Privacy Seal Provider ControlScan Settles FTC Charges
February 27, 2010 § 1 Comment
The FTC announced on Thursday that it had reached a settlement with ControlScan, a provider of so-called “privacy seals”—those small-ish images certifying a website’s security or privacy practices.
The FTC charged that ControlScan had “misled consumers about how often it monitored the sites and the steps it took to verify their privacy and security practices.” Although the seals claimed that ControlScan had verified the site’s privacy practices, ControlScan did “little or no verification” of those practices, according to the FTC. The FTC also took issue with the fact that the seals had current date stamps even though ControlScan did no daily reviews.
The settlement agreement required ControlScan’s former CEO to give up $102,000 in profits. It also suspended a $750,000 penalty against the company for inability to pay.
It’s uncertain whether privacy or security seals mean much. Even when providers scan daily, how much assurance can one expect for $71.50 per month? McAfee, the big player in the market after it bought (and renamed) the “HackerSafe” seal, had its own bit of bad press a couple of years ago when it turned out that several “Hacker Safe” sites were vulnerable to cross-site scripting attacks.
Even though ControlScan appears to have been in a different category than legitimate privacy seal vendors, the FTC settlement highlights a classic reputation problem with these seals. The seals look like they mean something, but the only way to know for sure is to check the seal provider’s practices—which undermines the point of the badge in the first place.