Last week Rocky Mountain Bank (according to reports) emailed, unencrypted, social security numbers and personal financial data on 1300+ customers, to the wrong address (link below):

The e-mail, sent by an employee of Jackson, Wyo.-based Rocky Mountain Bank on August 12, contained names, addresses, Social Security numbers, and loan information of more than 1,300 bank customers.

From court documents (PDF):

The confidential information includes names, addresses, tax identification numbers,3 and loan information for each of the 1,325 customer accounts.

That email, with the customers’ information, went to a gmail address. A frantic skirmish ensued, with Rocky Mountain Bank actually getting a court order to force Google to lock the email address. That part got the attention of the tech community, but what about the part about Rocky Mountain Bank leaking customer social security numbers? Why wasn’t that part sensational? And the part about Rocky Mountain Bank filing a request to seal the court order, on the grounds that it was not good for the bank, with an assertion that the confidential information may not have been actually “disclosed”:

Plaintiff argues that if its complaint and motion papers are not filed under seal, all of its customers may learn of the inadvertent disclosure. Plaintiff further argues that publication of the disclosure before it determines whether the Gmail account is active or dormant will unnecessarily create panic among all of its customers and result in a surge of inquiry from its customers. In his declaration, Mark Hendrickson, states that “until there is a determination that the Confidential Customer Information was in fact disclosed and/or misused, the Bank cannot advise its customers on whether there was an improper disclosure.”

It gets worse. Now that Rocky Mountain Bank (of Jackson, Wyoming) has confirmation from Google that the owner of the gmail account had not yet read the email, we are asked to accept that all is well in Rocky Mountain Bank Security Land:

“As a result, no customer data of any sort has been viewed or used by any inappropriate user during this data lapse,” Martinez wrote. “Rocky Mountain Bank acted to protect its customer’s confidential information. That objective was accomplished. The matter is now closed and the TRO (temporary restraining order) entered on September 23, 2009 is now vacated.”

Seriously? Unencrypted emails are stored on numerous servers on their way to their destination. An email sent from Rocky Mountain Bank in Wyoming to a Gmail account, is not “secure” along the way. Just because Google says the email has not been read via the gmail account, does not mean the email has not been copied, stored, archived, or even read on numerous cooperating servers in the public path between Rocky Mountain Bank and Google’s GMail servers. I don’t even trust that Google’s determination is accurate. Without details, who knows if the email and been read and marked as unread? Or forwarded? Or accessed outside of the web interface? Has anyone looked to see just what Google specifically examined? Or is Rocky Mountain Bank just hoping we’ll all forget this “mistake”?

Not to mention the tougher questions. Is it standard Rocky Mountain Bank procedure to email confidential customer data unencrypted, every day? Is it only when they realize they sent it to the wrong address, that it becomes news?

I expect a name change for Rocky Mountain Bank in the near future, for Reputation Management purposes, but really… when will we start demanding more from our banks and their inept managers and executives?

In Shakespeare’s Hamlet, “to be or not to be” was the question. The first line is so familiar:

To be, or not to be: that is the question:

and the first section adored, and often memorized by adherent high schoolers:

To be, or not to be: that is the question: Whether ’tis nobler in the mind to suffer the slings and arrows of outrageous fortune, or to take arms against a sea of troubles, and by opposing end them? To die: to sleep; No more; and by a sleep to say we end the heart-ache and the thousand natural shocks that flesh is heir to, ’tis a consummation devoutly to be wish’d. To die, to sleep; To sleep: perchance to dream: ay, there’s the rub; For in that sleep of death what dreams may come when we have shuffled off this mortal coil, must give us pause: here’s the respect that makes calamity of so long life;

Scholars and academics continue to study and interpret Shakespeare’s Hamlet. Many a Ph.D. dissertation has focused on it, and sometimes the interpretations stretch pretty far, making for entertaining reading. For the rest of us non-academics, and especially those of us living the definition of web entrepreneur, I think Hamlet should be re-considered. If I could be so bold as to suggest a modification to Shakespeare’s work (and I’ll only change the first line), I think it fits our modern age perfectly. Because I see this behavior over and over in potential entrepreneurs, I’ll take license and change “to be or not to be: that is the question” into “to be or to not be: that seems to be the question“. The rest remains appropriate.

Over and over I meet potential and moderately successful entrepreneurs struggling with the question Hamlet raised. Their actions are well described by that entire section above. But I suppose that is my interpretation of Hamlet. It differs from most I have read (I haven’t read many, mind you). It fits an inordinate number of entrepreneurs I meet. What drives your passion? Is it to Be, or is it to not be?

There are  few ways to think of this. The obvious : “Do you really want to succeed, or do you simply fear failure?” does indeed apply sometimes. But so does the less obvious (but more prevalent) “do you have a target for what you want to be, or are you working hard trying to not be something else?” I see a lot of people holding back in order to not be something.

There are plenty of psychologists ready to discuss your personal self image, your mental imprint of the meaning of life, the baggage you bring from your past relationships (including family) and your “inherited” fears and quirks. All good stuff that needs to be tidied up. But what I see is more specific: I see people who say they want to “succeed”, but are quick to point out negatives with a follow-on “but I don’t want to _____________“. The blank filled in with characterizations of ugliness. They want to sell a lot of product, but don’t want to cheat anyone. They want to market their services, but don’t want to be too pushy. They want to sell, but don’t want to lie. They want to innovate, but not be unethical (or immoral). They want to succeed, but…

To be or to not be. Where is the passionate energy going?

The biggest successes wanted to Be. They were after achievement. They wanted, whether that was a benevolent want (Mother Theresa wanted to help others?) or a selfish want (Malcolm Forbes wanted to be rich and famous?). For many, the “slings and arrows of outrageous fortune” were unfortunate side effects to be suffered, or corrected after the fact through philanthropy.

“Whether ’tis nobler in the mind to suffer the slings and arrows of outrageous fortune, or to take arms against a sea of troubles” perfectly describes what some blossoming entrepreneurs go through. Considering “outrageous fortune” to be wealth, is it more noble to get rich (despite the scorn some may cast upon you for being “filthy rich”) or is it more noble to deal with life’s burdens like everyman must? Maybe Hamlet’s “sea of troubles” is the common man’s suffering. The bills that need to be paid.

Entrepreneur Hamlet continues to suggest that quitting, or accepting common suffering, leaves one ultimately defeated (since without wealth one simply cannot defeat an economic system designed to enslave him). But he astutely notes that the desired peace and calm associated with having given up a struggle, will never arrive. And that’s the rub! Once you give up, you don’t find peace (as if to die) but instead you start to dream again. Free of the struggle, you are once again not only able to dream but you can’t help but dream. Because you are an entrepreneur. And what do you dream of? Potential success! Ahhh.. life is a cruel mistress!

“to take arms against a sea of troubles,
And by opposing end them? To die: to sleep;
No more; and by a sleep to say we end
The heart-ache and the thousand natural shocks
That flesh is heir to, ’tis a consummation
Devoutly to be wish’d. To die, to sleep;
To sleep: perchance to dream: ay, there’s the rub;”

Hamlet understood the curse of the entrepreneur. He referred to the calamity of a long life. The desires don’t go away. An entrepreneur will always see a different path, and want to follow it. An entrepreneur wants to know how deep the rabbit hole goes.

Enough about Hamlet; what about you?

• You say you want to sell Widgets. But you rarely speak to your potential customers, rarely influence them to buy, and spend most of your time in XHTML or re-design meetings. You don’t like to be pushy, apparently. To be, or to not be?

• You say you want to rank at the top of search engines, but when shown that better or more links are needed, you choose instead to re-design your home page (again). You don’t want to violate Google guidelines with questionable links, you say, as you double up your design efforts. To Be or to Not Be?

• You recognize that you need to build relationships in the marketplace, in order to succeed as a leader, so you join Social Media. And then you follow everyone. You don’t want to be an attention whore, apparently. To be, or to not be?

and my favorite…

• You say you want to be #1 in search engines for (generic word) but you don’t want to change your site so it represents a comprehensive and definitive answer for searches for (generic word).

Later this month a group of entrepreneurs will gather at Think Tank in Del Mar, California. I think Hamlet should come to Think Tank, and stand on the rocks of Del Mar beach reciting his soliloquy out loud (with my modification).

If you want to achieve, you can be who you are, or you can work to become who you want to be, but you must be someone. To be no one, unhappy as yourself, dreaming of being different, while holding back for fear of becoming something, is to waste your life.

Hamlet suffered for us already, and explained it clearly. Take his advice. If you have the passion to Be, do what it takes to become. If you feel in your heart that you were meant to be someone, then it is your destiny to give up convention and try to become who you are meant to be. Forget what others think. Forget the rules. Suffer the slings and arrows if necessary. Note the unfortunate side effects, to be managed later. But be true to yourself. For those given the gift, there is nothing nobler. The rest need you to try, and will reward your success.

It seems Palm has decided that they are OK with being slimy about undisclosed privacy and user tracking. Give a chance to comment on the recent expose about detailed user tracking buried inside the Palm Pre, they tell us (paraphrasing) “everybody does it” and “we’re happy our users trust us”.

MobileCrunch re-highlighted this news from a CNET article, but goes easy on Palm, while exposing how they track users location, what applications they have been using, what applications they have installed on the Pre (including those not authorized by Palm), and other personal data unique to the user’s Palm Pre. If you read the article literally, it is almost as if they had been threatened by Palm and were treading lightly.. exposing but being careful to not openly suggest the Palm Pre was a privacy-invading abuse of consumers.

The Economist wrote about cell phone tracking, and location-based services do indeed need to report back location in order to deliver maps, directions, etc. But they don’t need to report back all that other personal data that Palm is collecting from Palm Pre users.  According to the MobileCrunch article:

When it comes to location tracking and device activity, you must alert the user and specifically request permission. If you don’t, you are spying, plain and simple. Regardless of what Palm is doing with this data, the user needs to be completely aware that it is being sent.

Palm seems to disagree. See this excerpt from Palm response (emphasis added):

…Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer’s information, all toward a goal of offering a great user experience. For instance, when location based services are used, we collect their information to give them relevant local results in Google Maps. We appreciate the trust that users give us with their information, and have no intention to violate that trust.

They have no intention to violate your trust! How re-assuring, no? How about if a vendor asked you for your social security number and mother’s maiden name, and assured you they had no intention of violating your trust?

I have a follow up question for Palm. One day, when a Junior Marketing Executive at Palm gets a brilliant idea to exploit some of that juicy data, will Palm notify me of their new intent to violate my trust? I know they don’t have to, that’s the whole point.

Believe it or not, they’ve got that covered in the Privacy Policy as well. The default is that they can do whatever they want under that elastic justification “to enhance your device experience“. The lawyers make it sound less abusive by adding “For changes that are materially less restrictive or protective of your personal information than the privacy policy in place at the time of collection, we will seek your consent before implementing any such change.” Hard to imagine a case where they make an open, elastic data use agreement more restrictive, if that is even possible.

Scrutinize the Palm Pre Privacy Policy here, but be careful because Palm lawyers are just as clever as the rest of the lawyers in this industry: “We reserve the right to change our privacy policy. Please check our website periodically for changes…“