Businessweek - July 3, 2006 - Law enforcement officials say the criminals tend not to follow through after stealing personal data The headlines are enough to make you swear off eBay and lock your wallet in a safe-deposit box. Supposedly trustworthy companies like LexisNexis, Time Warner, ChoicePoint, and Wells Fargo, admit that the records of their customers or employees have fallen into the wrong hands. In one case, thieves break into a Midwest office of American International Group and steal a computer server containing personal data on 930,000 employees of companies seeking medical coverage. And in the Big Kahuna of identity theft, a laptop containing Social Security numbers and other sensitive information for nearly 29 million active and former military personnel is stolen from a Veterans' Affairs Dept. staffer's home in suburban Maryland.
The Chapell View Ahhh... the power of statistics and hype. It's easy to pull headlines with statistics such as "1 in 4 American's has had their digital data exposed in the past 18 months," and "X% of American's has had spyware on their computer." While there's definately a good deal of truth to the hyperbole, I don't think anyone really knows the broader implications of either of those stats. The police (in many cases) are not particularly advanced in spotting and investigating these types of crimes.
While I don't think that ID theft is going to cause a financial crises, these are certainly people in this country whose lives have been absolutely torn apart by ID theft. And I would hate to think that some old-school direct-marketer (many of whom still really don't get it when it comes to privacy and security) would look at this story and think, "gee, maybe this isn't such a big deal." "the Communist Party has infiltrated all levels of the U.S. Govt.
Until we fully understand how to reliably detect and report these types of breaches (we're getting close) and understand their full impact upon victims (and not just in terms of credit card fraud), we can't make a prediction as to their relative impact.
SF Gate - June 23, 2006 As more people turn to Web applications for everyday tasks like e-mail, friendship and payments, cyber criminals are following them in search of bank account details and other valuable data, security researchers said.
Users of Yahoo Inc.'s e-mail service, Google Inc.'s Orkut social networking site and eBay Inc.'s PayPal online payment service were among the targets of attacks in recent weeks. All three companies have acknowledged and plugged the security holes.
The Chapell View We probably shouldn't be terribly surprised that online applications are beginning to become the target of hacking or other malicious attacks. These applications are being increasingly used - webmail, messaging, online office applications (not to mention social networking) are all getting increased traffic. And as the author of this AP story notes, a lot of the security issues with operating systems and desktop applications have been fixed by Microsoft and others.
What goes unmentioned in this story, though, is the increased data collection that often goes along with web-based applications. Why is this relevant? In part, because of the struggle for consumer eyeballs. Marketers have found that online applications are a great place to serve advertisements, and this is how many online applications are monetized.
Take the many web-based services offered by search engines. Google Desktop Search, for example, uploads copies of desktop files to Google's servers in order to create a better search index. Now, Google theoretically can put this data to use when serving advertisements on its search engine (and most search engines, including Yahoo!, MSN, and others are all at least testing "personalized" search results).
But this transfer of data from the desktop to business servers underlines a couple of possible risks. First, more data is available to hackers on company servers - and according to the AP, this is where they're increasingly looking for it. Second, as the line between desktop and browser continues to blur (and it's getting pretty fuzzy), the number of exploitable flaws may increase. I'm no security expert, but it seems like the more connections in place between a company server and a consumer desktop, the more places there are for a hacker to get in. Correct me if I'm wrong, though.
As more online applications emerge, I think many business models are going to depend on advertising in some regard - and may draw on and store desktop data as well. Think about Windows Live. Microsoft's suite of online applications and office tools (currently in Beta) has already begun serving MSN ads, and certainly gives users the ability to share or upload data.
Microsoft has said it plans to publish its privacy standards come August - and this may be just the time to do so. As more and more of lives shift toward a web-based model, and more data is increasingly traded between consumer and company machines, I do think there are going to be increased privacy concerns.
ZDNET - June 25, 2006 Microsoft plans in August to publicly release the privacy rules its employees have to follow when developing products. The move, which offers a look behind the scenes at Microsoft, is meant to give the industry an example of what the software giant sees as best practices in customer privacy, said Peter Cullen, the chief privacy strategist at Microsoft. "We think that this is information that partners and others could benefit from. Lots of people build and develop applications," Cullen said in an interview Thursday in the US. "The privacy development standards will not only be made public, but we will actively be promoting their use so that others can benefit from what we've learned."
The Chapell View A nice idea, although it's hard to comment too much until I have a chance to read through them. Having interacted with several members of MSFT's privacy and software teams over the past year, I will say that they've developed as detailed a view of the consumer consent and download experience as just about anyone.
My assumption is that there's nothing in these guidelines which will contradict the TRUSTe Trusted Download program requirements, the Anti-Spyware Coalition standards documents and/or other privacy standards. Unfortunately, we'll need to wait a month to find out...
Given that MSFT has a tendancy to sit on many different sides of the proverbial equation (anti-spyware software, O/S maker, Search, Media network, ad supported software vendor, just to name a few) I would imagine it must've been a challenge to craft a workable document that didn't collaterally damage one or more of its businesses.
Of course, any set of standards tends to paint a bullseye on the back of those who create them...stay tuned.
ImediaConnection.com - June 14, 2006 - Global Resource Systems' campaign manager gives background on how and why to use BT in your email campaign. Behavioral marketing, with its ability to truly segment and target your audience by their past online behavior, is not only for banners or networks. Using this method in your email campaigns can significantly change the way you send your emails for the better. By collecting information about your lists, you can send relevant offers based on a user's prior purchases. Instead of just relying on demographic data, you can deliver each unique addressee offers and information that they want, according to their behavioral patterns.
The Chapell View Now that just about everyone seems to be talking about using behavioral targeting with email, I wonder how many in this space are providing some level of notice of this fact to their customers? If you're going to combine personally identifiable information such as name, street address or email, with online behavioral information and analytics such as web surfing information and online purchase history, shouldn't this be communicated to consumers in some way?
If the answer is YES (which would seem to make sense to me), then exactly how many marketers and/or publishers are in fact providing these disclosures? How many analytics companies and email service providers are requiring (or at least encouraging) that their customers make these disclosures?
Isn't this what DCLK got into hot water for several years ago?
iMedia Connection - June 7, 2006 Email is where advertisers can best integrate BT with all their other customer information. "Using behavioral targeting with email is not a new idea," says Shar VanBoskirk, senior analyst with Forrester Research in Cambridge, MA. "It is something that good, smart marketers have been tuned into for several years: understanding that the activities within an email are good clues to the types of offers that would be useful to send in a subsequent message. In fact, email used BT even before other types of online advertising did." So it's no surprise that right now email is where advertisers are best integrating BT with all their other customer information. Let's examine the current use of BT with email in more detail...
The Chapell View Not to pick on Robert M., (I'm a fan) -- but what's the deal with using the term "Behavioral Targeting" to describe what (until recently) we used to call Email Personalization, or even Database Marketing?
Guess that's a sign that BT is hot - everyone wants to say they do it...
So what will we call it when an email marketing actually figures out how to combine email performance data with online surfing data in a manner that is privacy safe?
iMedia Connection - June 02, 2006 A Chapell Article About once a month, I get a SMS (text message) from a five-digit number asking me something like, "Would you like to receive great relevant offers from so-and-so?" I can't say that this has ever seemed like the most compelling pitch; I don't remember ever signing up to receive this sort of marketing, nor am I told what sort of ads these will be. The SMS also states, "If so, txt YES to this number. If not, txt STOP to this number." So I send a four-letter SMS in reply and about a month later get the same message again.
Evidently, I'm not alone. According to a new study from the Pew Internet and American Life Project, the Associated Press and AOL, 18 percent of cell phone users report getting text message spam on their phones...(more).
ClickZ Newsletter - June 1, 2006 Later this month, if a cake is provided, I'll blow out 50 candles to mark the anniversary of my birth. Not sure I'm any wiser after all these years, but I am less patient with those who waste time. This world has no shortage of real problems to deal with, so we should focus on putting our energies, support, and priorities in order. This entire debate around spam, filters, blocking, absorption, Sender ID (define), and DomainKeys (define) ad nauseam has reached my boiling point. For the almost 28 years I've been in the ad business, there have been people who won't stop complaining until there's no shred of commercial messaging available anywhere on the planet. These are the folks who don't like commercials on TV, too many print ads in their magazines, :30 spots on radio, billboards, telephone calls, direct mail, pop ups, banners, and so on. It appears these folks will never be satisfied...
The Chapell View I agree with Big Al on the problems caused by the "Report Spam" button, and completely understand the frustration over the propensity of the anti-marketing zealots (and others who simply can't be bothered with finding the unsubscribe button) to use "Report Spam" as a first, rather than a last resort.
Having said that, (and at great risk of sounding like one of those "anti-marketing zealots") I think that part of the problem lay in email marketers' reliance upon hitting the "Send Button" instead of taking the necessary (and sometimes costly) steps to build an effective preference program. Even many of the so called "legitimate" emailers have told me both privately and publicly that they don't have the resources to develop such a program. Al talks about email marketers that "fail" to develop a relationship with their audience - it's hard to build that relationship unless you know something about the audience AND use that knowledge to engage them...
On a similar note, I had a chat with Richard Gringas from GoodMail last week. And I now have a significant amount of confidence that GoodMail may hold a solution to both of these problems. First, if ISPs use Goodmail's certification as a determining factor in whether email gets through, that will likely lessen the impact upon deliverability of those Users who are prone to hit the "Report Spam" button. Second, if emailers are forced to incur additional costs around sending additional email messages, they may be forced to make a business decision prior to hitting the "Send Button." I guess we'll see...