I'm writing to you partly as the webmaster of kuro5hin.org, where this letter will be submitted for publication, but mostly as an individual who spends quite a lot of time online, and conducts a lot of personal business through the internet, and is therefore very concerned about online privacy issues.
The internet industry in general has been adamant in its claims that industry self-regulation will be sufficient to safeguard the privacy of internet users. TRUSTe has often been held up as the flagship initiative in online privacy protection, and has been very successful in building a brand recognition among internet users. To many, the sight of the TRUSTe "trustmark" is sufficient to assure them that a website can be relied upon to protect their private information.
As stated in "The TRUSTe Story," your organization was founded on a recognition of "the need for branded symbols of trust on the Internet similar to UL Labs," a need which I wholeheartedly agree does exist.
Unfortunately, this need is not being met by TRUSTe, and in fact, I believe your organization may be doing more harm than good to the cause of online privacy protection.
You make the comparison to Underwriter's Laboratories, and their famous "UL Listing Mark." The essential value of Underwriter's Laboratories is this: if I buy, for example, a toaster, and that toaster bears the UL mark, I know that an independent third-party organization has tested this toaster, and determined that it will operate as expected, and will not randomly catch fire. As explained on the UL website: "The UL Listing Mark on a product is the manufacturer's representation that samples of that complete product have been tested by UL to nationally recognized Safety Standards and found to be free from reasonably foreseeable risk of fire, electric shock and related hazards."
Take, for example, the privacy statement of eBay, which reads, in part, "Therefore, although we use industry standard practices to protect your privacy, we do not promise, and you should not expect, that your personally identifiable information or private communications will remain private." This policy, which states openly that users have no assurance that their private information will remain private, is certified by TRUSTe.
What the TRUSTe "trustmark" certifies, in fact, is simply that a website has stated what its privacy policies are, and will comply with that statement, whatever it may be. Oh yes, it also certifies that the owners of the website have paid a license fee to TRUSTe, for use of the "trustmark".
The result of this is that internet users now have the *impression* that their privacy is being safeguarded, without any actual standards of privacy protection being in place, or being enforced. This, to me, is worse than having no oversight at all. Rather than actually make an effort to protect the privacy of internet users, TRUSTe has instead made an effort to collect licensing fees for the use of a graphic with no underlying meaning. A large amount of HTML about "raising awareness" and "educating users" aside, TRUSTe is collecting fees while doing nothing to ensure privacy.
Now I read that you have joined the "Privacy Advisory Board" of DoubleClick, long-notorious as one of the worst offenders in the pantheon of online snooping. This only further lowers my opinion of the integrity of TRUSTe, and further convinces me that self-regulation will never work in an industry that appears to be utterly bereft of ethics.
Unless and until TRUSTe and other online "privacy" watchdogs begin to safeguard the actual privacy of internet users, I will continue to regard the TRUSTe "trustmark" as merely a sign that the website in question is trying to lull me into complacency, in order to perpetrate some gross violation of my privacy, as this seems to be the specialty of policies certified by your company.
If you wish to respond to this letter, you may email me at firstname.lastname@example.org, or you may participate in the online forum that will accompany this letter, if it is approved for publication, at http://www.kuro5hin.org/. Thank you for your time.
Rusty Foster, kuro5hin.org