Search This Blog

Saturday, February 09, 2008


THE RECENT SEARS PRIVACY FAUX PAS SHOULD SERVE AS AN EXAMPLE OF WHY CONSUMERS NEED CONTROL OVER THEIR NAMES AND PERSONAL DATA


Friday’s blog covered the major ingredients of the Sears program dubbed Sears Holding Community (SHC), aptly named because the customer gave them private information that the retailer shared with the community. They have since shut down this feature, but the damage was done, resulting in a class-action law suit against Sears. The company says it did right by its customers by giving them specifics on how their habits would be tracked, but non-profit group, StopBadware, said this was inadequate. In my reading of this incident, I can find no excuse for the fact that not only can the customer access his or her data on the site, but everyone in the neighborhood, actually in the whole country. That is a primary factor in filing the law suit. In an article from junk mail publication, DM News, Sears insists that they went to accurately describe the procedures of the program. Since the site was pulled, it is impossible to find out the particulars of whether or not this is true, but in the class-action case there is also mention of other potential harm to the SHC user. Hackers could access the system and initiate phishing scams using the Sears name to convince the customer to give up more personal data. If you are really interested in the law suit, there is a PDF copy here. Fortunately, we have people out there like law professor Ben Edelman and organizations like StopBadware to hold companies accountable for blunders like this. But if a business the size of Sears does not have the oversight to prevent incidents of this kind, there is only one method that will put a stop to future threats. Either Congress must pass legislation giving consumers control over their names and private information, or business and government must join together in an alliance that will accomplish this goal. Otherwise, in keeping with recent trends, we can expect more of the same.

3 comments:

Null said...

Jack: Your facts are wrong. You keep referring to the Sears Community project that is run with comScore as having shared customers' information with the community. That is factually incorrect. The subject of the lawsuit to which you refer is a program called "ManageMyHome.com" with which comScore has no involvement. I think you're being very irresponsible with your false accusations and you need to get your act together or you're the one who is going to run afoul of the law.

Nasty Jack Buzz said...

Reply to Null, AKA Anonymous, who left comments on February 9 re. two posts on the Sears privacy issue. To begin with, when I post an article, the facts are always confirmed from more than one source. Three if possible. In the case of the Sears posts, which you indicate first that I accused ComScore of providing the retailer software that "allowed someone to create a free account and look up the purchase history of any customer," I suggest you Google two ZDNet articles titled: “Researcher: Sears’ use of ComScore software falls short on privacy,” and “Lawyers circle Sears over privacy.” In the first, a well known anti-spyware researcher from Harvard, Ben Edelman, states that it is the ComScore software that powers the Sears Holdings Community program. Unless I am missing something, it was this software that allowed Sears to track their customers, and it was the data collected by the software that was involved in the breach. ComScore didn’t cause it. They probably didn’t recommend this to Sears, but without the ComScore software, Sears could not have even launched the SHC program. If I am wrong, and you are an expert or directly involved in this project, and are willing to identify yourself and your credentials, I think you are the one with the wrong facts. As further confirmation, Edelman repeatedly refers to the ComScore software as “the” application being used by Sears for SHC, disguising the ComScore name making it impossible to do a search on what it is or does. Edelman points out that the ComScore tracking software “offers users nothing sufficiently valuable to compensate them for the serious privacy invasion.” Further he says: “time and time again, ComScore and its partners resort to trickery (or worse) to get their software onto users’ PCs.” In the second article, Edelman wraps up the issue talking about Sears’ shenanigans with the ComScore software and its inability to honor privacy, adding that Sears’ purchase history feature allowed anyone to view customers’ buying habits. And the law suit does not name ComScore, because it was Sears that made the blunder that released the personal data, but they couldn’t have done it without first tracking their customers’ buying habits.

Null said...

Jack, your interpretation of the comments made by other privacy extremists is a classic example of the irresponsible propagation of untruths. As you suggest in your blog, you are really missing something. Since you have such respect and admiration for Ben Edelman, I suggest you contact him at ben@benedelman.org and ask him if comScore was in any way involved in the disclosure of Sears customers' purchase data on the Internet. Then you can publish his response on your blog.
While you do that, let me spell out for you once again the indisputable facts. There are two Sears online programs at issue here. The first is the Sears SHC Community that uses comScore technology. No one other than you, Jack, has suggested that this program disclosed consumers' data online. The issue is specifically whether there was adequate disclosure made to members about the specifics of the tracking aspects of the program. Some, like Ken Magill have argued that full and adequate disclosure was indeed provided (http://directmag.com/disciplines/email/privacy_sears_0108/).
The other Sears initiative at issue is their "ManageMyHome" program. This program is the target of a lawsuit, but comScore's tracking technology is in NO way involved with the program. Since the consumers bought their products in the "ManageMyHome" program from Sears, then Sears already knows what they bought and there is no need to have comScore technology involved. That's the area where you are dead wrong in your assertions.
I'll look forward to seeing Mr. Edelman's clarification posted on your blog