Computeruser.com
Latest News

A lack of TRUSTe

Lack of enforcement robs this privacy seal of worth. 3/07 Web Dev Weekly hed: A Lack of TRUSTe. By Garth Gillespie

I have been procrastinating about renewing a site’s TRUSTe certification. TRUSTe certifies a site’s privacy policies. A site’s privacy policy states what it will and won’t do with the personal information (PI) that its owners gather on their visitors. For instance, do they sell your e-mail or postal address to other companies; do they report information on your browsing habits to third parties, etc. On the surface, TRUSTe and other certifying authorities provide a valuable function: They attest that privacy policies that they have approved adhere to certain guidelines and principles.

But what happens when a company decides to change its privacy policies? Worse, what happens when a company violates its privacy policy? Well, nothing.

In the past year, some of the biggest Web sites have changed their policies in order to peddle your PI to the highest bidder. These altered policies certainly would not garner a TRUSTe certification, but did these sites lose their TRUSTe certification? Nope. Not even a slap on the wrist. TRUSTe only steps in if a privacy policy has been violated. If a privacy policy is officially changed to state: “We will now sell all PI to the highest bidder,” then selling your PI does not violate that policy. So increasingly, Web sites start with the policy of not selling your PI to anybody, but then change it six months later, after they have built up their customer database.

I am left questioning the point of going through the renewal process when the whole thing seems rather pointless. If sites are able to change their privacy policies in any way they see fit and not suffer any kind of penalty or retribution, then TRUSTe is the Internet’s League of Nations–a noble cause with no bite.

Information is the Internet. Your personal information is your own. Third-party authentication authorities need to be much more independent from the commercial side of the Internet. Am I the only person who sees a huge conflict of interest in Verisign owning Network Solutions? Verisign, a company that attests to the safety of your PI when in transit, is in bed with the same bungling domain name registrar that has consistently sold every conceivable scrap of PI to every spamming organization on the planet.

The goal of certification is a noble one, and one that should be guarded with vigilance, not commerce. Real penalties, from certification revocation to fines, should be put in place to hinder any further faltering Web sites from re-classifying your PI as a saleable asset.

Garth Gillespie is architect and chief technologist for ComputerUser.com.

Leave a comment

seks shop - izolasyon
basic theory test book basic theory test