We just got our daily update from JDSupra (still LOVE THEM!) titled "California's Shine the Light Law: Latest Class Action Threat for Online Retailers and Electronic Commerce Companies", under the topic of Retail Industry Alert.  Here's a link to get you started, because it's important business compliance reading, but that's not why I'm sending you all this letter.

February 2012 by: David Almeida, Stephanie Sheridan - The coming of a new year brings many things, not the least of which for companies doing business in California is the emergence of new legal threats. In the last several weeks, plaintiffs' lawyers have filed several class action lawsuits under a relatively obscure California law known as the "Shine the Light" Law, California Civil Code § 1798.83. The purpose of the law is to provide consumers a way to contact companies they believe are disclosing their personal information for direct marketing purposes so that they may obtain information about (and opt out of if they so choose) those disclosures. Although the law has been around since 2005, recent audits suggest that compliance has not been uniform,

A letter to Dan Swanson's well-respected yahoo Governance Group GOV DG2

Dear Colleagues on this email newsgroup - I’d like to share some digital information about your traceable behaviors.  (FYI, I care a lot about our privacy, so don’t fret.  I won’t share your info with anyone.)

Dan sent an email this morning that had some links to enterprisegrc.com.

In the last 24 hours, I spoke to Mike and Tim.  Larry wrote back to the group to Tim.  We are a known data set.  Dan, Robin, Larry, Mike and Tim.  Each of us has a good deal of valuable information on our personal drives, and we have substantial influence in companies to include the determination of corporate risk.  We are corporations, consumers, auditors, advisors, friends and we have lots of public information to flesh out our profiles.

(Image removed, b/c it would expose people on this list - self-censorship)

I really hoped that some of you would follow the email links.  As is routine, I observed live traffic using a free analytics tool from Google.  I have a common, legal, tracking script on the actual web page.  A reader cannot access a web page without creating a “get” in a log file from an ICANN registered IP address (unless it’s a spoof IP).   So far, it sounds anonymous, but it’s not.  Because of my intense knowledge of everyone on this list, I have potential to intentionally or UNINTENTIONALLY create a lot of information about you.  (I won’t do that, but just take it as a point.)

I write a lot about traffic, SEO and the misuse of tools to create the illusion of website corporate wealth.  There’s relationship in why people will create all these great tools for pennies or even free.  In addition to great services and products, free tools are providing information that creates a huge market of valuable insight on all of us.  This is why I say, be who you are in all you say and do.  Operate with knowledge that you are tracked.  Have no illusion that your corporate identity is different from your yahoo or Hotmail identity.  It’s not.  Use company email for company business, but be assured that your twitter, yahoo, gmail and so on, is still creating a paper trail about you and your company.  If you are using it from a machine that stores sensitive information, STOP.

Points I make in risk leadership include that you FIRST need to understand the business.  With the introduction of cloud services, it’s been very easy to count copious chickens that will never hatch, and hell probably weren’t even eggs.

For more than a decade now, I’ve watched how information is disseminated and how people then respond.  I’ve tracked, for real reasons, all of us.  This is because each of you has at some point, been added to my “whitelist”.

Right after that email from Dan, two people on this group reviewed four pages on the website content, which Google tracked right down to the yahoo email that Dan sent out.  Dan’s email record was a “referring web page”, meaning some of you had that email open in Yahoo.

That means that a hacker at that moment could have used me (if I let them) to track you to within a space of 1000 feet and maybe even to the cube where you were reading.  Based in reading, a database can now assign your email IP to that reading behavior (no I don’t do that) and begin providing intel on the attitudes of that actual person.  Are you working in government?  Are you planning any stock trades?  Did you intend to buy your girlfriend that diamond bracelet?

This is because we all allow our browsers to tell the world who we are and where we are.  It’s because we still think browsers are okay for nonsecure email.   It’s not spying.  It’s not even surveillance.  As soon as we use freeware, shareware, facebook, twitter, we create our profiles and it’s done.  When we think we create an anonymous profile, we are wrong. In fact, over time, that effort to be anonymous may end up causing us to look like we had something to hide.  It’s got the same bite as using BCC (Blind Copy).  At some point, it always gets out.

It’s argued that no one has time to review all the traffic.  NOT TRUE.  I do it during breakfast. Real readers, as opposed to bots and spam relay traffic, are a far smaller number than the internet would like us to know.  When companies report numbers like 14000 viewers a week, and that is the number of recorded viewers on my site, it’s hugely deceptive.  The reason I am starting to care about that is we are suddenly allowing asset value based in a perceived web based market.  Just like access line equivalents not matching the size of IP Networks (a.k.a. 10 Billion write down at Cisco), or bank posted transactions having anything to do with bank health, actual readers have a collection of qualities that make counting viable and repeatable.  During the same twenty minutes, while three real people read something on the enterprisegrc.com site, other technology reported that about a hundred people were on the site.  The truth is a requested web crawler, continuous loop viewers, RSS feeds, tweets, etc. but not people create an illusion of traffic.  That number is not the actual heart beats on the site.

  1. Take away one – if Robin can do it, everyone can do it, so it’s time to update our corporate configuration to ensure all laptops and PC/s have defaulted to Google Opt Out.
  2. Take away two – web traffic is not a valid indicator of company asset value

[...a little self censorship...]  Cloud Business buzz is creating another dot-com bubble and now it’s aimed at open API (Platforms as a Service) PaaS, SaaS, and IaaS.  The alleged size of traffic and use are blindly tossed into indicators of potential revenue, and my friends, I can assure you it is mainly crap.  (Let’s create a cool new acronym “counterfeit reading access performanceTM”.  The reason my tweets and emails reach people is we’ve all been talking for the last ten years.  You only clicked on the link because of our relationships.  You took the call (or let it go to VM) because you knew me.

Small business today is creating a model that is not tied to credibility and it concerns me.

I’d really like it if you’d each consider following my lead and getting Cloud Ready certified.  I want to arm you because the readers on this list serve are the people who can save us.    As risk and business leaders, we can’t allow new concepts to distance our minds from facts.  It’s got to stay real or we face the biggest failures and investment scams ever conceived.

Look at the biggest IPOs and the value for the top 100 websites.  Then ask yourself this.  “I’ve known Robin for a decade and she just started a website in October.  Could her website rank in the top 25K for the United States?”

Of course not, but it tracked that way for several weeks.

Try this another way, if you noticed a bump of around 2k in your bank account, and after a day, it was 4K, would you check in with the bank?  If you and your wife got the same 401K report, but one you outperformed the other by a factor of 1000%, would you call your broker?

We are already counting the benefits of being a cloud economy, but are we ready to be a society in the cloud?

Chicks are cool2/9/2012