Friday, April 15, 2005

An Open Book 

In honor of April 15: You have perhaps read that the data-mining firm ChoicePoint inadvertently sold 145,000 Social Security and driver's-license numbers to a ring of identity thieves; that LexisNexis is offering "fraud counseling services" to 300,000 people in its database whose particulars were illegally accessed on 59 separate occasions; that BofA still can't find the missing computer tapes with the credit-card records of 1.2 million federal workers. Now, we know that many of you have just filed your income tax returns and are probably in some pain as you read this. We would very much like to make you feel better -- but alas, we can't:
[I]f you're one of the millions who this year have used the electronic services of Intuit's TurboTax or H&R Block, you may not know that a stealthy technology commonly known as Web bugs was used to track your comings and goings on the Internet.

Both Intuit and Block, which offer electronic filing for free through the IRS' Free File program, use hidden Web bugs throughout the tax-preparation process to monitor taxpayers' online behavior . . . .

The technology connects a company's site with that of an affiliated marketing firm, which collects and analyzes data on Web usage. Intuit and Block say Web bugs are employed only to maintain the quality of their respective offerings.

But privacy advocates and industry insiders say the technology hinges on the honor system. If a company wanted to, they say, it could easily record or misuse any information provided by consumers.

"We could capture your name, your Social Security number or any other information that you willingly pass to a Web site," acknowledged Matt Belkin, who serves as vice president of best practices for Utah marketing giant Omniture, which tracks the online activities of people using Intuit's TurboTax . . . .

In fact, Intuit's privacy promise isn't quite accurate. The company used DoubleClick when it began tracking use of online tax returns last year. This year, however, DoubleClick has outsourced the service to Utah's Omniture.

In other words, not one but two different marketing companies are involved . . . .

Omniture's Belkin said the company would never share data gleaned from one client's site with another client. But he acknowledged that there are no technological barriers to Omniture (or other Web analytics firms) using Web bugs to record virtually anything about an Internet user.

"It's a little freaky," he said, "especially where your tax return is concerned. I can see that."
UPDATE (courtesy of our soon-to-be-departed colleague John at Blogenlust): We forgot to mention Polo Ralph Lauren.

| | Technorati Links | to Del.icio.us