The Pebble and the Avalanche

RCN Telemarketing: Not Legal and Not Smart

When I give talks about interface design, I often use RCN as an example of a poorly-designed phone system: Years ago I was unable to give RCN money using my credit card because their telephone system gave the wrong instructions on how to enter my credit card number. And RCN didn't ever put a live operator on the line to accept money, which I found truly weird (not to mention counter-productive).

Yesterday I received a prerecorded phone call from RCN that violated FCC regulations. RCN must give me a phone number to call to stop futher calls but they didn't do so.

But RCN made an even worse mistake: RCN made the call in the first place — to someone who vehemently hates prerecorded phone calls. I'm on the "Do Not Call" registry; RCN may be legally entitled to call me because I am a customer but that doesn't mean that it's smart to call me. Instead of honoring my clearly stated "Do Not Call" preference, RCN chose to harass me with an unwanted call.

Of course, I know how to fix this problem: I can drop my business relationship with RCN. That would be a pity, because their Internet technical staff actually has a clue. If only their marketing folks could learn elementary rules of etiquette. Let's see how they respond to my email to them. And maybe an official FCC complaint as well...

Topics:  · business · marketing · privacy · telecommunications

Link to this story · Leave comment or trackback

Does Your Mother Work for the CIA?

The banks and credit card companies I do business with suffer from a series of fascinating delusions. The first has to do with my social security number. That number appears on countless documents at dozens of companies, but now companies pretend that my social security number is some sort of huge secret that only I know. They use it to authenticate me when I call — and now they only ask for the last four digits, as if though that enhances security. Well, just using the last four digits is useful: someone who wants to impersonate me has fewer digits to memorize.

But the other delusion is even funnier: they all seem to think my mother works for the CIA. Well, maybe that's not actually what's going on; but certainly they seem to think she has a secret identity. The believe that no one except me (and presumeably my siblings) know her maiden name. Even better, American Express recently asked me to enter my mother's birthday to use as a PIN number to access my online account — again, her birth date must be a huge secret, with steely-eyed CIA agents purging the public records of both our birth certificates. What is even more foolish (and opens a huge security hole) is that American Express won't let you select any other PIN number when you validate a new credit card; if you select a random number to use instead, they bounce you to a live operator.

To provide real security on some of my more important accounts, I've started using a different and random "mother's maiden name" for each account. In the meantime, unless your mother really does work for the CIA, please be aware that these questions about your Mom by the banks and credit card companies provide no actual security. A secret shared by dozens of different companies isn't very much of a secret.

Topics:  · business · privacy

Link to this story · Leave comment or trackback

Good Disclosure and Sneaky Implementation of Bad Policy

Although I've found exactly what I wanted at Closet Organizer Source, I've decided to find a different company that supplies the same product. I have to give Closet Organizer Source credit: their privacy policy is well-written, easily understandable, and fully disclosed:

In return for making a purchase or registering at our site, we offer to keep you informed of new and ongoing benefits, exclusive sales and promotions and other customer-only benefits... If you make a purchase at ClosetOrganizerSource.com, we include you in our list to receive email updates about special offers, new products and services, and relevant information. We are a NetShops, Inc. company... We share the information you give us with other NetShops companies in order to provide you information and special offers from other NetShops sites.

Or, in other words, order anything from this company and receive a ton of spam from them and an undisclosed number of other companies. Your personal information also goes to their marketing firms, of course.

The sneaky part is twofold: first, when they ask for your email address, they say they need it to contact you about your order — nothing at all about a deluge of email marketing. Secondly, there is no checkbox next to the form that says "check here to receive promotional materials."

They say you can opt-out, but that's contrary to Internet etiquettte and I'm not in favor of encouraging rude behavoir. Frankly, I'm not comfortable with a company with this sort of invasive and evasive default policy, and I'll chose a company that has a more sensible privacy policy instead.

Topics:  · business · privacy

Link to this story · Leave comment or trackback

Prediction Come True: Facebook Contact Data — Who Owns It?

An interesting clash over who owns data developed between Plaxo, a company that manages business contacts, and Facebook, a social networking company. Facebook doesn't allow its members to automatically gather the contact information of a member's "friends"; their business model relies on social interactions that take place through Facebook. Plaxo manages contact information, and Plaxo would benefit if a Facebook member could move contact information from Facebook to Plaxo.

Plaxo created software to move contact information from Facebook to Plaxo. Plaxo even created image-recognition software to read the email addresses that were stored on Facebook in image format (which Facebook used for the precise purpose of avoiding automatic scanning).

Facebook detected the scans and shut down accounts of people who attempted to use Plaxo software. At present, it's not clear how this will work itself out.

I discussed the looming battle over contact information in my book. This is one of the opening skirmishes, and we can expect this to continue to play out over the next decade at least, and expand to other forms of data.

There is a way to defuse the battle, however. An initiative to disaggregate social-networking data from social-networking sites sent an invitation to Facebook to join; so far Facebook has refused. While I wonder at the motives of some who have joined the initiative, I look forward with interest as to how well it succeeds.

Topics:  · internet · privacy

Link to this story · Leave comment or trackback

Another Google Gaffe?

Hot the heels of a rather serious Google gaffe, there's speculation from informed sources that Google is about to integrate a social-networking service into their Gmail account. If someone — a business associate, a friend, or just some oddball who sent you email and was therefore automatically added to your contact list — updates one of their Google-related services, this information will show up on a continuously scrolling list ("feed") on your Google page.

This is speculative, in the meantime; no official Google announcement. There's no indication of what information is automatically shared by Google. That is, if you upload your family vacation photos to your online account, do all of your business associates receive notification automatically? Yes, that sounds silly, but as I noted in the link above, Google already did something just like that.

Google might want to organize my life, but they need to realize that my life has nuances. I wonder if the social atmosphere of Silicon Valley, where work integrates heavily with non-work activities, is affecting Google's judgment about what services people want and don't want. Google blew up out of nowhere to own the Internet search-engine mindshare; but if they can't learn how to disaggregate friends, acquaintances, cliques, colleagues, collaborators, and the like from each other, they're going to blow back to nowhere.

Topics:  · internet · privacy

Link to this story · Leave comment or trackback

Privacy in Philadelphia

A group of college students in Philadelphia have created a map of five hundred video cameras in the vicinity of their college.

Here in Chicago, Mayor Daley continues to work toward augmenting the present network of city owned cameras by linking to privately-owned cameras; this would give the police the ability to select cameras that focus on the hallways of apartment buildings.

Privacy — the distinction between your private acts and your public ones — may not be dead, but it's slipping away quickly.

Topics:  · privacy · security

Link to this story · Leave comment or trackback

Tracking Every Child in Great Britian

Great Britian is moving towards a huge database that will cover the life history of each and every child in England and Wales:

Changes... include a £224 million database tracking all 12 million children in England and Wales from birth. The Government expects the programme to be operating within two years.

If two "items of concern" are noted for a child, it may trigger an investigation. As you might imagine, like any other government project the scope of the database will include both the important and the inane:

"[Concerns] include consuming five portions of fruit and veg a day, which I am baffled how they will measure," [a critic] said.

From the standpoint of disaggregation, the database and associated programs disaggregate both authority and ownership (of information) from the multitude of government agencies that have them; and for that matter, from the hands of the doctors, nurses, social workers, teachers, and others who have information as well as control of its distribution and decision-making authority. This disaggregated information becomes a component in a huge government program intended to prevent child abuse as well as implement other, as yet unknown goals. This database is clearly revolutionary if — and it's a big "if" — the database actually functions as intended. Then question becomes whether this revolution will turn out to be good or bad.

Topics:  · government · privacy

Link to this story · Leave comment or trackback

Location as a Component

Under the pretense of public safety, the US government requires that new cell phones be able to report their location to the police in case of emergency — and, of course, when law enforcement or spy agencies are simply curious about your activities. The phone companies paid for the expensive equipment to provide location services, but to date haven't found a way to do something commercially useful with location, and they haven't recouped their costs. But at the same time, location has become a component. Location doesn't require a separate, expensive box or an astrolabe with navigation tables; instead, location is a built-in component in cell phones, the same way cameras are, and we can expect to see a "location component" in other devices. They're already starting to appear in PDAs. Now all we need are a few good ideas on how to use location.

The first ideas, of course, were from the telephone companies' marketing departments, and showed that curious disconnect from reality that I always associate with phone companies. According to them, as I walk past a store my phone would beep and email me a coupon for use in that store. This insane idea fell by the wayside once cellular companies realized that no user in their right mind would ever use a cellphone again after a single trip to the mall.

For a fascinating look at some new ideas on how to use location as a component, in ways that make sense, and might actually provide some value to the user, here's a list of experimental services for cellular phones and wireless Internet connections.

Topics:  · design · internet · marketing · privacy · technology

Link to this story · Leave comment or trackback

Routing Calls through the Netherlands

I've just updated an interesting telecommunications project, and to test the software I needed to make telephone calls over the Internet. The easiest, cheapest, and most painless way to do the testing was to use a company called Voipbusters.

What this means is that my telephone calls are not only routed over the Internet, my calls are routed by a company headquartered in the Netherlands. But while some people may think that means my phone call records are secure from spying by the National Security Agency, the exact opposite is true: the US government spies on Internet traffic through its Carnivore and successor programs, which makes the traces of these phone calls easily accessible.

But that will certainly change: with a tiny bit of encryption by my service provider, my call records would drop off the face of the Earth. As people demand more privacy from both criminals and the government, business will find a way to respond — even if it means that telephone service is outsourced to foreign lands.

Topics:  · privacy · telecommunications

Link to this story · Leave comment or trackback