Purchase Circles Trip Alarms in Privacy Circles

Two of the country’s biggest and most visible Internet-related companies — Microsoft Corp. and Amazon.com — found themselves at the center of the privacy firestorm this week after two high-profile incidences relating to the security of consumer’s private information fueled more outrage among critics.

For Microsoft, Redmond, WA, the controversy stemmed from a sensitive breach of security within the company’s Hotmail service network, leading to critical e-mail computer codes being posted on an Internet site by hackers. Officials said the information could have helped additional rogue computer programmers crack thousands of passwords on consumer’s private e-mail accounts.

Microsoft acknowledged that it was forced to interrupt all Hotmail service for an undetermined number of hours until the system’s integrity was restored but said there were no reports of compromised account security by customers. However, in published reports, Avi Rubin, an Internet security expert at AT&T Labs, said, “We’re just at the tip of the iceberg. Reports of these kinds of flaws are just going to escalate,” adding that Web browsers still suffer from too much vulnerability, and that most computer operating systems and applications interact with each other in such a way that more problems can be expected.

At Amazon.com, Seattle, the drama appears more related to incompetent public relations surrounding its latest marketing promotion rather than any compromise of computer security. The trouble started late last month when the company rolled out its new “purchase circles” campaign, which displays on its Web site provocative insights into customer buying habits. The data is not only comprehensive but grouped by personal addresses, places of employment and sensitive subject interests. The categorizations number in the hundreds and include the purchasing behaviors of people living in the smallest American towns, as well as employees of major banks and clothing retailers — something regarded as fascinating to some, but enraging to others.

Paul Hagen, a senior analyst with Forrester Research, Cambridge, MA, who is working on a privacy report due out later this month, said this week’s debates captured the problem.

“Technology is speeding ahead, and the personal intrusions are becoming more sophisticated with more ability to harness data across multiple systems,” he said. “The power of the Internet does shorten [the distance between] supply systems and communications — but on the back end there is a lot of sharing of data between systems, and it is significant.”

Significant indeed. Amazon.com boasts a database of more than 10 million customers. In response to critics, Amazon.com said it will allow its customers to opt out of its purchase circles rankings, but the company clearly received its first black eye in the battle over privacy issues, further illustrating the enormity of public concern over protection of their personal data.

As far as genuine security breaches go, critics can’t accuse Amazon.com of any guilt, nor can they really point the finger at Microsoft as a bad guy because it has the strictest policy on privacy matters of any company in the industry. In fact, Microsoft is the only business that has threatened to pull advertising from Web sites that don’t post a privacy policy in accordance with the Federal Trade Commission’s guidelines. Other big companies — including IBM Corp., Armonk, NY, and Intel Corp., Santa Clara, CA — have instituted similar rules but have fallen short of endorsing the FTC’s position.

Moreover, staunch advocates of self-regulation remind critics that the very development of “corporate privacy policies” is a relatively new phenomenon, and major banking institutions like Citibank, New York, have responded vigorously to protect and reassure consumers that private information about them is being responsibly managed.

“We are planning to implement Internet protocol security in a range of our networking products which will help provide enhanced security over computer networks,” said George Alfs, a spokesman at Intel. In the meantime, he stressed the importance of companies using encryption technology, and consumers using up-to-date anti-viral software.

At Forrester, Hagen conceded that no one has an easy answer in the battle over who ultimately has control over consumers’ private information. The debate will continue to evolve with public developments, and marketers will be presented with new levels of complexity while looking for cues from competitors, the government and the media on how to navigate between security protection and privacy policy.

“My take is that media is interested in covering the consumer side of this issue as well as the industry’s side,” Hagen said. “But it seems to me that the Federal Trade Commission has buried its head in the sand. Privacy policies are a joke. Few companies comply with all the fair information principles and practices [of the FTC], and organizations like TRUSTe still have relatively little traction. Meanwhile, you have people lining up for free PCs in exchange for information about them. You have millions signing up for scan cards to get discounts in groceries. It’s a funny thing. People say they are concerned about privacy, but if the value proposition [offered by a company] is right, people remain willing to give their personal information away.”

Related Posts