Ecommerce topics

  UNSW lecture on Privacy and Technology

Topics

1. What is privacy? What is information privacy? What is data protection?
2. How is privacy affected by (information) technology and technological change?
3. How should privacy be protected, extended or limited? What other societal interests does it compete with?
4. Discuss the above questions applied to the following technologies:
   
   1. email and SMS (spam);
   2. web browsing cookies, web bugs, other unique IDs, and anonymizing technologies;
   3. Radio Frequency ID devices (RFID);
   4. Mobile phone location
   5. Calling Number Display (CND);
   6. cryptography, wiretapping, government interception

1. Links in PITs and PETs Resources Site;
2. The OECD Data Protection Guidelines: A Template for Evaluating Information Privacy Law and Proposals for Information Privacy Law (1989). For further optional update, see his draft follow-up: Beyond 'Fair Information Practices': A New Paradigm for 21st-Century Privacy Protection (work-in-progress 1998)

  Secure iWorld Online Privacy Conference

Great Disasters in the History of Privacy

Presented by Jason Catlett
President, Junkbusters Corp.

catlett@cut-this-word.junkbusters.com

http://www.junkbusters.com/ecommerce.html

Disclaimer: nothing here is legal advice

Abstract:

Each week's headines bring more examples of how the privacy of individuals can be violated. Many of the larger incidents have driven legislation, regulation, litigation and public backlashes against associated institutions, regardless of their intentions. What can practitioners learn by examining the shrapnel and the background of these crashes?

1. Incidents in recent years involving companies such as Doubleclick, Intel, Amazon.com, Microsoft, Real Networks, Yahoo, eBay, Eli Lily, and others.
2. The centuries-old problem of the unpredictable social effects of technology
3. Failures of government institutions, public policy, legislation, and the court system
4. Privacy seals and certification programs: over-rated or under-valued?

My personal view, focusing on commercial invasions (vs government, press)

For other historical views see:

Ben Franklin's Web site by Robert Ellis Smith

Database Nation by Simson Garfinkel

The Right to Privacy by Ellen Alderman and Caroline Kennedy

Two American views on history

"History is more or less bunk. It's tradition. We don't want tradition. We want to live in the present and the only history that is worth a tinker's dam is the history we make today."

Henry Ford, on international disarmament, 1916

An opposing view on history

"Progress, far from consisting in change, depends on retentiveness.... [W]hen experience is not retained, as among savages, infancy is perpetual. Those who cannot remember the past are condemned to repeat it... This is the condition of children and barbarians, in whom instinct has learned nothing from experience."

George Santayana (1863-1952), U.S. philosopher, poet. Life of Reason, "Reason in Common Sense," ch. 12 (1905-6).

What is privacy and how is its limited?

A fundamental human right, limited by other rights

Privacy (1): freedom from information intrusion
- limited by free speech

Privacy (2): information self-determination
- limited by fair use

Freedom and history

``World history is the progress of the consciousness of freedom'' - Hegel

``Freedom is independence of the compulsory will of another'' - Kant

Ancient Historical Disasters for Privacy

1. 3200 B.C.E.: Writing invented
2. 2275 B.C.E.: Chinese invent the census
3. c. 2000 B.C.E.: Notices in Egypt for reward for capture of runaway slaves
4. 1017 B.C.E.: King David counts the people of Israel (>157,000); Angel of the Lord destroys the territory (70,000 die in plague) (2 Samuel 24:1; 1 Chronicles 21:1 blames Satan)
5. Much subsequent resistance to census-taking, particularly in times of plague (e.g. 1666)

Milestones of the Millenium for Advertising

1. 1180: Town criers (for governmental announcements)
2. 1415: criers authorized for mercantile announcements [both dates for France]
3. 15th Century: movable type
4. 1480: advertising on doors of churches for The Pyles of Salisbury Use (a religious law book)
5. 1722: Corporation des afficheurs in France (billboards/posters/hoardings)
6. 1835: Jared Bell prints 9x6 posters advertising the circus and theater in the US.
7. 1872: International Bill Posters Association of North America established (later the Poster Advertising Association, which in 1925 merged with the Painted Outdoor Advertising Association and became the Outdoor Advertising Association of America.)
8. 1965: The Highway Beautification Act limits billboards

But when did people start getting really mad about being interrupted?

My best, earliest documented case: 1797

Coleridge claimed in 1812 to have been interrupted by ``a man on business from Porlock'' while writing Kubla Khan in 1797

Scholars differ on whether he is to be believed

The origin of the Papparazzi battles

1. 1888: George Eastman invents the Kodak "Snap Camera"
2. 1901: Abigail Roberson sues a company that used a picture of her on a flyer without her consent. Courts find against her
3. 1903: New York state enacts law giving individuals rights over commercial exploitation of their "name and likeness." Other states follow

Technology changes the economics of commercial messaging and processing of personal data

1. Individuals act, influence others, and are dominated or submissive
2. Organizations adopt policies and practices
3. Governments pass laws and issue regulations
4. Courts interpret laws and rule on constitutionality

The press as enemy of privacy

1890: ``Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery.'' -- Warren and Brandeis

The government as enemy of privacy

Many fundamental functions of government inherently conflict with privacy

1. Taxation, especially as an instrument of social policy
2. Maintenance of armies (e.g. Bill of Rights)
3. Law enforcement investigations

1887: Herman Hollerith patents his "census machine" (punch card)

Corporations as enemy of privacy

1. 1884: John Patterson buys National Cash Register, pioneers B2B DM
2. c. 1886: Richard Sears pioneers direct mailing of catalogs; later moves to Chicago in partnership with Alvah Roebuck
3. c. 1872: Aaron Montgomery Ward prints his first catalog
4. 1880's: Retail (consumer) credit reporting
5. c. 1900 Homer Buckley coins the phrase "direct mail" and offers creative services to manufacturers
6. c. 1912: Federal Trade Commission established
7. 1913: Parcel post introduced
8. c. 1917: Direct Mail Advertising Assocation formed (name changed in 1973 to Direct Mail/Marketing Association and in 1983 to the Direct Marketing Association)
9. 1926: Book-of-the-Month Club
10. 1930's: Gilette mails 10 million razor blades
11. 1928: Third class mail introduced (recently renamed "standard mail")
12. 1951: Lillian Vernon starts operations

Legislation and business lobbying

Management guru Theodore Levitt on Why Business Always Loses (HBR March-April 1968)

``Whether we talk about the Sherman Antitrust Act or the Federal Reserve Act, or the Federal Trade Commission Act or the National Park Service Acts, or the Child Labor Acts or the Securities Exchange Act... business as a rule fought these programs and lost. Often it fought them with such gruesome predictions of awful consequences to our private enterprise system that one wonders how the foretellers of such doom can now face themselves in the mirror each morning and still believe themselves competent to make important decisions on major matters in their own companies. [...Most such legislation] has been for the good of our society and the good of business.

``...Why has business not taken the long view of where its own interests lie...? [the explanation] is that business simply abhors change.''

Also the author of The Dangers of Social Responsibility

The Fifties

1. 1950: Supreme Court upholds the constitutionality of a local ordinance prohibiting door-to-door solicitation
2. 1956: The Postal Revenue and Federal Salary Act gives addressees the right to stop solicitations
3. 1950's: credit and charge cards (Diners, American Express)

The Sixties

1. 1960's: Mainframe computing goes commercial
2. 1963: USPS introduces the ZIP Code
3. 1964?: Vance Packard's
4. 1964: Ford Motor Company makes 20 million calls to generate leads for dealerships, the first mass telemarketing campaign The Naked Society
5. 1967: Supreme Court decides that the Fourth Amendment applies to telephone communications
6. 1967: the toll-free 800 number
7. 1968: WATS and lower long distance tarifs enable the growth of national call centers
8. late sixties: Murray Roman, the "father of telemarketing," founds Campaign Communications, hiring out-of-work NY actors to sell subscriptions for the Saturday Review.
9. 1969: Richard Nixon appoints as director of Census Bureau George Hay Brown, formerly Director of Marketing at Ford (first of many marketers in the post)

The Seventies

1. 1970: Rowan et al. vs US Post Office et al.
2. 1971: Fair Credit Reporting Act
3. 1972: First census data (poorly) appended by ZIP code; Claritas improves
4. 1973: Department of Health, Education & Welfare report invents several principles of Fair Information Practice
5. 1974: Westin's definition in Privacy and Freedom
   ``Privacy...is the claim of individuals... to determine for themselves when, how, and to what extent information about them is communicated to others...''
6. 1974: Privacy Act for Federal Goverment agencies

1980: OECD publishes guidelines for Fair Information Practice consisting of eight principles:

1. Collection Limitation (to lawful and generally consensual collection)
2. Data Quality (relevant, accurate and up-to-date data)
3. Purpose Specification (stated when collection)
4. Use Limitation (no sharing, or secondary use without consent)
5. Security Safeguards
6. Openness (about practices)
7. Individual Participation (access, correction, deletion)
8. Accountability

The Eighties

1. 1985: DMA establishes Telephone Preference Service as predictive dialers enable a boom in telemarketing
2. 1984: UK Data Protection Act (among many other countries)
3. 1986: Electronic Communications Privacy Act
4. 1988: Video Privacy Protection Act

The Nineties: The emergence of spamming

1. 1982/2: Earliest known email chain letter
2. 1994/4: Lawyers Canter and Siegel spam for green card lottery
3. 1995/4: Jeff Slaton proclaims himself "the Spam King," spamvertises atom bomb blueprints
4. 1995/11: Cyber Promotions, aka CyberPromo, a spam factory
5. 1996: Its opposite in email marketing: Netcreations (double opt-in)
6. 1996: Compuserve wins judgments against Cyber Promotions
7. 1996: The ``R9ch'' and ``tiptoe001'' child porn spam
8. 1995/5: Floodgate (spamware)
9. 1995/5 Newsgroup news.admin.net-abuse established
10. 1997: First Federal statutes banning spam proposed
11. 1997: Federal Trade Commission emerges as de facto privacy regulator, despite lack of specific statutory authority. Holds spam "workshop"; Cyberpromotions' Sanford Wallace looks uncomfortable
12. 1997: Canadian Direct Marketing Association prohibits members from spamming
13. 1997: Better-organized spam resistance (MAPS?, CAUCE (97/5), startups)
14. 1998: Cyber promotions shuts down under multi-million dollar judgements
15. 1998: First spam laws: Washington State and California (Miller)
16. 1999: Virginia bill proposes criminal liability for spamming
17. 1999: Dictionary spamming
18. 2000: DMA's eMPS

See also: Keith Lynch's timeline

The Nineties: Online Privacy

1. 1990: Lotus Marketplace: Households, a CDROM product from Lotus Development Corp. and Equifax stopped by public opposition
2. The 1991: Telephone Consumer Protection Act limits telemarketing, recorded message players
3. 1995: Browsers remove "mailfrom" headers
4. 1995: Netscape invents the cookie
5. 1995: EU's Directive on personal data privacy
6. 1997: FTC holds workshops on consumer privacy and spam; ponders legislative policy
7. 1997: TRUSTe Seal Program begins
8. 1998: The Children's Online Privacy Protection Act (COPPA)
9. 1999/3: BBBOnline Privacy Seal
10. 1999: Eloan publishes first letter of attestation from an auditor of its privacy policy and information practices
11. 2000/5: FTC recommends online privacy legislation to Congress, reversing "self-regulation" policy
12. (Also Department of Commerce beings "Safe Harbor" scheme for EU)

Sample privacy disasters from recent history

(Click through to historical description from http://www.junkbusters.com/ecommerce.html on the Web)

Famous cases: Doubleclick, Microsoft, Real Networks, Blizzard, Brodcast and other ``E.T. software,'' Intel, etc.

Eli Lilly

1. Published an email list relating its product Prozac
2. Assured subscribers of security and privacy
3. In a July 2001 emailing, all 600 subscribers' email addresses were visible in the email
4. Privacy advocates raised case in meetings and letters to the FTC
5. Discussed in congressional committees
6. FTC investigated and reached a consent decree in January 2002
7. Company later settles with state AGs

Many other accidental disclosures (a.k.a. ``data spills'') e.g. Microsoft Hotmail, Experian, Amazon.com, Travelocity, ,Butterball and Ikea.

Microsoft Passport

1. Consumer and privacy groups ask the FTC to investigate violations of privacy and federal law in Microsoft Passport and XP (2001/7)
2. FTC finds that Microsoft made four material representations: relating to security, collection of information, and compliance with COPPA. (2002/8/8)
3. Microsoft must implement an information security plan and be audited every two years by a suitable third party (e.g. PWC)
4. FTC will watch for false representations of the abilities of the Passport system
5. Agreement lasts 20 years

Excessive collection

1. Real Networks secretly collected details of CDs played on consumers' PCs transmitting the data (including email address) encrypted to its servers (1999)
2. Blizzard sued for extracting email addresses from the Windows registries of users' computers without their knowledge or consent (1998)
3. Comet Cursor reporting to its Web server the pages on the web sites its software users visit (1999)

Bankruptcy

1. Bankrupt Toysmart's customer list became a disputed asset (2000)
2. Bankrupt drkoop.com sold its members' e-mail addresses to Vitacost.com. despite a privacy policy saying that personal information "will not be disclosed to anyone unless the visitors indicate that Drkoop may do so." (2002)
3. Many other forgotten victims of the dot com crash

"We've updated our privacy policy..."

1. Doubleclick (1999) attempts to associate personal information with previously pseudonymous cookies
2. eBay (2002) attempted to repudiate all representations on privacy other than their long policy; weakened policy in other ways
3. Amazon (2000) redefines "never" on selling personal information
4. Resetting "marketing preferences:" Yahoo (2002/3), Ebay (2001), AOL (1999)

Some cautionary tales on dealing with others (business partner failures)

1. Coremetrics and Toysrus.com;
2. ``Cookiegate''; several drug companies and Pharmatrak (Moral: be careful about outsourced services, especially when data collection methods are visible to all)
3. Amazon and Alexa; Yahoo and Broadcast.com (Moral: be careful of the information practices of subsidiaries acquired)

How not to build trust in your brand:

From AT&T Wireless Subscriber Agreement, March 2000:

``If you choose to use your AT&T Digital PocketNet service to access content provided by third parties or purchase products from third parties, then your subscriber identification, which includes your mobile number, will be available to the third party provider.''

(Later in 2000 AT&T replaced the MIN with a meaningless but constant identifier.)

Transmitted the data needed for the most hated interruption in America: telemarketing

Online Privacy Seal Programs

Disclosure: I have been a critic of these programs because they were were primarily an attempt to thwart the passage of privacy laws

Basic idea: a business volutarily licenses a ``trustmark'' by paying a fee and agreeing to certain standards in its information practices

The following assessment is a summary of a 2000 report by the Privacy Commissioners of Ontario and Australia (some of the programs have since changed)

"BBBOnLine

1. awards a seal to businesses that post online privacy policies which meet the required "core" principles, such as disclosure, choice and security;
2. provides for the settlement of consumer disputes;
3. monitors compliance by requiring participating companies to undertake, at least annually, an assessment of their online privacy practices; and
4. imposes specific consequences for non-compliance, such as seal withdrawal, negative publicity and referral to government enforcement agencies."

Claims greatest brand recognition among consumers

TRUSTe

1. Conceived in 1996 and founded by the Electronic Frontier Foundation and the CommerceNet Consortium. Now an independent non-profit.
2. Sponsors include AOL, Intel, and Microsoft
3. Claims "most promient symbol on the Internet"
4. Original privacy seal later expanded with Safe Harbor Seal and Children's Privacy Seal
5. First complaint was raised against Microsoft by Junkbusters in 1999/3. Microsoft's products and procedures were collecting personally identifiable information along with a Global User ID, secretly and contrary to representations made by Microsoft.
6. TRUSTe found Microsoft did ``compromise consumer trust and privacy,'' but did not breach TRUSTe's licensing agreement

WebTrust

1. Developed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA)
2. Offered by CPAs in several countries.
3. Requires CPAs to conduct an independent examination of the site and all its business practices and procedures.
4. Covers Business Practices and Information Privacy, Transaction Integrity and Security

The Commissioners' Summary Conclusion

"At the time of our review [2000], each of the seals had its own strengths. BBBOnLine offered the most customer-friendly dispute resolution system, while WebTrust offered the most rigorous compliance regime. In terms of privacy principles, while TRUSTe scored the highest in our assessment, it is clear that none of the seals required their participants to meet all of the OECD principles."

Drawing lessons from history: three simple paths to disaster

1. Deliberate deplorable practices (don't pass the smell test), even if upfront
2. Questionable practices, especially when discovered rather than disclosed
3. Slip-ups

Generalising: three simple (to say) ways to prevent disaster

1. Veto deplorable practices, even if profitable
2. Review and reduce questionable practices, and ensure policies and practices stay in step
3. Reduce operational errors

Technological Hubris (with 20/20 hindsight)

"I cannot imagine any condition which would cause a ship to founder. I cannot conceive of any vital disaster happening to this vessel. Modern shipbuilding has gone beyond that..."

Captain Edward J. Smith, on the maiden voyage of the Adriatic in New York, 1907

  Privacy Officers Association Tutorial 2002

Privacy Crises and Public Communications:
How companies manage, mismanage and avoid brand damage from public scrutiny of their privacy practices

Presented by Jason Catlett
President, Junkbusters Corp.

catlett@cut-this-word.junkbusters.com

http://www.junkbusters.com/ecommerce.html

Disclaimer: nothing here is legal advice

The year is 1891. You manage the Coca Cola Company. Public concern is rising that cocaine may be addictive and harmful. There is even talk of government regulation and legislation. Do you:

1. Remove all coca-related substances from the formula
2. Reduce cocaine content to trace levels
3. Keep the formula the same; run a PR campaign on the benefits of cocaine; and lobby against new pure food laws
4. Support the new drug law and use it to competitive advantage

Did legislation and public prejudice kill this company's chances of survival?

No, Coke transformed itself into a wholesome All-American beverage, then into perhaps the greatest global brand, accepted around the world.

Will privacy legislation and public concern kill database marketing?

No. Enlightened, determined and resourceful companies can embrace the trend and prosper.

Why good marketers often fail on privacy

1. Marketers deliver value by offering things people want
2. Competition to offer more, better, cheaper, faster, narrower
3. Marketers use personal information to achieve these goals
4. But the end doesn't justify every means
5. Discredit for irrelevant offers, but also for being invasive
6. So marketers often think of privacy and value as a tradeoff (wrong!)

When personal data isn't treated right

1. Spooked customers
2. Media criticism
3. Legal headaches: regulators and litigants

"Good PR practices" will not prevent brand damage when disaster strikes.
They may mitigate damage, but they are not a substitute for change (e.g. Tylenol, DoubleClick)

Good information practices are the best bet to avoid disaster

  Mobile Location Services 2001

The Starbucks coupon pipe dream:
how privacy and marketing will play out in location services

Presented by Jason Catlett
President, Junkbusters Corp.

catlett@cut-this-word.junkbusters.com

http://www.junkbusters.com/ecommerce.html

Disclaimer: nothing here is legal advice

The Starbucks coupon pipe dream:

``You're walking past a Starbucks, your phone beeps, and you've got an offer for a half-price cappucino!
(Valid only at this store, for 10 minutes. Buy now.)''

How many times have you heard this example held up as an example of a marriage made in heaven of location technology and database marketing?
Do you believe it?

The Starbucks coupon pipe dream vs Reality:

1. Technologically infeasible: requires processing power to rival the CIA
2. Economically infeasible: cost of delivering an offer far is too high
3. Socially undesirable: consumers would object to the intrusion
4. Starbucks has said they have no intention of doing it

Moral: Business basics still apply in a wireless world

1. Technological feasibility (deliverable in practice using available systems)
2. Economic feasibility (value of transaction high vs cost of offer)
3. Social desirability (good consumer value proposition, plus privacy)
4. Business desirability (advantageous vs alternatives)

Consumer adoption

1. Location information gives many people a new and creepy feeling that makes adoption uncertain and possibly fragile
2. Will technologically advanced consumers entrust companies with vast amounts of personal location information? For some, yes, (e.g. Lifeminders); for some no, never; for the majority, the answer is "It depends" on several critical factors:
   
   1. Value proposition: compelling or ____? (hint: "WAP is ____")
   2. Perceived privacy risks (diverse and sometimes imprecise, see below)
   3. Degree does user feel in control?
   4. Trust in the company offering the service
   5. Trust in the medium and the category

Perceived privacy risks

Privacy has two major aspects

1. interruption ("the right to be let alone", "seclusion from intrusion")
2. information (the individuals' control over data about them)

Mobile devices carry both risks (in spades)

1. information - when they transmit data (location and behavioral)
2. interruption - when they beep

How not to build trust in a medium/category

Location data from a vehicle tracking systems have been subpoenaed in the US. What happens if drivers are routinely contacted because they were close to the scenes of accidents? (More likely since police in US and UK have a very low bar: "likely to lead to useful information.")

At least one insurance company has announced it will offer lower premiums for drivers whose lower-risk driving patterns are verified by a GPS device

Mobile phone text message spam, though so far rare, is already the subject of one class action suit in the US. (Not a location-related issue, but may cause bad association for marketing and the phone.)

Some more encouraging examples

Vindigo: location-based marketing on handhelds without necessarily transmitting any location information

Many operators of "walled gardens" are being very cautious with location information and other access

Doubleclick claims its Japanese gateway for mobile ad serving de-identifies recipient data before transmission

Summary:

Widespread consumer acceptance of location services requires

1. Compelling value proposition
2. Low perceived privacy risks (interruption and information)
3. User feels in control (universal fair information practices)
4. Trust in the company offering the service
5. Trust in the medium and the category (no confidence-killing disasters)

  Slides from Catlett's talk at Marketing on the Internet 2001

Serving without stalking:
Privacy-friendly marketing strategies

Presented by Jason Catlett
President, Junkbusters Corp.

catlett@cut-this-word.junkbusters.com

http://www.junkbusters.com/ecommerce.html

Disclaimer: nothing here is legal advice

Can you deliver both good privacy and good database marketing Yes!

Processing of personal information should always be

1. Consensual (i.e. done with permission)
2. Transparent
3. Fair

Spamming 101 (full course notes available)

1. Do not send unsolicited bulk email
2. Be sure the addressees have asked for the email
3. State prominently your policy of keeping addresses confidential
4. Make the first message an acknowledgment
5. Keep adequate records of each registration
6. State the origin of the message up front
7. Always include clear instructions on how to unsubscribe
8. Keep a human available to deal with problems
9. Maintain adequate security of your lists

Permission should mean affirmative consent (opt-in, not opt-out)

Permission is specific

1. Not an blanket license to collect, use, disclose and send anything, anytime, anywhere, anyhow
2. Most privacy laws include a Purpose Specification Principle
3. Get the expectation clear at the beginning
4. When possible, ask customer to specify further what they want and get appropriate permissions, but
5. Don't creep the permission you have been given

Transparency is more than just notice

1. US privacy policies often contain vague descriptions of data collection and use, plus disclaimers
2. Most privacy laws go beyond transparency of practices (openness) to Individual Participation: the right to access and delete one's data (data-intense sites can cope: dash.com)
3. EU law further gives individuals the right to have the logic of automated decisions explained to them (important for dynamic pricing)

Most personalization can be done without personal data!

1. The cosmetic counter doesn't ask for ID
2. Affinity analysis (people who bought X also bought Y) can be done with pseudonyms
3. Aggregate data can be retained, but dissociated from identity
4. Server logs (and other records) can (and should) be anonymized by (partially consistently) substituting irreversible pseudonyms (for IP address, customer ID, etc)

Some specific advice

1. Avoid sharing profiles
2. Resist accepting others' Web bugs on your site (or require your domain as 2LD)
3. Allow anonymous visitors (cf. Forrester's 4 tier model)
4. Don't demand cookies; ask first
5. Ask each user's permission before performing customization
6. Disclose in detail the techniques and data used
7. Provide each user with full access to all the information maintained about him or her, along with the ability to change or destroy the information if desired
8. Always have someone minding privacy (e.g. Chief Privacy Officer, CPO)
9. Commission periodic audits to assure compliance

Summary

Go forth and market, but always maintain:

1. fairness
2. transparency
3. specific consent

  Slides from Catlett's talk at the ``Personalization Summit'' San Francisco 2000

(Also given in London)

Privacy and Profiles:
The fine line between good personalization and stalking

Presented by Jason Catlett
President, Junkbusters Corp.

catlett@cut-this-word.junkbusters.com

http://www.junkbusters.com/ecommerce.html

Disclaimer: nothing here is legal advice

The slides were similar to those above, but with the addition of some slides below.

Don't rub their noses in your binoculars

1. Yes, you can use cookies to track abandoned items in shopping carts
2. Yes, technically, you could ask people when they return if they would like it put back in for them
3. Yes, that would be a really bad idea

Godin's rule: never spook the customer

  Slides from Catlett's talk at the Internet Commerce Expo, Dusseldorf

Privacy and Interactive Media:
The fine line between good personalization and stalking

Presented by Jason Catlett
President, Junkbusters Corp.

catlett@cut-this-word.junkbusters.com

http://www.junkbusters.com/ecommerce.html

Disclaimer: nothing here is legal advice

Abstract: Fear for privacy is a major reason people don't buy online and participate in new technologies. Many new sites and services alienate their customers by disturbing their sense of privacy. How can highly interactive media provide a customized experience while staying on the right side of the regulatory and social limits? This talk examines how to apply the key principles of consent, fairness and transparency to aVoid spooking customers and attracting media criticism or legal headaches.

---

Various European legal requirements concerning privacy and personalization

1. The EU Personal Data Directive mandates fair information practices within Europe,
   prohibits export of personal data to countries without adequate privacy law
2. Various national statutes implement the Directive
3. Other national statutes extend beyond the Directive

German Laws

1. Bundesdatenschutzgesetz (Federal Data Protection Act)
2. Fernabsatzgesetz (FAG) (Distance Selling Law)
3. Teledienstedatenschutzgesetz (TDDSG) (Teleservices Data Protection Law)
   
   1. (relatively) brief but very broad law
   2. chartered new territory (1997)
   3. principles open to considerable interpretation
   4. compliance within Germany not so widespread

Some key requirements of the Teledienstedatenschutzgesetz

1. Generally requires consent for use of personal data in teleservices
   
   1. Unambiguous and deliberate act by the user
   2. Service must not be denied if user doesn't consent
2. Encourages minimization of personal data
3. Notice required for identifiable transactions (may be waived if record kept)
4. Anonymous use and payment must be provided where feasible
5. User must be notified of any forwarding of personal data
6. Pseudonyms permitted but must not be combined with identity
7. Use of data for marketing requires consent
8. Accounting data must be erased promptly

Conflict of law and transborder principles

1. The EU Electronic Commerce Directive governs the application of national laws in trans-European transactions; imposes certain transparency requirements (e.g. commercial communications by e-mail must be clearly identified) [1] [2] [3]
2. Unsolicited commercial email is illegal in many European states

Some emerging technologies and their privacy impact

1. CueCat from Digital Convergence
2. Personal Video Recorders (PVRs) such as TiVo and Replay TV
3. Broadband video services such as HomeChoice (UK)
4. Other internet-enabled domestic appliances

WAP phones and privacy

1. Incidents with AT&T and Sprint transmitting phone number
2. Unique IDs are still too prevalent
3. Mobiles have great capacity to interrupt
4. Location information amounts to a stalking datastream
5. Advertisers are concerned but fiercely competitive

  Slides from Catlett's talk at WebAttack Conference

These slides were used at Iconocast's Web Attack Conference. (2000/6/9)

Respecting privacy in your email dialogs with customers

Presented by Jason Catlett
President, Junkbusters Corp.
catlett@cut-this-word.junkbusters.com

Key points

1. Always remember Spamming 101
2. Always remember the new gospel: retention, not acquisition
   (Jim Nail's Forrester report: it's the economics, stupid)
3. Always remember Seth Godin's trinity: relevant, anticipated, personal.
4. Follow Fair Information Practices

Viral email campaigns

1. Dash.com, All-Advantage
2. Provide a dangerous monetary incentive to the masses to spam
3. Require extreme vigilance cutting off people who abuse it
4. Not for the big brands, the timid, or the stressed

Double Opt-In is the High Road

1. Your first email response contains a unique code
2. To confirm enrollment, customer must reply or click-thru
3. No subsequent email without confirmation

Avoids

1. Highly inert consumers
2. Typos (yes, many consumers mistype their email addresses)
3. Malicious signups (e.g. FTC chairman)

Pioneered by NetCreations PostMaster Direct

The Future: Marketing to Pseudonyms

1. Email-free email lists (Guidescope.com)
2. Credentialed pseudonyms (ZeroKnowledge.com)
3. Anonymous shipping and payment (TBA)

  Slides from Catlett's talk at the ``Personalization Summit'' San Francisco 1999

Presented by Jason Catlett
President, Junkbusters Corp.
catlett@cut-this-word.junkbusters.com

A thought-experiment fantasy:
Neiman-Marcus meets Enemy of the State

Reality today: Consumer backlash

1. WSJ survey finds privacy is #1 concern for 21st C
2. Forrester, October 27, 1999: "Two-thirds of online shoppers feel insecure about exchanging personal information over the Internet, affecting the amount of time and money consumers spend online."

Reality today: government intervention

1. October 1998: Children's Online Privacy Protection Act
2. Forrester October 1999: ``Nearly 90% of online consumers want the right to control how their personal information is used after it is collected... these concerns change very little as consumers spend more time online.''
3. November 15: FTC hearings on online profiling; online ad networks scramble to avoid regulation
4. November 20: Washington Post reports on ``web bugs''

Welcome to your nightmare tomorrow:
Mandated change and collateral damage to ecommerce and media sites

1. Consumer backlash and non-participation
2. Government intervention
3. Retrofit business models and information systems
4. - e.g. RealNetworks, Intel, Microsoft... (the other Y2K)

You have more to lose than the ad networks

Adopt fair information practices now http://www.junkbusters.com/fip.html

Forrester's four-tier privacy best practice model

1. Level 1, visitors choose anonymity, deliberately forgoing the additional benefits offered by personalization and premium content. Retailers build trust by promising not to collect data or use cookies.
2. Level 2, With the addition of convenient, targeted content or additional site access, consumers enter a one-way communication relationship whereby merchants promise not to initiate contact with the shopper or disseminate personal information to third parties.
3. Level 3: consumers agree to two-way communication with retailers. At this stage, visitors share more personally identifying data in exchange for proactive notifications of specials from the retailer.
4. Level 4: a trusting relationship, whereby shoppers seek advice and active solicitations from their favorite merchants, including deals offered by established partners.

"A coherent privacy model gives retailers the ability to monitor how their consumers feel about them." - Chris Kelley

Some advice from privacy advocates

1. Don't buy or barter profiles or identity from advertisers or other merchant sites. Wait for the customers to identify themselves and tell you what they want.
2. Don't sell or share profiles or the identity of registered customers with other sites. Keep your customers' trust and their data confidential.
3. Don't touch schemes that build ``cooperative databases'' that pool information on visitors using techniques such as cookie synchronization. [Patent]
4. Stop ad networks and advertisers from using clickstream data from your site. Specifically, banish from your site all clear GIF "web bugs" that report surfers' movements.
5. Support the ability of consumers to visit and use sites anonymously. Sites should not require cookies or registration as a condition of use. Anonymous payment schemes are encouraged.
6. Destroy old server logs, or aggregate the clickstream data so as to remove personally identifiable information.

More advice from privacy advocates

For sites that mass-customize their content according to an in-house profile:

1. Ask each user's permission before performing customization.
2. Disclose in detail the techniques and data used.
3. Provide each user with full access to all the information maintained about him or her, along with the ability to change or destroy the information if desired.
4. Keep the data secure and confidential
5. Commission periodic audits to assure compliance.

Conclusion

1. To a young boy with a hammer, everything looks like a nail
2. Just because you have a shiny new hammer doesn't mean you should hit every customer with it
3. Every opportunity for data collection and use is also an opportunity for privacy violation
4. Look at your information practices through privacy-colored glasses
5. Don't build the George Orwell Memorial Online Mall

Copyright © 1996-2005 Guidescope Inc ®. Copying and distribution permitted under the GNU General Public License. 2005/01/15 http://www.junkbusters.com/ecommerce.html