Trying to make sites more trustworthy with users' personal data

A new certification program aims to make websites more transparent about sharing users' personal data. 

 

(CNN) -- There's a lack of trust between Internet users and the websites that collect their private data.

These sites aren't going to stop gathering personal information anytime soon, but one company hopes to make the exchange less mysterious when people sign on to a site using a social-media profile.

Logging in to third-party sites or commenting systems with Facebook, Twitter, Yahoo, Google+ and other social profiles is common -- 53% of people have done it, according to a recent study by Gigya, which handles these social logins for major sites such as Pepsi, CBS and Verizon. But Gigya is more interested in the other 47% who don't use social logins and what it can do to change their minds.

In theory, signing in to a third-party site with an existing social-media account should make life a bit easier. There are no forms to fill out, no new passwords and login names to memorize. Just enter two bits of information you're already intimately familiar with from checking Facebook or Twitter a million times. Once logged in, you might even like how easy it is to share content on your profile, or enjoy seeing what your friends bought, read, listened to or watched.

In exchange for these benefits, you give that company access to personal information telling them who you are, such as your age, gender, location, e-mail address, list of friends and what your interests are. That data is extremely valuable, and is used to tailor the site or app experience to individual visitors. People who log in with a social-network profile are better customers. They stick around longer and are more engaged.

The holdouts who avoid signing in with social profiles don't want to give third-parties the keys to their personal data. They believe companies will take their profile information and sell it, spam their friends or post to their social networks without permission, according to the Gigya survey.

"There's a real question of transparency and trusting, and confusion as to what's happening," said Gigya CEO Patrick Salyer. He believes much of it is a "perception issue" and that increased transparency between companies and customers would be mutually beneficial.

That's where the Gigya's new SocialPrivacy Certification program comes in. In exchange for publicly promising to use data responsibly, sites can sport a seal proclaiming that they are certified as trustworthy. The companies must follow these rules: they will not sell your data or your friends' data, spam you with e-mails, post on your social networks or contact your friends without permission.

Gigya is training a team of 35 employees in its client-services department to audit companies to ensure they adhere to the criteria. The companies are vetted when they first request certification and audited regularly after they're signed up to make sure they're still sticking to the rules. Gigya has not settled on a price for the certification yet. Any site can apply for the program, and Gigya plans to develop a similar code of conduct for apps in the future.

In theory the certification will assuage consumers' fears, and in turn boost the usage of social logins across the web. To increase the program's credibility, Gigya consulted privacy experts and collaborated on the final product with the Future of Privacy Forum, a privacy think tank in D.C. supported by companies such as Google, Amazon and Facebook.

Currently there aren't any laws regulating what sites and apps can do with your personal information, and companies are hoping to stave off any government regulation by taking matters into their own hands with initiatives like SocialPrivacy Certification.

"There's no obligation to be a good privacy citizen unless it's health or banking information," said Jules Polonetsky, director and co-chair of the Future of Privacy Forum.

Facebook, Twitter and some other networks have guidelines for developers that prohibit some of these behaviors, including bans on selling data. But by taking it one step further and publicly declaring it won't misuse personal data, a site can suddenly be held accountable for any violations by a group with a bit more power: the Federal Trade Commission.

"The FTC can sue you for making a deceptive statement to users who relied on that when they signed onto your site," said Polonetsky.

The SocialPrivacy Certification program is launching with a handful or partners, including Martha Stewart and the Toronto Globe and Mail. Until it becomes standard across the industry, its usefulness will be limited. But as long as people remain paranoid and hesitant to share their information, sites that want that data will be motivated to be more transparent.

 

Who is Julian Assange?

 

• Founder and head of WikiLeaks
• Longtime computer hacker with a history of infiltrating secret government information systems
• Seeks to “bring down” governments, particularly that of the United States, through information leaks

Julian Assange is the founder and head of WikiLeaks, an Internet website dedicated to publishing confidential government documents and images, which are typically obtained illegally through computer hacking.

Born in Australia in 1971, Assange had established a reputation as a sophisticated computer programmer who could break into even the most well-protected networks by the time he was a teenager. Around 1987, he joined with two fellow hackers to form a group that became known as the International Subversives, and the trio broke into computer systems from Europe to North America -- including, most notably, networks belonging to the U.S. Defense Department and the Los Alamos National Laboratory. In a book to which he contributed – Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier – Assange tried to create an aura of morality around this activity, defining what he called the Golden Rules of the hacker subculture: “Don’t damage computer systems you break into (including crashing them); don’t change the information in those systems (except for altering logs to cover your tracks); and share information.”

Hacking remained an obsession for Assange throughout his late teens. Pursued by authorities, he developed a nomadic lifestyle, moving from place to place, maintaining no real home, for fear that international governmental agencies -- particularly those in the U.S. -- may have targeted him for reprisal for the data leaks he had orchestrated.

In September 1991, Assange hacked into the master terminal that the Canadian telecom company Nortel maintained in Melbourne, Australia. Soon thereafter, he was caught by federal investigators and was charged with 31 counts of hacking and related offenses. Facing a potential sentence of a decade behind bars, Assange pled guilty to 25 charges, 6 of which were dropped. At his final sentencing, the judge was lenient with him and he escaped with the lightest of penalties — the payment of a small fine.

After the hacking trial, Assange lived below the radar in Melbourne for a number of years, working variously as a computer programmer and software developer, among other pursuits. He also studied physics and math at the University of Melbourne. Then, in 2006, he began the process of creating WikiLeaks, a website that would publish confidential government documents and images. His inspiration for WikiLeaks was the infamous Daniel Ellsberg, who in 1971 — the year of Assange’s birth — had published the Pentagon Papers. Assange has described WikiLeaks as "an activist organization" whose "method is transparency," and whose "goal is justice."

Shortly after getting WikiLeaks off the ground, Assange flew to Kenya to attend the World Social Forum — a yearly symposium dedicated to the redistribution of wealth and the eradication of capitalism — where he delivered a presentation about his new enterprise.

Contending that the primary objective of WikiLeaks was to expose injustice wherever it might reside, Assange told potential collaborators in 2006: “Our primary targets are those highly oppressive regimes in China, Russia and Central Eurasia, but we also expect to be of assistance to those in the West who wish to reveal illegal or immoral behavior in their own governments and corporations.” Assange further suggested that a “social movement” to expose incriminating classified information had the potential to “bring down many administrations that rely on concealing reality—including the U.S. administration.” Indeed, it has been the U.S. — rather than Russia and China — that WikiLeaks has targeted most intensively.

At a London ceremony in June 2009, Amnesty International honored Assange with its Media Award, in recognition of his expose of hundreds of recent extrajudicial assassinations in Kenya.
In April 2010, WikiLeaks became an international sensation when it publicized a classified video that showed civilians, who were mistaken for insurgents, being attacked by the U.S. military during the Iraq War. Over the rest of that year, Assange and his website sparked additional massive controversy on three separate occasions: In July, Assange released 77,000 secret files pertaining to the Afghan War. In October, he released nearly 400,000 pages of classified documents on the Iraq War. And in November, he released hundreds of thousands of classified State Department communications, many of which contained sensitive information on major U.S. diplomatic relations.

Among the more noteworthy items that Assange published in 2010 were documents that included the Social Security numbers of American soldiers. While acknowledging that leaks like these could ultimately harm innocent people, Assange rationalized such possibilities as mere “collateral damage, if you will,” and added that he could not be expected to calculate, in advance, the importance of every bit of information that might eventually find its way onto WikiLeaks.

Also in 2010, Assange published the results of an Army test which had found that certain electromagnetic devices designed to prevent IED explosives from detonating, also tended to compromise the performance of communication systems used by American soldiers. When asked if he would consider not releasing this information, given its potential for being exploited by terrorists intent on killing U.S. troops, Assange replied that in spite of his “harm-minimization policy,” his uncompromising commitment to transparency might ultimately cause him and his fellow WikiLeaks insiders to get “blood on our hands.”

In December 2010, after the November “data dump” of U.S. diplomatic cables had touched off an international furor, Assange -- who was in hiding -- was placed on INTERPOL’s "wanted" list for his alleged involvement in "sex crimes" against two women he had met in Sweden that summer. Assange denied the allegations, but he surrendered to London police on December 7, 2010. A WikiLeaks spokesman said that Assange‘s arrest would not prevent the organization from releasing additional secret documents.

In the aftermath of the arrest, Assange sympathizers -- calling themselves Internet "hacktivists" -- launched an all-out hacking attack (dubbed "Operation Payback") against the computer systems of companies considered hostile to WikiLeaks. Among these were Mastercard, Visa, Amazon.com, PayPal Inc., and EveryDNS. These companies had cut ties to WikiLeaks in recent days amid intense pressure from the U.S. government.