Not long ago I stood in the once spacious center of the Denver airport (which now filled with endless rope lines and the pointless gov’t employees who sniff everybody’s shoes for some weird reason) getting my retina’s scanned and my finger-prints electronically taken so I could get a Clear card.
I had already filled out the forms online, and this was ‘step 2′ where you get physically ID’d in such a way that the TSA is willing to take one huge dose of humiliation and privacy degradation in return for avoiding the long wait for dozens or hundreds of later ones.
It seemed like a good idea when I filled out the forms.
Standing there with my eyes staring into little red lights like those in 2001: Space Odyssey, it seemed like a bad trade. I really thought about leaving and just living with the enforced insanity that is standard grade airport security circa 2008.
The attendant was quick to playback her script, telling me how secure and encrypted and safely stored away in the computers of GE or Lockheed Martin of whomever it was she claimed was going to hold my complete data set. They’re not even released to the TSA she claimed. (huh?)
Only a few weeks later we learn that a good hunk of this secure data set can be downloaded and stored without encryption on laptops used by folks who run Clear sign-up kiosks in the malls around San Francisco. And these unsecure laptops can go missing for weeks at a time.
I know: None of that has anything to do with online marketing.
But when a company based on the concepts of security and privacy suffers a failure like this, and it’s in the news media and blogosphere for nearly 24 hours, and the corporate website and homepage still has no mention, let alone no clear communication or public response, choosing instead to live back in ‘nothing ever happened land’, we’ve got ourselves a new case study for how not to handle PR and corporate communications in the 21st Century.
There’s also been no email sent to members yet (at least not this one).
Makes me wonder how long it would take them to tell me if my fingerprints and social security number were for sale on ‘terrorist ebay’?
From the details in the ‘laptop found’ story, the incident was bad but perhaps not catastrophic in technical terms. If the company doesn’t fix their PR/communciations stance in the next 12 hours I’m not so sure the same thing will be true, or should be true, for the business itself.
Which will be too bad, because I really don’t like to wait in line at the airport just do to a little Kabuki Theater for the benefit on no one.
UPDATE: On Thursday, 48-hours after the event, Clear CEO Stephen Brill sent an email to members both informing and explaining the situation. In that email (which is apparently not posted on the flyclear.com website which is silent on this whole issue) , he says the following:
Before we could send out that notice, the laptop was recovered. And, we have determined from a preliminary investigation that no one logged into the computer from the time it went missing in the office until the time it was found. Therefore, no unauthorized person has obtained any personal information.
No one logged in. What if they mirror-imaged the hard drive and put the laptop back?
I have no illusion of privacy for most of this data, and agree that it’s most likely this event won’t cause anyone any problems. But to compound a slow reaction with this sloppy assurance isn’t a good ending to the story.
I needed a room tonight near the Denver airport, so for the first time took a shot on Priceline’s ‘name your price’ service.
The process worked well enough, and I probably saved $50.
But one of the questions in the purchase process caught my attention. Look what they ask you to enter as one of the possible ‘secret words’ in case you forget your password. Wow.
The RSS problems here on the new ClickEquations blog have been cured (thanks Jason) and so existing Commerce360 blog RSS readers are now subscribed to our new blog. We’re using the same feedburner address so you don’t have to do anything to stay subscribed.
The blog will continue to focus on paid search marketing and web/search analytics. We’ve got a lot of upcoming posts and ideas and exciting new to share. Thanks for staying with us and for reading.
I’ll also point out we’ve added a new fancy Disqus commenting system to the new blog, so when you read something in the feed to which you want to respond or comment or ask a question, please come to the blog and share your thoughts.
After first passively and then actively squandering a business and technical lead, running Yahoo into the ground over the past few years, destroying and rebuking billions in shareholder value, and sending his entire executive team heading for the exits, it is worth a moment to consider what Yahoo CEO Jerry Yang has done to you, the paid search advertiser. And what you should do in return.
George Michie covers this topic over at SearchEngineLand today, and discusses the fact that with Google campaigns running on the Yahoo properties, there is a clear economic problem – your bids were set based on the value of Google search and search network traffic. And for the vast majority of companies that value is not equivalent to the value of Yahoo search and search network traffic.
In other words, you’re now paying for steak but getting served hamburger.
Your two choices, as George points out, are to accept this fact or cut bids which drives down your Google results. Nice choices, huh?
I’d like to suggest a third option. Google needs to de-couple the Search Network from the Google Search bidding, like they did a few years ago with the Content Network. In other words, we should be allowed to separate campaigns/ad-groups and bid to the value of the network and not be forced to buy it bundled with Google search.
Making this change puts advertisers in line with Google on this and any major network ad-distribution agreements. Ultimately, allowing us to opt in and out of individual distribution channels, and get click-level reports on performance is also necessary.
It took them a while but Google did the right thing on the Content Network, and has made incremental improvements in these areas since the first step. All these moves were driven by advertiser feedback and demands. Time to start speaking up on this one.
Jerry has cost enough people money and heart-ache. It shouldn’t have to cost all of us.