I want to talk about the Sears Holding Company, and I have nothing nice to say.
They encouraged their own Sears and Kmart CUSTOMERS to download a piece of software that seriously compromised privacy, transmitting banking details, unrelated shopping card details, and online prescription orders back to the mothership.
To me, this is worse than an accidental breach. This isn’t about ignorance or stupidity, but about willful intent to do harm. A whole group of people inside this organization decided it was a good idea to write a piece of software that “monitored consumers’ online secure sessions – including sessions on third parties’ Web sites – and collected consumers’ personal information transmitted in those sessions, such as the contents of shopping carts, online bank statements, drug prescription records, video rental records, library borrowing histories, and the sender, recipient, subject, and size for Web-based e-mails” (from the FTC notice). How could this project be designed, written, approved, and then evangelized without anyone raising the ethical issues? How about the lack of respect shown to the very group of people whose privacy the Sears Holding group should have felt beholden to protect? Worse, why *could* it be done? Oh yes, right. We all use operating systems every day that have an egregious lack of granularity in access control.
There is little to do except spit in Sears’ general direction – so I do. Ptooey.