I originally published this blog at http://community.ca.com/blogs/securityadvisor
January 02 2008, 06:29 PM by Benjamin Googins
On December 29, Rob Harles, the SVP for Sears’ SHC, submitted a comment to my post titled: “Sears Update: Response to Rob Harles, VP SHC Community“, here is his comment in its entirety. I follow his comment with my response and disappointment. By way of reference, here are my three previous posts on this topic: 1, 2, and 3.
“Author: Rob Harles
I don’t think any of Ben’s comments negate my original statement. The vast majority of members of My SHC do not participate in any form of tracking, and those that have explicitly signed up do so after having been presented with simple, easy to understand language to which they have agreed.
- Tracked members are invited to join My SHC Community by invitation; the overwhelming majority of members are not tracked, nor invited to be tracked
- The invitation to be tracked gives prominent notice to users that their internet browsing will be tracked, well before the EULA is presented
- They are given more detail throughout the registration process that explicitly tells them what tracking means and what will be done with the data
- Members are repeatedly told that they can opt out at any point and given instructions on how to remove the software if they so choose
I am disappointed by Rob’s comment. He continues to state emphatically the Sears software is by invitation only, users are given prominent notice during install, and generally my overall assessment of the Sears software is off base. I couldn’t disagree more. In previous posts, I have given detailed information why the Sears software falls far short of CA and industry standards for proper handling tracking software, so I will not “flog an old horse” with this post. For more information, please read my three previous posts: 1, 2 and 3 (listed backward chronologically). In addition, Harvard Business School Assistant Professor Ben Edelman, a respected spyware researcher, commented on my assessment of the Sears software and made additional comments regarding its FTC violations, installation deficiencies and putting the Sears software in a broader context here.
In general, I would expect a different response from Rob – namely one of engagement and seeking better understanding of my concerns. The Sears software tracks a considerable level of user data (at a much greater level than most spyware I analyze) and therefore, the implementation of the Sears tracking software should be done with great care and consideration for user privacy. The fact that “no changes, alterations, or amendments have been made…since the inception of the program” does not signify anything positive to me, but a lack of adaptation and willingness to provide adequate safeguards for user privacy.
Finally, while we can’t draw any conclusions from this, an old comScore press release shows that before becoming VP in charge of Sears’ tracking program, Rob was the senior vice president for comScore – the creator of the Sears spyware and the registrants of the domains to which the Sears spyware data is sent.
By: Benjamin Googins
Benjamin Googins is a senior engineer working on CA’s Anti-Spyware product. His primary functions include analyzing spyware and privacy breaches, fielding press inquiries, blogging and drafting documents. He has been a significant contributor to the User Permission document , Spyware Scorecard , Threat… Read More..