TRUSTe Stung by Own Privacy Gaffe
Aug 25, 2000 12:00 AM PT
TRUSTe, a coalition of such online firms as America Online, Excite@Home and Microsoft, said it took steps to remove the offending programs associated with theCounter.com, which had the capacity to gather personal information from the browsers of visitors to TRUSTe's home page.
TRUSTe announced late Thursday that it discontinued the use of theCounter.com's software after just two weeks. CEO Bob Lewin said there is no evidence that any personal information was collected.
"As we advise other Web sites, the best practice in a case like this is to immediately eliminate the possibility that any information is being improperly transferred," Lewin said.
However, in an interview with the E-Commerce Times, Interhack co-founder Matt Curtin said that it appears as though TRUSTe simply did not know the technical capability existed in theCounter.com's software to track specific users.
Curtin said, "This is another example of building things up based on policy instead of based on what the technology is actually capable of doing."
According to theCounter.com, the company shares ownership of the Web site data it collects, and is not bound by the policies of companies that use its product.
After reporters called TRUSTe to inquire about theCounter.com's software, the feature was removed from the site. In a statement, the organization said it wanted to be able to track which pages on its site were getting the most visitors and chose the product specifically because it believed no personal data would be gathered.
TRUSTe has been a high-profile watchdog for online privacy issues. The organization recently touted a survey that found its imprint was the most trusted name on the Internet. The group also took a strong stand against Toysmart.com's bid to sell customer information after that online retailer went bankrupt earlier this year, a sale that is now tied up in bankruptcy court.
Just last week, the Pew Internet & American Life Project found that 86 percent of Americans would prefer that online companies ask them before collecting personal information and give consumers the chance to "opt-in" to the information-gathering schemes.
Meanwhile, Interhack clearly relished having caught TRUSTe's misstep, posting the discovery on its main home page. "Perhaps we'll see TRUSTe investigate itself and publish the results so we can understand just how TRUSTe came to allow such a violation of its visitors' privacy," Interhack said in a statement.
Policy or Infrastructure?
For Curtin, a self-described hacker, the issue is less about privacy policies and more about the construction of the Internet.
"Are we trying to create liability for people who violate privacy or should we be trying to build a system that doesn't make such privacy violations possible in the first place?" he asked. "I'm definitely in the latter camp, but right now that makes me unpopular."