Monday, November 13, 2006

Value of Privacy Savvy Gains More Ground

Word of privacy's value is getting around to an ever-widening circle. I recently wrote in 1to1 Privacy of the eye-opening experience I had at a business breakfast when a personal security expert spoke of how easy it is to obtain personally identifiable information - the building blocks of a credit profile.

To hear the gasps of those in attendance was a reminder that, while many of those with whom I interact daily are acutely aware of privacy issues, there remains a great deal of ignorance even within groups who should know better.

Last month I spoke with Daryl Gayle of Target Marketing magazine and had a chance to advocate for greater cooperation between marketers and privacy pros. The results of that discussion can be found here.

There's still plenty of work to be done, but as more and more eyes open to the importance of implementing strong privacy values throughout an organization, I believe that strength of the pro-privacy argument will be self-evident and momentum will build on its own - because it's the right thing to do.

Tuesday, November 07, 2006

You've Got To Define It Before You Can Fine It

Today, over at Revenews, Peter Figueredo posted a brief comment on the Federal Trade Commission's recent $3 million settlement with adware company Zango.

Albeit briefly, Peter points out the need for a clear definition of the term "spyware." I agree - wholeheartedly.

Depending on how you define it, spyware runs the gamut from innocuous to annoying to criminal. As a word, it is highly evocative and can be used to stir fear and create bias among certain audiences. As a communications consultant I appreciate the strategy behind using words to achieve certain objectives, but I also believe that -- in the long run -- truth is the most effective tool in communicator's chest. Exaggeration, obfuscation, and other means of distortion only serve to undermine the credibility of those who use them, no matter how noble the cause or intent.

Spyware is a serious problem. Devious individuals with malicious intent have become highly skilled at exploiting security vulnerabilities, including human ignorance, to plant nasty code on computers. When that code is designed to steal information such as passwords, account information, PII, and more, then use that information to steal money or commit fraud, that's serious business and represents an accurate depiction of what I believe spyware to be.

Law enforcement authorities and regulators need the power to deter and prosecute bad actors, but without a clear definition, it will be difficult to go after purveyors of spyware. Before you fine it, you've got to define it.

In April of 2004 the FTC convened a workshop on spyware, one goal of which was to draft a standard definition for the term. According to the workshop's transcript, it was lively discussion, but 30 months later we are still no closer to that goal.

If the industry doesn't do it, and soon, the issue will be decided through the courts by the team with the most persuasive lawyers. If that happens, no one will be happy.