Chapell & Associates

Monday, December 26, 2005

Spy Agency Mined Vast Data Trove, Officials Report

NY Times - December 24, 2005
The National Security Agency has traced and analyzed large volumes of telephone and Internet communications flowing into and out of the United States as part of the eavesdropping program that President Bush approved after the Sept. 11, 2001, attacks to hunt for evidence of terrorist activity, according to current and former government officials.

The Chapell View
While it remains somewhat unclear exactly what the NSA's surveillance program constitutes, it seems fairly certain that what they're doing could be best described as "data mining" - that is, creating a broad drag-net for international communications and searching within the collected email and telephone calls for certain "hot" headers or numbers.

This is an extension of what the NSA normally does - internationally. Except that the 1978 Foreign Intelligence Surrveillance Act didn't authorize domestic collection without warrants. Intuitively, then, the NSA's current actions would violate that law.

But, as Justice Richard Posner of the 7th Circuit Court of Appeals wrote in the Washington Post this week, there may be a loophole. Posner argues that because the information is aggregated and tagged by a computer and not scrutinized unless tagged as "hot" - ergo, reasonably suspicious - there is no unjustified invasion of privacy. In other words, when the NSA invades privacy, it does so for justifiable reasons - the email header or telephone number is somehow suspect - and the mere collection of communication data, done by a computer, does not count as invasive of personal privacy.

This is a frightening argument, and it is strange, I think, to imply that searches cannot be invasive as long as they are done by a computer. After all, the information is still being collected and aggregated - there is still a search, human actor or not. Not to mention that the entire notion of privacy in the online sphere falls apart if computer based aggregation of data does not count as a matter relevant to individual privacy.
posted by Isaac on Monday, December 26, 2005 | |

Monday, December 19, 2005

Targeting, Search & Privacy Concerns

iMedia Connection - December 19, 2005 A Chapell Article
As many of you probably know, some of the larger search engines are increasingly entering into the behavioral targeting space. This is to say that they're using information about users and their past behaviors (in this case, the searches they've conducted) to optimize their ad placement. As these technologies increase in use, some privacy concerns have begun to arise...(more).

posted by Isaac on Monday, December 19, 2005 | |

Tuesday, December 13, 2005

Background checks split matchmaking sites

USA Today - December 12, 2005
A debate among online dating companies over whether their websites should be required to say whether they do criminal background checks on clients has spilled over into state legislatures, a reflection of the websites' rising competitiveness., a Dallas-based online dating service, started the ruckus in July 2004 when it began touting its criminal background checks and wrote proposed legislation that would force online dating sites to say whether they conduct such checks. The proposal has been considered by legislatures in California, Virginia, Ohio, Texas, Florida and Michigan, but none has passed it.

The Chapell View
OK - just for the record, I'm not doing the online dating thing anymore. (I'm pretty sure my girlfriend reads this blog every now and again.) But if I WAS, I'm not sure I'd want them to be doing a background check on me. In order to do anything other than a cursory (read: ineffective) background check, I'd need to provide my Social Security number, my date of birth and maybe even a driver's license number. None of that information belongs in the data banks of Tickle or Match, or any of the other dating sites as far as I'm concerned. Other reasonable people may feel differently, but that's a LOT of info.

What seems to be missing here, is that the world is a dangerous place. No amount of background checks, and no amount of security measures are going to protect everyone. As they say, bad things happen to good people. And no amount of security is going to prevent every and all disasters.

What concerns me about background checks (other than the obvious privacy issues) is that some people may use those checks as a substitute for their own common sense and good judgement.

DON'T agree to meet him after only one email.

DON'T meet her in for the first time in her apartment or other private place.

DON'T give him your credit card number.

DON'T.... Don't... don't
posted by Alan on Tuesday, December 13, 2005 | |

Wednesday, December 07, 2005

Cookies Misunderstood by Consumers, According to BlueLithium

Yahoo Finance / Blue Lithium Press Release December 5, 2005
Many Internet users do not understand the benefits behind cookies. Web surfers mistakenly believe cookies invade privacy, according to an online poll recently conducted by BlueLithium, a San Jose-based direct response and brand marketing ad network.
The poll of more than 150 Internet users suggests that consumers have a universal privacy misconception of cookies, the backbone of behavioral optimization technology. Cookies enable online advertisers to determine useful demographic information about their online audiences. Sixty-four percent of online users surveyed are uninformed in believing cookies invade privacy.

The Chapell View
I've asked for a copy of the study, and will def post my thoughts upon receiving it. I agree with many of the assertions made by Gurbaksh Chahal, CEO of BlueLithium regading consumer perception and cookies. However, I'm reluctant to base any of my assertions upon this particular study...

First, with a total sample size of 150, it's hard to see this as anything more than directional. What sites did they launch their surveys from, and how representative are those sites? If you launch surveys from, for example, you're going to reach a very different audience than you would from It would seem to me that the margin for error for these results is large enough to drive a truck through...

The marketer inside me says "kudos to blue lithium for garnering some cheap publicity." However, as a privacy professional, I am concerned that this type of... err... "research" will be picked up by a major newspaper and used to heighten consumer (and legislator) concern over cookies. And that's not good for anyone in online media...
posted by Alan on Wednesday, December 07, 2005 | |

Tuesday, December 06, 2005

Personalizing Search

iMedia Connection - December 6, 2005 A Chapell Article
These days, the "consumer in control" has pretty much become the catch phrase de jour in online circles. But what do we mean when we say this? Things might seem clearest in the search space - text-ads have been so far focused on relevancy and consumer choice - but we're always trying to make online advertising more user-specific. Search engines may start to do more than just respond to user inputs.(more).

posted by Isaac on Tuesday, December 06, 2005 | |

Thursday, December 01, 2005

What's Your Delivery Score?

MediaPost - November 29, 2005
Imagine if e-mail spam didn't exist anymore. Minus the clutter, more legitimate e-mail would get delivered. Consumers would more readily welcome, read, and respond to relevant e-mail from companies they trusted. And that, in turn, would fuel more use of targeted e-mail as a customer communication tool. That's the goal of e-mail service providers (ESPS), Internet service providers (ISPS), and marketers, who are adopting two new types of e-mail delivery protocol standards, authentication tags and accreditation, which results in a "reputation" score very similar to a credit score.

The Chapell View
In the past, it has sometimes seemed like the fight against spam was taking divergent paths: some focused on deterring the more illegitimate sort of spam, while others looked to boost consumer confidence in email marketing. And this made some sense. Spam creates two distinct problems - as Chapell & Associates has discussed before - causing consumers to be taken in by phishers or other scammers, or just have their inboxes filled with junk, and leaving marketers to deal with consumers who don't trust any email marketing.

Earlier approaches to dealing with spam have often focused on one or the other problem. And while some of these initiatives may have been effective - CNET reports that over 90 % of spam is blocked by some email providers - the overall strategy seemed to be, shall we say, scattered.

So I'm happy to say that the new push for email authentication through accreditation seems to have some chance of succeeding. With Microsoft, Yahoo!, DoubleClick, the ESPC, the Direct Marketing Association and others involved, we can hope that it will get off the ground. These organizations' backing is certainly a good thing - for accreditation to work, a large number of people (if not everyone) has to buy into the system. The lack of support is part of the reason similar pushes have failed to catch on in the past.

But accreditation would be a good thing for everyone. Consumers would have fewer offers for products they had absolutely no interest in, and would have less fear over identity theft because of email scams. Marketers who followed best practices would have more of their email offers appear in consumer inboxes, and would have a consumer audience who would likely become far more receptive to the marketing emails they did receive.

I admit to some skepticism: as I said, the basic idea has been around for awhile, and until now there hasn't been enough of a push for it to work. But maybe consumers can start look forward to less offers for investiture of third world millions and more tailored to their actual needs.
posted by Isaac on Thursday, December 01, 2005 | |

© 2005 by Alan Chapell & Associates LLC