Earthweb
Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
 SUBJECTS:
 FEATURES:
IT Management Webcasts:
Developing and Implementing a Rollout Plan

Asking the Right Questions

Using ITIL to Manage Virtualization

IT Portfolio Rationalization

Understanding the Role of the Configuration Management Database (CMDB) in ITIL

'They Did What?!'

More Business/IT Alignment Webcasts

More ITSM Webcasts


Search EarthWeb Network

internet.commerce
Be a Commerce Partner
Online Meetings
Cheap Plane Tickets
Register Domain Name
Gift Baskets
Marketing Products
Logo Design
Memory
Prepaid Phone Card
Plasma Televisions
Laptop Computers
KVM Switches
Web Design
Tech Colleges
Talent Contest

Travel Ideas:
Huatulco Vacations
Aspen
Copper Mountain Ski
Telluride Hotels
Colorado Vacation Rentals
Destin Hotels
Miami Hotel
Orlando Vacations
IT Management : Columns : Executive Tech: How Trustworthy Is the TRUSTe Logo?

Xeon Processors Packed with Latest Server Technologies
By adding more servers, the datacenter can quickly grow out of control, and bring power and cooling costs with it. Using new server technology available from Intel, however, IT managers can keep costs in check while running a more efficient operation. Click here.
 
Applying RFID Technology in High Volume Manufacturing
To explore the impact of radio frequency identification (RFID) technology in manufacturing, Intels Technology and Manufacturing Group deployed an RFID pilot within Intels largest semiconductor assembly and test facility. The pilot tracked 80,000 microprocessors from the end of the manufacturing line through Intels warehouse, into a major customers warehouse, and onto the customers factory floor. Click here.
 
Building a Real-World Model to Assess Virtualization Platforms
To drive business decisions in the data center, Intel IT created a performance-driven methodology to compare the operating costs of virtualization platforms. By measuring workload performance, platform performance, and power consumption they were able to approximate the total cost of ownership (TCO) of each platform. Click here.
 
Building an Enterprise Data Warehouse and Business Intelligence Solution
To achieve end-to-end visibility into critical business functions across the company, Intel IT deployed an integrated warehouse solution. The solution employs a consolidated enterprise data warehouse along with business intelligence applications. Todays EDW occupies over 20TB of usable data space, processes 90 billion rows of data per month, and is accessed by over 11,000 users worldwide. Click here.
 
Migrating Order Management to Itanium 2-Based Servers
Order management is the largest SAP R/3* system at Intel, and is a global mission-critical application. In one large migration, Intel upgraded the systems hardware infrastructure, operating system, database, and backup software, and installed SAP support packs. Through extensive coordination and a phased approach, we accomplished the move to 64-bit Intel Itanium 2-based servers, with impressive performance gains. Click here.

Related Articles
Hundreds of ETFs Are Heading Your Way
How ETFs Are Changing the Market
MyGOP Tries to Leverage the Internet
The Democrats Finally Get the Web
- ITSMWatch Newsletter -
email:
IT Focus
Coping With Compliance

Sarbanes-Oxley and other reporting requirements have greatly complicated the jobs of many IT professionals. These articles include advice, information and tips for effectively managing your compliance efforts.

Looking for the Silver Lining

Compliance Threatened by Archive Failures

10 Tips for Managing 404 Compliance

Sharing the Burden of Compliance

Corporate Compliance Regulations and Standards

Product Watch
SPAMfighter - Spam and Phishing Filter for Outlook/Express
CLARiiON - Disk Based Mid-Tier Arrays From 3 To 480 Drives
Sun x8 Express Ethernet Cards - Quad GigE and Dual 10 GigE PCI-E Cards
Fanurio - Time Tracking Software for Freelancers
GFI LANguard Network Security Scanner (N.S.S.) - With Vulnerability Scanning and Patch Management Features

more products >>

Datamation Definitions
data mining
ERP
extranet
grid computing
intranet
network appliance
outsourcing
storage
VPN
virus
FREE Tech Newsletters

Are blades right for you? Don't guess. Assess. IBM BladeCenter can simplify your infrastructure. This online tool, co-sponsored by AMD™ Opteron™, helps determine if blades are right for you.

How Trustworthy Is the TRUSTe Logo?
October 10, 2006
By Brian Livingston

Brian Livingston TRUSTe.org, a nonprofit organization that sells "privacy seals" to Web sites that prominently post their data-acquisition policies, says its seals mark "companies that adhere to TRUSTe's strict privacy principles."

But a respected antispyware researcher has published an analysis that disputes the trustworthiness of sites that bear the TRUSTe seal. "TRUSTe-certified sites are more than twice as likely to be untrustworthy as uncertified sites," writes the analyst, Harvard Law School graduate Ben Edelman.

Who's telling the truth?

Analyzing the TRUSTe Logo Users

Researchers have argued repeatedly since TRUSTe's formation in 1996 that the organization sells the use of its privacy logo for up to $7,000 USD per year to companies that have a privacy policy, not necessarily a good privacy policy (or even good privacy behavior).

For example, writer Ryan Singel reported in Wired News on Mar. 16, 2006, that TRUSTe (pronounced "trusty") had certified Gratis Internet, a marketing company known for offering free iPods to consumers who sign up for various Web promotions. The group, it turns out, had sold 7.2 million Americans' e-mail addresses, phone numbers, and home addresses to a firm named Datran Media, which paid a $1.1 million fine in 2006 for buying the data in violation of Gratis's privacy policies, according to a settlement with New York State. [Update: A previous version of this article stated that Gratis itself had settled the lawsuit, but the firm maintains its innocence and has not settled.]

Rather than rely merely on journalists' anecdotal reports, however, Edelman conducted his analysis by examining a huge selection of Web sites -- more than half a million, by the researcher's calculations. Here's what he found:

Locating the most popular sites. Edelman composed a list of some 515,000 Web sites with the greatest amount of traffic, based on statistics gleaned from an Internet service provider.

Looking for bad behavior. The rankings of these sites for "good" and "bad" behavior was obtained from SiteAdvisor.com, a white-hat company that uses software bots to test Web sites for the presence of spyware downloads and the generation of spam. (I first wrote about SiteAdvisor on Feb. 14, 2006. Since then, it's been acquired by the security firm McAfee Inc. Edelman serves on a SiteAdvisor advisory board, a fact that he prominently discloses in his writings.)

Calculating the bottom line. Of the 515,000 sites in his study, SiteAdvisor rates 2.5 percent of them as engaging in "bad" behavior. But of the 874 sites that bear a TRUSTe logo, 5.4 percent are rated as "bad," Edelman says.

Some of the "bad" sites that Edelman found to have TRUSTe seals when his January 2006 scan was performed have since been decertified by the nonprofit group. A major example is Direct-Revenue.com, which downloaded to consumers' PCs some hard-to-remove software that tracked users Web visits.

But Edelman cites in a Sept. 25 blog entry many other alleged offenders that TRUSTe still certifies with its privacy seal. He names Focalex.com, which SiteAdvisor says generates as many as 320 e-mails per week to hapless visitors who enter their e-mail addresses, and FreeCreditReport.com, which charges $12.95 a month to consumers who don't cancel their "free" accounts, sparking FTC litigation.

In his analysis, Edelman speculates that independent certification bodies such as TRUSTe are "captured" -- in other words, beholden to the companies that pay them. Pressure on questionable Web sites to strengthen their privacy policies, Edelman says, "would harm the authority's profits by discouraging renewals and future applications."

In an analysis of the Better Business Bureau's online assurance program, however, Edelman finds evidence of a strong certification ethic.  The logo of the BBBOnline Privacy Seal Program, which costs $225 to $5,000 per year based on the applicant's annual revenue, was displayed by 284 Web sites in Edelman's study. Only 3 of the sites (1.1 percent) were rated "bad" by SiteAdvisor. He attributes this excellent track record to "BBB’s detailed evaluation of applicants, including requiring membership in a local BBB chapter."

TRUSTe Responds to the Study

When I contacted TRUSTe officials for comment about Edelman's research findings, marketing director Carolyn Hodge e-mailed me a written statement. "TRUSTe works to improve industry standards for Internet privacy," the statement says. "We do this by highlighting the responsible practices of trustworthy companies and by working with companies to improve their performance on this issue. In order to obtain TRUSTe sealholder certification, 100% of prospective sealholders have to change their privacy standards in some way.

"It is difficult for oversight and industry standards to keep pace with technological innovation but TRUSTe continues to tackle emerging privacy issues," the statement continues. "The launch of TRUSTe's new Trusted Download Program is imminent. The Trusted Download Program addresses the problems of adware and spyware and we feel we can't launch it fast enough."

TRUSTe's Web site goes much farther than this in criticizing Edelman's work. An unsigned entry posted Sept. 25 on TRUSTe's official blog states: "TRUSTe views Site Advisor as a potentially useful monitoring tool, but not an accreditation program or an authority on privacy." A subsequent post on Sept. 28 continues this line of reasoning, dismissing SiteAdvisor because it does not rate sites for possible phishing behavior.

SiteAdvisor itself has entered the fray, focusing in its own Sept. 28 blog post on its work in analyzing sites for spyware and spamminess. Defending the lack of phishing detection in SiteAdvisor's rating system, the firm points out that the McAfee Internet Security Suite is a related product that defends users in real time against phishing sites. (As I pointed out in my July 18 column, phishing sites have an average lifetime of only 5 days. This makes phishing detection appropriate for a real-time database but not a broad, automated Web scan such as SiteAdvisor's.)

Perhaps the most intriguing view comes from a comment posted to TRUSTe's Sept. 25 blog entry by a commenter who identifies himself or herself only as "Lampie." This poster points out that the Trusted Download Program was announced 11 months ago but still isn't in operation. (The TRUSTe site says the program is in an alpha test stage.)

Citing several controversies in which RealNetworks, Microsoft, and Apple retained TRUSTe certification despite widely criticized privacy gaffes, Lampie quotes company officials saying, "TRUSTe does not handle cases involving software applications," an exception that the commenter notes is explained nowhere on TRUSTe's site.

Conclusion

Internet wags have said that the TRUSTe logo should really say "Just TRUSTme." Many Web sites that have elaborate privacy policies, unfortunately, use those policies to take away users' privacy expectations rather than strengthening them. Too many sites that TRUSTe certifies can be criticized for distributing intrusive downloads and condoning spam.

Independent certification bodies face a problem Edelman calls "adverse selection." This is an economist's term that means, "Questionable sites that want to look good have the money to pay for privacy seals, while truly trustworthy sites may not be able to afford them."

The BBBOnline program appears to offer a better assurance to consumers that a site bearing the BBB's seal is genuinely legitimate. But the BBB isn't a panacea and doesn't appear to scale well to large numbers of sites. Perhaps because of the BBB's labor-intensive review process, the BBBOnline logo appears at only 600 to 700 sites, whereas the TRUSTe logo is posted by more than 2,400, according to the companies.

One thing that you can be certain the TRUSTe logo conveys is that a site bearing its seal has money and wants to look respectable. That's true for TRUSTe's largest customers, from Microsoft to Oracle to Intuit, to its smallest, such as FreeCreditReport.com. Other than that, what the TRUSTe logo truly guarantees is up to you to guess.

For a description of Edelman's study, see his Web site's executive summary and his 35-page PDF report.

For more information on TRUSTe, see its Web site. The Better Business Bureau's certification program is described at BBBOnline. For a comparison of these and four other certification programs, see Perfectly Private, an independent privacy resource.

Brian Livingston is the editor of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.


Executive Tech Archives


JupiterWeb networks:

Graphics.com

Search JupiterWeb:

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Newsletters | Tech Jobs | E-mail Offers