[linux-elitists] An Open Letter to Lori Fena

Rusty Foster rusty@kuro5hin.org
Mon May 22 08:27:35 PDT 2000

Elitists: I thought this might be of interest to some of you. It's an
open letter I wrote to TRUTe Chairman Lori Fena. I'd summarize, but the
letter itself is below, so just read that. :-)

This was posted to kuro5hin
(http://www.kuro5hin.org/?op=displaystory&sid=2000/5/22/5246/74086) and
will also be appearing on slashdot sometime soon. Any and all rebuttals,
arguments, or agreements are welcome, either here, by private email, or
on K5.


An Open Letter to Lori Fena

Ms. Fena,

I'm writing to you partly as the webmaster of kuro5hin.org, where this
letter will be submitted for publication, but mostly as an individual
who spends quite a lot of time online, and conducts a lot of personal
business through the internet, and is therefore very concerned about
online privacy issues.

The internet industry in general has been adamant in its claims that
industry self-regulation will be sufficient to safeguard the privacy of
internet users. TRUSTe has often been held up as the flagship initiative
in online privacy protection, and has been very successful in building a
brand recognition among internet users. To many, the sight of the TRUSTe
"trustmark" is sufficient to assure them that a website can be relied
upon to protect their private information.

As stated in "The TRUSTe Story"
(http://www.truste.com/about/about_truste.html), your organization was
founded on a recognition of "the need for branded symbols of trust on
the Internet similar to UL Labs," a need which I wholeheartedly agree
does exist.

Unfortunately, this need is not being met by TRUSTe, and in fact, I
believe your organization may be doing more harm than good to the cause
of online privacy protection.

You make the comparison to Underwriter's Laboratories, and their famous
"UL Listing Mark." The essential value of Underwriter's Laboratories is
this: if I buy, for example, a toaster, and that toaster bears the UL
mark, I know that an independent third-party organization has tested
this toaster, and determined that it will operate as expected, and will
not randomly catch fire. As explained on the UL website: "The UL Listing
Mark on a product is the manufacturer's representation that samples of
that complete product have been tested by UL to nationally recognized
Safety Standards and found to be free from reasonably foreseeable risk
of fire, electric shock and related hazards."

So, I might reasonably expect, from TRUSTe's comparison, that if a
website bears the TRUSTe "trustmark," then the privacy policy of that
website has been inspected, and found to meet some recognized standard
of actual privacy protection. This is unfortunately not the case.

Take, for example, the privacy statement of eBay, which reads, in part,
"Therefore, although we use industry standard practices to protect your
privacy, we do not promise, and you should not expect, that your
personally identifiable information or private communications will
remain private." (http://pages.ebay.com/help/community/png-priv.html)
This policy, which states openly that users have no assurance that their
private information will remain private, is certified by TRUSTe.

What the TRUSTe "trustmark" certifies, in fact, is simply that a website
has stated what its privacy policies are, and will comply with that
statement, whatever it may be. Oh yes, it also certifies that the owners
of the website have paid a license fee to TRUSTe, for use of the
"trustmark" (http://www.truste.com/webpublishers/pub_join.html). 

The result of this is that internet users now have the *impression* that
their privacy is being safeguarded, without any actual standards of
privacy protection being in place, or being enforced. This, to me, is
worse than having no oversight at all. Rather than actually make an
effort to protect the privacy of internet users, TRUSTe has instead made
an effort to collect licensing fees for the use of a graphic with no
underlying meaning. A large amount of HTML about "raising awareness" and
"educating users" aside, TRUSTe is collecting fees while doing nothing
to ensure privacy.

Now I read that you have joined the "Privacy Advisory Board" of
long-notorious as one of the worst offenders in the pantheon of online
snooping. This only further lowers my opinion of the integrity of
TRUSTe, and further convinces me that self-regulation will never work in
an industry that appears to be utterly bereft of ethics.

Unless and until TRUSTe and other online "privacy" watchdogs begin to
safeguard the actual privacy of internet users, I will continue to
regard the TRUSTe "trustmark" as merely a sign that the website in
question is trying to lull me into complacency, in order to perpetrate
some gross violation of my privacy, as this seems to be the specialty of
policies certified by your company. 

If you wish to respond to this letter, you may email me at
rusty@kuro5hin.org, or you may participate in the online forum that will
accompany this letter, if it is approved for publication, at
http://www.kuro5hin.org/. Thank you for your time.

Rusty Foster, kuro5hin.org
|      Rusty Foster       | "You can never entirely stop being what   |
|   rusty@kuro5hin.org    | you once were. That's why it's important  |
|    rusty@intes.net      | to be the right person today, and not put |
| http://www.kuro5hin.org | it off till tomorrow."        -Larry Wall |

More information about the linux-elitists mailing list