Another example of the fast and loose behavior of today’s wanna be businesses comes with the CLEAR program’s misplaced laptop computer. CLEAR is a security program sanctioned by the Department of Homeland Security and the Transportation Security Administration (TSA). You may have seen the CLEAR people at airports, pitching their program as a fast-track through airport security. Similar to expedited border crossing programs like Nexus (US-Canadian border) and SENTRI (US-Mexican border) Trusted traveler programs, only owned and operated by a private company, CLEAR is supposed to be as secure as the normal border patrol process. Last week CLEAR “lost” a laptop with the personal information of 33,000 applicants to the security program. Several days later, the missing laptop was “found” in the same office where it was “lost”. The CEO said this:

“We don’t believe the security or privacy of these would-be members will be compromised in any way.”

but he didn’t elaborate on how that could be, address whether or not the data was encrypted, how the data is protected, etc. No audit trail, no explanation of where that laptop was for several days, and apparently no concern beyond getting past this ugly public relations incident. It seems obvious that someone with access to that office knows something about where the laptop went and how it came back, right? We can only hope that someone in our government will look into this breech of security and figue out why it happened and how it can be prevented in the future.

How do you explain that Google doesn’t want to post a home page privacy link, and is willing to violate California law by refusing to include the privacy policy link on the Google homepage? It must hurt conversions.

Google is a serious web company and Google tests things before deploying them. The privacypolicy is an important aspect of web publishing, and even Google , with its significant investment in trading in people’s personal information, supports the idea that a privacy policy enhances trust and quality of a web site. Yet Google won’t put it on the home page, where the law says it has to be. Why not?

It must hurt the business, that’s why.

When you consider what would be important to Google, you first must consider profits. Conversions. How well the web page (and site) perform the intended tasks. And if testing shows that the presence of a privacy link on the home page reduces page performance (tracking whatever success metrics have been defined), then the wise business decision is to not post that link. If there is a law requiring the link, the wise business decision is to weigh the relative risks and rewards for compliance, and act in accordance withthe corporation’s best interests. Al lis not black and white in business. Any law is arguable, and arguing costs money. The balance has to be in the corporate favor. Otherwise, rst assured Google would post a privacy link.

So what is the defind conversion that is hurt by the presence of that link?

I’m betting it’s cookie clearing, but I haven’t studied the situation. If n% of readers click through to see they are tracked by cookies, m% of those n% may clear their cookies at that moment, or look to learn more about cookies and how to use cooies washers etc. But that’s just an off-hand opinion. You have to consider everything — click thru rates off the task of running a query, click offs to privacy web sites, secondary searches for Google and privacy, etc etc. Everythign detracts from the initial desired actionof user querying Google to find stuff. And that’s what Google will always choose to hide behind. Google can always say that the link detracts from the user experience. Privacy advocates argue back that a seven letter hyperlink doesn’t clutter the page much, doesn’t “detract” much, and Google can counter with the old web designer response “well, if everyone requested a 7 letter hyperlink from the home page, the home page would be all cluttered…” etc.

Google tests, and it is safe to assume testing has revealed that privacy homepage link hurts the page goal achievement rate. And it hurts enough to warrant resisting the laws of the state where Google is incorporated.

privacy rights clearing house

Who has the time or who can afford the effort required to manage the privacy issues under attack today?

A company in Ohio (Agent Technologies, see domain note below) is implanting RFID chips into the arms of employees, to see if the technology provides a good security solution for controlled-access areas. Ohio has introduced a law to make it illegal to require employees to be chipped. Wisconsin says you can’t chip people without their consent… isn’t it sad we need a law to say that? And it’s a state law, so don’t you wonder what it means when YOUR state doesn’t have that law, too? Rest easy when you go to bed tonight… unless you don’t live in Wisconsin, North Dakota (PDF), or California. Creepy.

The Ohio employees volunteered, so they would not be covered by the law anyway. Anyone who understands the concepts of harassment and constructive termination can see the headaches in the future with this stuff going on. And why RFID? What happened to biometrics, the last savior of the security industry, which promised to use faulty enrollment methods to almost guarantee a useless, but expensive invasion of privacy? Have we given up on that already, or have we just decided to install shoulder-height cameras at every teller window at the bank and collect iris data covertly without asking anyone’s permission?

A geek just demonstrated (again?) that he can easily clone an RFID chip… which ostensibly means he can access those “secure” areas the Ohio company is relying on RFID chips to protect. Since RFID chips can be read from a distance, I guess all a cloner needs to do is read the airspace in the traffic jam outside the offices, clone the RFID chips he discovers, and suck on one of the grain of rice sized RFID clones as he waltzes through the controlled-access areas. Ever wonder how those windshield washing homeless guys at the intersection can afford Air Jordan’s with the few bucks they get from scared drivers? I bet an RFID wand is just about the side of a squeegee handle… I’m just thinkin’, that’s all.

What a waste of time this all is, and challenge to our common sense. Who has time to fight the new laws that enable trade on our privacy, and support whatever efforts are truly designed to protect us (if there are any of those)? The EFF can’t do it all, can they? And if they don’t, what are we doing, letting the universe settle wherever it will via some theory of entropy or something? Clearly, this can’t be good.
Domain Note: The Ohio company is , but it seems they eiher allowed their domain to expire or decided against renewingit, because it’s owned by a domainer in the Cayman Islands right now. Tsk tsk…