Archive for December, 2014

Digital identity = digital currency

Digital identity = digital currency

By Michael Gaffney

Your digital identity is currency. It can be monetized. In an increasingly complex digital society, one of the biggest challenges for businesses is how to capture that identity.

Currently, totally beyond the control of consumers, a myriad of technologies and companies are scraping data, watching online activity, phishing, and working tirelessly to reveal – sometimes even steal – your digital identity. Your “digital identity” is the sum of all the available information about you and is growing exponentially; at the same time, big data capabilities are keeping pace in an effort to analyze all this information, your information.

The evolution of digital identities is a concern for consumers and merchants alike. On the one hand, consumers are concerned about privacy and losing control over their personal data. On the other hand, companies are increasing worried about data breaches – be it their own or third-party applications and the effects on breaking the trusted relationship between merchants and consumers.

In February 2014, it was reported in Forbes that the cost of the data breach at Target was $61 million. Target cautioned investors, “At this time, the company is not able to estimate future expenses related to the data breach.” The breach at Target, resulting in the loss of tens of millions of digital identities has had a massive impact on value for its shareholders, not to mention consumer confidence.

It’s cold comfort for Target and the shoppers impacted that at least they’re not alone, as evidenced by this infographic of the World’s Biggest Data Breaches.

The growth rate for ecommerce far exceeds traditional economies, whose growth rates are flat to shrinking. Consumer trust is one of the cornerstones of commerce for a merchant, especially in this age of digital identities. The ecommerce world with its real-time availability, product reviews and ability to rapidly provide consumers with substitute products is a dangerous place for merchants who cannot generate trust in their products and their interactions with consumers. Protecting the digital identity of consumers is paramount to maintaining that trust.

Opt-out is considered standard practice – in fact it is legislated in many jurisdictions – as a way for consumers to control their private data. Opt-in is typically used when the data required is even more sensitive. Studies have shown that consumers want control of their data but there is juxtaposition against convenience.

Consumers are willing to share their data with private and public organizations – conditional upon privacy controls and sufficient currency benefits. Trust, plus deals that consumers like, will cause them to spend and invest in their digital identities for the merchant’s currency.

For merchants to engage the consumer – to cause them share their digital identity to unlock value – companies need to epitomize and communicate a new digital identity perspective of — responsibility, transparency and the consumer in control.

(Image: flickr, Alan O’Rourke, link)

Posted in: Blog, Data breach, Identity

Leave a Comment (0) →

The week in review: international cyberwarfare, the cost of data breaches and the future of privacy

The week in review: international cyberwarfare, the cost of data breaches and the future of privacy

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. The Sony hack was catching everyone’s attention this week, banks and retailers are arguing about footing the data breach bill and there is some new thought provoking research on our digital lives and where we are going with privacy. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Truth is stranger than fiction

While “The Interview” is a screwball comedy based on a highly improbable scenario, even Hollywood could not have written the script we see playing out with the Sony hack. Reports indicate that the data breach of terabytes of all manner of data (including employee personal data) at Sony was, in fact, carried out by North Korea. While state-on-state cyberwar is certainly not the personal privacy milieu of Dodoname, there are some sobering implications of the Sony hack which are likely to reverberate across business, in what may come to be seen as a real turning point for how we look at cybersecurity.

North Korea’s Bureau 121 is certainly not the only hacker group out there. In previous weeks we shared posts about how criminal hacking was a major industry in some places. A Monday post by Robert Beckhusen and Matthew Gault suggested that it wasn’t cyberwar that we need to be worried about but cybercrime, since the U.S. — and the rest of the world, for that matter — aren’t ready to deal with cybercrime. As they point out, cybercrime is often stateless. Hackers operate across borders.

When we get to the point where Crimeware-as-a-Service Threatens Banks, The Economist notes in regard to cybercrime that the growth in general wickedness online is testing the police, and underground hacker markets are peddling complete kits for hackers monetizing every piece of data they can steal or buy and are adding services, it starts to feel like, whether we like it or not, 2015 will be a watershed year for cybersecurity. With polls reporting that almost half of Americans say their card details have been stolen in a data breach, it is also no surprise to see observers suggesting that protecting consumers’ data should be at top of new Congress’ agenda.

Who pays the bill?

As the cost of data breaches starts to explode, there is mounting tension between retailers and card issuers. Banking and Credit Union association officials Jim Nussle and Camden R. Fine note the instant criminal hackers gain access to consumer financial data, they sell the information to the highest bidders. Protecting the consumer then becomes the duty of financial institutions—leaving banks and credit unions on the hook for fronting the bill. Their industry feels it’s time for retailers to join efforts to put a stop to data breaches and protect the consumer. Current U.S. laws on data protection for retailers are not as strict as financial institutions and as a result there is little incentive to address their security flaws, because financial institutions are responsible for cleaning up their mess. We expect that retailers will face increased liability as laws are almost certain to change, highlighting the potential value to retailers of participating in a privacy marketing platform like Dodoname.

The future of privacy

The Pew Research Center Internet & American Life Project aims to be an authoritative source on the evolution of the Internet through surveys that examine how Americans use the Internet and how their activities affect their lives. They canvassed thousands (2,511) of experts and Internet builders to share their predictions on the future of privacy and released the results of those efforts this week.

In theintro to the report, Pew notes “The terms of citizenship and social life are rapidly changing in the digital age. No issue highlights this any better than privacy, always a fluid and context-situated concept and more so now as the boundary between being private and being public is shifting.

We recommend the entire report as a fascinating read. It reveals that, while we all can see benefits in our ever increasing digital lifestyle, privacy does mean something. However, it’s moving so fast that all parties are struggling to decide what it does mean and where it is going. Lots of food for thought for sure, but you won’t find a simple consensus. A taste of what we mean follows and do check out the full report.

We are at a crossroads,” noted Vytautas Butrimas, the chief adviser to a major government’s ministry. He added a quip from a colleague who has watched the rise of surveillance in all forms, who proclaimed, “George Orwell may have been an optimist,” in imagining “Big Brother.”

An executive at an Internet top-level domain name operator who preferred to remain anonymous replied, “Big data equals big business. Those special interests will continue to block any effective public policy work to ensure security, liberty, and privacy online.”

John Wilbanks, chief commons officer for Sage Bionetworks, wrote, “We have never had ubiquitous surveillance before, much less a form of ubiquitous surveillance that emerges primarily from voluntary (if market-obscured) choices. Predicting how it shakes out is just fantasy.”

An information science professional responded, “Individuals are willing to give up privacy for the reasons of ease, fastness, and convenience… If anything, consumer tracking will increase, and almost all data entered online will be considered ‘fair game’ for purposes of analytics and producing ‘user-driven’ ads. Privacy is an archaic term when used in reference to depositing information online.

Joe Kochan, chief operating officer for US Ignite, a company developing gigabit-ready digital experiences and applications, observed, “I do not believe that there is a ‘right balance’ between privacy, security, and compelling content. This will need to be a constantly negotiated balance—one that will swing too far in one direction or another with each iteration… Public norms will continue to trend toward the desire for more privacy, while people’s actions will tend toward giving up more and more control over their data.”

Posted in: Data breach, Privacy, Spam, This week in review

Leave a Comment (0) →

The week in review: privacy law world showcase, Sony’s bad week, and a phishing pop quiz

The week in review: privacy law world showcase, Sony’s bad week, and a phishing pop quiz

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about Internet privacy laws (or lack thereof) around the world, Sony’s extensive data breach, and a phishing pop quiz. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Whose Internet privacy laws are the fairest in all the land?

Do you want the bad news first? Or the good news first?

The bad news is that of the countries surveyed by the World Wide Web Foundation on the topic of Internet privacy law, 84% got a failing grade.

The good news? … well… er… Christmas is coming?

According to a Sputnik News article: “The United Kingdom, the United States, Australia, Canada and France all scored three out of a possible 10 in providing legal safeguards to ensure that surveillance did not interfere with rights to privacy.”

With a lack of legislation in place to protect consumers, it’s essential that they seek out and use tools and platforms that help them to protect their own online privacy, to control their own online personas and communications with merchants. Platforms like Dodoname can help!

All the makings of a Hollywood blockbuster

Those that follow the infosecurity and Hollywood beats have been glued to their screens since the announcement of a huge data breach at Sony Pictures that shares similar plot points with many a blockbuster thriller. From Forbes: “hackers not only erased data from its systems, but also stole, and released to the public, pre-release movies, people’s private information, and sensitive documents.” Extortion attempts, ignored warnings, cryptic messages to execs from the culprits and other go-to plot points became all too real, and splashed all over the Internet this week. Even more damning is that it appears the problems were discovered long ago – with a hack recorded in February and the studio deciding to keep it quiet. <insert joke about hindsight being 20/20 here>

The repercussions of this week’s revelations are widespread and ugly, from racist jokes made by studio executives at the president of the United States expense, to the A list slinging mud and bad mouthing other A list talent. The financial implications – and reputational damage – to Sony will no doubt be long lasting and the media is sure to broadcast every last juicy detail. It is a sobering lesson for organizations that are treating cybersecurity as an afterthought.

Phishing pop quiz

It’s Friday. You’ve had a long week. You’re looking for an online activity that will get you that much closer to the weekend. This phishing email quiz is just the ticket. Can you spot the difference between a legit email and a phishing scam?

How did you rate on the quiz? Tell us in the comments. And if you didn’t do so well, don’t despair: the IT security experts that first took the quiz didn’t do much better, as a mere 6% got all questions right. And, as the article at the link mentions, “this is their job.”

Posted in: Phishing, Privacy, This week in review

Leave a Comment (0) →

The privacy dilemma

The privacy dilemma

By Michael Gaffney

When it comes to privacy, the needs of consumers and those of merchants are, on the surface, opposing forces: merchants need detailed information about consumers for personalization while consumers desire control over their personal information and how it is used for marketing purposes. This is, in a nutshell, the privacy dilemma.

Merchants want to know as much as they can about consumers because that information guides and directs the kinds of products to build for consumers, the messaging around those products and increases the conversion rates of those marketed to. In a 3,000-channel world, the merchant is desperate to gather and use information to exactly target a single individual. This is called personalization. Personalization is the process of tailoring communications and product features to individual users’ characteristics or preferences.

Personalization requires detailed information about the consumer. Currently, most of this information is collected without the consumer’s permission. Consumers think that they have opted in to share only a ‘little bit’ of themselves – how little we know! The advent of single sign on (“SSO”) has increased convenience while dramatically increasing privacy invasions. Using your Facebook, Twitter, or Linkedin account to sign into a service creates a security risk. Using SSO makes it easy for one site to show the consumer’s actions and activities to other websites.

Using SSO opens a window to your privacy. Identity management should be a critical concern of all consumers. Online reputation is becoming more and more important, for both the consumer and for the merchant. ‘Big data’ is upon us and having correct information about consumers has an increasing monetary value.

Consumer concern about privacy is well known to be the number one issue of online consumers but consumer behavior regarding privacy is often contradictory to that fact. We claim to worry about privacy but we willingly surrender personal information all the time without really understanding where it goes and how it will be used.

How do I protect my privacy and still get the things I want on the Internet? Use a Dodoname whenever you need to register with a merchant. Since a Dodoname is not connected to any private information, there is nothing to be leaked or hacked. The opt-in persona function is your personal ‘marketing avatar’ that merchants can research and review to send offers without invading consumer privacy. Thanks to Dodoname, the privacy dilemma is solved.

(Image: Flickr, Mosier J., link)

Posted in: Blog, Persona, Privacy

Leave a Comment (0) →

This week in review: Cyber Monday sales and scams, the European Plan and the science behind tracking

This week in review: Cyber Monday sales and scams, the European Plan and the science behind tracking

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts on Cyber Monday, ongoing privacy debates, including in Europe and the science behind who is tracking you. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

Cyber Monday – sales and scams

Although figures vary quite widely depending on the source, a considerable fury of online sales was unleashed this week on Cyber Monday. ComScore reported U.S. sales of over $2 billion, a 17 percent increase over last year’s Cyber Monday, making this the “heaviest U.S. online spending day in history.” Predictably, this rush of e-commerce also captured the full attention of online bad actors. Researchers had already observed a “sharp increase” in phishing and spam activities against online shoppers and expect more to come into the holiday season. In a Politico article called “Hack Friday: Black Friday cybercrime is unstoppable,” Jay Healey, a former White House and financial sector official notes “Hunters are more likely to be out when there’s more prey to be hunted.” Bolstering that idea, reports on a study from security firm Imperva shows nearly half of all web application cyber-attacks target retailers. “This is largely due to the data that retail websites store – customer names, addresses, credit card details – which cyber criminals can use and sell in the cybercrime underworld,” said Amichai Shulman, chief technology officer at Imperva.

While email is still the prime vector for phishing, we were also reminded that social media is not immune to these threats riding the wave of a major online event such as Cyber Monday. Fake social media messages on platforms like Facebook attempted to hook unsuspecting shoppers looking for deals and discounts.

Privacy debates

Of course, we continue to monitor news and debates around how companies use your data to track your online activities for various advertising and marketing purposes. Indeed, providing a way to have both privacy and personalization is the raison d’être behind Dodoname. It’s fascinating to see the general public slowly becoming aware of the extent to which we are tracked. Jascha Kaykas-Wolff, the Chief Marketing Officer of BitTorrent, notes recent Pew research, saying it “overwhelmingly showed the burgeoning distrust users have harbored in putting their private information online.” His article, Why privacy is like the frog in the pot of boiling water, is descriptive of what has happened to all of us. Like the proverbial frog in the pot of water that is slowly increasing in temperature, we’ve paid little notice to the tracking and erosion of privacy. With the Pew study showing that ninety percent of adults agree that we’ve lost control of our personal data, the temperature is going to start to rise for business as well.

One way the market is responding to consumer concerns is through offers like Dodoname where privacy, rather than tracking, is central to the value proposition. Another prominent example is DuckDuckGo, a search engine that puts privacy first, rather than collecting data. Gabriel Weinberg founder of the company, speaking about privacy-based products in a Guardian Article notes “I don’t think it’s a fad. One of the big things people have noticed in the last year is the ads that follow them around the Internet and that’s perhaps the most visible notion of this new tracking mindset that most companies are adopting. Those trends are not disappearing. More tracking on the Internet, more surveillance, so I think as people find out about it they’re going to be wanting to opt out in some percentage.”

The European Plan

The European Union is ahead of North America in many regards concerning privacy, including evolving regulations concerning cookie use. We’ve previously reported on so-called super cookies and device fingerprinting used to track consumers across devices, including smartphones. A Guardian article this week Europe’s next privacy war is with websites silently tracking users, notes regulators have made it clear that companies cannot bypass cookies consent by using covert methods to track users through their devices. In the article, Jim Killock, executive director of the Open Rights Group says “Building profiles to deliver personalised content and adverts clearly falls under e-privacy and data protection law.” This regulator opinion on device fingerprinting techniques seems to pave the way for developing new legislation to govern their use and protect user privacy.

The science behind tracking you

The science behind tracking and the answer as to why techniques that track users across devices are being pursued by companies on both side of the Atlantic can be found in a MIT Technology Review article we shared this week: New Technology for Tracking Consumers Across Devices Grows Results.

Companies like Adometry are using probabilistic identification methods, to link smartphones to desktops accurately enough to justify ad placements. Drawbridge, of San Mateo, California, says it can “take anonymous signals from the device and do a kind of statistical space-time triangulation.” By performing the analysis over time, Drawbridge identifies clusters of devices and then figures out which are paired, providing confidence that they have the same user. The results provide marketers with data that is accurate enough for retargeting and attribution.

Still, we are just at the beginning of what marketers would like tracking to accomplish. As various vendors build their own technology and tech companies like Apple or Google seek dominance of their own proprietary methods, Adometry CEO, Casey Carey offers the opinion that Marketers need a new system to track customers across platforms.

Posted in: Blog, Data breach, Fraud, Phishing, Privacy, This week in review

Leave a Comment (0) →

Millennials: generation privacy?

Millennials: generation privacy?

By Michael Gaffney

Sometimes called generation Y or millennials, this group is a digital native powerhouse that is rewriting how goods are sold and purchased. There’s no exact science to defining a generation, but researchers and marketers generally put people born between the early 1980s and the early 2000s in this category.

Whereas the previous generation’s young people spent every waking moment at the shopping mall, millennials are speeding the online shopping revolution, eschewing brick and mortar retail to shop how, when and where they want, using the mobile and online tools that they’ve grown up with.

So, if these consumers are shopping online so frequently, collectively they must have an opinion on online privacy. Are millennials less concerned about privacy than older generations? Are they willing to share their personal information or cooperate with businesses online if there is an advantage for them such as a deal?

In truth, it’s a bit more complicated than that. Millennials think differently about privacy compared to older generations. ‘Millennial Rift’ is the term coined by researchers at the USC Annenburg Center for the Digital Future that refers to the differences in perceptions and value of privacy between the generations. Jeffrey Cole, in a 2013 survey, goes so far as to say that “Online privacy is dead – millennials understand that while older users have not adapted.”

I find Cole’s use of the word ‘dead’ a rather poor choice of words as the word dead is typically understood as lifeless and not coming back. Based on survey results in that same report (and similar findings elsewhere), I find it difficult to believe that millennials espouse that privacy is dead and not coming back. In fact the same study found that 70 percent of millennials agreed with the statement “No one should ever be allowed to have access to my personal data or web behavior,” compared to 77 percent of older generations. Doesn’t sound to me as though privacy isn’t valued by this group, instead, other data points would indicate that the giving up of personal data needs to be incentivized for this generation to participate. Millennials surveyed were much more likely to share personal data, such as location, in order to receive coupons or deals from nearby businesses.

Marketers need to better understand how millennials perceive privacy differently and how that information should impact digital marketing strategy. A strikingly different tone from the 2013 USC study was the 2014 study, ‘Millennials Care More about Privacy than any Other Generation,’ conducted by Contagious and Flamingo, two trends and insight consultancies. There were three key findings in that study: one, millennials are 28 percent more likely to switch products or services because of privacy concerns than the rest of the population; two, 54 percent of millennials in the U.S., and 48 percent in the U.K., have stopped using a product or service because they were worried about the way it was using their personal data; and three, millennials are more likely to pay a premium to protect their privacy.

If marketers want to attract and keep millennials as customers, they will have to balance that generation’s willingness to share information for deals or coupons that are relevant to them with both the conviction and actions necessary to protect that shared private information.

(Image: Flickr, Gonzalo Díaz Fornaro, link)

Posted in: Blog, Privacy

Leave a Comment (0) →