TRUSTe: Intent qualifies HP's "bugged" PattyMail as spyware

Summary:Going back to the debate of whether HTML-enabled e-mails with traceable graphics in them should qualify as spyware, as an observer of how HP used HTML-email to trick CNET News.com reporter Dawn Kawamoto into opening and then forwarding a traceable e-mail (what I've been calling PattyMail these days), that's a tough question that I could argue both ways.

Going back to the debate of whether HTML-enabled e-mails with traceable graphics in them should qualify as spyware, as an observer of how HP used HTML-email to trick CNET News.com reporter Dawn Kawamoto into opening and then forwarding a traceable e-mail (what I've been calling PattyMail these days), that's a tough question that I could argue both ways.

Trustee LogoOn the one hand, such tracking be used for legitimate business reasons that have no nefarious intent whatsoever. For example, here at CNET Networks, we publish a lot of HTML-based e-mail users and we use their trackability not to capture private information that you wouldn't otherwise want captured, but rather, to improve their usefulness to our audience and to terminate them if we find that that they're not getting opened over long periods of time. On the other hand, there are those who will glean every bit of data from innocent clicks that they can, using the results for deceptive reasons. But, to date, outside of the spam debate, I haven't seen any major privacy advocates raise a stink about the use of tracing techniques  in HTML-based e-mail. So, I asked Fran Maier, executive director at TRUSTe, what she thought.

TRUSTe "certifies and monitors web site privacy and email policies, monitors practices, and resolves thousands of consumer privacy problems every year" (according to it's Web site). Most Web users will recognize TRUSTe's Web seal (pictured left) as a visual cue that whatever Web site they're visiting, it has passed muster with TRUSTe's litmus tests for privacy protection.

According to Maier, for Web sites to get TRUSTe's imprimatur, they must disclose in their privacy policy what sort of tracking is enabled for visitors to the Web site. Additionally, Web sites can't display the TRUSTe seal unless they're compliant with the Can Spam Act. But, given that HTML-email doesn't technically qualify as spyware or, in many cases, as spam, the disclosure of trackable elements on HTML-based e-mails is an issue that isn't addressed by existing laws or TRUSTe's current policies. Should it be? When I asked Maier whether HTML-based e-mails that include trackable elements should cearly state as much (about themselves) without users having to go look at the sender's online privacy policy (this way, no "trackable" visit to a Web site is required at all), Maier said:

I can forsee it being very reasonable to put some disclosure like that down in the e-mail.

As it turns out, TRUSTe has already recognized that "spyware" is a rather broad classification into which many Web and e-mail practices are easily, and perhaps errantly slotted. According Maier, there's the technical definition of spyware and then there's the spiritual definition where intent counts. Maier says that HP's PattyMail doesn't technically meet the definition of spyware since spyware almost always involves the surreptitious loading of executable software onto one's system. But she doesn't think the Congressman was out of line in referring to the e-mail as spyware because of its deceptive intent.

Talking about better disclosure and actually getting it are two different things. Should a grassroots movement to disclose the presence of trackable elements on HTML-based emails emerge, there would very likely be some resistance from the electronic marketing sector which has lobbied hard to soften any bill or regulation or definition of spam that could deprive marketers of the freedom to manipulate certain weaknesses in the Internet's e-mail system. They argue that they have nothing to hide. But the truth is that there's a lot of money at stake. Internet users are so freaked-out about the privacy transgressions making the headlines every week that clicking links and opening e-mails are like walking on eggshells. Anything like a visible disclosure that might cause suspicious users to hesitate before opening commercial e-mail could seriously impact a marketer's bottom line. On the other hand, if you've got nothing to hide, why not disclose?

Said Maier of the idea, "Sometimes that's the outcome of a story like this one. It gets the right conversations started."

Topics: Security

About

David Berlind was fomerly the executive editor of ZDNet. David holds a BBA in Computer Information Systems. Prior to becoming a tech journalist in 1991, David was an IT manager.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.