Offshore News blog posts all the latest news, articles and reports on the Offshore Banking world, including Offshore Finance, Offshore Credit Cards, Offshore Merchant Accounts, Tax Haven Companies and Offshore Investments.

 

Friday, April 22, 2005

Researchware watches every click 

Is it spyware? Company says no; critics aren't so sure
By Bob Sullivan
Technology correspondent, MSNBC

Updated: 3:13 p.m. ET April 20, 2005

It's just a small download, promoted as a free antivirus program. But the software is really
designed to sit silently on consumers' computers, watch everything they do online, and send the
critical data back to the program's creator. The program has swept the Internet in the last year,
with millions of people downloading it.

The newest spyware? Nope. Welcome to the Internet's newest marketing tool, "researchware."

Consider it spyware's above-board, distant relative. Unlike spyware, researchware makes its purpose
clear when downloaded by consumers. Its intent is not to trick people into receiving annoying pop-up
advertisements, but rather, to gather legitimate market research data. And it's easy to uninstall,
unlike spyware, which is as hard to shake as a bad cold in winter.

Still, not everyone is comfortable with researchware. Privacy advocates wonder if consumers really
know what they are doing when they consent to use it. And security-conscious firms say
re-transmitting all that Internet traffic - which can include personal financial information - poses
a big risk.

Company: It's not spyware

The term "researchware" was invented by the field's pioneer, comScore Networks, to distinguish its
Marketscore program from spyware software, to which it had been compared. Marketscore is available
as a free download directly from a comScore Web site and from Internet affiliates.

MarketScore entices volunteers by offering protection from computer viruses. In the past, using the
name Netsetter, comScore software promised faster Internet connections. In both cases, by
downloading the software consumers grant comScore permission to redirect all their Internet traffic
through the company's servers. ComScore then studies the traffic to develop powerful market research
the firm later sells.

Marketscore has about 1 million U.S. users and another 1 million users overseas, the company said.

"There are responsible ways for companies to gather information about your online preferences," said
Chris Lin, chief privacy officer of ComScore. She compared MarketScore to the television audience
research firm Nielsen, which watches the viewing habits of volunteers.

Nielsen, Forrester Research, and Compete Inc. all collect information from Internet users that
voluntarily join a panel for research purposes - though none of those firms use the term
"researchware" to describe their work. (Nielsen//NetRatings provides user data to MSNBC.com.)

"This is no different than what a lot of other market research companies are doing," Lin said.

Banks cut off researchware users

Not everyone agrees. Security professionals say ComScore dangerously slurps up all manner of
personal information, including passwords for online banking services. Several financial
institutions have complained about the service, and last month, major banks in New Zealand announced
they would no longer do business with consumers who have installed Marketscore.

A fraud official for one of Canada's largest banks who asked not to be identified told MSNBC.com
that his firm had recently begun to reject all traffic flowing through Marketscore servers.

"I think people who download the software don't fully understand how much information is going to be
collected," said Larry Ponemon, director of the research firm The Ponemon Institute.

"They tell you it's a value for value exchange.  But as a rational human being, how much would you
have to be compensated to take this risk? Their data is incredibly valuable. And there are risks
that haven't really been thought about."

ComScore carefully controls those risks, Lin said. The company's research data has never been
stolen, she said, and the firm regularly submits to outside audits of its privacy and other
procedures.

ComScore also goes to great pains to avoid storing critical, personal data, she said. "If
identifying information exists, we either ignore it or scrub it," Lin said.  "We destroy pieces of
key numbers and data elements that we think are highly sensitive and that possession of would create
a potential vulnerability."

Detected by anti-spyware software

ComScore's explanations haven't satisfied everyone.  Along with bank offering online services,
several universities have also cried foul at Marketscore. The University of Toronto issued a warning
to students earlier this year about the service, claiming it can actually peek inside secure
transactions, creating a risk that sensitive data can be stolen, even if the user believes the data
is being transmitted in encrypted form.

"They have unencrypted access to their users' secure transaction information. If your computer has
Marketscore software installed, all your SSL secured transactions - banking, purchasing, passwords
or personal record access information is available unencrypted to the Marketscore organization," the
university says on its Web site .

The firm must decrypt the information to find what's there and conduct its research, the school
claims.

ComScore officials said the sensitive data is never at risk.

"We establish two secure communications. One with you, and one with the bank," Lin said.

Anti-spyware firms confused

Antivirus firms and other companies that sell anti-spyware products don't quite know how to treat
researchware. Symantec, for example, designates the program as spyware on its Web site
.

Symantec spokesman David Cole refused to comment on Marketscore. He did say the antivirus industry
was considering a new designation for researchware products. Computer Associates already has done
so -- it calls Marketscore "trackware." 

"The landscape is changing very quickly. We're talking to other vendors about this," Symantec's Cole
said. "It's a really challenging environment right now."

That's why ComScore created the term researchware, Lin said.  She believes one critical distinction
between malicious spyware and honest researchware is the ease of removal.

"There is a dramatic difference between software that obtains your consent and software that doesn'
t. We wanted to create a distinction between software that is out there tracking you, popping up ads
without your knowledge, and software that conscientiously obtains consent," she said.

The marketing industry doesn't know what to make of researchware yet, either.  Dwayne Berlin,
general counsel of The Council of American Survey Research Organizations, said his organization has
yet to take a position on the software.

"There's no official meaning to the term. ... It's really something we're in the process of learning
about ourselves," he said. "Observational research is extremely legitimate. But we need to make sure
industry codes fit the new methods."

Powerful research tool

Not only is observational research legitimate, it is powerful, all sides agree.  Thanks to
MarketScore, ComScore can provide incredibly detailed consumer research to its clients, which
ironically include online banks. In traditional surveys, filled out by consumers on their own,
people tend to distort and mis-report their behavior and preferences. MarketScore allows researchers
to watch consumers in their native environments, making real-life choices.

The firm isn't interested in the personal data, Lin said.  Instead, it wants to observe usage
trends.

"The fact that you are online banking, for example," she said, "And are you interested in mortgages
or are you interested in bill pay? Which services do you find useful? Are you going to just take a
look at the account or are you really going to do something active?"

But even absent security issues, privacy advocates wonder if it's possible for consumers to make an
informed choice when they elect to trade so much information for a small benefit like faster
Internet service or virus protection.

"I would claim that even the most interested and informed individual cannot forecast the
implications of this deal," said Alessandro Acquisti, a professor at Carnegie Mellon University who
studies the economics of privacy.

"This is why: Customers are entering a contract in which they are selling away their future behavior
and information without knowing in advance what that behavior and that information will be ... They
cannot predict what kind of information will be gathered, how it will be used, and therefore how
valuable it may be, or how damaging it could be to the customer."

© 2005 MSNBC Interactive
© 2005 MSNBC.com
© 2005 Microsoft Corporation. All rights reserved.
http://msnbc.msn.com/id/7546554/

posted by Jeremy at 7:19 PM  

0 Comments:

Post a Comment

<< Home