IDG News Service - Sears and Kmart customers who sign up for a new marketing program may be giving up more private information than they'd bargained for, a prominent anti-spyware researcher claims.
According to Harvard Business School Assistant Professor Ben Edelman, Sears Holdings' My SHC Community program falls short of U.S. Federal Trade Commission (FTC) standards by failing to notify users exactly what happens when they download the company's marketing software.
And given the invasive nature of the product, Sears has an obligation to make its behavior clearer to users. "The software is not something you'd want on your computer or the computer of anyone you care about," Edelman said in an interview. "It tracks every site you go to, every search you make, every product you buy, and every product you look at but don't buy. It's just spooky."
Edelman has written up an analysis of Sears's software, set to be made public on Tuesday.
Problems with the retailer's My SHC Community program were first brought to light in late December, when CA senior engineer Benjamin Googins wrote a blog entry criticizing the software. The Sears software was written by VoiceFive, a subsidiary of Internet measurement firm ComScore.
Sears launched the My SHC Community in March, intending it to be a vehicle for customers who want a voice in the company's direction. "It's still kind of in its early days," said Rob Harles, vice president of MY SHC Community, in an interview conducted prior to Edelman's post. "It's mainly used right now for research, but what we want to do is open it up so it's creating dialogue with our customers."
Sears Holdings, owner of the Sears Roebuck and Kmart department stores, is the third-largest retailer in the U.S.
Sears offers members $10, and a chance to win one of several sweepstakes as an extra incentive to join the program.
But in return, a small percentage of members must install extremely invasive software.
According to Googins, the product monitors not only all of the user's Web traffic, but also keeps track of secure sessions such as visits to bank sites, sniffs through e-mail headers, and then sends that information to ComScore.
While Googins called the software "a significant threat to privacy," Harles doesn't see it that way. First off, he said that members can join the community with or without the tracking software and that less than 10% of members have signed up for the tracking program.
Those who get the tracking software installed have all personally identifying information scrubbed by ComScore, and are informed of exactly what's going on, he added.
Harles sent Googlins a detailed rebuttal to his claims, which the CA researcher has published on his blog.
- Combating Identity Theft in a Mobile, Social World Offering identity theft protection and remediation allows businesses to give their workforce the confidence to efficiently engage while bringing financial reward to the...
- After a Breach: Managing Identity Theft Effectively This white paper from LifeLock Business Solutions notes that FIs in addition to managing fraud should strive to turn a negative event for...
- Combating Identity Fraud in a Virtual World This slide presentation reveals findings from the Javelin Strategy & Research 2012 Identity Fraud Report about mobile and social trends, the real risks...
- Cloud Computing Drives IT and Business Agility Hybrid Cloud Accelerates Time to Value What is the main focus for IT in your organization - cost or agility? Many IT discussions today focus on cost controls rather...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Cloud BI in Action: Recorded Webinar of Customer, Kony, Inc. See how Kony, Inc., a leading enterprise mobility company, is using TIBCO Jaspersoft for Amazon Web Services and Redshift to achieve embedded analytics... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!