Polinaut: March 1, 2006 Archive

Lockdown

Posted at 9:41 AM on March 1, 2006 by Bob Collins (8 Comments)

It was interesting to see how the blogosphere was "alive" with chatter about the posts yesterday regarding the marriage amendment CD. For a time it was #1 on Slashdot (someone who wanted to get his traffic numbers up lifted parts of the post off this site, put it on his, and then put a message on Slashdot with a link to the "article" on his site. That's just paisley-and-stripes lame. Tons of responses there, lots of folks commenting on what the article said -- its merits and flaws. Only problem is, very few actually read the original posts here and were operating in relative ignorance. Intead, they relied on what some blog said some blog said about the post. As much as the exercise revealed about privacy concerns, for me it revealed how quickly and effectively reposting a blog's information (deleting somet things, and editing ot others) can spread misinformation. Sometimes it's just carelessness. But it's a lesson learned and I hope readers of blogs will remind themselves that unless they're reading the original post on the original blog site, they may be reading garbage.

Now then. The company responsible is CH Consulting. And if you're interested, they've published an article about database marketing and how it works.

The data we referred to was available on CH Consulting's Web site, by virtue of a link off the main site to viewyouriq.com talks about what kind of value they bring to political campaigns. It's now not accessible, but Google Cache can show you the page.

The theory behind the CD is exemplified by the company's product, ProCard, a significant feature of which is its ability to get around the do-not-call rules that have hampered telemarketers. CH cites IQ Central on its Web site, which gives a glimpse into the appeal of accessing the gathered data. However, keep in mind that political organizations -- and non-profits -- are exempt from Minnesota's Do Not Call rule.

In terms of a product however, Christa Heibel, the executive at CH, also has written about the effect of the Do Not Call laws and how to get around them.

Remember, it's OK to call someone if your company has an existing prior relationship. How that relationship is built will be the difference for many firms seeking to return to telemarketing.

So you run the program, and you transmit your data, and you establish a relationship.

ProCard lets a company present their sales material to prospective clients on a CD. The CD can be loaded with multiple-choice personal data questions to gather information on the viewer, as well as tracks where and what was done with the CD.

I can't recall, by the way, if I mentioned this earlier but there is a Terms of Use on this CD, one to which you must agree in order to get it to function. However, the contents are for the protection of the vendor (no decompiling, reservation of copyright etc., and a mention that the user is responsible for any damage caused by any downloads as a result of running the program). There is no mention of data collection and transmission. There was, I'm told, no mention of it at the news conference unveiling the CD on Monday either.

Comment on this post

Fallout

Posted at 11:58 AM on March 1, 2006 by Bob Collins (12 Comments)

Striking all previous and subbing Scheck's story.

GOP peers into voters' data with CD

* * *

Talking with Mark Drake at the Republican Party this morning, it's probably going to say that it was always the company's intention to secure the data at the time the CD was released. That the CD that was provided to the media at Monday's news conference was a BETA version and the "security" will be installed -- and was intended to be installed -- before the program will be sent out.

The Party hopes to get the CDs from the vendor on Friday and hopes to mail them out on Friday.

Here's what happened as has been explained to me by the folks who took the program apart.

CH Consulting used a program called DotNetNuke at the Internet data repository for their survey results. But they neglected to secure their DotNetNuke site. We don't think this was intentional, especially since the entire mailing list with the assigned codes was posted.

As for securing the CD, I haven't seen the final copy yet, but the security problem we found wasn't on the CD, it was the server.

The Republican Party is not happy with me and I understand their frustration. I also understand the frustration of the people who wanted -- desperately -- to get the destination IP and I understand it sounded last night like I was saying "ha, ha, I know something you don't."

I accept that and there's nothing I can do about it except to point out I don't think CH Consulting needed to be put out of business today by denial-of-service attacks. Nor can I legitimately talk about the importance of protecting data, and then give you the address of where you can get it.

As bad a day as the Republican Party and CH Consulting may (or may not) be having today, believe me, it could have been a lot worse. Any nefarious individual could have mined the information.

Some of the blogs I read last night seemed to suggest that when you answer a question, you should know that information is being sent somewhere. And when you go to a Web site and click SUBMIT, I think that's reasonable.

But this is a Flash presentation about a political issue featuring cool video. And in Flash, interactivity is accomplished with the presentation. If you, for example, were to answer that you are a "sometimes Republican," there's actually every expectation by the user that this could lead to a somewhat, shall we say, softer video than if you had selected another choice. So saying "people should just know" their answers are being sent isn't necessarily true.

And in that case, all of that could be eliminated as a concern, just by telling them in the first place. The subject didn't come up at Monday's news conference for a simple reason: nobody asked.

We don't yet know what the "final CD" is going to have on it or what the wording is going to be to make clear to the participant what and how the data is being used. The Republican Party spokesman said he would "look into it."

Sometimes the best response is "whoops." And move on.

Here let me show you. You know how I said the server had the questions the presentation asked and we could've changed them. It's true the questions are on the server, but they're in the Flash document as text too. So I was wrong about that. Whoops.

(Update 1:04 p.m.) Here's the packaging. Methinks this will boil down to a question of what "interactivity" means.

(Update 1:15 p.m.) GOP says this is draft.

Comment on this post

What else is going on?

Posted at 3:24 PM on March 1, 2006 by Bob Collins (2 Comments)

State Rep. John Lesch tells all -- OK, some -- of what the heck happened on his unauthorized trip to Iraq a few years ago. He talked with Tom Crann on All Things Considered.

And Mark Kennedy is on MPR's Midday for their Meet the Candidates thing... tomorrow.

Comment on this post

Sound Bytes

Posted at 6:29 PM on March 1, 2006 by Bob Collins

Couple pieces of audio hanging around here looking for someone to listen to 'em. These are expanded versions of what was on the radio.

Rep. John Lesch talks about his trip to Baghdad.

Christa Heibel, CEO of CH Consulting, defends the lack of explicit language revealing the data mining practice in GOP CD. (Listen)

Rumor has it Gov. Pawlenty is holding a news conference tomorrow to talk about -- wait for it -- data privacy.