LEXIS-NEXIS® Academic Universe-Document

Search Terms: personal w/5 information w/5 privacy

Document 263 of 575.

April 18, 2000, Tuesday

SECTION: COMPUTER LINK;Pg. 10

LENGTH: 1260 words

HEADLINE: Privacy champion defeating Net threats one by one

BYLINE: Frank James; KNIGHT RIDDER NEWS SERVICE

BODY:
Richard M. Smith is a software expert who doesn't fully trust his own kind.

So he has launched a personal crusade to expose technology practices that threaten the privacy of millions of Internet users.

The retired co-founder of a maker of specialized software for industry, he has a growing reputation as one of the Internet's premier privacy defenders.

He has essentially become the Techie Avenger for millions of less savvy Internet users who surf unaware of how much of their personal information is silently being gathered.

Smith has unmasked techniques employed by some of the Internet's best known companies -- including Microsoft Corp. and Real Networks -- to invisibly retrieve information from Internet users' computers in ways those firms didn't fully disclose until Smith raised questions. He discovered that software made by a subsidiary of Amazon.com, Alexa Internet, ostensibly designed to help Internet shoppers find the best deals and product information, also secretly gathered personal information on the user.

Smith, 46, filed a complaint with the Federal Trade Commission after discovering that Alexa's zBubbles software harvested information about his activities online and transmitted it back to Alexa.

Besides his e-mail and physical address, Alexa's software surreptitiously recorded his sister's phone number when he used his computer to call her.

It noted his purchase of a Boston-to-Las Vegas airline ticket, the DVDs he considered buying from an online retailer and the information he typed in to confirm his teen-age daughter's flight home from Philadelphia.

All this was done without notice to him from Alexa that his personal data was being retrieved, he said.

"It was one of the more intrusive pieces of software I've ever seen," said Smith.

Said Brewster Kahle, Alexa's chief executive: "Our users' privacy is of the utmost importance to us," but declined further comment, citing the complaint before the FTC.

Asking all the questions

Interviewed in the rambling frame house in a Boston suburb that he shares with his Russian-born wife, teen-age daughter and standard poodle, Smith said his mission is a simple one.

"I want to show how much monitoring is being done so we can make good decisions about whether we want this or not," Smith said in the attic room where he does most of his detective work.

"If we talk to marketing folks who are involved, they say: 'Oh, there's no problem here. It's all for your own good. And don't ask too many questions.' What I like to do is ask all the questions," he said.

The Web privacy problem, Smith said, has two fathers. Internet companies often are given high stock values in part because of the personal information they have on current and prospective customers. So there is great incentive for them to collect such data, he said.

The other is that software engineers by nature like to do their own thing. Software writers "sort of create their own little world with software. They write the rules. The last thing in the world they want to be told is what to do," Smith said.

He foresees legislators eventually passing laws that tell software companies what kind of information they can and can't "transmit up and down the wire," without the users' informed consent, as well as ethical training for software developers, he said.

A bug specialist

Smith, who sits on the Federal Trade Commission's Advisory Committee on Online Access and Security, started thinking about Internet security years ago when he ran Phar Lap Software Inc., a Cambridge, Mass., firm named for a famous Australian racehorse.

He focused mainly on software bugs that left computers vulnerable to hackers and viruses. It was Smith who last year uncovered the name of the Melissa e-mail virus' creator, David L. Smith, and passed it along to authorities.

A year ago, he turned his attention to Internet privacy. The controversy over Intel Corp.'s plan for a serial number in its Pentium III microchip processors that, theoretically, would make possible tracing millions of computers over the Internet, made him wonder what other tracking might already be occurring.

He found that Microsoft Word, the nation's most popular word processor program, embedded a hidden electronic identifier, unique to each computer, on Word documents.

That globally unique identifier, as it is called, was sent back to Microsoft when consumers registered their Microsoft software, Smith learned.

Thus, the personal information people provided upon registration could theoretically be linked to a particular document written in Word.

"I said 'Holy cow, this is bad,' " Smith recalled. "Not that anybody was using all this stuff, but this interesting little surveillance system was all in place" if ever someone wanted to use it.

Smith contacted Microsoft, which "right off the bat realized this was not a good situation," Smith said.

The company stopped new versions of its software from stamping documents with the unique numbers.

Carol Sacks, a Microsoft spokeswoman, said, "The fact is, Richard is a technical expert, and we respect what he does. We believe (his efforts) are intended to help strengthen consumers' privacy protection, and this is an important issue to all of us."

Listening in

Last October, Smith found software by Real Networks, the Seattle-based company, doing something similar. Real Networks' software compresses and decompresses large sound and video files for transmission over the Internet.

Another feature of the company's Real Jukebox software allows people who listen to compact discs on their computers to transfer music from the discs to their hard drives.

Smith detected that when he placed a compact disc into his computer, the Real Jukebox software automatically transmitted his machine's unique identifier and his musical selections to Real Networks.

Since Real Networks had his name and other personal information from his registration, "it put them in a position of being able to build a database of what CDs I was listening to," Smith said.

He alerted the media and a controversy ensued. In response, Real Network disabled the technology.

Real Networks didn't challenge Smith's facts, just his conclusions.

"He seemed to assume that . . . Real Networks was monitoring, and that was not the case," said Allen Mayer, a Real Networks spokesman.

When Smith went public, Real Networks had already planned a software fix to stop the transmitting of the personal information and update its privacy policy, Mayer said.

Smith had criticized the privacy policy posted on the company's Web site for not mentioning the practice.

"There's no question that Smith's work sped up the timetable," Mayer said.

Smith commented, "What's interesting to me is when a lot of these monitoring systems are exposed to the sunshine, companies seem to immediately stop doing it."

Getting a lot of calls

Smith also triggered a number of class-action lawsuits against Real Networks.

"I'm getting a lot of calls from lawyers these days," said Smith, who refuses to be an expert witness for plaintiffs; it would taint his efforts, he said.

State attorneys general and lawyers for companies that hope to avoid running afoul of him have also called seeking advice.

However, he has signed on as a paid consultant on Internet privacy issues to a company he declined to name. While he made enough money to be comfortable, he does not have the megawealth of some Internet entrepreneurs.

"I'm kind of jealous. I can only retire for a year," he said with a laugh.

GRAPHIC: 1 PIC; CHRIS PFUHL / Knight-Ridder; Successful sleuth: Richard M. Smith, who uncovered the name of the Melissa e-mail virus' creator, is developing a reputation as one of the Net's leading privacy defenders, making sure that the public is aware of privacy issues.

LOAD-DATE: April 20, 2000

Document 263 of 575.


Search Terms: personal w/5 information w/5 privacy
To narrow your search, please enter a word or phrase: