The Privacy War of Richard Smith

Richard M. Smith knows the data snatchers are out there. From the third-floor aerie of his rambling Victorian-style house in the tony Boston suburb of Brookline, Mass., this virtual sleuth spends untold hours, surrounded by his toy robot collection, tapping on his trusty laptop. His mission: to track the efforts of software companies and online services to collect information about what individual Web surfers are doing.

Smith's avocation as a digital bloodhound started last year, when he heard that Intel Corp. (INTC) was encoding a unique serial number into every new Pentium III microprocessor. He wondered whether other hardware-identifying numbers were being copied onto documents created with Microsoft Word. A veteran programmer and co-founder of Phar Lap Software Inc., which makes ''tools'' for software writers, Smith used a ''hex dumper''--a program that shows the actual bytes of information in a computer file--to inspect a Word file.

He discovered that the word processing program also contained an electronic marker that was ''stamped'' onto every document he created. That made it possible for somebody to unlock the code--a company eager to uncover a whistleblower, for instance--to identify the source of any Word document. Microsoft (MSFT) has since changed its system. Among other online privacy violations, Smith also discovered that RealNetworks Inc. (RNWK) collected computer ID numbers from Web surfers who downloaded its RealJukebox software to hear CDs.

Last fall, Smith quit his job at Phar Lap to take a sabbatical and devote himself full-time to privacy issues. He says he's alarmed by the steady erosion of personal privacy online and wants to raise consumer awareness of the threat. ''People don't understand that every little move they make can be monitored,'' he says. ''My role is to shine a light on [privacy abuses], and then we can have a conversation about what to do about it.''

NAILING AMAZON. Smith, 46, has become a well-regarded expert in the field. Federal regulators ask for briefings on Web bugs and other online monitoring gizmos. Reporters and others call or e-mail regularly with tips on alleged cyber-snooping. And e-commerce companies shudder as he exposes the methods they use to track unsuspecting consumers.

In December, for example, he charged that Internet-monitoring software created by an Inc. (AMZN) subsidiary gathered personal information about customers without their knowledge. Says David Medine, an associate director at the Federal Trade Commission: ''The publicity sends a message: 'You don't want to be next on Richard Smith's list.' Everyone takes him seriously.''

Even Microsoft programmers praise his technical savvy. ''He eats and breathes bits and bytes of data,'' says Richard Purcell, Microsoft's director of corporate privacy. ''We respect the work he does.'' So much so that last June, Microsoft brought Smith to its campus in Redmond, Wash., to discuss the use of software user ID numbers.

Smith's latest finding: On a tip from a Seattle software developer, he determined that Sprint cell phones that offer wireless Web connections transmit a user's phone number to whatever sites they access. ''It's a marketer's dream,'' says Smith. ''Once Web sites realize this, they'll have salespeople call you up on your cellphone.'' The company defends the feature, saying it's for the user's convenience--allowing callers to quickly reconnect to a site if they are disconnnected--and notes that Sprint's (FON) service agreements mention the feature. Besides, insists John Yuzdepski, a Sprint vice-president, Sprint's Web service providers are ''very secure sites that know how to deal with the privacy issue.'' Maybe so. But with Smith on the case, they better be.

By Amy Borrus in Brookline, Mass.

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Privacy: Outrage on the Web

TABLE: Dissecting Online Privacy Policies

The Privacy War of Richard Smith

E-Mail to Business Week Online

Copyright 2000-2009, Bloomberg L.P.
Terms of Use   Privacy Notice