Fighting the good fight for privacy

Crusade: A Boston-area software expert has dedicated himself to uncovering secret data-gathering practices.

April 17, 2000|By Frank James | Frank James,Chicago Tribune

Richard M. Smith is a software expert who doesn't fully trust his own kind. So he has launched a personal crusade to expose technology practices that threaten the privacy of millions of Internet users.

The retired co-founder of a maker of specialized software for industry, he has a growing reputation as one of the Internet's premier privacy defenders. He has essentially become the Techie Avenger for millions of less knowledgeable Internet users who surf unaware of how much of their personal information is silently being gathered.

Smith has unmasked techniques employed by some of the Internet's best-known companies -- including Microsoft Corp. and Real Networks -- to invisibly retrieve information from Internet users' computers in ways those firms didn't fully disclose until Smith raised questions.

He discovered that software made by a subsidiary of, Alexa Internet, ostensibly designed to help Internet shoppers find the best deals and product information, also secretly gathered personal information about the user.

Smith, 46, filed a complaint with the Federal Trade Commission after discovering that Alexa's zBubbles software harvested information about his activities online and transmitted it back to Alexa.

Besides his e-mail and physical address, Alexa's software surreptitiously recorded his sister's phone number when he used his computer to call her. It noted his purchase of a Boston-to-Las Vegas airline ticket, the DVDs he considered buying from an online retailer and the information he typed in to confirm his teen-age daughter's flight home from Philadelphia.

All this was done without notice to him from Alexa that his personal data were being retrieved, he said.

"It was one of the more intrusive pieces of software I've ever seen," said Smith.

Said Brewster Kahle, Alexa's chief executive: "Our users' privacy is of the utmost importance to us," but declined further comment, citing the complaint before the FTC.

Interviewed in the rambling frame house in this Boston suburb that he shares with his Russian-born wife, teen-age daughter and standard poodle, Smith said his mission is a simple one.

"I want to show how much monitoring is being done so we can make good decisions about whether we want this or not," Smith said in the attic room where he does most of his detective work. "If we talk to marketing folks who are involved, they say: 'Oh, there's no problem here. It's all for your own good. And don't ask too many questions.' What I like to do is ask all the questions," he said.

The Web privacy problem, Smith said, has two fathers. Internet companies often are given high stock values in part because of the personal information they have on current and prospective customers. So there is great incentive for them to collect such data, he said.

The other is that software engineers by nature like to do their own thing. Software writers "sort of create their own little world with software. They write the rules. The last thing in the world they want to be told is what to do," Smith said.

He foresees legislators eventually passing laws that tell software companies what kind of information they can and can't "transmit up and down the wire," without the users' informed consent, as well as ethical training for software developers, he said.

Smith, who sits on the Federal Trade Commission's Advisory Committee on On-line Access and Security, started thinking about Internet security years ago when he ran Phar Lap Software Inc., a Cambridge, Mass., firm named for a famous Australian racehorse.

He focused mainly on software bugs that left computers vulnerable to hackers and viruses. It was Smith who last year uncovered the name of the Melissa e-mail virus' creator, David L. Smith, and passed it along to authorities.

A year ago, he turned his attention to Internet privacy. The controversy over Intel Corp.'s plan for a serial number in its Pentium III microchip processors that, theoretically, would make possible tracing millions of computers over the Internet, made him wonder what other tracking might already be occurring.

He found that Microsoft Word, the nation's most popular word processor program, embedded a hidden electronic identifier, unique to each computer, on Word documents.

That globally unique identifier, as it is called, was sent back to Microsoft when consumers registered their Microsoft software, Smith learned.

Thus, the personal information people provided upon registration could theoretically be linked to a particular document written in Word.

"I said, 'Holy cow, this is bad,'" Smith recalled. "Not that anybody was using all this stuff, but this interesting little surveillance system was all in place" if ever someone wanted to use it.

Smith contacted Microsoft. The Redmond, Wash.-based software giant "right off the bat realized this was not a good situation," Smith said. The company stopped new versions of its software from stamping documents with the unique numbers.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.