The Chapell Blog has moved. If your browser does not automatically redirect, please click here
|
Chapell Blog: The Chapell view on privacy issues of the day.To receive a weekly summary of the Chapell Blog, please click
here. Friday, July 1, 2005 Cable's
Big Bet On Hyper-Targeting BusinessWeek
- June 29, 2005 Time Warner will test new software that sends different ads to different viewers Imagine the scene. You're relaxing at home, engrossed in the flickering images on your big-screen TV. Ahhh, nothing like really great programming. Except in this case, it's not a show that's got your attention; it's a 30-second commercial. The Chapell View You really know that behavioral targeting has hit the mainstream when the cable and television people start to use it. I’m a big fan of any technology that promises to increase the relevance of advertising IF it does so in a privacy neutral way. Of course, that’s a big IF. In the context of the Internet, behavioral targeting is generally conducted in a way that is privacy safe. The online folks have learned from the sins of the past, and (thanks to my friend Trevor Hughes and the NAI) have developed a set of principles and best practice standards for online profiling. As I think about using behavioral targeting in the context of cable and network television, a few questions come to mind. For example, how will the cable companies notify their subscribers about this type of program? Will TV viewers have the ability to opt-out from this type of profiling? How is this information stored? Will viewing habits be combined in some way with other offline demographic information – for example, the billing address of the cable subscriber? If a cable subscriber also subscribers to the cable companies’ ISP and phone service, will any of that information be used to augment the targeting database? Ad relevance is wonderful, but if these questions are not adequately addressed on the front end, the burgeoning set-top behavioral industry will be set back several years via consumer backlash, advocacy and perhaps new legislation. This type of targeting was not really envisioned by the drafters of Cable Television Consumer Protection and Competition Act of 1992. In many respects, set-top box behavioral targeting is similar to online behavioral targeting, and will need to address many of the same issues. I’d like the see the NAI Principles expanded to incorporate this and other new vehicles for behavioral targeting. Thursday, June 30, 2005 Grokster:
Get Over It Mediapost - June 30,
2005 BY NOW, EVERYONE IN THE industry knows that the United States Supreme Court ruled earlier this week that file-sharing services could be held liable for copyright infringement by consumers using their services. This is big. It means that companies can no longer operate such services without assuming some liability for how they are used. Many in our industry are disappointed by the decision, concerned that holding the creators of technology liable for any one of a myriad of uses will discourage innovation. The Chapell View I have a tremendous amount of respect for Dave Morgan and Tacoda – sharp guy, great company. Dave revealed a number of his personal and professional biases – except for one. I dunno, maybe he thought it was too obvious to bother mentioning. Tacoda is in direct competition with many of the Adware companies that bundle their software alongside file sharing programs. In other words, the Tacoda network is in many instances vying for the same ad dollars as the Adware companies. And this competition is only going to intensify if/when other Adware players move towards Behaviorlink (behavioral network) type networks. To the extent that Adware company distribution efforts are hurt by the Grokster decision, Tacoda may enjoy a relatively better position in the marketplace. I’m not here to take Dave to task for this – just to make a larger point. One of the most interesting and exciting aspects about the whole Adware / online profiling / behavioral targeting debate is that each group is morally convinced that they are in the right. And it just so happens, that their definition of what’s right seems to line up in near-perfect symmetry with the business goals of their respective companies. Perhaps this is why our friends at Microsoft can simultaneously (and with a straight face, I might add) offer THAT operating system, develop an anti-spyware software program AND contemplate the purchase of Claria. (As an aside, I can remember an episode of the old Batman TV series where the Penguin poisoned the water supply and then tried to charge people for the antidote. Talk about reality imitating art – of course, that assumes you define the Batman series as “art.”)
Thomas Jefferson believed that factions were a good thing for society because they diffused the power of the elite. I wonder if this is what he had in mind? (: And just for the record - I have and continue to work with some of Tacoda’s competitors, including some in the Adware space. Tuesday, June 28, 2005 Equifax
CEO says no easy answers for identity theft MercuryNews - June 28, 2005 The public's fear of identity theft has led to big profits for Atlanta-based credit-reporting agency Equifax Inc., but the company's outgoing CEO said Monday that he worries whether concerns over data security could eventually stifle consumer spending. "It's an epidemic that worries me to death," said Thomas Chapman, chairman and CEO of Equifax, one of the nation's top three credit-reporting companies, following a speech to about 50 people in attendance at the Commonwealth Club of California, a public affairs forum. The Chapell View Daddy, where does ID theft come from? I’ve read many articles that outline the connection between ID theft and Spyware, keystroke logging, and other nefarious creatures of the online universe. I’ve also read about the 100 million consumer records that have been breached over the past nine months, and their connection to ID theft. I ALSO looked at the study conducted earlier this year by BBBOnline, which indicated that most ID theft was perpetrated by people who know the victim. My question – does anyone know what the leading cause of ID theft is? Seems to me, that if we want to know how to stop it (or at least do a better job of protecting ourselves from it) we should have a more complete answer to that question. Friday, June 24, 2005 Only YOU Can Prevent
… Privacy Concerns?
iMediaConnection - June 23, 2005 A Chapell Article At OMMA-West in The only trouble is -- we’re not there yet. Thursday, June 23, 2005 Pentagon
Creating Student Database The Defense Department began working yesterday with a private marketing firm to create a database of high school students ages 16 to 18 and all college students to help the military identify potential recruits in a time of dwindling enlistment in some branches. The program is provoking a furor among privacy advocates. The new database will include personal information including birth dates, Social Security numbers, e-mail addresses, grade-point averages, ethnicity and what subjects the students are studying. The Chapell View As the U.S. Government increasingly turns to the private sector as a means to circumvent the spirit of the Privacy Act, it’s difficult to avoid feeling somewhat helpless. While I recognize that the cultural and political pendulum swings to the far right these days, I’d like to think that much of the progress made during the 1960’s & early 70’s isn’t going vanish in the proverbial haze of post 9-11 America. But little by little, our nation is heading towards a type of surveillance society that was unimaginable even ten years ago. Tuesday, June 21, 2005 Gov't
Collected Data on Airline Passengers
NY Times June 22, 2005 Air travelers who have been concerned about the
government collecting their personal information from airlines now have a
second source to worry about: commercial data aggregators. The federal agency
in charge of aviation security revealed that it bought and is storing
commercial data about some passengers -- even though officials said they
wouldn't do it and Congress told them not to. The Transportation Security
Administration is testing a terrorist screening program called Secure Flight
that uses information about The Chapell View Congress needs to completely deconstruct the TSA – and I mean completely. Take apart the TSA office buildings a la the Abu Grave prison. Salt the earth like the Ancient Greeks used to do. Let’s just take a mulligan on this one – and start over. Adding to their list of questionable decisions, the TSA has engaged data aggregators to help… Ahh yes, the data aggregators. The same group that
disenfranchised votes in Anyway - I have a brand spankin new data aggregator story for you. Bear with me – I going somewhere with this. A friend of mine works at a large Ivy League Medical Research lab. Her office engaged one of the data aggregators to compile updated information on study subjects. (Ensuring HIPAA compliance, of course.) As you probably know, some of the large data aggregators have recently undergone some significant changes to their methods and procedures in light of the ChoicePoint scandal. About a year ago, ChoicePoint was bamboozled by a group of Nigerian credit card scammers. The scoundrels (the Nigerians, not Choicepoint) had posed as legitimate businesses in order to obtain access to ChoicePoints’ data products. In order to ensure that their company doesn’t succumb to a similar fate, the data aggregator put the Ivy League Research Lab through three months of hoops – requesting copies of the university’s charter, photos of the building, etc. – in order to ascertain that the university is, in fact, a legitimate entity. Seems like a bit much for me given that the University is pretty much a household name, but whatever – rules are rules. And ensuring privacy is a priority, right? Once satisfied, the data aggregator accepts the University’s data file, and begins work. After a few weeks, the data aggregator returns a file that “they’re pretty sure was encrypted.” Again – great idea – ensuring privacy is a priority, right? Unfortunately, the data company must have done too good a job encrypting the data, as it was completely unreadable to the University staff. When the University complained, the data company sent over another file to the University. The good news is that the file was completely readable. The bad news is that it was the wrong file. The new file included some other company’s data – including names, addresses, phone #, and private health information. By now you’re probably wondering – is there a point to this story? I have two: 1. All the planning and due diligence in the world can sometime be undone by one careless mistake. 2. Data is becoming more burdensome to obtain. And it will only get more bureaucratic as additional privacy legislation is ushered in. Friday, June 17, 2005 Marketers
Seek To Make Cookies More Palatable WSJ – June 17, 2005 Online marketers are scrambling to protect one of the key tools of their trade: the cookie. Faced with reports showing that more and more computer users regularly delete the tracking files automatically downloaded by Web browsers, marketers and Web site publishers are launching a "cookies can be good for you" campaign. They argue that cookies -- small files that Web sites use to identify users and to serve up targeted ads -- don't deserve their bad reputation and shouldn't be lumped together with such Web scourges as spyware and viruses. "There is a culture of fear in the marketplace" when it comes to consumer attitudes toward cookies, says Nick Nyhan, president of New York-based Dynamic Logic Inc., which uses cookies to measure the impact of online ads for companies such as General Motors Corp., PepsiCo Inc. and Yahoo Inc. "The industry needs to respond to that fear." The Chapell View I’m a big fan of SafeCount, and absolutely support their mission. On a side note, I am extremely concerned about the use of Flash technology to “replicate” the tracking functionality. Using flash to track consumer movements is a bad idea: 1. Consumers are already concerned about having their online movements tracked. 2. Cookies can be removed, while it’s unclear how do disable the Flash functionality. In fact, I’m not even sure that Macromedia places the flash program in the add/remove. 3. The average Internet user would have no idea that Flash was being used to track their movements. 4. This would seem contrary to the mission of SafeCount, which seeks to reach out and educate consumers. 5. We’re playing into the hands of the anti-spyware companies, who will eventually be able to detect the presence of the flash technology (if they can’t already) and remove it from consumer desktops. I’ve heard members of the advocacy community refer to cookies as Spyware. I don’t agree with that characterization. Having said that, if your organization begins to use Flash (or any other downloadable program) to track consumers, and you don’t tell them about it, and there’s no reliable way of removing the program from the desktop --- don’t know about you, but that’s starting to sound a lot like Spyware to me. What
Will Erode Confidence in Online Next? Try Click Fraud MediaPost.com –
June 17, 2005 Let's see now...consumers are so dismayed and frustrated with how online marketers track them around the internet, they download programs to sweep their hard drives of any programs they're unfamiliar with, including the harmless cookies that we use to quantify our campaigns, and their results. That's bad enough - but the real darling of interactive for the past two years has been Search, of course. And Search is quantified on clicks - not cookies. Search - or SEM, more precisely - has been responsible for the lion's share of the increase in online ad spending during the past two years, no matter how you slice it. The Chapell View Pure, Darwinian market forces are achieving less than stellar results. We as an industry need to do a better job of self-regulating the markets that we’ve created. More on this in the very near future. Wednesday, June 15, 2005 Senate Takes
up Data Security Law InternetNews.com
– June 15, 2005 With growing evidence that Americans want new data privacy laws, the U.S. Senate opens a series of hearing today on legislative solutions to data breaches and identity theft. Thursday's full Senate Commerce Committee hearing will not specifically address any of the several bills introduced in the 109th Congress, which combat identity theft and force data brokers to disclose breaches of personal information to consumers. The Chapell View Not much new information here. Consumers are drawing a connection between ID theft and Internet usage – and in some cases are curtailing their use of the Internet as a result. While Spyware and online scams certainly have played a part in ID theft, most of the ID theft cases of any significance over the past six months are a result of offline data breaches. The Choicepoint scandal had nothing to do with the Internet – neither did the recent MasterCard data breach. Monday, June 13, 2005 Cash-Strapped
Airlines Try In-Flight Advertising MSNBC – June 7, 2005 On a recent Alaska Airlines flight, passengers
were told to remain buckled and seated for the last 30 minutes before landing
at The Chapell View Sooner or later, I’m going to be on one of these airplanes. I’ll be heading out to make some big presentation – which, by the way, I won’t have even begun writing until I get onto the plane. I’ll feel particularly lucky as the infant in the seat behind me has fallen back to sleep. And then just as the plane reaches the 20,000 feet mark and the captain has OK’d the use of my laptop, I’ll hear some voice come over the PA – telling me about the wonderful new “mile-high” card from Visa. And I won’t be able to silence the voice. That DAMN voice. Hitting the “stewardess service” button above won’t make it stop…. AAAARRGGGGG! When are advertisers going to stop focusing on intrusion, and start focusing on relevance? Thursday, June 9, 2005 Symantec
Sues Hotbar.com in Adware Case MSNBC – June 7, 2005 Symantec Corp., which makes Internet security
software, on Tuesday said it filed a lawsuit against an Internet company
Hotbar.com to seek the right to label some of its program files as adware.
The company said it is not seeking monetary damages as part of the lawsuit
filed in U.S. District Court in The Chapell View Is this a case of man bites dog – or dog bites man? The Scarlet “A” --- “Adware” is now so politically charged that companies are actually taking legal measures to avoid having the term applied to their company. Any way you look at it, the term “adware” is not meaningfully different than “spyware” – and certainly not in the mind of the consumer. Tuesday, June 7, 2005 Citi
notifies 3.9 million customers of lost data MSNBC – June 7, 2005 CitiFinancial, the consumer finance division of
Citigroup Inc., said Monday it has begun notifying some 3.9 million The Chapell View I shudder every time another data breach is
announced. It seems like we hear about another one almost every week. And it
occurs to me that the NUMBER of breaches has not changed, just the DUTY to
disclose. I wonder how many of these breaches have occurred over the past
five years? And how many people’s lives have been ruined by ID theft as a
result of a breach. Ironically, up until now, Citicorp has done a
pretty good job using privacy as a marketing tool. Will claims that Citicorp
is a privacy safe organization continue to resonate with consumers after this
incident? We’ll see. Btw, offering three months of credit protection
is an insult to customer intelligence. Monday, June 6, 2005 Phishers
get smarter ZDNET Phishing attacks are getting harder to spot as cybercriminals become increasingly skilled at disguising their fraudulent Web sites. Phishers are becoming increasingly sophisticated in their attempts to grab user names, passwords and other personal data from users of commercial websites, according to latest industry research. April's report from the Anti-Phishing Working Group, published on Monday, indicates an 11 percent drop in the number of reported attacks using simple IP address domains. The overall number of reports continued their upward trend to reach 14,441 for the month, said the APWG, which compiles its report with the help of WebSense. The Chapell View Given that the number of phishing emails has reached epic proportions, I am amazed when I receive (or hear of) traditional, legit brands who still send their customers email messages asking them to update their address and/or account information. C’mon folks, consumers are already confused enough. Let’s not muddy the waters further by imitating the bad guys! Tuesday, May 31, 2005 I.B.M.
Software Aims to Provide Security Without Sacrificing Privacy NYTimes –
May 24, 2005 International Business Machines is introducing
software today that is intended to let companies share and compare
information with other companies or government agencies without identifying
the people connected to it. Security specialists familiar with the technology
say that, if truly effective, it could help tackle many security and privacy
problems in handling personal information in fields like health care,
financial services and national security. "There is real promise
here," said Fred H. Cate, director of the Center for Applied
Cybersecurity Research at The technology for anonymous data-matching has been under development by S.R.D. (Systems Research and Development), a start-up company that I.B.M. acquired this year. The Chapell View Hurrah for Big Blue!!! While I recognize that
this technology is still in development, I like what I see so far. Any time
you can enhance an organization’s (in this case Government) use of data while
simultaneously decreasing the risk to privacy rights, you’ve got a win/win. Monday, May 30, 2005 After
theft, Bank of America tightens online security InfoWorld – May 26, 2005 Just days after confirming that information on
about 60,000 of its customers had been stolen by an identity-theft ring, Bank
of America on Thursday announced plans to tighten security for its online
banking customers. Beginning next month, the The Chapell View I like the SiteKey program – a lot!!! To date,
Citicorp is one of the few banks to actively use privacy and security as
differentiators. I hope that Bank of America will use this program as a way
to set their company apart from the competition. I do see one problem with SiteKey, however. And
this is a similar problem faced by almost all security and authentication
programs. Users tend to have trouble remembering their passwords. There’s an
inherent difficult when setting up a password or challenge response answer.
You want to make it complex enough so that the bad guys don’t get a hold of
it, but not so complex that you can remember it. And it would be bad enough
if you only had to remember one or two passwords, but many of us have dozens
of different passwords to remember. I, for example, have a separate password
for: ·
My Computer ·
My Hotmail Account ·
My Yahoo Account ·
My Gmail Account ·
The ChapellAssociates.com Server. ·
My Business Online Banking Account ·
My Personal Online Banking Account ·
My ATM Pin ·
The UID and Password to access my Blackberry. ·
Half of the web sites that I visit regularly… And that’s just off the top of my head. My point being, that in order for me to be smart
about my security, I would need to remember a dozen different passwords.
Given that I can just about remember my own bank account number, that’s a
difficult task. Someone in the technology world needs to come up
with a better method of authentication.
Friday, May 27, 2005 Assigning
a Value to E-Mail Addresses E-mail addresses have a shelf life. Nearly a third of them go bad every year. Some e-mail addresses are gold, others are duds, and some only behave the way you want them to at particular times of year. What's a marketer to do? First, you must understand the customers and prospects these addresses represent. Analyze customer spending, behavior, and the acquisition source. Though most marketers associate an e-mail address to an individual, far fewer associate a value with that e-mail address. A Jupiter Research report I wrote last year finds 71 percent of e-mail marketers surveyed didn't associate a value to their e-mail addresses. The Chapell View A nice piece by Dave Daniels of Jupiter. It’s too
bad that so many companies aren’t willing to put the extra work into their
email campaigns. Here’s what I don’t get about email marketing.
And for the purposes of this rant, I’m talking primarily about companies that
use email to move merchandise (as opposed to companies that use it for
branding, to drive traffic, Etc.) Nearly two years ago, just about everyone
using email as a marketing tool was in a near panic as the specter of But that was then… And once marketers became comfortable with the
relatively toothless Can-Spam Law, many seem to have reverted back to their
old ways. Do you need some additional revenue to meet your quarterly number?
Blast out another email. Is your company seeing declining response rates? No
worries, simply sharpen your pencil and offer deeper discounts. It’s a shame,
really. Thursday, May 26, 2005 A
Matter Of Public Record Betty (but call her BJ) Ostergren, a feisty
56-year-old from just north of The Chapell View A good article by Jonathan Krim. Ms. Ostergren is part of a legion of independent stalwart privacy advocates. More and more regular folks are increasingly frustrated by the amount of privacy, personal data that is publicly available. And they are “taking it” to our elected officials any way that they can. Part of the problem is that we as a society still don’t fully understand the ramifications of placing large amounts of data into databases. The other part of the problem is that proposing the painstaking task of having each municipality scrub their records and remove sensitive information isn’t going to propel any politician up the next rung of the political ladder. It’s much sexier to address consumer nuisance issues such spyware and spam. I find it unlikely that the victims of identity theft care much about the specific source – be it spyware or a title search they conducted twenty years ago. Tuesday, May 24, 2005 Friendster
is no friend of privacy Q Daily News – May 20, 2005 Wow, Friendster just violated their own Privacy Policy and gave my email address out to a third party for use in administering a survey. How do I know it was them? Here’s the story. At 4PM today, I received an email asking me to participate in an online survey about online social networks. Since it was about a topic other than penis pills, breast enlargement, poker, and child porn, the email immediately seemed different than the normal spam that slips through my filters, so I opened it to see what it was all about. It was sent to the unique email address I used ages ago to sign up for Friendster, so by that measure, it was clear that this wasn’t just a blanket spam that happened to land in the inbox of someone who actually has used a social network site. Interested in how the third party (Q&A Research) had obtained the email address, I went to the survey website to see if I could find a way to call and ask; not finding any such contact information, I checked the company’s WHOIS record, and called the listed number. The Chapell View I usually don’t post other blog postings unless I know and trust the poster. In this case, I don’t know Jason from Q Daily News, so I can’t make any representations about the accuracy of his posting. Having said that, I thought it was an interesting read nonetheless. User generated Content (UCG) continues to proliferate. Some of it is insightful – some of it is crap. Business will increasingly need to deal with UCG, although many companies are choosing to ignore UCG for the most part. I think that’s a mistake, because there is a good deal of information that can be minded from UCG. The key is figuring out a way to sort through all the clutter in order to find information that is useful. And that can be like finding the proverbial needle in a haystack. Case in point – I spend a certain amount of time each day sorting through various anti-spyware blogs. Some of them are right on the money, while others are confused, convoluted rants from people who could barely operate a cash register let alone run a business. But if I want to get to the good stuff, I need to wade through the bad. I wonder if someone couldn’t figure out a way to automate this process? This posting also gets me to revisit a previous rant regarding the privacy policy of an online travel website. Back when I first blogged on this subject, I was reluctant to mention the websites’ name. I figured that with a little bit of patience, that I’d be able to convince the company to do the right thing. Well, it’s been well over a month, and I haven’t gotten anywhere with these people. In case you were wondering the site is www.Hotels.com, a wholly-owned subsidiary of IAC/InterActiveCorp. Anyway, here’s the story… As a result of a purchase I made on this Hotels.com, I was somehow enrolled in a “Travel Rewards” program from one of their affiliates. Now I have ZERO recollection of signing up for this program, and but for the $10 charges to my credit card, I would not have even known that I was enrolled. When I confirmed that I’d been enrolled as a result of a purchase I’d made on the Hotels.com, I decided to end my relationship with Hotels.com. Here’s where the fun started… I sent an email to Hotels.com’s Customer Service group – asking them to remove all my personal information from their records. One would figure that this isn’t a very big deal as their web site privacy policy states: “If a visitor’s personally identifiable information (for example, their zip code, phone, email or postal address) changes or if a user no longer desires our service, we provide a way to correct, update or delete/deactivate visitor’s personally identifiable information.” (I paraphrased this to protect the company)
Well, I’m on my TENTH email requesting that they remove all my info, and here are the responses I’ve been getting from their CS group. · “Thank you for your reply. We can remove your e-mail address from our system so that you will not receive anymore offers. However, we are unable to remove your account from our site. Once you have registered with our services the account always remain active.” · “Please be advised your email address has been deleted from our newsletter.” · “Due to security reasons, we do not hold your personal & confidential information.” · “Please be advised if you have made a reservation or submitted information to us, this information will remain. This is not to be deleted, nor is your confidental information given out.” I’ve also called a number of times, and was assured that they would have my information removed. Finally, I asked them repeatedly to have their general counsel contact me. The CS person finally agreed, indicated that someone from their legal team would contact me. That was at least two weeks ago. If you are a reporter and are looking for a good story, here it is. I am happy to provide any information you’d like. And needless to say, I will NEVER patronize Hotels.com again! Thursday, May 19, 2005 Personal
Data for the Taking NYTimes.com – May 18, 2005 Senator Ted Stevens wanted to know just how much
the Internet had turned private lives into open books. So the senator, a
Republican from The Chapell View A few years ago, while working for email marketing Yesmail/ClickAction, I was given the tour of parent company infoUSA’s data facilities. They walked us through the process of aggregating all the data. Most of the basic data they have is obtained and updated via public sources. First, I’ve got to award a gold start to whomever at infoUSA devised the M&P’s for obtaining the data. Mussolini could not have been so well organized, or thorough, in his approach. It’s like watching a scene from Willie Wonka. Hundreds of employees doing painstaking work which in and of itself seems irrelevant to the task at hand. But once all the work has been done, and all the data has been accounted for, the end product is like magic. The trouble with magic (as I well remember from
many a childhood storybook) is that it can be used for good or for evil.
Similarly, large databases of information are by definition agnostic. They
can be used to help to enrich lives – and if used irresponsibly, can
literally ruin lives. Wednesday, May 18, 2005 Store's Floor
Model Computer Loaded With Woman's Personal Info TheDenverChannel.com – May 7, 2005 Imagine receiving a phone call from a stranger who
knew your most private thoughts, knew what you looked like, knew your Social
Security number, and even knew how much you make and where you work. That
happened to a The Chapell View Companies are just plain weird when it comes to data. Perhaps its because data is not a tangible thing like a book, or a car, or a cheeseburger. But common sense seems to go out the window when it comes to data. Case in point - I could certainly see how a
teenaged I realize that we don’t have all the facts yet, but nonetheless… OIY! This seems like a situation that could have been completely resolved with a sincere apology and a gift certificate. Now its going to cost a lot more… Tuesday, May 17, 2005 Protect
passwords? Not if latte is free MercuryNews.com – May 6, 2005 Would you give up your computer passwords for a Starbucks latte? “imasexyguy'” did. So did “raiderfan.'” The football fanatic even gave it to a radio reporter -- to put on the air. And then he told the interviewer he still wasn't going to change it. In a marketing stunt designed to shine a light on sloppy personal cybersecurity, VeriSign on Thursday offered passersby in downtown San Francisco $3 coffee coupons if they would reveal their passwords to survey-takers. Two-thirds of the 272 respondents turned over their passwords without flinching. The rain and then a BART bomb scare seemed more problematic. A few who said they simply would give a made-up password were dropped from the results, though they did get free coffee. And with a little coaxing, 70 percent of those who said ``no way'' gave up significant hints, like wife's name, anniversary date and the ever popular pet's name. The Chapell View OK. Before I even get to the article, I’ve gotta comment on the MercuryNews’ registration process. Holy smoke, people. Two full pages of offers to cull through and then I get a series of pop-overs. It’s their web site, and they can do whatever they want, but I’m unlikely to visit that site again soon… When making the exchange between free content and advertising, its very difficult sometimes to find the right balance. Mercury’s gone over the line, at least according to this cowboy. Anyway, this is all a bit ironic given the topic of the article. One of the challenges that privacy professionals consistently come up against is that consumers generally don’t take responsibility for ensuring the safety of their own personal information. Consumers will give up whatever they have to in order to get WHAT they want WHEN they want it. How do you help someone who won’t help themselves? How seriously can you take the concerns of someone who doesn’t want pop-up ads, but doesn’t bother reading the EULA before downloading the P2P software? Trouble is… privacy professionals (and marketers and publishers for that matter) don’t have the luxury of not taking consumer concerns seriously. So what do we do? Should we gradually continue to push the envelope on privacy and hope that consumers (and lawmakers) will simply continue to grumble and not take real action? Or do we push forward trying to broker deals on industry best practices for privacy? I genuinely believe that the latter is the best course. But I have to admit – when I hear of stories such as “coffee for your password,” it makes me wonder… One other comment – What is the nexus of most ID theft crimes - unguarded computer passwords or data aggregators with insufficient privacy and security procedures? Wednesday, May 11, 2005 Police keep an eye on city NY Times – May 5, 2005 Allison Davis, who lives in the suburbs and works
downtown, was strolling past Lexington Market on her lunch break yesterday
when she first noticed the small glass orb mounted on the side of a building.
"I don't think it is such a bad thing in this area," Mrs. Davis,
27, said of the police surveillance camera, one of 43 that The Chapell View I find it interesting that the cameras were
purchased with “homeland security” funds. If God forbid a terrorist unleashes
a dirty bomb on the West side of Monday, May 9, 2005 Cookie Saga: Consumer
Education Needed iMediaConnection.com – May 9, 2005 – A Chapell Article Mark Twain once quipped, “Rumors of my death have been greatly exaggerated.” I can only wonder what he’d have to say about our industry’s recent dialog around cookies. My former colleagues at Jupiter are no doubt pretty happy to have their numbers vindicated, after a good deal of skepticism was leveled against their report from many -- including me. Of course, which research methodology was right is ultimately far less important than the action items that each of us can take away from the research as a whole. And I think there are still a few things we can draw from the recent body of research on cookies. Friday, May 6, 2005 Warnings That Madison Avenue Needs to Be Nimble About Changing NY Times – May 5, 2005 The Chapell View It’s very encouraging that senior advertising professionals are addressing issues of ad clutter and consumer burn-out. Many of us in the privacy space have been thinking about these issues for some time. In fact, this is an area where the privacy folks could really be an asset to advertisers. I’m working on a White Paper with the Ponemon RIM council which should address some of these issues. Think about how much trouble the Entertainment industry is in right now – in part because they stopped listening to their customers, and their customers eventually cast them aside. Look for an article from my colleague Isaac Scarborough. The article will compare various ways that consumers have veered away from “legitimate” (read traditional) media consumption – from P2P file sharing to ad-blocking technologies. Thursday, May 5, 2005 Intermix is just the start - Commentary: Ramifications of adware suit are broad Marketwatch – May 3, 2005 As I stepped ashore on the The Chapell View Overall, this is one of the best written articles on the relationship between advertisers and some of the more nefarious elements in the online universe. A few items of note: · Size of the Adware Market - I wouldn’t take Webroots #’s too seriously. The anti-spyware software company recently released a report indicating that revenues for adware companies was $2 billion per year, which is over 20% of the total online advertising market. If you were to ad up the adware revenues of six of the largest adware firms - Claria, WhenU, Direct-Revenue, 180 Solutions, Ask Jeeves and eXact Advertising – I don’t know that you’d reach $500 million. Moreover, I participated in the CNET Spyware event yesterday, and David Moll of Webroot wasn’t able to effectively back up his $2 billion number – and NONE of the other software firms on his panel were willing to estimate the adware market to be higher than $800 million…. I wonder if it might be in their interest to create a perception that the adware problem is larger than it actually is? · Eyes wide shut – no more! – The real takeaway with this study is that it is imperative for any online advertiser to have firm understanding and control of their data, distribution and/or advertising partners. This includes; vetting your partners, establishing contractual accountabilities, and requiring audit rights. I’ve already penned some steps that advertisers should take when selecting an adware partner. Bottom line - it’s crucial for advertisers to have a firm grasp of the data governance issues. · Eyes wide open – I’ve spoken with several companies in the online space over the past week. There’s a level of concern that I haven’t seen since late 2003 when it looked like that CA Spam bill was going to pass without Federal Pre-emption. Wednesday, May 4, 2005 Patients Not Notified That Their Health Records Were Stolen CNET - April 26, 2005 Detailed health records of more than 1,600 The Chapell View When there is a data breach that potentially puts at risk hundreds of people's information, I think it's incredibly irresponsible for those entrusted with the information to sit on their hands. People's lives are being absolutely ruined by ID theft. I think there’s a larger “trust” issue at stake here. I am shocked that anyone would be enrolled in a public health study without their consent – regardless of the altruistic nature of the research. But since I don’t know much about the medical research world, I figured I’d ask an expert. Fortunately, my brother Rich has a PHD in Pharmacology (I don’t know what the heck that means either) and works as an analyst at a medical research firm. And he’s smart as a whip. Here’s what Rich had to say… “I'm amazed that they were able to collect and
share this information without the knowledge or consent of the participants.
The article mentioned that there is no state law against it, but it violates
the declaration of · ‘It is the duty of the physician in medical research to protect the life, health, privacy and dignity of the human subject.’ · ‘The subjects must be volunteers and informed participants in the research project.’ · ‘Every precaution must be taken to respect the privacy of the subject, the confidentiality of the patient's information, and to minimize the impact of the study on the subject's physical and mental integrity and on the personality of the subject.’ According to the Helsinki Principles, not only should the patients, or their parents, have been informed of the study and given the option to refuse to participate, but they should also have been informed that the data was stolen. That's part of that pesky "privacy and dignity" thing.” Thanks Rich! I believe there may also be some Federal Privacy Issues at play here. I’m certainly no expert in HIPAA, but I believe that medical institutions are required to provide notice and obtain consent from patients prior to using their information for medical research. However, there may be an exemption for the CDT. And according to the news story, both federal and state laws allow CDC to survey health records without notice to patients. So let’s assume that there’s no legal requirement to obtain consent here. Regardless of the legal and ethical requirements, it is just plain stupid to fail to notify the victims of a data breach. Why? · Because word of the data breach inevitably gets out into the public domain. · Because people will be less likely to hand over their data once they’ve been screwed. · Because law and policy makers tend to look at these types of scenarios when weighing the need for an additional regulatory framework. · Because eventually, it become more difficult to conduct important medical research as a result. Talk about soiling your own food dish… Monday, May 2, 2005 Pick your battles with Internet privacy CNET - April 26, 2005 The recent flurry of hype over ZabaSearch got me thinking about privacy. For those who didn't have the pleasure of receiving a frantic e-mail from a friend about it, ZabaSearch is a search engine for personal information. Folks across the Internet were shocked to find that not only their current addresses and phone numbers but even information from the past several years came up in ZabaSearch. Even unlisted numbers appeared. I received several e-mail messages with the Internet equivalents of gasps and expressions of horror attached. The truth is that ZabaSearch is no evil Big Brother. It's a search aggregator, and a rather efficient one at that. All the information in its database can be found elsewhere on the Web. Its crime, if any, was making personal information supereasy to find. The Chapell View Interesting article by Tom Merritt over at CNET. I don’t want to come down on ZabaSearch. They certainly aren’t the only company out there that’s taking publicly available data and aggregating it into a useful tool. In fact, I agree with Tom and give the company kudos for capitalizing on ‘newsworthiness’ of privacy issues to land some free press coverage. There’s one point that seems lost on Tom, as well as many others who cover privacy. We as a society have not come to terms with the impact of large scale data aggregation. So while I’ll concede that ZabaSearch isn’t doing anything illegal or inherently evil by aggregating publicly available data, its important to note that the sum of that data is inherently much more powerful than the individual parts. In other words, large scale data aggregation is in and of itself a potentially dangerous thing. I’m not saying that it should it should be illegal to aggregate data, but I do think that more thought needs to go into the implications of collecting, storing and using large databases. I’ve often drawn an analogy from the world of science. A few atoms of hydrogen are completely harmless. However, if you put enough of them together, you’ve got something that is extremely powerful – and a potential weapon of mass destruction. If you don’t subscribe to my analogy, I offer the following question. How many people’s credit (and potentially their lives) was ruined by the data breaches of the past six months alone? With large databases goes large responsibility. Thursday, April 28, 2005 Whoa,
Canada: SSN Request Doesn't Add Up The Chapell View I guess the lesson here is – DON’T ask for more information than you really need or you risk having your customers take their business across the street. Or in this case, across the border. Its amazing how challenging it can be to get good privacy practices filtered down through an organization. My good friend Mike Spinney, who runs a media relations firm called Six Weight, conducted an informal survey last year. Mike called up the customer service #’s for a number of major retailers, and asked them to explain something from their privacy policy. Almost half of the time, Mike was given incomplete or incorrect information. On a similar note, I’ve been having a go-round with a large travel web site. As a result of a purchase I made on this site, I was somehow enrolled in a “Travel Rewards” program from one of the web site’s affiliates. Now I have ZERO recollection of signing up for this program, and but for the $10 charges to my credit card, I would not have even known that I was enrolled. When I confirmed that I’d been enrolled as a result of a purchase I’d made on the travel web site, I decided to end my relationship with the travel web site. Here’s where the fun started… I sent an email to the travel web site’s CS group – asking them to remove all my personal information from their records. One would figure that this isn’t a very big deal as their web site privacy policy states: “If a visitor’s personally identifiable information (for example, their zip code, phone, email or postal address) changes or if a user no longer desires our service, we provide a way to correct, update or delete/deactivate visitor’s personally identifiable information.” (I paraphrased this to protect the company) Well, I’m on my SIXTH email requesting that they remove all my info, and here are the responses I’ve been getting from their CS group. · “Thank you for your reply. We can remove your e-mail address from our system so that you will not receive anymore offers. However, we are unable to remove your account from our site. Once you have registered with our services the account always remain active.” · “Please be advised your email address has been deleted from our newsletter.” · “Due to security reasons, we do not hold your personal & confidential information.” · “Please be advised if you have made a reservation or submitted information to us, this information will remain. This is not to be deleted, nor is your confidental information given out.” As a consumer, this is beyond frustrating. Btw, this is not some tiny website – it is a nationally advertised site owned by a fairly large company. Perhaps its time to involve their seal program… Wednesday, April 27, 2005 Experts Call Spy Agency Practice an Eye-Opener LA Times - April 25, 2005 The National Security Agency, which eavesdrops on electronic communications around the world, receives thousands of requests each year from U.S. government officials seeking the names of Americans who show up in intercepted calls or e-mails — and complies in the vast majority of cases without challenging the basis for the requests, current and former intelligence officials said. The volume of requests and the NSA's almost reflexive practice of disclosing Americans' identities — which under federal law are shielded unless there is a compelling intelligence reason for releasing a name — have come as a surprise even to some members of Congress and government officials deeply involved in intelligence matters.
The Chapell View A few weeks ago, at one of the data breach hearings on the Hill, several of the Committee members took turns examining the practices of Choicepoint and the other data aggregators. The Senators were appalled at what appeared to be a lack of institutional safeguards to protect consumer data. It was like watching the 1978 Yankees take on a Little League team – the data aggregators seemed so overmatched… If the NSA or any other agency is lacking in safeguards for protecting American’s from unreasonable Government intrusion – if the threshold for disclosing that data is so low as to make it merely a procedural speed bump, then we need a similar Congressional investigation. Most of the initial privacy legislation from the 1970’s was borne out of a recognition of the Government abuse during the 1950’s and 60’s. More and more, I get the sense that our Government has figured out ways to circumvent that legislation – either by contracting out to private sector data aggregators, or by minimizing internal check and balance procedures. Tuesday, April 26, 2005 Privacy Nuts, Chill Out Forbes - April 22, 2005 What attracted the attention was Internet search giant Google's announcement this week that it is experimenting with a new feature to keep track of previous searches conducted by its users. At least one self-anointed privacy advocate immediately started clucking that the optional feature--which is not even available on Google's main search page--"a bad idea." Another expressed concern about the government snooping on our Web searches. One really outraged person commented in a message board on Slashdot, "Just think what a modern day Hitler could do with access to everyone's Google searches." The Chapell View It’s kind of refreshing to have a different viewpoint on these pages – even if I don’t entirely agree with it. And I’ll ignore the references to privacy advocates as “nuts.” I’m a huge fan of gathering customer data to deliver relevant ads and enhance the customer experience. But I think you can get 99% of the benefits of relevance by only holding onto the data for a limited time. Gathering data and holding onto it in perpetuity presents too significant a risk to the consumer. I don’t think of Google as an inherently evil organization either. And I give the company credit for respecting consumer choice and making this an opt-in service. But I don’t think any of us can necessarily say what Google will ultimately do with the data they are collecting. And the company IS collecting loads of data – and storing it on their servers. And since much of that data will be tied to personally identifiable information, it is NOT a stretch to envision a person’s search history to be subpoenaed in a court proceeding, or by a Governmental agency. I personally think that Google is taking a huge responsibility by having that much data reside on their servers, but that’s a different rant. Google Personal-Search Tracker Raises Privacy Concerns Internet Week - April 21, 2005 Google Inc.'s new tracking tool that keeps a detailed history of a person's web search has raised privacy concerns among experts who complain that information collected can't be permanently deleted by the user.
The Chapell View Funny. If you changed the year of this story to 2004, and changed the company name, you’d have the same story with roughly the same concerns voiced from the advocacy community last year regarding Amazon’s A9.com search engine. I’m not sure how many people are actually using A9 at this point, but the company certainly hasn’t withered away and died from the controversy either. Having said all that, I do think that Pam Dixon and others in the advocacy community make some very valid points. Long term, it is a mistake for Google and A9 to be holding so much data on their servers. This is particularly troubling given that the data is tied to personally identifiable information. With large databases comes large responsibility – and perhaps even larger decisions down the road. When law enforcement officials and attorneys in civil cases begin to subpoena Google and A9 for some of this information – and trust me, they will – people are going to regret using search tracking tools. Do the companies want to be in this position? Think about Yahoo! email and their recent court
battle with the family of a soldier killed in There’s a world of information that can be mined from search queries. But if I were Google, I’d starting finding ways to leverage that data without storing it en masse. Perhaps they could figure out a way to keep the information on the consumer’s desktop via a cookie or in the registry. Maybe they could store the data, but only for a specified (read: short) period of time. Revenue
Science Launches Behavioral Targeting Network MediaPost - BEHAVIORAL TARGETING FIRM REVENUE SCIENCE announced Wednesday the release of its Audience Search behavioral targeting network, which has been live for about one month with three publisher partners. The Audience Search Network extends Revenue Science's existing business model, which is built on tracking consumers' behavior within a site and then serving ads within that same site. For the network, Revenue Science will pool together consumers who exhibit high-value behavior--such as showing an interest in purchasing a car or consumer electronics--regardless of which site Revenue Science first tracked them on, and then serving those consumers ads as they surf the Web.
The Chapell View The challenges faced by the behavioral targeting firms have less to do with privacy and more to do with scale. I like the concept of delivering more relevant ads in a privacy friendly way. But as a practical matter, when BT is limited to the confines of a single site or a small group of sites, the data pools, and in turn the ability to actually increase relevance of a meaningful number of ads is generally limited.
So I think this is a step in the right direction for Revenue Science. RS and the others in this space still need to figure out how to entice the high value publishers to participate AND share their most valuable audience data. Perhaps they can establish some sort of commission system, or some other way to entice the larger players to participate...
Time
to Buy a New Shirt, Dave Wired - Consumer retailers and manufacturers this week promised to help shoppers disable or discard the radio tags attached to their purchased items in coming years - if that's what shoppers really want. The companies are trying to appease consumer and privacy advocates, who worry that the data gathered from radio-frequency identification tags - item descriptions and unique ID codes - will be married with shoppers' personal data, making the tags into tracking devices for marketers, thieves and, possibly, the government.
The Chapell View It's pretty amazing to me that a significant segment of the RFID world continues to move ahead on individual tagging. If RFID advocates want to know how consumers feel about item level tagging and tracking, they need only look across the street at the scrutiny faced by the online profiling industry. If consumers are a bit skittish about online tracking, they are downright anxious about RFID. Knowing what sites you've visited is nothing compared to knowing the physical places you visit. And given that RFID codes are typically linked to credit card or other sensitive PII, the risk of ID theft is significantly higher.
I've been
saying this for a while, but the RFID industry needs to do two things:
A brief summary of today's top privacy-related stories can be found here.
Personal
Data Theft: It's Outrageous Business Week - It's long past the time to hold companies that collect personal info to higher legal standards when it comes to protecting that data. Americans seem to be concerned, but not outraged, by news in recent weeks that two big data collectors sold detailed personal information on nearly 500,000 people to buyers who had absolutely no business getting it. Maybe this is because we've become inured to the supposed inevitability of our personal data being available to anyone who looks hard enough.
The Chapell View Business Week's Stephen Wildstrom correctly points out the lack of outrage amongst consumers over recent data breaches. I'm not sure that consumers are engaged enough to be angry. If ID Theft doesn't impact someone directly, I'm not sure they care. Moreover, consumers tend to show their outrage in other, more subtle ways - such as tuning out advertising, and providing fake data when companies ask.
I agree that the data aggregators need to be regulated. I don't think that class actions are necessarily a long term solution.
Consumer's
Not Told of Security Breaches, Data Brokers Admit Executives of
two major data brokers acknowledged to a Senate panel yesterday that their
companies did not tell consumers about security breaches that occurred well
before recent incidents exposed more than 400,000 people to possible identity
theft. ChoicePoint Inc. and LexisNexis also suffered breaches before passage
of a
The Chapell View The position of the data aggregators (and frankly, the DMA) on this issue has been so badly discredited by now that it is barely worth mentioning. For those organizations to attempt to position what happened with Choicepoint and other data aggregators as simple cases of identity theft is absurd. Organizations such as Bank of America, who by comparison don't seem nearly as culpable, will be forced to pay for the sins of others in the industry.
What is worth mentioning, however, is Federal Trade Commission Chairman Deborah Platt Majoras' opinion that companies should only have the obligation to disclose the breach if they determine that ID theft will likely result from that breach. If such a discretionary provision is ultimately added to the eventual Federal breach disclosure act, if could create a loophole that might be so large as to swallow the law. Providing too much leeway to data aggregators was what got us into this mess in the first place, no?
Study: We're Getting Used
to the Taste of Spam CNET - Fewer people find spam as annoying or unpleasant as they did a year ago, according to a study by the Pew Internet and American Life Project. Currently, 67 percent of e-mail users say that spam interferes with their online experience, compared with 77 percent a year ago. People are also recovering their trust in e-mail, to a degree, with 53 percent of respondents saying spam has sapped their confidence in e-mail, down from 62 percent a year ago.
The Chapell View Seems like many of the prognostications around spam and the demise of email may have been overstated. Of course, just because email has not completely been blown to smithereens as a communications channel, that doesn't mean it hasn't been seriously crippled by spam and other non-consumer friendly applications. You can either interpret this as "consumer acceptance" or "continued decline of consumer engagement." Which interpretation proves to be closer to the truth may ultimately determine the future of data sharing, online profiling, and direct marketing in general.
Deal May Mean Shifting
Adware Model CNET - Adware company 180Solutions has quietly agreed to purchase CDT, one of its own distributors, in a deal that may foretell shifting business practices in a controversial corner of the Net advertising world. 180Solutions has been working over the past few months to overcome persistent criticism of its business model, including accusations that its distributors use security flaws in Microsoft Windows and misleading pop-up boxes online to trick people into downloading the software. By purchasing CDT, one of its largest distributors, 180Solutions says it's hoping to "clean up" its distribution channels.
The Chapell View I agree that 180 is executing a plan to separate themselves from their Spyware past, but I'm not convinced that this move much to do with that plan. There are certainly other ways to ensure that distribution partners are doing the right thing. 180 could have established a series of M&P's for their distributors. They could have contractually required distributors to adhere to best practices. They could have insisted upon audit rights. And although it may be easier to reign in a business partner if they are under your proverbial roof, there is no guarantee that CDT will adhere to best practices unless 180 makes a conscious effort to keep them under control. I think there may have been other reasons for this move, which are not entirely clear to me right now.
The Implications of
Cookie Cutting iMediaConnection - ThinkMetrics CEO Brandt Dainow writes in about Jupiter's recent cookie-deletion report: the news is both good and bad. Jupiter Research announced last month that 58 percent of users delete their cookies regularly, with 40 percent deleting them every month. This means that metrics relying on tracking visitors via cookies are not as reliable as people have believed. However, only 1 percent delete cookies set by the site itself - it is third - party cookies that people are deleting.
The Chapell View Brandt Dainow is
an extremely bright guy, but I don't think he gets it entirely right here.
Part of the issue may stem from the fact that he offers an EU perspective on
privacy - a perspective that has very different historical and cultural
underpinnings from the
Most of the research
that I've read and conducted focuses on the
I agree that
many consumers are deleting cookies via anti-spyware and/or anti-virus
software programs. However, I would seriously question whether or not
Our industry has not done a good job of educating and engaging consumers in a meaningful way when it comes to online profiling and cookies. Perhaps this has to do with our cultural underpinnings. Much of our culture was inherited from the "don't ask - don't tell" culture of the direct marketing world when it comes to consumer data. Until recently, the DM'ers have done well keeping their data collection initiatives below the radar of scrutiny. However, over the past few years, the lack of transparency and accountability have clearly begun taking their toll.
Perhaps many of us thought that the whole cookie debate had been put to rest years ago with the publication of the NAI's lauded principles for online profiling.
Our industry needs to act now. We need to educate consumers on the benefits of cookies. We need to convince them how profiling is safe. We need to assure them that we're not going to step over the line. And we need to do it pretty quickly.
I understand that Nick Nyhan and Cory Treffiletti are starting up an initiative to combat this and other issues in the online world. I wish them well.
Identity
Theft: The Next Corporate Liability Wave? Law.com - Your phone rings. It's Special Agent Bert Ranta. The FBI is investigating a crime ring involved in widespread identity theft. It has led to millions of dollars of credit card and loan losses for lenders, and havoc in the lives of the 10,000 victims. By identifying links between the victims, the FBI has discovered where the personal data appear to have come from: your company. The victims are some of your customers. Your mind begins to whirr. Are there other customers affected who haven't been identified yet? Is it a hacker or an inside job? Is your company also a victim here, or could it be on the wrong end of a class action lawsuit?
The Chapell View New legislation regulating corporate security of personal customer information is no longer a matter of if, but a matter of when. Responsibility for ensuring the safe stewardship of customer data needs to be placed squared on the shoulders of the company holding the personal information.
Company
files 'pay per click' ad lawsuit SiliconValley.com - A Texarkana
gift shop that advertises on the Internet has filed a lawsuit against America
Online, Google, Yahoo and other Web-centered companies alleging they
knowingly overcharged the shop and other companies for "pay per
click" advertising. Lane's Gifts and Collectibles says in a
The Chapell View The issue of click-fraud has been bubbling for a long time now. And advertisers are increasingly expecting Google and others to effectively police their affiliates and other business partners. Clearly, those expectations are not being met, so in response, here come the lawsuits.
This is one of those stories that actually transcends the specifics of the allegations. A similar story was published in today's Wall Street Journal....This is bad news for the online advertising world - we need to address this in a meaningful way before it begins to have a significant impact upon ad spending.
Patriot Act to be
scrutinized ZDNet - The tumultuous process of reviewing portions of the USA Patriot Act is about to begin. Sen. Arlen Specter, R-Penn., said Thursday that his Judiciary Committee will begin a series of three hearings starting April 5 to examine the 2001 law and consider which sections should be renewed before their Dec. 31 expiration date. Only some portions are set to automatically expire.
The Chapell View As we all know, the Patriot Act was enacted back in 2001, whilst many of us were swept up in the emotional aftermath of 9/11. We as a society (or at least our noble Legislators) made a decision to trade off some of our civil liberties in exchange for better security. I may not agree with it, but that's the value exchange that was debated back then. So while the Judiciary Committee is holding its hearings, I'd like to get a sense of the benefits that our society has reaped in exchange for giving up those liberties. Are we safer? How many terrorist plots have been averted as a result of Section 215 of the Patriot Act?
I'm all for debating the merits of the Patriot Act. But without some tangible evidence of the benefits of the Act, the debate should be short lived. We've spent the capital known as our civil liberties for over three years - time to show some ROI.
Frenzy Begins Over
Cookie Alternative ClickZ - An existing technology offering cookie-like functionality is gaining attention from publishers, marketers and others as a possible replacement for the ubiquitous, but potentially endangered, text files. The technology, based on Macromedia's Flash, is getting attention as awareness spreads of an apparent increase in user deletion of cookies. A Jupiter Research study recently found nearly 40 percent of Web users clear these text files from their machines on a regular basis. Because of the enormous consequences of cookie deletion for online marketing, analytics experts and ad technology vendors have since begun overtly addressing the potential of the "Flash cookie."
The Chapell View We can debate the severity of the cookie problem, but make no mistake - there IS a significant problem with cookies. Too many consumers don't like them, and they are uncomfortable with the notion of having their movements tracked online. And far too many consumers really don't understand cookies - how they work, and the benefits that they offer. With that in mind, I don't think the solution lay in developing a new kind of cookie-like tool. A device that consumers will ALSO not understand, and one they are unlikely to trust. AND one that many will certainly remove once they figure out how. At best, this is a short-term fix.
We in the online ad business need to figure out ways to address consumers in a meaningful way. Education is the answer.
The
Argument for P2P MediaPost - PEER-TO-PEER COMPUTING HAS BECOME THE coolest application in the Internet Age since the browser itself. It has made real what the Internet promises to do and how it will deliver on those promises. No one could have foreseen just how immensely popular these applications would become. Looking back, it seems almost awkwardly obvious. The recording industry, always late to the party with respect to new media (phonograph records from cylinders, records to tapes) were again tardy to the game of digital distribution of music. The movie industry, strangely enough, was also terribly clumsy about its attempts to deal with the digitization and decentralization of content distribution. But both industries seemed certain that as the 10,000-pound gorillas they could bide their time and the masses would wait.
The Chapell View Jim Meskauskas pens a nice outline of the P2P debate. If the Supreme Court rules against Grokster, it may have a temporary negative impact upon certain adware companies what bundle their ad clients with P2P software. However, over the long term, it will have a very minor impact upon file sharing. Many of the file sharing companies will likely move offshore, or find other ways of...err...dealing with the new legal environment. As Jim points out, P2P is here to stay. And unless we're prepared to go after everyone who uses the software (I wonder how many members of Congress have kids/grandkids who regularly use P2P software) it's going to be a difficult row.
I was born and raised a musician, and am extremely sympathetic to the notion of being paid for one's creative works. The best bet is to figure out ways to monetize P2P. Whether or not the recording industry is creative enough to find ways to make money from P2P in a way that meets consumer expectations is an open issue. Throwing more lawyers at the problem doesn't seem to be working...
Marketers tap
chatty young teens, and hit a hot button Christian Science Monitor - Think your talkative, trendy, Web-surfing 13-year-old might have a future in sales? She might already be in business. New forms of peer-to-peer, buzz-marketing campaigns - ignited and fanned by firms - are growing fast. In a practice still widely unregulated, marketers enlist youths they see as having real sway over friends. The goal? Solicit the help of these influential kids in broadening sales in exchange for products and the promise of a role in deciding what the marketplace will offer.
The Chapell View There is such a subtle line between influencing public perception of your brand, and manipulating that perception. And when it involves engaging people who are younger than 18, the line becomes ever murkier. Teens and tweens put a good deal of trust in the opinions of peers. If one of their peers is essentially being paid to speak about a certain product or service, and then hides that fact, I call it manipulation.
Not to be too näive, but what kind of message are we sending to children by saying that this type of behavior is ok?
Users
To Blame For Spam InternetWeek - We have met the enemy and he is us. So says the Radicati Group, which Wednesday released preliminary results of a survey showing that it's bad behavior on the part of users -- us, in other words -- driving the spam and virus threat. And you thought it was spammers and hackers. "Frankly, it surprised us that users are still responding to [spam], and opening [unsolicited] mail," said Sarah Radicati, the chief executive of the Palo Alto, Calif.-based market research firm which conduced the online poll.
The Chapell View I already beat this to death earlier in the year on the blog, and in the DMNews article, which focused on the Forrester Spam purchaser study. But here goes one more time: future studies need to focus on WHO is purchasing from Spam, and WHY. We need to understand more about the Spam purchaser. But given that the study results are not even out yet, I'll refrain from making any other comments, at least for now.
IBM
aims to spam the spammers Chicago Tribune - Electronic mail touting cut-rate Viagra or how to make big bucks working from home will get pitched right back to the senders by a free program from IBM Corp. The program, announced Tuesday, will identify computers that originate unwanted e-mail, or spam, and bounce it back at the sender--in effect spamming the spammer. The program, designed for use by large businesses, underscores the frustration felt by companies that see the vast majority of their e-mail flooded with junk.
The Chapell View This seems like a variation on the Lycos Europe "Make-Love-Not-Spam" debacle from a few months ago. (Although this one stops way short of the glorified denial of service attacks that our friends from Lycos wrought last year.) The idea of punishing those that Spam is tempting indeed. There are a few inherent problems with this approach, and its not clear (not at this point anyway) that IBM has addressed them.
The first issue lay in defining Spam. How does the software determine which emails are in fact Spam? One man's Spam is another man's treasure. And what happens if and when the system determines that a large advertiser (or a large email service provider) is a Spammer and starts sending messages back to them, crashing their system?
The other issue involves the increase of Internet traffic. One of the problems with Spam is that it clogs up the Internet - accounting for almost 95% of Internet traffic. So what happens to internet traffic if the IBM software gains some traction in the marketplace and a significant percentage of Spam is bounced back?
Also, aren't most Spammers pretty good at concealing their identity? How will the software know which email address the spam is coming from? Spammers are also pretty clever. If one or more of them can fool the IBM software into thinking that their Spam messages are coming from say, IBM.com, would the returned messages flood the IBM servers?
Anti-Spyware Companies
Promote Cookie Deletion ClickZ - Search for terms like "Coremetrics," "WebSideStor y," "DoubleClick," "ValueClick" or "Atlas DMT" on Google, and some of the most prominent paid results seem to cast aspersions on these well-known interactive marketing brand names. You'll see ad text like "Coremetrics Removal Tool," "Kill AtlasDMT.com Now" and "Websidestory Removal." These ads -- promoting anti-spyware tools like NoAdware, XoftSpy, and PC Orion -- urge users to buy and download software that remove these companies' cookies from their computers. Such campaigns -- many of them run by the anti-spyware companies' affiliates -- may provide some explanation for the findings of a recent JupiterResearch study, which reported that 40 percent of online consumers delete cookies from their primary computers as often as once a month. "Anti-spyware companies are unfairly preying on analyzing vendors," said Eric Peterson, the lead analyst of the JupiterResearch report. "To target companies like Coremetrics or WebSideStory in that way, I think is unfair targeting. It implies it is spyware, which it is not."
The Chapell View The anti-spyware software companies need to be reigned in. But perhaps more importantly, those in the industry that rely on cookies need to start thinking seriously about a public education campaign on cookies and online profiling. It's time. Word-of-Mouth
Marketing: Temper Your Enthusiasm? ClickZ - Next week, several hundred
word-of-mouth marketing enthusiasts and practitioners will descend on the The Chapell View Funny, I was just reading an
article on the Word of Mouth Marketing Association's (WOMMA) inaugural
conference. WOMMA chief Andy Sernovitz was hyping up the event as only Andy
can do. (Believe me, I'm a big fan of Andy.) But somewhere in the back of my
mind, I can only wonder how long its going to be until the buzz marketing
industry begins to soil into its food dish. Don't get me wrong, there's some
great stuff happening with Word of Mouth. But until and unless we as
marketers learn from the mistakes of the past, we're doomed to relive them. Pete Blackshaw of Intelliseek
makes so many good points it's hard to know where to begin. I agree, Pete.
Word of Mouth ain't the Holy Grail. If marketers choose to look at the medium
with the lust of a sailor who's been out to sea for the past six months, Word
of Mouth will lose credibility, and have a very short lifespan. It's all about trust. Consumers
generally don't trust companies - sometimes even companies that they
patronize. Pete's asking the right questions.
If you're considering offering Word of Mouth to your media mix, take a look
at this article. Consumers Don't Bite the
Cookies ImediaConnection - March 21, 2005 A Chapell Article Jupiter Research's latest report
should have marketers shuddering. By now you've probably heard about the
latest report from Jupiter Research -- concluding that two out of five
internet users delete their cookies from their browser. Like most stats that
make one's eyes pop out, this one was a bit hard to fathom. Seth Godin penned
an insightful blog rant regarding the validity of the data. I agree with much
of Seth's logic, and perhaps he has a point. Yes, it is extremely difficult
to believe that 40 percent of internet users are knowledgeable enough to know
how to delete their cookies. Internet Sites Transform
Cursors Into Advertising Space Investors Business Daily - Online ads are so prevalent,
advertisers are running out of room for them on Web sites. So they've found a
new spot to park their ads: at the tip of your computer's cursor. With
so-called cursor ads, your cursor changes into a company logo or ad image
when you enter a sponsoring Web site. You can see an example by visiting the
Web page of the Los Angeles Lakers basketball team (nba.com/lakers) - part of
the National Basketball Association site. The Chapell View I'd encourage you to visit the
Lakers team site on nba.com
before reading on. Ok. Let me just say that some of
my opinions are probably colored by the fact that I found the McD's icon to
be fairly annoying. The cursor switches from the McD's logo to a Laker's logo
as it slides to a clickable link, which is a bit distracting. And the McD's
logo is a fair bit larger than my beloved cursor arrow. As a result, my aim
is a bit off - I found myself clicking onto the wrong link a few times. Maybe
I'll develop more accuracy at it as I get used to the new logo. But I don't
plan on spending much time on NBA.com - I'm much more of a college hoops guy.
Btw, I don't remember giving
permission to anyone at nba.com to alter my cursor. If an adware firm had
altered my user experience in that way without asking permission, there would
be an uproar. It would be one thing if I WANTED
my cursor to look like a McD's logo, or a unicorn, or Richard Nixon's head,
or whatever. If I wanted a snazzy new cursor, I could download some software
which would make that happen. I guess we're back to the age old
question - WHO owns the desktop? Online Advertising
3.0 iMediaConnection - Revenue Science's Bill Gossman
believes behavioral targeting will become increasingly important as we enter
a third era of online advertising. The Chapell View It's almost always a good read
when penned by Omar or Bill from Revenue Science. To me, the most interesting
takeaway is this: When you buy a Microsoft software
application, you write them a check. Google, on the other hand, gives you a
free application -- whether it's a web search engine, translation, hard drive
search, photo organizer, blog software or something else -- and gets paid by
selling advertising that runs on the application. That's nice, you say,
but why is it so important? It's important because Google has blurred
the line between media and desktop applications. Google and Microsoft have entered the adware space? I'll bet you anything that they aren't going to call themselves adware.
Many in the industry have recently called for the establishment of best practice definitions for adware. We'd best hurry, because if Google or Microsoft are defining the standards, it could spell trouble other companies that exchange software for advertising.
Large Databases Bring Large Responsibility DMNews - March 14, 2005 A Chapell Article While attending
the IAPP privacy conference in
Study
Showing Consumers Purge PCs Of Cookies Casts Doubt On Analytics, Targeting
MediaPost - IN NEWS THAT
UNSETTLED MANY in the online advertising world, a new study by Jupiter
Research revealed that four out of 10 Internet users delete cookies from
their primary computers at least once a month. The report found that about 12
percent of Internet users delete cookies on a monthly basis, 17 percent do so
weekly, and 10 percent purge cookies every day. What's more, more than
half--52 percent--said they had rid their computers of cookies at least once
in the last year. For the study, announced yesterday, Jupiter Research
surveyed 2,337
The Chapell View I'd like to understand Jupiter's methodology a bit better. But if even 10% of users are deleting their cookies every day, that's significant. As a publisher or marketer, what do you do about it? Without cookies (or some other non-PII identifying technology), it becomes exponentially more difficult to deliver ads which are relevant to consumer tastes.
These results are particularly interesting in light of the cookie controversy created by HR 29 (The Spy-Act) over the past several months. Some in the industry had predicted the end of online advertising if third party cookies were outlawed. In some ways, the Jupiter research renders that argument moot.
I've looked at a good deal of research over the past year. Consumer research conducted by Forrester, Yankleovich, Ponemon, as well as my own firm's research have all concluded that consumers feel bombarded by ad clutter while surfing the web. Ironically, the silver bullet to problems of ad clutter was believed to lay in information collected in cookies. Information about what sites a user visits, and the pages he views. Information about the products he's purchased and the searches he's conducted. All this information was supposed to be captured in cookies, and used to deliver more relevant ads. But now, as a result of cookie blockers, and consumer initiated cookie deletions, all that is in jeopardy.
The problem is a huge one, and goes back several years, to the inception of the internet as a consumer medium. Consumers want their online experience to be free of charge. They want to be able to read the content for free, but they don't necessarily want to see advertising. They want the free piece of software, but aren't necessarily interested in viewing additional ads in exchange for that software. And as this report bears out, many are reluctant to share any of their data with marketers and publishers - even non-personally identifiable data.
Back in the golden era of television, advertisers did a very wise thing. They spent time educating consumers on the value proposition of television. In other words, they'd say something like: "We're going to show you 15 minutes of this really funny guy named Milton Berle. And in exchange for that content, you agree to actively watch this important message from our sponsor Maytag, who will tell you about this wonderful new invention call the automatic dish washer - it'll change your lives."
Somewhere along the way, we in the online world have never been able to get consumers to embrace the idea that there's a value exchange between content and advertising. And until that happens, we're going to be stuck in a spiral of created by intrusive, irrelevant ads, and consumers increasingly tuning those ads out.
FTC Bars Bogus
Anti-Spyware Claims FTC.gov - An operation
that offered consumers free spyware detection scans that "detected"
spyware even if there was not any, to market anti-spyware software that does
not work has been barred from making deceptive claims by a
The Chapell View It's been a while since I took the SAT, but here's a riddle for you -- Spyware is to adware, as Spyware Assassin is to anti-spyware software. Spyware Assassin is assumes the most nefarious aspects of anti-spyware software - by misrepresenting the amount of Spyware that is resident on a users computer, by overstating the damage being caused by Spyware, and by generally trying to scare the hell out of the end user.
I've seen what often passes for legitimate anti-spyware software. Harmless cookies are "mistakenly" listed as adware or spyware cookies so that most users have dozens of pieces of Spyware loaded onto their desktops. How else are you going to justify charging $35 per year for the software?
In the same way that we need best practice standards for adware/Spyware, we need best practice standards for anti-Spyware software.
Btw, Dan O'connell, CPO of Weatherbug has some interesting things to say on this subject.
Spam Buyers: 'Who Are These People?' DMNews - March 9, 2005 A Chapell Article I've always been a big "Seinfeld" fan. I even remember watching his first appearance on "The Tonight Show With Johnny Carson" back in the day. One of Seinfeld's most quoted lines from his standup routine was, "Who are these people?" He'd ask that question in his signature, whiny tone before describing dozens of quirky and annoying habits exhibited by our fellow citizens.
Privacy Rings True for Bell
Canada Inside 1to1: Privacy - Charles
Giordano,
The Chapell View Good piece on
my friend Charles Giordano of
Television Ads It Up
Motley Fool - Sunday was a surreal night of television viewing for me. After reading a story about how Campbell Soup (NYSE: CPB) had managed to buy the right to weave an essay contest promoting its tomato soup into a series of episodes on NBC's drama American Dreams, I probably shouldn't have been surprised at what I saw when I tuned in to Fox (NYSE: FOX) for a bit. First, it was Malcolm in the Middle pitching Applebee's (Nasdaq: APPB) as a place to meet for great food and great service. Then Arrested Development managed to get away with a pair of Google (Nasdaq: GOOG) screen shots and a favorable mention of the new Ford (NYSE: F) Mustang. While The Simpsons was clearly lampooning Wal-Mart (NYSE: WMT) when Homer Simpson started working at Sprawl-Mart, I was so cynical by this point that I almost started to question the show's own brand of cynicism.
The Chapell View Warning: This paragraph may waste your time. Proceed with caution. I remember watching an episode of the Simpsons a few years ago. Homer was cast as one of "freaks" in what was clearly a parody of the Lollapalooza concert tour. While the band Smashing Pumpkins was playing, one college aged kid turned to the other and said, "wow, this music is cool." His friend asked, "are you being sarcastic, dude." To which the kid replied, "I don't know anymore." Fact is, sometimes I can't tell the difference between a "Simpsons" style of parody and "the Apprentice" style of product placement. One man's satire is another man's soup commercial. And I wonder if the Simpson's parody of "Sprawlmart", or their caricature of a shopping mall filled mostly with Starbucks might be helping the Walmart and Starbucks brands. Who knows.
Here's what I do know. We're already starting to reach critical mass on this whole product placement trend. I'm seeing more and more shows use product placements, and as Rick from Motley Fool asserts, its starting to negatively impact the quality of programming - not that the quality was that high to begin with.
This is perhaps the fatal flaw in the advertising business. Someone comes up with a good idea for an ad vehicle, and everyone adopts it until it is beaten to death. On some level, that what's happened to the email channel, as well as the online ad channel. And just you watch as a similar trend occurs for word of mouth and wireless messaging. It's a spiral - advertisers think of new ways to cram messages into the consumer consciousness, whilst the consumer increasingly tunes out.
Spyware,
Adware... What to Do? ClickZ - Spyware is killing us. And maybe adware is, too. That's because most people -- even most people in the interactive marketing community -- have a hard time understanding the difference between spyware and adware. For some of us, the difference is simple: Spyware is something you never want to recommend to clients. Adware is something you're reluctant to recommend to clients, yet the lines have been blurred and continue to blur.
The Chapell View Another article discussing adware and spyware from Agency guru Pete Lerma. Pete's right, there really isn't an industry accepted definition for adware or spyware or research-ware for that matter.
Pete also offers some best practice tips for selecting an adware partner, most of which make sense. I'm not sure that requiring adware companies to embrace a double opt-in regime is very practical, however.
F.E.C. to
Consider Internet Federal election commissioners are preparing to consider how revamped campaign finance laws apply to political activity on the Internet, including online advertising, fund-raising e-mail messages and Web logs. Anyone who decides to "set up a blog, send out mass e-mails, any kind of activity that can be done on the Internet" could be subject to Federal Election Commission regulation, Bradley A. Smith, a Republican commissioner, said in an interview posted Thursday on the technology news site Cnet.com.
The Chapell View A few years ago, both major political parties "discovered" the power of email marketing. Both parties embarked upon aggressive acquisition campaigns in order to "shore up their base," communicate to the masses, Etc. Unfortunately, they also succeeded in ticking off a good deal of voters, who were concerned that their email inboxes were being pelted with political emails - even worse when they were assaulted by emails from the "other" party. I wonder if the heads of both parties realized that in fact THEY were the spammers. (:
About a year ago, a number of political operatives - many of whom were directly responsible for ensuring the election of our current president, began using Co-reg programs to mobilize voters around certain issues. That story, while probably just as effective (if not more so given who's sitting in the White House) as Howard Dean's initiatives, received much less press.
With all the holes in the election finance laws, I wonder why they are even looking at the Interactive channel. It's pretty effective, but most of the money is still going into television ads, no?
They know what we are listening
to MSNBC - If you are one
of the 10 million people who have purchased an Apple iPod, you've almost
certainly loaded it up with songs from your favorite CDs. And, rest assured,
Gracenote Inc. knows about it. Gracenote Inc. knows almost any time a CD is
"ripped" for use in a portable music player. Apple, Creative and
The Chapell View If Gracenote doesn't collect any personally identifiable information, I'm having trouble understand what the harm is here. Yes, the company can tell a little bit about the CD ripper from the IP address. But that's not much different from the way an online ad server can make determinations about the user of a particular browser.
For a while now, I've thought that the NAI principles should be expanded to include online video games, digital recorders such as Tivo, and Cable boxes. Almost of the profiling issues surrounding many of these devices are surprisingly similar.
The one issue I would take with Gracenote is for their apparent lack of transparency. A privacy professional could help this type of business find a way of communicating this kind of information to consumers without trying to freak them out. But how does one do this? Should there be (yet another) pop-up message that the user sees every time (s)he rips a CD? Perhaps, although I fear that many consumers already tune out the dialog box warnings that they currently receive. Playing lip service to the concept of consumer notice is not the same thing as providing actual notice.
ChoicePoint
had another ID theft case in 2002 SilliconValley.com - A newly
revealed case shows that the vast commercial database of personal information
at ChoicePoint Inc. was tapped by identity thieves in 2002 -- contradicting a
statement by its CEO that a much more recent breach was the first of its
kind. A Nigerian-born brother and sister were charged in 2002 with a scam in
which they posed as legitimate businesses to set up ChoicePoint accounts and
gain access to its massive database. They then made 7,000 to 10,000 inquiries
on names and Social Security numbers in the database and used some of those
identities to commit at least $1 million worth of fraud, Assistant U.S.
Attorney Mark Krause in
The Chapell View I'm not sure who is advising ChoicePoint, but this appears to be a pretty significant blunder. The company's CEO had indicated that the company had never been victimized by this type of operation. And it now appears that his statement was untrue. If so, the company has completely undercut their credibility as they navigate through this mess.
From now on, when the CEO says that ChoicePoint has the most rigorous standards in the industry, who is going to believe him? When he says that they have specific M&P's to handle fraud, how effective is anybody going to think those M&P's are? And how credible is the CEO's statement that company has taken extra steps to ensure that this never happens again?
Calif's
identity theft laws aren't enough, experts say USA Today - Despite
pioneering legislation aimed at clamping down on rampant identity theft,
The Chapell View And I thought
that
'Perfect
storm' for new privacy laws? Cnet - A series of security break-ins is kick-starting a political drive to reshape federal laws that dictate how companies protect personal information--and what they have to do if that data leaks out. What began with the leak of tens of thousands of records from data broker ChoicePoint earlier this month was quickly compounded by a series of rapid-fire incidents involving Bank of America, Science Applications International Corp., an online payroll services company and the T-Mobile Sidekick of hotel heiress Paris Hilton.
The Chapell View A perfect storm? The Exxon Valdez? The Enron of privacy? Regardless of what you call it, the ChoicePoint affair is a mess. There is certainly a good deal of momentum right now in favor of additional privacy legislation at the national level. I wonder how many of the politicians who are calling for this legislation had purchased compiled data around election time? Similarly, how many of them have advocated enhanced security screenings? Where do they think the data that the DHS uses is coming from? Just a thought.
Congress
to Address ID Protection A Senate
committee will hold hearings on identity theft and information brokers
following the revelation that a databank with information on millions of
people was accessed by criminals, the committee chairman said Thursday.
Democrats, including Sens. Patrick Leahy of
The Chapell View The Choicepoint story continues to have legs. It's easy to frame this as simply a case of identity theft. Yes, there's identity theft involved, but there are privacy and security implications here too.Whether or not Choicepoint did the right thing here is an open question that won't be answered until all the facts are out. Nevertheless, with large databases goes large responsibility. And culturally, American business has not yet come to terms with the impact of these databases - some of which contain massive amounts of sensitive consumer information.
So no - this is
not just a case of identity theft. There are other implications here. First,
this crime brings us one step closer to additional privacy legislation.
Perhaps we'll just see Congress fixing some of the alleged loopholes in the
FCRA. But this could also usher in additional legislation. For example, there
are a handful of state assemblies which are introducing freeze legislation,
and others which are discussing legislation similar to
And there's another, more subtle implication that impacts many companies looking to market to consumers. So far, 145,000 people have been directly impacted by this crime. And by the end of this week, its safe to assume that millions upon millions of people will have read about it. And all they are going to remember are large databases and identity theft. And the next time that a company asks any of these people to hand over their personal information, they just might think twice.
How to Select an
Adware Partner iMediaConnection - Adware is a viable option for some advertisers, but first do some independent research of best practices.
Paris Hilton's Sidekick hacked
MSNBC - Racy photos of Paris Hilton again spread across the Internet Tuesday - this time accompanied by celebrity phone numbers, e-mail addresses and other information hacked from her mobile phone. The heiress to the Hilton Hotels fortune, who featured in a sexually explicit videotape posted online in 2003, has now had her star-studded contact list, personal notes and topless self-portraits from her Sidekick II "smart phone" splattered all over the Web.
The Chapell View The Hilton family must be so embarrassed. Imagine, nude pix of your child thrown all over the Internet. (sigh.)
Ok, lets assume that this was NOT some kind of publicity stunt. The real issue is to what extent T-mobile knew about the initial breach, and whether or not the company had a duty to notify their customers that their data MIGHT be at risk. I say that at the very least, T-mobile should have urged their customers to change their password information as a precaution.
CA's SB 1386 notification law is looking better and better.
Europe
takes lead on online privacy Techworld -
The Chapell View I'm a big fan of the EU Article 29 working party's layered approach, as well as its American cousin, the short-form privacy notice, championed by Marty Abrams, among others. The emphasis on clarity and readability enhance the likelihood that consumers might actually read them.
My one concern
- and this applies primarily to the
Calls
for federal regulation grow as data retailer scandal widens MercuryNews -
When word first
emerged this week that scammers had illegally obtained detailed dossiers on
35,000 people by posing as legitimate customers of ChoicePoint Inc., the
data-brokering company portrayed it as a relatively minor criminal case,
limited to
The Chapell View I'm not ready to comment on ChoicePoint's culpability at this time - although the facts speak for themselves. Here are my thoughts:
·
Enron of Privacy? Perhaps - Many privacy experts, myself
included, have predicted that there will be an organization that is
critically wounded by a data privacy scandal. (Of course, some of these
predictions are similar to the "the world will end tomorrow" nuts
we used to see at the airports. No matter what, eventually, the prediction
will come true.) We may indeed be witnessing the infancy of the privacy
Enron. The saga is barely a week old, and we've got over 700 confirmed ID
theft victims in one state alone, 38 State Attorneys General up in arms, as
well as the involvement of the Secret Service and FBI. And we have Senators
Nelson and Feinstein calling for a national version of
· Spotlight on Offline Privacy Issues - Historically, or at least since 1999, there's been a good deal of focus upon online data collection standards. And HIPPA and GLB notwithstanding, much of the push for new privacy legislation has focused upon online profiling. In other words, the large databases that are amassed by companies such as Experian, infoUSA and Axciom have been able to exist with virtually zero governmental oversight. As the Choicepoint issue received increased scrutiny, don't be surprised if these firm's data collection, privacy and security practices are questioned. If these firms are doing a good job of protecting the data they've amassed, and are able to document their practices, they'll be in good shape. If not, then we're looking at a new round of privacy and security legislation.
·
'Spyware' Label Slapped
on Legit Research Software ClickZ - Some anti-spyware programs zap comScore's tracking software from its own panel members' PCs, ClickZ has learned. The same programs likely pose threats to other online research firms' applications. The growing popularity of such programs has increased the churn rate in comScore's online research panel. While the research company's panel has grown from two to six million participants since 2003, churn raises uncomfortable questions about the consistency of the market research advertisers rely upon.
The Chapell View I was speaking
at the iMedia
Many of them are also engaging each of the anti-spyware software firms in an attempt to have their product 'whitelisted.' The problem with this approach is that it attacks the symptoms without going after the disease. The real problem that needs to be addressed is the relative lack of standards for anti-spyware software. Many anti-spyware programs are overly broad in their definitions. When I run an anti-spyware software search on my desktop, and the search returns with over one hundred instances of "spyware cookies," it calls into question the accuracy of their results. And when those spyware cookies are coming from companies such as DoubleClick, Amazon, and other companies that I know and trust, I begin to suspect that many of the other items the software has red-flagged are not in fact Spyware.
Why is that an issue? First, it stretches the definition of 'informed consent.' In many instances, when consumers remove those cookies, as instructed by the program, they believe they are cleaning and fixing their computer. If consumers really understood the impact of removing all that information from their computer, I doubt that many of them would still go ahead and do it. It is almost as if I paid someone to clean my apartment and came home to discover that they've also removed the furniture. And to that I'd say, "That's not what I'd signed up for!"
The second problem is that many (and probably most) consumers have no idea how removing those cookies will impact their surfing experience. When a web surfer suddenly realizes that he needs to retype passwords (assuming he can remember them) to access his favorite news website, or when he wonders why he can no longer see any of the items he just left in his shopping cart, his online experience suffers.
I would strongly encourage each of those firms the adware players, the researchware firms, and the adware hybrids to come together to address these types of issues. Banding together may make for some strange and uncomfortable bedfellows, but if the sub-industry group can speak with one voice, they stand a much better chance of acceptance of what are very similar business models.
House Cuts
Cookies from SPY ACT Internetnew.com - With little fuss and no debate, a House subcommittee today amended an anti-spyware bill to clarify that the legislation does not cover third-party cookies. H.R. 29, the Securely Protect Yourself Against Cyber Trespass Act (SPY ACT), prohibits unfair or deceptive practices related to spyware and requires an opt-in notice and consent regime for legal software that collects personally identifiable information from consumers. The spyware practices prohibited by the legislation include phishing, keystroke logging, homepage hijacking and ads that can't be closed except by shutting down a computer. Violators could face civil penalties of up to $3 million.
The Chapell View This is a very positive development. I was at the recent hearing on HR 29, and was a bit concerned by the posturing of several members of the commerce committee regarding online profiling. The original draft of HR 29 - the one that did not except third party cookies - would have been disastrous for the Internet economy.
Many have suggested that the real purpose of the Spy-Act was to curb the file sharing software programs that are often bundled with adware programs. I do know that the Recording and Movie Industries have lobbied hard in favor of this bill because they view file sharing as a major threat to their business. And it is no small coincidence that the bill's main sponsor is Rep. Mary Bono, wife of the late Sonny Bono, and recipient of a good chunk of royalty revenue from her late husband's music.
Claria
To Launch Behavioral Targeting Network MediaPost - Claria Corp. today will announce that it intends to start a behavioral targeting service. With the new service, Claria, known as an adware provider, will send targeted ads to consumers based on their surfing activity. The service, called BehaviorLink, will build detailed--but anonymous--profiles about consumers by combining information from cookies that track behavior across a limited number of commercial Web sites with information about the surfing habits of 40 million existing subscribers gleaned from the company's ad-serving software.
The Chapell View First, a comment on Claria's privacy advisory board. We're continuing to see the major adware firms differentiate themselves from the rest of the pack. Claria, the company that began this trend when they hired Reed Freeman just about a year ago, has done a fantastic job of separating themselves from their Spyware past. I know Richard Purcell and Larry Ponemon very well, and have a tremendous amount of respect for their contributions to the field of privacy. Claria has certainly assembled a veritable "murderers row" of the privacy profession. On the one hand, it seems like a lot of resources dedicated to not a large organization. But perhaps Claria is wise to have erred on the side of caution.
Claria has historically been one of the most highly visible of the adware companies. And as a result has served as a lightning rod for much of the controversy that has surround the adware business model. They have tremendous name recognition - for good, and for bad - within the online marketing world. As some of you may remember, the company made plans to go public - which generated a whole new level of attention on the company. So maybe one person's overkill is another's prudent planning. I, for one, am interested to see whether all of this talent and experience will equate to a significantly better reputation with advertisers.
Regarding Behaviorlink -- I really like the concept of an adware driven behavioral targeting network. As we all know, consumers are clamoring for more relevant ads. Claria (as well as any other adware company who choose to launch a similar product) has a distinct advantage over the behavioral targeting networks like Tacoda and Advertising.com. The behavioral targeting firms are relatively limited in their tracking capabilities. Many of them are only able to track visitors across individual sites. Conversely, adware companies have an advantage because they can track track their end users just about wherever they go online. So with a broader array of surfing data, the adware companies are better able to target their end users with more relevant ads.
However, lest we get too excited about Behaviorlink, and other products like it- there's a catch. In order for adware companies to incorporate true behavioral targeting, they must be able to forge deals with the major web properties who are getting the lion's share of premium eyeballs. If an adware behavioral network (i.e., the sites from which an adware company can display a standard banner ad) is limited to low tier sites, then all they'll have is a nice ancillary revenue stream. However, if any adware network can include significant sites such as MSN or NYTimes, then we're talking about a major revenue stream.
Clearly, amongst many web publishers, there remain some bad feelings regarding the adware model. So it will be interesting to see how this works out.
Revise
privacy law to protect public, not offenders TheStar.com - In the coming
months, Industry Minister David Emerson will lead the federal government on a
review of
The Chapell View Professor
Michael Geist advocates reforming
Majority
Of European Consumers Worry RFID Threatens Their Privacy, Survey Says
Information Week - Consumers surveyed see privacy-protection laws as way to make them feel more comfortable with buying RFID-enabled merchandise. More than half of 2,000 European consumers surveyed in a recent Capgemini study say they had privacy worries about radio-frequency identification tags. European consumers participating in the study by the business and IT consulting firm consider legislation on privacy protection as the key that would make them more likely buy RFID-enabled products. Other factors survey respondents considered crucial: the ability to disable RFID tags at the store after purchase, a customer opt-in/opt-out choice regarding information collected via the tags, and clear labels that state the tag is RFID-enabled.
The Chapell View Needless to
say, there is a disconnect between consumers, retailers and technology
companies regarding the benefits of RFID. According to this study, European
consumers have not week been well educated on the benefits of RFID. And
frankly, many in
Privacy-Assurance
Seal Yanked Off Web Site - TRUSTe, the business community's guarantor of Internet privacy, abruptly ended on Wednesday its relationship with the company operating FreeiPods.com and other Web sites, alleging unspecified violations of privacy promises to consumers. TRUSTe said Gratis Internet LLC of Washington no longer could display on any of its Internet properties the industry's broadly recognized seal intended to assure consumers that a Web site complies with privacy-protection guidelines.
The Chapell View Sad to say, but there almost HAS to be an organization that gets kicked out every once in a while. Otherewise, some folks may begin to assume that TRUSTe isn't effectively policing its seal holders. "If every website is in full compliance, maybe their standards are not stringent enough," or so the argument goes.
I'm a big fan of TRUSTe. I think they do a great job over there. Having said that, TRUSTe (and BBB Online for that matter) had a reputation for being overly lenient back in the late 1990's. And that reputation hurt the organization's credibility, and the effectiveness of the seal. It's definitely been a while since a seal holder was ousted from the program. I'm not privy to any of the facts behind this decision, but in sort of an odd way, I'm glad to see this happen. If I were a TRUSTe seal holder, I'd feel just a little bit better about the value of my seal right about now.
Some of the advocates have complained that they want additional information outlining the precise reasons for the dismissal, and TRUSTe is naturally unwilling to release that information. It will be interesting to see whether the advocates concerns gain any traction.
Attorney
General Wants DNA Of Criminals, Arrestees TheHawaiiChannel.com - The Attorney
General wants
The Chapell View Requiring a convicted felon to relinquish some privacy rights is one thing. Requiring someone who is merely suspected of having committed a crime to permanently relinquish his right to privacy is another thing entirely. Bad, Bad idea.
Security
issues swamp RFID Techworld - Radio frequency identification is a part of the present and may well be a major part of our future. This situation is, at best, a mixed bag (see Wal-Mart's RFID plans will fail, and RFID doesn't work - so live with it!). It would not be quite so bad if vendors of RFID products and companies that say they want to use them better understood security and privacy.For those of you who have been cave dwellers over the last few years, RFIDs are small electronic devices, normally with no battery or power supply, that can interact wirelessly to identify themselves to a scanner. The best-known examples are the very simple devices that companies such as Wal-Mart are asking suppliers to put on pallets of goods and that drug companies are beginning to attach to containers in the distribution chain. These RFIDs are basically wireless bar codes that respond with a unique serial number when queried by a wireless scanner. Companies with large database infrastructures, like Wal-Mart, can keep track of where individual cartons of goods are in their supply chain or, someday far too soon, what individual products are in a shopper's physical cart.
The Chapell View A good article on RFID and the challenges of encryption - or lack thereof. How long before item level RFID tags are synonymous with Spyware in the consumer mindset? There are too many security issues behind most of the RFID deployments recently. So, despite the fact that many consumers are happily using EZ-pass to help them get through the toll booth more quickly, item level tagging will have a hard time receiving consumer buy-in without the security gaffes.
ID theft again tops list of FTC
complaints MSNBC - For the fifth year in a row, identity theft topped the Federal Trade Commission's list of most-reported frauds, the agency announced Tuesday. The number of complaints about ID theft jumped 15 percent from the previous year, the agency said -- and represent about 40 percent of all complaints. Some 250,000 consumers complained to the agency about ID theft last year, up from 215,000 in 2003.
The Chapell View Some of the data from this report is in contrast to the report released last week by BBBOnline and Javelin Research. And I believe that the Ponemon Institute weighed in on this issue towards the end of last year. Tomorrow, I'll look to make sense of all this.
Editor's note: OK, I never got around to commenting further on this. If you want more information on ID theft, take a look at Bob Sullivan's book, Evil Twin. I've read the summary, and it sounds very interesting...
Tesco 'spychips' anger
consumers BBC News - A
The Chapell View I was moderating a group discussion of privacy professionals at a luncheon this afternoon. One of the questions raised by the group was: What is the total impact of a privacy snafu? How do we measure brand devaluation? How can one quantify consumer resentment? All good questions indeed. Here's an example of a consumer group that is exercising a boycott in response to a companies privacy practices - or at least they are attempting to. Whether the effectiveness of this protest is closer to Berkely in '68, or Uconn in 98 remains to be seen. (btw, the Uconn kids, of which I am one, tend to skew a bit apathetic.)
One other observation. Retailers who employ RFID need to stop telling us that the tags won't be read outside the store. First of all, nobody's buying it - a buy-product of low consumer trust, perhaps. Second of all, even if the tags can't be read from a distance at the present time, surely, that will change. Within the foreseeable future, someone will figure out how to read these tags from 30 feet away. And if there isn't some kind of encryption imbedded into these chips, then RFID is rife for abuse.
Without some significant safeguards, RFID should remain a tool of the back office supply chain.
Fireman
attempted to set fire to house, charges say Seattle Times - A 25-year
veteran of the Tukwila Fire Department was charged yesterday with attempting
to set fire to his home in
Information
in this article, originally published October 6, was corrected October 7. A
previous version of this story on Tukwila firefighter Lt. Philip Lyons being
charged with first-degree attempted arson incorrectly stated that police
reports indicated he had used his Safeway Club Card to purchase 16
fire-starters between June and August.
The Chapell View Thanks to Adam over at Emergent Chaos for posting the link to this story. How and why were Lt. Lyons' purchase information from Safeway disclosed?
Online
Yellow Pages take you on virtual stroll USA Today - Internet retailer Amazon late Wednesday introduced a new way of finding local business information online with pictures. Like search engines Google and Yahoo, Amazon's A9 search engine gives users text and map results, but with a twist: A9 has added 20 million thumbnail pictures of storefronts to its new business directory. "You may not remember the exact name of the sushi restaurant you liked, but you remember what the storefront looked like," says A9 CEO Udi Manber.
The Chapell View I'm sure there will be those who have privacy issues with A9's Yellow Page offering. Many of the pictures of the storefronts and streets were taken at busy times, and thus have dozens of people included in the pictures. And the faces of many of these people are clearly visible in the pictures.
Perhaps it's a sign of the times - that there really isn't an expectation of privacy when you're out in public. The television cameras will often zoom in on unsuspecting fans at sporting events. And every morning when I watch my local news show, I almost always see people walking by as the weatherman reads today's forecast.
If you'd like
to know where I draw the line - it would be at the public security cameras in
towns such as
But what's happening here is nowhere near as intrusive. Also, Amazon is generally well regarded (and well trusted) for using data to enhance the customer experience, and this program is no exception. I like the ability to take a look at a restaurant or shop before I go there, and I think others will take comfort in that ability, to some extent. I'd like for A9 to add some additional functionality such as driving directions, and a texting option like the one offered by www.dodgeball.com.
Offline ID crimes still
more severe CNET - Though identity theft using the Internet seems to get all the attention, most of the financial loss linked to fraud is still from offline crime, a new study shows. Losses related to an average case of Internet-initiated fraud were $551, compared to $4,543 lost from fraud tracked back to paper statements, according to the 2005 Identity Fraud Survey conducted by the Better Business Bureau and Javelin Strategy & Research. The survey, which follows an earlier study carried out by the Federal Trade Commission in 2003, indicated that Internet-related crimes are actually less severe, less costly and not as widespread as previously thought.
The Chapell View I had lunch
with Gary Laden over at BBBOnline last week, and
· Online privacy and security issues - I was surprised to read that less than 12% of the identity theft cases had to do with computer crime. Perhaps the Internet isn't all that dangerous after all.
· Spyware - I was at the recent HR29 hearing in DC. A number of Representatives who said (with authority) that there was a significant connection between Spyware, keystroke logging and ID theft. Of course, these were probably the same folks who insisted that there was a correlation between Saddam and weapons of mass destruction. Anyway, this study would seem to strongly contradict that - given that only 5.2% of the respondents had their identity stolen using Spyware.
Spyware: IT's public
enemy No. 1 ZDNet - What's the biggest threat to business networks in 2005? Front-line IT managers and security firms increasingly peg spyware as public enemy No. 1. "We now often scan for spyware before we check for viruses" -- Dave Higgins, Saturn Electronics & Engineering at Saturn Electronics & Engineering, a Detroit-based provider of manufacturing outsourcing services, the problems began last summer. The company's 500 users noticed that Web browsing was sometimes slow. Very slow. IT Manager Dave Higgins suspected virus activity, but manual virus scans turned up nothing. He then scoured the machines with Lavasoft's Ad-Aware and found the culprit: spyware. Once removed, the systems returned to normal operation.
The Chapell View Seems like most people (IT pros, consumers, Legislators, etc) have a hard time defining spyware. Most are either unable or unwilling to make a distinction between Adware publishers (such as WhenU and Claria) and the much more nefarious purveyors of spyware. The adware players have a long way to go in terms of differentiating themselves from spyware.
Btw, I was at the HR 29 hearing yesterday. More on that later today or tomorrow.
US clothes
firm comes clean on RFID plans Silicon.com -
The Chapell View Seems like the people at A&F are in way over their heads regarding positioning RFID to the public. When you make public statements such as, "We already gave our privacy away," and "We can't even get the stupid thing to work," you're going to have trouble getting consumer buy-in. Tell us why RFID will ultimately help consumers. Tell us why the privacy concerns are unfounded. And for goodness sake, provide analogous examples without telling consumers that they have no privacy anyway, and should just get over it.
Employees Don't Want
'Big Brother' Watching Them for the Wrong Reasons Yahoo Finance - Technology allows organizations to easily monitor employee activities at work but employees believe that management is watching over them for the wrong reasons, according to the 2005 Workplace Privacy Survey of 336 HR professionals and 520 employees released today by the Society for Human Resource Management (SHRM) and CareerJournal.com. The survey found that employees think the motivations behind monitoring at work are to check employee productivity levels and job performance, and because management does not trust employees. However, according to HR professionals, the reasons organizations monitor employee behavior is to prevent computer viruses, hackers and others from interfering with business operations, and to protect the organization's proprietary information.
The Chapell View I'd be curious to take a deeper look at the survey. What kind of companies were surveyed? Were they primarily white collar? primarily people who work desk jobs and use computers, IM, and other apps?
The reason I'm wondering is that there are plenty of firms using GPS to track drivers. And clearly, in these instances at least, the reason that workers are being tracked is to ensure that they are doing the right thing. I have some issues with that type of tracking because it would seem to stifle the workers creative abilities to solve problems...
But more to the point - It's important to recognize that corporations are spending millions of dollars trying to keep viruses and other nefarious actors from harming their IT infrastructure. So it is certainly a significant problem for employers. sometimes, there are ways to ensure that employees don't download viruses (by restricting internet access, for example) or misuse customer data or company IP (by establishing data governance programs) that don't necessitate the use of outright employee monitoring and tracking.
If an employer does need to monitor employee behavior (as is commonplace in the FS world, for example), then they need to be crystal clear with employees regarding what actions are being monitored, what the boundaries are for employee conduct, how long monitoring data will be kept, how it will be used, Etc. Also, they should give a plausible reason for the monitoring: Is it a productivity issue? Is it to prevent viruses and hacker attacks? Does it prevent a business partner from reneging on a verbal agreement? The more clarity that the employer is able to provide the employees, the easier it will be for the employer to obtain a basic level of buy-in (not to mention trust) from the employee.
Spammed
man sued by alleged spammer wants cash Silicon.com - A man who
claims he has been receiving unsolicited emails from a US company for two
years is now being sued by them, for branding them spammers and reporting
their actions to ISPs. Jay Stuler is now on the receiving end of a lawsuit
from
The Chapell View I've taken a quick look at the Writ of Summons filed in this case. Atriks is suing Mr. Stuler for Defamation and Tortuous Interference of Contract for allegedly complaining to Atriks ISP and getting the ISP to turn off service to Atriks. On it's face, it seems like Atriks is displaying a bit of moxie for filing this suit, but it's difficult to draw too many conclusions until everything until the facts are out.
I'd be curious to find out how many people have sent a donation to his legal aid fund.
Value of Message is
Key for Consumers iMediaConnection - New research from the Ponemon Institute reveals consumer attitudes towards permission and privacy.
Brave
New Era for Privacy Fight Wired - As the nation prepares for President Bush's inauguration next week, privacy activists on both sides of the political spectrum are bracing for a White House push to augment controversial domestic surveillance powers gained under the Patriot Act and other legislation passed since 9/11. "The administration has made it clear that they do intend to continue their move to dramatically reduce privacy and constitutional protection for our citizens," said former Republican congressman Bob Barr, who now works as a speaker and consultant to organizations like the American Civil Liberties Union.
The Chapell View There's a lot of things that are cause for alarm in the privacy world. This article provides a good summary. A few thoughts:
·
Large Databases - The article outlines the way that Government contracts
with large data companies such as Acxiom and Experian on data mining
projects. I think the problem goes well beyond what the Government is doing.
Regardless of who's using them, large databases are potential weapons of mass
destruction. The more data that is linked together, the more dangerous they
become. I'll acknowledge that linked data can be very valuable if used
appropriately. So I'm NOT saying that we need to outlaw these large-scale
databases - but we DO need to place some limits on them. We need to start
developing some industry-wide, platform agnostic principles for the use and
collection of data in the
·
The DNA Fingerprint, Unsolved Crime and Innocence Protection Act
- Brought to you by our good friends from
Anyway, you can certainly make a case that convicted felons have a lowered expectation of privacy. However, I am extremely concerned when DNA samples are taken from the perpetrators or misdemeanors, or worse - from people who are simply arrested for committing a crime.
1984? Gattica? Minority Report? We are there, my friends.
To
Try to Net Killer, Police Ask a Small Town's Men for DNA NY Times - In an unusual
last-ditch move to find clues to the three-year-old killing of a freelance
fashion writer, police investigators are trying to get DNA samples from every
man in this Cape Cod hamlet, all 790 or so, or as many as will agree. Raising
concerns among civil libertarians and prompting both resistance and support
from men in
The Chapell View "Probable cause? We don't need no stinking probable cause!"
With all due respect to this poor woman, and her even more unfortunate daughter, we may need to accept the fact that not every crime is solvable. If we're not willing, as a society, to make that concession, then I guess it is entirely reasonable to hunt down almost 800 innocent men and harass them into providing a DNA sample. Perhaps it makes sense to place any man under suspicion simply because he refuses to provide his DNA. Even more troubling is the possibility that the person who's DNA was inside this woman may very well have had nothing to do with the crime. But rest assured, that won't matter to the hundreds of police, FBI, press, and other onlookers who will descend upon this town like the proverbial locusts. All those good people who just want to get a glimpse of the person who 'may' be the murderer.
You're right. I can't understand why ANYONE wouldn't want to provide his DNA.
Ponemon:
Consumers Willing To Cede Privacy MediaDailyNews - The vast majority of online consumers--89 percent--say they approve of marketers they trust sharing personal customer information without advance permission, if it leads to improved quality of services or products, according to a report the Ponemon Institute plans to release today. But one in five Web users think marketers should get permission before sharing personal information about consumers, if the marketers' goal is tracking purchases in order to influence buying decisions, according to the study, sponsored by Boston, Mass.-based Internet marketing firm Dotomi.
The Chapell View In the interest of full disclosure, I'm a big fan of Larry's work and I consider him a friend. I'm a research fellow on the Ponemon RIM council, which helped put together the questions for this study, and I conducted a similar study of consumer perceptions last year with Larry and Revenue Science. There's some great information to be culled from this study, and not necessarily the stuff you'll read in the online media. For example:
· Consumers mean it when they opt-out of your marketing programs. sort of - According to the study, most consumers wouldn't mind being contacted by an online merchant - even after they've specifically opted out of the merchants marketing programs. In fact, nearly all (92%) of the respondents indicated a willingness to receive post opt-out marketing messages "If the new product or promotion would be of great value to me based on my past purchasing habits." The net/net of that statement is that consumers are overwhelmingly accepting of marketing messages that are relevant to their interests, and are looking for marketers to use their data intelligently to increase relevance. Consumers don't mind getting marketing messages, but they don't want to be deluged by them.
· Personalized messaging is not necessarily the same thing as relevant messaging - The Ponemon study notes that understanding customer interests is a far better way for a marketer to demonstrate that they value a customer's business than simply sending personalized messages. In fact, over twice as many respondents indicated that understanding interests (56%) is a key way for companies to demonstrate that they value a customer's business. Only 25% of respondents felt the same way about personalization. Permission marketers are wise to take this lesson to heart.
The email marketing space is rife with examples. Email marketers like to pull customer name and some basic preference data from their database, and use that to personalize a message to the email recipient. While I certainly don't think that's a bad thing, the real trick is to take personalization to a much higher level. Using data so you know to send me the red banner instead of the blue banner is nice. Using data to help you understand that I'd be interested in the new Flaming Lips album is better.
· The Consumer really does want control of this relationship - 84% of respondents indicated that having direct control over the types and frequency of Internet ads sent by online merchants would be preferred. Over half (56%) indicated that the ability to exercise control is a way for web merchants to demonstrate that they value the consumer's business. I strongly believe that in the not so distant future, smart marketers will provide a preferences page for their customers similar in nature to many email preference pages that you see today. The new preference pages will offer consumers a much more granular level of choice regarding how often they receive marketing and other outreach messages. Moreover, consumers will be offered a choice regarding which channels they'd prefer that the marketer use. Perhaps, the customer would rather be contacted via text message, or email, or RSS, or Tivo, or phone, or postal mail, or via something else that comes down the pike in the next year or two. Part of the problem today is that there are too many messages trying to get through too many pipelines. Companies that are able to offer a simple way for their customers to exercise control of the preference marketing process will be in a good position.
· Consumers worry less about their privacy when they feel there's a value exchange - Let's face it, folks. Consumers tend to be a fickle lot. The want the power of the SUV, but they don't want to pay for the gas. They want the $250 million dollar infielder, but they don't want to pay $9 for the stadium hot dog. And they want to receive ads that are relevant to them, but they are skittish about having their behaviors tracked across the web.
According to the Ponemon Study, Only 20% (the lowest number) would let a marketer share information in order to track their buying behavior and project future buying decisions. Conversely, many more (71%) of respondents would be willing to let that same marketer share information if that helps to better understand what they as customers want. And nearly all (89%) respondents would be willing to let that marketer share their data if it would improve the quality of the products or services that the consumer would receive.
Why are consumers unwilling to have their buying habits shared, but willing to allow marketers to share their preference data? My sense is that consumers are generally more willing to share their data if they believe that a marketer will use that data to directly benefit them. If they are certain that a marketer can be trusted to handle their data with care, AND to use that data to benefit them in some way, consumers will be much more willing to share that data. Having said that, I think this is an area that definitely merits some additional research.
We're From
Washington, and We're Here to Help - Spyware Legislation Is Coming
MediaDailyNews - If your
organization cares about the future of eCommerce and/or interactive
advertising, make sure you or someone on your team is watching what's going
on here in your nation's capital. In case you missed it, Congressman Joe
Barton of
The Chapell View A very good piece outlaying many of the issues pertaining to the re-introduction of the Spy-Act. I just can't imagine that the final bill is not going to exempt out third party cookies. If they are not, the economic impact of would be devastating.
eBay
takes on phishers with email service ZDNet eBay has moved to squelch spoofed email bearing its name by introducing a private mail service. In recent weeks, the online auctioneer introduced My Messages, a free, personalised in-box for eBay customers that contains communications only sent from eBay. That way, members can be sure to avoid spam in disguise or phishing scams designed to lure people to a fake eBay Web site in order to capture credit card numbers or other personal information.
The Chapell View While I recognize that spoofed emails are a significant problem for eBay, I'm not sure that this is the right approach. I suppose that fervent eBay users won't mind checking into their eBay My Messages account on a regular basis. But the more casual eBay users are not going to log into My Messages as frequently so are likely to miss out on many time sensitive messages.
Also, what happens if/when retailers and financial institutions follow eBay's lead and setup their own email systems? How does that impact the consumer? I personally have relationships with my bank, a couple of credit card companies, and a whole bunch of online retailers. If they rely on me to log onto their systems in order to receive their marketing and other messages, it'll be months before I get around to looking at those messages.
For example, if I have to actually go in and log into my credit card company's email system in order to receive my statement and payment notification email alerts, it pretty much destroys the convenience of getting the alerts in the first place, doesn't it?
eBay has historically been a savvy company, and I know that they've been hard hit by spoofing, but I think this decision could cost them in the long run.
2005 Privacy &
Marketing Predictions iMediaConnection - Regular contributor Alan Chapell weighs in with his take on what's coming in 2005 for adware, user-generated content, HR 2929, email marketing and more.
Bosses
keep sharp eye on mobile workers via GPS USA Today - Ciro Viento
commands a platoon of 110 garbage trucks, so when a caller complained after
seeing one of the blue and white trash tanks speeding down Route 22, Viento
didn't know which driver to blame. Until he checked his computer. With
a few taps on the keyboard, Viento zeroed in on the driver of one particular
front-loader which, the screen showed, had been on that very road at
The Chapell View My first job out of college was working at a MailBoxes Etc. (Now called the UPS store.) We had a regular UPS guy, Joe, who came to the store just about every night to pick up the days packages. Joe was a bit older, maybe in his 50's, and had been with the company for at least 25 years. I remember that he was a pretty cool guy. Almost every night, we'd chat about something or other. And I got the impression that he did the same with all of his customers. One day I asked him how he was able to spend/waste so much time with his customers each day. Joe mentioned that he really enjoyed chatting with people, and that he would usually give up all or part of his lunch hour on days where he spent too much time talking. If Joe's movements had been tracked with GPS, he would not have been able to take the time to mingle with his customers.
The problem with all of these tracking devices is that they dehumanize the work that people do. You gain certain efficiencies, and you are more likely to catch the employees who aren't doing the right thing, but you lose any willingness (or ability) for those employees to take ownership of their jobs. They stop thinking of new and better ways to do those jobs because there's no incentive (i.e., ten minutes extra at lunch) for them to do so. Moreover, there's the potential problem of abuse of these tracking powers.
Cell
industry pushes toward directory AZCentral - At a time when millions of Americans have become more concerned about privacy, cellphone companies are pushing ahead with a plan to put customers' numbers in a wireless directory. The industry will begin laying the groundwork to integrate wireless numbers into the existing 411 directory assistance service in January. By spring, most wireless-phone companies will start asking customers if they want their number listed. Most customers are likely to say no, according to surveys.
The Chapell View More info on the wireless directory. According to TNS and TRUSTe survey, only 11% of consumers would volunteer to list their cell # in the directory. Why move forward with a project that your customers clearly don't want?
Real
User Recognizes a New Take on Security Jim Melonas
wants you to forget the dozen passwords you use to log in to your employer's
computer systems and applications, your online banking account and your
e-mail, and concentrate on remembering that attractive face in the top right
corner. Melonas is executive vice president of Real User Corp., an
The Chapell View One of my predictions for 2005 is that we're going to start moving away from passwords, and start moving towards other forms of user identification and verification.
I like Real User's basic premise. This could work. The way I see it, there are TWO problems with most approaches to user verification systems. The first problem is that it's been a challenge to develop a system that is easy for people to use, relatively inexpensive and secure.
Most of the other authentication systems seem pretty expensive, although costs for biometrics are certainly coming down. Passwords are fairly easy, and certainly inexpensive, but are not always secure. Passwords are problematic because people often insist on writing their password down on a sticky pad next to their computer, or else they name their password after their first born child, or something else that's pretty easy to guess. Conversely, the Real User platform only requires that the user be able to remember a number of faces. I'm pretty good at recognizing faces, and I'll take their word that most people wouldn't have too much problems either.
The second problem with user verification is that one generally has to verify their identification with multiple entities. For example, I have a separate string of passwords for my bank, to access my email program, and for the websites I patronize. And I'm supposed to have a separate password for each in order to maintain my security. So somebody need to invent a universal identifier so that I only need to verify and authenticate my identity once per session. I glanced through one of Real User's white papers which suggests that their platform could work across multiple sites and/platforms.
Will Real User be the company to break through? I think it's a bit too early to tell. But so far, I like what I see.
© 2004 by Alan Chapell & Associates LLC |
