E-Commerce News: Report: Waste of a Customer Data Gold Mine.

Grocers could and should create digital shopping assistants, use loyalty cards to push consumers online, and revitalize marketing strategies.

Loyalty cards have the unique distinction of being one of the few data-gathering tools that are not resented by customers. (ed. I think that these folks would disagree.) In fact, most customers love these cards, which offer savings and other perks at frequented stores. For their part, issuers love them, too -- in general, loyalty card users tend to spend more money than non-cardholders.

Indeed, over the last several years loyalty cards have become ubiquitous in the hospitality, retail, grocery and drugstore industry. Now, other sectors are starting to offer such cards. Harrah's Entertainment (NYSE: HET), for example, recently unveiled its Total Rewards card, one of the first in the gaming sector.

E-Commerce News: FTC Shifts Internet Privacy Stance.

The FTC's Timothy Muris also proposed a national 'do not call' list that consumers can join to avoid telemarketing sales calls. However, industry organizations have expressed concerns about the FTC moving into this area.

Timothy Muris, the new chairman of the Federal Trade Commission (FTC), said in a speech on Thursday that he will not support enactment of any more privacy legislation. Instead, he intends to ratchet up enforcement of existing privacy laws. This position is basically a reversal of the one taken last year by the FTC under the Clinton Administration.

Muris' position has dismayed consumer advocates hoping to build further on the United States' privacy rules, which many feel do not provide enough protection to consumers. One major initiative privacy advocates had hoped to introduce involved greater control over information sharing among businesses, both on the Internet and in off-line transactions. However, Muris put the kibosh on this particular suggestion, explaining that no clear consensus has ever been developed regarding the best and most efficient ways to protect privacy.

All told, some 100 privacy bills have been introduced in Congress this year, although none have been taken up in committee. Meanwhile, the attacks of September 11th have placed all extraneous legislation on hold. Indeed, even prior to Muris' speech, few held out hope that any significant privacy legislation would pass this year.

"PC Magazine" - A Watchful Assistant Raises Privacy Concerns.

It is always on, passively listening. The Personal Awareness Assistant prototype from consulting firm Accenture has a speech recognition engine, two small microphones, a small camera and a scrolling audio buffer. But it's more than a recording system. For example, if a user meets someone new and says "it's nice to meet you," the Assistant takes a low-resolution picture of the person being greeted and then, when that person responds, records the name, storing the dated and time-stamped information in an address book.

CNET NEWS.COM - War of words, action on spam.

Spam-fighting is the new watchword of major Internet access providers that are strengthening their rhetoric and actions against junk mailers weighing down their networks and customers.

Internet giant America Online on Thursday reminded its 35 million members of the company's vigilant stance against junk mail, and promised added spam-blocking tools in coming months. The company, which posted a letter on member welcome pages, said it already thwarts about 750 million pieces of unwanted e-mail daily.

This week, Microsoft pledged to bring several lawsuits against spammers it believes are pilfering e-mail addresses from its Hotmail members to send them junk mail. The coming suits follow one that Microsoft filed in federal court last week, charging anonymous people it suspects of having harvested e-mail addresses from its Hotmail servers to spam subscribers.

InfoStructure News from Wired News - Hackers Run Wild and Free on AOL.

A spate of recent hack attacks on America Online -- which hackers say are a regular thing -- underscores the popular online service's feeble security. It's a detail AOL's 35 million users don't hear much about.

[ ... ]

Using a combination of trade tricks and clever programming, hackers have thoroughly compromised security at America Online, potentially exposing the personal information of AOL's 35 million users.

The most recent exploit, launched last week, gave a hacker full access to Merlin, AOL's latest customer database application. As a security measure, Merlin runs only on AOL's internal network, but savvy hackers have found a way to break in.

The hack involves tricking an AOL employee into accepting a file using Instant Messenger or uploading a Trojan horse to an AOL file library. When the file is executed, the Trojan horse connects the user who launched it to an Internet relay chat server, which the hacker can use to issue commands on the targeted machine. This allows the hacker to enter the internal AOL network and the Merlin application.

Merlin requires a user ID, two passwords and a SecurID code, all of which hackers obtain by spamming the AOL employee database with phony security updates, through online password trades, or by "social engineering" attacks over IM or the telephone.

[ ... ]

Yet another hole has allowed hackers to steal AOL Instant Messenger screen names, even those of AOL staff members and executives.

Most at risk are screen names that hackers covet, like Graffiti, or single-word names like Steve. Also at risk are internal AOL accounts like TOSGeneral, which is used to monitor abuse reports.

While many of these hacks utilize programming bugs, most hackers are finding it far easier and quicker to get access or information simply by calling the company on the phone.

[ ... ]

In a telephone interview, two hackers using the handles Dan and Cam0 explained that security measures (such as verifying the last four digits of a credit card number) can be bypassed by mumbling. (ed. emphasis added)

"San Francisco Chronicle" - Vt. bookseller purges files to avoid potential `Patriot Act' searches.

Some booksellers are troubled by a post-Sept. 11 federal law that gives the government broad powers to seize the records of bookstores and libraries to find out what people have been reading.

Bear Pond Books in Montpelier will purge purchase records for customers if they ask, and it has already dumped the names of books bought by its readers' club.

"When the CIA comes and asks what you've read because they're suspicious of you, we can't tell them because we don't have it," store co-owner Michael Katzenberg said. "That's just a basic right, to be able to read what you want without fear that somebody is looking over your shoulder to see what you're reading."

[ ... ]

Kramer's Books in Washington won a court order blocking independent counsel Kenneth Starr from getting records of purchases by Monica Lewinsky during his investigation of the sex scandal involving President Clinton. And the Colorado Supreme Court ruled last year for a Denver book store in its fight against a subpoena of purchase records by a defendant in a drug case.

The court found that "compelled disclosure of book-buying records threatens to destroy the anonymity upon which many customers depend."

Slashdot | Bookseller Purges Records to Avoid PATRIOT Act.

Skyshadow writes "Vermont Bookseller Bear Pond Books has announced that they will purge their sales records at the request of customers . This would effectively sidestep typically insideous a provision of the PATRIOT Act which allows government agencies to secretly seize sales records. The store's co-owner, Michael Katzenberg, put it this way: 'When the CIA comes and asks what you've read because they're suspicious of you, we can't tell them because we don't have it... That's just a basic right, to be able to read what you want without fear that somebody is looking over your shoulder to see what you're reading.' Now if only certain other booksellers would show that same conscience, we might have something here."