Purchase Circles Trip Alarms in Privacy Circles
For Microsoft, Redmond, WA, the controversy stemmed from a sensitive breach of security within the company's Hotmail service network, leading to critical e-mail computer codes being posted on an Internet site by hackers. Officials said the information could have helped additional rogue computer programmers crack thousands of passwords on consumer's private e-mail accounts.
Microsoft acknowledged that it was forced to interrupt all Hotmail service for an undetermined number of hours until the system's integrity was restored but said there were no reports of compromised account security by customers. However, in published reports, Avi Rubin, an Internet security expert at AT&T Labs, said, "We're just at the tip of the iceberg. Reports of these kinds of flaws are just going to escalate," adding that Web browsers still suffer from too much vulnerability, and that most computer operating systems and applications interact with each other in such a way that more problems can be expected.
At Amazon.com, Seattle, the drama appears more related to incompetent public relations surrounding its latest marketing promotion rather than any compromise of computer security. The trouble started late last month when the company rolled out its new "purchase circles" campaign, which displays on its Web site provocative insights into customer buying habits. The data is not only comprehensive but grouped by personal addresses, places of employment and sensitive subject interests. The categorizations number in the hundreds and include the purchasing behaviors of people living in the smallest American towns, as well as employees of major banks and clothing retailers -- something regarded as fascinating to some, but enraging to others.
Paul Hagen, a senior analyst with Forrester Research, Cambridge, MA, who is working on a privacy report due out later this month, said this week's debates captured the problem.
"Technology is speeding ahead, and the personal intrusions are becoming more sophisticated with more ability to harness data across multiple systems," he said. "The power of the Internet does shorten [the distance between] supply systems and communications -- but on the back end there is a lot of sharing of data between systems, and it is significant."
Significant indeed. Amazon.com boasts a database of more than 10 million customers. In response to critics, Amazon.com said it will allow its customers to opt out of its purchase circles rankings, but the company clearly received its first black eye in the battle over privacy issues, further illustrating the enormity of public concern over protection of their personal data.
Moreover, staunch advocates of self-regulation remind critics that the very development of "corporate privacy policies" is a relatively new phenomenon, and major banking institutions like Citibank, New York, have responded vigorously to protect and reassure consumers that private information about them is being responsibly managed.
"We are planning to implement Internet protocol security in a range of our networking products which will help provide enhanced security over computer networks," said George Alfs, a spokesman at Intel. In the meantime, he stressed the importance of companies using encryption technology, and consumers using up-to-date anti-viral software.
"My take is that media is interested in covering the consumer side of this issue as well as the industry's side," Hagen said. "But it seems to me that the Federal Trade Commission has buried its head in the sand. Privacy policies are a joke. Few companies comply with all the fair information principles and practices [of the FTC], and organizations like TRUSTe still have relatively little traction. Meanwhile, you have people lining up for free PCs in exchange for information about them. You have millions signing up for scan cards to get discounts in groceries. It's a funny thing. People say they are concerned about privacy, but if the value proposition [offered by a company] is right, people remain willing to give their personal information away."