If you really wanted people to trust you, would you pay a service to monitor your actions and then certify that you do what you say you do? Hardly. Generally speaking, our society runs on the notion that we are trustworthy until proven guilty -- of lies, bad checks or some other kind of fraud. Socialization and fear of a bad reputation keep us from telling too many white lies; the threat of fines and prison deters more serious breaches of trust.
Online, however, there is TRUSTe, a nonprofit organization that, for a fee, will audit a site and issue a seal assuring visitors that the site's privacy policy is telling the truth. As if it weren't strange enough to think that we would have more trust in a site that voluntarily pays a third party to verify its honesty, there is evidence that TRUSTe is less than inclined to let visitors know when a site slips up a bit on promises of privacy protection.
On Monday, TRUSTe resolved an "incident" -- in which it was determined that RealNetworks' RealJukebox was collecting users' personal data without their knowledge -- by sidestepping the issue. The nonprofit said that because RealNetworks' privacy violations took place via its RealJukebox software, not its Web site, the incident was outside the purview of TRUSTe. This was the same line of reasoning that TRUSTe employed when it determined that Microsoft had not violated its privacy policy, even as a hole in Windows 98 allowed users to be identified and their online movements tracked.
"They seem to be mainly motivated to find the loopholes for TRUSTe partners," says David Sobel, general counsel for the Electronic Privacy Information Center (EPIC), who thinks that the government -- the Federal Trade Commission, to be specific -- is a more appropriate monitor for the Net. As for TRUSTe, says Sobel, "they've set themselves up between a rock and a hard place." After all, how can an organization that relies on member fees act as an unbiased watchdog of those same businesses?
TRUSTe maintains that fees don't influence its interactions with members, and while RealNetworks may have failed to protect users' privacy, "They didn't breach the contract," said Dave Steer, TRUSTe's director of communications. For TRUSTe to revoke its seal, a site would have to repeatedly violate its privacy policy, said Steer, who added that the organization had never taken such action. (Egregious violations of a privacy policy could theoretically give TRUSTe cause to sue a site for breach of contract or report it to the FTC.) Still, Steer said, in the case of RealNetworks, "We don't want a legal technicality to cause us to lose sight of this situation." The software company did expose its users' personal data, after all, and the TRUSTe seal will do little to relieve the breach of trust felt by some users.
So, TRUSTe tried to spin the incident into some good press with an announcement that the organization will expand its program to include not just Web sites but also software -- specifically software that collects and transmits personally identifiable information online.
"We are going to ask the same hard questions we've been asking RealNetworks, but to software companies: 'What are you doing with this data and are you disclosing it?'" Steer said.
Perhaps instead of inventing new programs, however, TRUSTe should ask itself an even harder question: Will consumers continue to trust an organization that seems more interested in helping its members out of P.R. snafus than guaranteeing privacy protection?
Shares