the music CDs that you've inserted into the CD-ROM drive, and a bunch of other stuff that I don't rememeber right now.

people have been able to go through your trash for even longer.

I don't think you understand the issue. Sure, for a long time anybody who had a lot of time and money was able to collect much info about you. But it was not cost-effective. Now the cost to collect, organize and process massive amounts of personal data is minimal -- it became cost-effective to go through you trash, and much more besides. This is the crucial difference, not whether information gathering was possible in the past.

So far, I see very little accountability ...[snip!] ... with individuals who try to both use and separate their lives from the system.

And, pray tell, why should I not separate my life from the system? I, actually, have stong objections to my life being tightly entwined with the system -- see, I don't trust the system at all (and I have my reasons). You have an implicit assumption that the 'system' is beneficial and, for all its warts, is trying to do the right thing. I am unwilling to make this assumption. My goals and values are likely to be different from the system's goal and values. I am perfectly willing to take responsibility for my own actions, but this is not the same thing as being under pressure from the 'system' for being different.

Kaa

Re:McCarthyism

[Fastolfe]

I think the media has had more to do with this change in respect than anything else.

There will always be abuses. There have always been abuses. Fortunately, abuse occurs very infrequently, despite what the mass media would like us to think. There's no news like bad news.

I for one trust my local law enforcement implicitely. If they fuck up, I have faith that they will either learn from their mistakes or their own internal reviews will see to it that such a mistake doesn't happen again. I most certainly wouldn't *deny* my law enforcement technology on the basis that it *could* be abused. The system has always worked on compromise. The gains outweigh the drawbacks. If a cop abuses his status and does something wrong, take HIM to court. Don't hamper law enforcement entirely. If we got rid of every power law enforcement had that was theoretically capable of being abused, our law enforcement would have no power at all. Don't fight the technology. Fight those that would abuse it. Request checks and balances and means to make people accountable for their actions.

Stanton McCandlish, TRUSTe, libel lawsuit threats

[Seth+Finkelstein]

Ah, how far Stanton has come! Two years ago, he was threatening me with TRUSTe's attorneys:

"You're stepping very close to defamation, Mr. Finkelstein, and may have even crossed the line.

EFF wouldn't do anything about it, but I cannot vouch for the patience of the TRUSTe organization's attorneys. Proceed with caution, eh?" ...

"Again, please take this warning seriously. You are knowingly or negligently making provably false statements about TRUSTe with intent to harm their reputation. That's libel. You can get sued for that. Don't go there. TRUSTe's legal resources are better spent making sure participant compies adhere to their contracts, and I'm sure you have better things to do with your time & money."

Stanton McCandlish, Program Director, Electronic Frontier Foundation, on the fight-censorship list, Mon, 11 Aug 1997

I never did get a public apology, even after TRUSTe's failure.

Two thoughts

[jd]

First, TRUSTe is proof positive that industry self-regulation is suicide for the consumer. If an industry can set the standards, run the watchdog, and ensure that everything "matches up a-ok", how can anyone ever fail a test?

Secondly, negative zero is the same as positive zero, is the same as zero squared, is the same as zero multiplied by infiniy. I understand the point being made, but if a point's worth making, it's worth making without being dressed up to look more than it really is.

The real solution

[sjames]

TRUSTe's main problem is that it's 'service' isn't what people want or even what is implied. The article correctly points out that you can sacn someone's hard drive and sell all the data you mine to the highest bidder and get the TRUSTe seal as long as you bury a description of what you do somewhere in a 10-100 page legalese document that can be downloaded from your site.

What is really needed is a definition of various levels of privacy ranging from active violation to absolute (and protected) anonymity. Then, allow a company to display a simple icon with a rating from 0-10 (10 being the best) which links to a page describing, in plain english (spanish, german, etc) what that means. Naturally, no campany will proudly display a 0, but hopefully, if a site displays a 10, the consumer can feel absolutely confident.

The advantage to that system is that there is a lot less room for weasel words and technicalities. BTW, a 10 should include all logs going directly to /dev/null, ssl, and don't even ask who you are or where you're coming in from. In other words, very rare but possable.

Re:The real solution

[Big+Jojo]

Folk forget that the original "eTrust" (not "Trusty" as they call it now) was pretty close to that. As I recall:

• One eTrust logo meant that the site would never share your data;
• Another mean that they'd do whatever the heck they wanted;
• There was some intermediate one too

Part of getting watered down to become the "Trusty" service we know and loathe was removing all levels except the useless one.

What moron thought that was useful for consumers?

The hard issue is that corporations want pure reward, with no responsibility or risk. And they just don't know how to protect data once they've collected it ... and it's too easy for any little team to start collecting that data, and big companies don't have that much control over the hundreds of teams that can represent them on the web by putting a site up. Control would restrict "innovation" (keyword cross-reference: "theft") and that's clearly bad, right?

Given that corporate incentives are exclusively to abuse private data, there is really no way that self-regulation can ever work.

Re:The real solution

[sjames]

The plug-in would match the URL with a (regualarly updated) database stored on your computer and display the rating on the title bar or status bar. It could also provide a link that you could click on that would bring up a pop up window giving details.

That's a good idea. As an option, it could also be handled by a proxy (for NCs, set tops, and platforms/browsers that are not yet supported.

Re:The real solution

[Black+Parrot]

> The hard issue is that corporations want pure reward, with no responsibility or risk.

It seems that those sponsors who are behaving would resent the devaluation of their rating by those which aren't.

Couldn't the original system work if TRUSTe focused on those who would withdraw if they didn't play hardball, rather those who would withdraw if they did play hardball? Let the cheaters keep their money and lose their certifications -- wouldn't that make the value of the remaining certifications go up?

Or are all of the companies playing it crooked?

--
It's October 6th. Where's W2K? Over the horizon again, eh?

Microsoft REFUSED audit by TRUSTe

[Seth+Finkelstein]

Check out these comments by E-loan CEO Chris Larsen: Taking self-regulation to task

Earlier this year, TRUSTe received a complaint about Microsoft (MSFT: news, msgs), another member, that the software company was collecting consumers' unique personal IDs over the Internet without disclosing it to consumers. TRUSTe requested an audit of Microsoft's privacy procedures, and Microsoft refused.

TRUSTe eventually took the position that it had no authority to enforce an audit, Larsen said -- an action that shook his company's faith in self-regulation and convinced him that such voluntary initiatives were self-serving to private industry.

"(TRUSTe) took no action whatsoever to protect and reassure consumers," he said. "That was a major sign to us."
...
But according to Larsen, self-regulation may become self-defeating.

"The real goal of self-regulation has been to protect the industry from regulations," he said. But by continuing to fail consumers, he added, they have "increased the probability that regulation will happen."

Nothing Wrong with the Goal

[A+Big+Gnu+Thrush]

There's nothing wrong with a certification that simply states that a company has a privacy policy, and that they adhere to their privacy policy. Many companies have clear privacy policies which can be understood by any intelligent reader. Apple's privacy policy isn't great, but it's clear and understandable, and it's linked from their home page. TRUSTe, if they were at all interested in privacy, could audit these statements for clarity, push for changes toward an ideal policy, and revoke status if the policy is violated.

TRUSTe is not interested in privacy, but that doesn't mean that we should give in to regulation. The government will just be a bigger version of TRUSTe. The membership fees ( bribes | contributions ) will be stiffer, and the process more byzantine and slow, but the end result will be the same.

Check me if I'm wrong, Sandy, but...

[jht]

I thought "This website works best with Microsoft Internet Explorer" was the most common symbol on the Internet. Or am I just bitter and cynical?

TRUSTe has been all but ignored since they came into existence as far as I can tell. It would be nice to see a privacy stamp with credibility - but it's not theirs. Too many 'gotchas" under their watch.

- -Josh Turiel

Re:TRUSTe Watchdog Complaint #2363 (Microsoft/Spam

[Kintanon]

I have corresponded with TRUSTe about this issue and have had a complaint # (2363) assigned. I have not received any kind of final response, and have had no response from Microsoft.



You may be interested in joining a class action suit against microsoft. If so then e-mail Sleffer@home.com
At this moment I have one of the most succesful Class action lawyers in the country looking into my options for a class action against MS, feel free to e-mail me if you wish to join.

Kintanon

Exposing the Why behind this debacle

[Effugas]

The RealNetworks incident is bringing up the need for legislation. Such legislation arguably already exists(I'm sure RN's behavior can qualify as a form of Wire Fraud), but it's not really necessary.

The industry can police itself, if it's willing to do so. It merely needs what the government has traditionally provided: Cost.

In economic terms, TrustE could have been predicted to be irrelevant. Consider: Online organizations are almost always desperate for new lines of revenue, due to their ridiculously overstated stock valuations. (In the criminology world, that's called motive.) They're also tied to the hip to advertisers, who are often their primary source of income. (In walks Opportunity.) Aggregation of mass quantities of identifiable information, continually up to date and temporarily difficult to obtain elsewhere, proposes an attractive source of money for companies like RealNetworks.

However, the lack of a direct money trail doesn't immediately, necessarily, or even probably exonerate RealNetworks. It is more than likely that more than a few large media companies agreed to work with RealNetworks in return for "under the table" statistics on the spread(and contraction) of MP3s per Server per State/College/User. Situations like this are perfect for creating plausable deniability, and considering the strength of the Microsoft threat against RealNetworks(nothing short of total annihilation!), it wouldn't be surprising at all if RealNetworks felt blackmailed into violating their customers in such an obscene manner.

But then, Blackmail usually implies risk v. risk calculations--in other words, RealNetworks had to feel that they'd experience some tremendous loss by favoring their corporate partners above the trust of their customers. Thus the genius of sponsoring TrustE. TrustE was practically made-to-order for corporations--whatever the privacy policy happened to say was OK by them, and since they were dependant on the very companies they were supposed to attack for their very existence, the organization was forced to bend over backwards to avoid conflict with their sponsors.

As I argued in this post, privacy policies can be twisted to say anything, and not obviously at that. Truly an ideal situation for companies like RealNetworks.

Add in the fact that the same companies who would demand privacy violations are those same companies who could get glowing stories of new privacy protections being quickly implemented, which of course had a nice +25% impact on stock price(ooh, even more ridiculous stock valuation!) when it finally happened, took what should have been a blackmail situation and converted it into a beautiful example of a Win/Win, with the public absorbing the cost.

But why? In the covert war against MP3, intelligence and co-option is everything. RealNetworks placing itself as the source for (much lower quality 96kbps) MP3s gives them the ability to control who encodes what, using which standard, and reporting back the ever valuable percentage of the population complying.

After all, knowing when to lower the boom on non-compliant MP3s, mainly by releasing players that suddenly refuse to play the finally-rare noncompliant MP3, is completely tied to knowing how many people are in violation.

So the strategy is exposed. The question is, what could have been done in advance to prevent such a situation? Legislation isn't necessarily the answer; laws aren't really that much more than a societally enforced contract with the government. Weak laws(which we already have in abundance) wouldn't have prevented this plan from going into effect.

The simple answer is that TrustE needs to make money for busting violators. Possibly that means a bounty system, paid by a FTC fund. However it works, right now TrustE makes money by pleasing its sponsors.

That not only has to change--it's going to.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

Re:TRUSTe Watchdog Complaint #2363 (Microsoft/Spam

[Mr.+Slippery]

Earlier in the year I had requested that Microsoft not send email address in question. It took several tries before the email (newswire messages) finally stopped. Months later Microsoft's Y2K message arrived.

This appears to violate Microsoft's stated privacy policy , specifically principle #2 - Consent:...

IANAL, but I have to wonder if this isn't actionable in some way. Sounds like it would be breach of contract, or false advertising.

While it wouldn't be worthwhile for an individual to sue, maybe class-action suits against sites that violate their own privacy statements would serve to inject some cluefulness into these corporate behemoths.

Here's a quick fix to solve Real's snooping

[root]

$ whois real.com

Registrant:
Progressive Networks, Inc (REAL7-DOM)
[...]

$ whois "progressive networks"@arin.net

PROGRESSIVE NETWORKS (NETBLK-CW-204-71-154) CW-204-71-154 204.71.154.0 - 204.71.154.255
PROGRESSIVE NETWORKS (NETBLK-CW-208-147-88) CW-208-147-88 208.147.88.0 - 208.147.88.255
PROGRESSIVE NETWORKS (NETBLK-CW-208-147-89) CW-208-147-89 208.147.89.0 - 208.147.95.255
Progressive Networks (ASN-PROGNET) PROGNET 5054 Progressive Networks, Inc (REAL7-DOM) (NETBLK-ABOVE-REAL) ABOVE-REAL 209.66.98.16 - 209.66.98.23
[...]

$ ipchains -A output -d 204.71.154.0/24 -j DENY
$ ipchains -A output -d 208.147.88.0/24 -j DENY
$ ipchains -A output -d 208.147.89.0/24 -j DENY
$ ipchains -A output -d 209.66.98.16/255.255.255.232 -j DENY

$ echo All is well.

This quietly blocks all packets bound for any of Real's IP subnets. Snooped info about you being fired off to Real's servers is quietly dropped on the floor. No error message. No explicit packet rejections to scare the Real Player. The software will assume simple internet problems are the cause. Although, I assume it wouldn't report an error to the user anyway. I mean, what's it gonna say? "Alert! Unable to spy on you. [RETRY NOW] [TRY AGAIN LATER]"? Yeah, right. If you want to see the snoop attempts show up in /var/log/messages, append a -l to the above commands. This also disables the annoying "you need to upgrade your player now!" messages since it can no longer check. This works for my linux box and for the Win98 machine (since it gateways through the linux box).

Ok, time to defend M$ for a change

[jmorris42]

I don't really see a problem with the described incident. I see a Y2K warning as on a par with a Product Recall Notice or similar "Important Notice" that a good argument can be made for disiminating as widely as possible to every customer on file. If for no other reason than self defense against the lawsuits likely to let fly next year.

Not a lot of pure Black & White in the real world, and this is one of those grey areas. Now if I had dropped a subscription to their mailing lists and got a pitch for W2K I'd be pissed.

Damn, I feel icky after defending M$... better go take another shower now.

Press Release: TRUSTe and RealNetworks Collaborate

[DocJohn]

From http://www.truste.org/about/about_software.html:

For Immediate Release

Contact Information:

Dave Steer
Director of Communications
TRUSTe
408/342-1943
415.260.9669 (mobile)

TRUSTe & REALNETWORKS COLLABORATE TO CLOSE PRIVACY GAP

Pilot Privacy Seal Program for Software Applications Initiated

Cupertino, CA, November 8, 1999 - TRUSTe, the leading online privacy seal program, today announced that it is expanding its commitment to supporting consumer trust and confidence in a networked environment. The recent incident involving RealNetworks prompted a broad set of solutions for addressing consumer concerns about personally identifiable information.

Today's announcement follows reports that RealNetworks' RealJukebox product transmitted globally unique identifiers (GUID) to RealNetworks via the Internet. In response, TRUSTe immediately sought to uncover the nature of the reported data collection practice and gauge the scope of the RealNetworks situation.

"After an initial inquiry, TRUSTe found that because the transmission of user data through RealNetworks' RealJukebox program did not involve collection of data on the RealNetworks Web site, the privacy incident was outside of the scope of TRUSTe's current privacy seal program," said Lori Fena, TRUSTe's Chairman. "However, because consumer trust is more important than legal technicalities for both TRUSTe and RealNetworks, we have worked together to find a series of appropriate solutions."

"RealNetworks recognizes the importance of protecting consumer privacy, and apologized to its customers for not being clear enough about the data being transmitted by the use of RealJukebox. Issues associated with use of GUIDs in consumer software products should be of concern to the entire Web community," added Bob Lewin, Executive Director of TRUSTe. "That said, TRUSTe recommended a 5-point program to RealNetworks for restoring the trust and confidence of its customers."

RealNetworks, working closely with TRUSTe, will implement a series of changes to its current privacy practices. Beginning immediately, RealNetworks will:

Conduct Third Party Audit - RealNetworks has agreed to conduct an outside audit of its privacy practices to ensure that privacy issues raised regarding RealJukebox have been resolved. In particular, the audit will verify that RealJukebox GUIDs have been disabled and are no longer associated with email or other registration data. TRUSTe and one of the major auditing firms familiar with the fair information requirements of TRUSTe's program will conduct the audit. A report will be issued upon the conclusion of the audit process.
Privacy Statement - The Web privacy statement that has been certified by TRUSTe will be modified to inform consumers that the audit described above is underway.
Opt-In - RealNetworks has already announced that it has disabled GUIDs in RealJukebox, and beginning with today's release of RealPlayer 7, RealNetworks will anonymize GUIDs and require consumers to opt-in to enable the use of this feature.
Privacy Officer - RealNetworks will identify a key privacy officer who is responsible for handling the company's privacy practices and policies, customer privacy complaints, and who will serve as a liaison to TRUSTe.
Consumer Education - RealNetworks will collaborate with TRUSTe to identify consumer education programs relating to Internet privacy. These programs include educational forums, Web sites, and other communications activities aimed at educating consumers about privacy issues on the Internet.
Rob Glaser, Chairman and CEO of RealNetworks, said, "Our customers care a great deal about privacy issues. We want to demonstrate that we value the trust of our customers by playing a leadership role in moving the software industry to the next level of privacy protection for consumers. What we found through this process is that it is imperative for senior management of a company to be active in communicating the importance of consumer privacy and trust through the design and development of their products and services. We are committed to working with TRUSTe to demonstrate a new standard for personal information practices in software applications."

Beginning immediately, RealNetworks will work with TRUSTe to verify the application of fair information practices in its consumer software products that transmit GUIDs and other data via the Internet. Under the direction of TRUSTe, RealNetworks will establish the first-ever software privacy statement, clearly disclosing what personally identifiable information is collected and how that information is used. TRUSTe will also establish a working group comprised of experts from within and outside of the software and Internet industry to advise the organization on how to best extend its privacy seal program.

"As the line between data collected on Web sites and the rest of network software applications has become blurred, TRUSTe recognizes the need to expand its program to the greater network," said Lewin. "Just as we did more than two years ago with our Web site privacy seal program, TRUSTe will begin working to establish a seal program with oversight on software privacy practices that utilize personal data."

About TRUSTe

TRUSTe, the leading privacy seal program, is an independent organization dedicated to building consumer trust and confidence in individual data practices. The TRUSTe network of participating companies include: America Online, Compaq, Ernst & Young, Excite, IBM, Intel, Microsoft, and Novell.

Founded in 1997, TRUSTe is the premier privacy seal program worldwide. The TRUSTe seal is currently displayed on all the Internet's portal sites, 15 of the top 20 sites and approximately half of the top 100 sites. TRUSTe was recently rated the most visible symbol on the Internet by Nielsen//NetRatings.

TRUSTe is based in Cupertino, CA, with an office in Washington, D.C. For more information, please visit the organization's Web site at www.truste.org.

Re:Sammie's interested... TRUSTme

[jd]

Imagine a company, a large company. Say one worth a few hundred billion dollars. Now, let's say that they put a billion or so of that into a high-yield investment fund, say giving them 10% interest.

That gives them 100 million dollars -interest-, as play-money, per year. Easily enough to keep said company afloat, even if they never sold another product to the consumer.

Now, let's say that consumers rebelled, and refused to buy any products from that company. It is STILL making money, though, off it's interest alone, and still makes a lot of money, selling to OEM's.

In the end, if NOBODY on the face of the planet ever used a product from that company, ever again, it could STILL afford to sneer in your face, and STILL have the money to control what software and hardware is produced by who.

Face it. We are peons. Nothings. Insignificant specks of dust, to Microsoft. And even if you gathered all those specks of dust into one place, you'd STILL have nothing more than specks of dust. No great "almighty" power, no Goliath, wielding a +5 Credit Card of Destruction. Bill Gates and Microsoft can affoed to weld the gates to Redmond shut, and Microsoft would still grow faster than any other company in America.

The golden rule of capitalism is that whoever has the gold makes the rules. And Microsoft has all the gold there is. Capitalism cannot fight Capitalism, any more than a fire can put out a fire.

"Got off on a technicality"

[Black+Parrot]

> (Update: 11/08 02:55: Real got off on a technicality: "because the transmission of user data ... did not involve collection of data on the RealNetworks Web site, the privacy incident was outside of the scope of TRUSTe's current privacy seal program.")

Technically correct, but indicative of how worthless the badge is in practice.

We need to start putting a parody badge on our own web pages, TRUSTMe.

--
It's October 6th. Where's W2K? Over the horizon again, eh?