Interesting post. I learned a few years back that certification does not make the certifier liable for anything although some give some financial guarantee I think. I have Verisign in mind but might mix it up with their SSL Key Guarantee.

Anyhow, it would be a leap forward if the issuer of such critical and specific certification can be held responsible by the deceived and harmed consumer, at least to some extend.

As you said already, that would make the issuer check twice rather than once or only 3/4 and would reinforce the value of those certificates.

Actually a win win situation. If I would be a security certification service and believe in my own certification and test procedures, I would offer voluntarily a limited guarantee and liability.

I am responsible to some degree, if I made an error and issued a certificate where it should not have been issued …IMO.

Okay, may be only if I am applying common sense and not specific laws that would fit the issue, but hey, consumers are not lawyers either… well at least not the majority.

This would strengthen my brand and service, because it shows people that I am standing behind it and believe in it myself.

They need to learn the meaning of my tagline… What have you done today to put real values at the end of a click … from a shoppers viewpoint.

Ignore Mike’s crude comments please.

Sincere thanks for taking the time to respond and partipate in the conversation. i am glad you really do that and not just pay it lip service.

To your comment:

“When we learn of issues in trust we follow a process for requiring companies to change. The strength of this process is also its weakness – optimism that companies can change for the benefit of consumers, trust in our sealholders and thier commitment to thier customers, and an impartial process to obtain buy-in and make it happen.”

Call me jaded but I think your optimism is the achilles heel- that is probably having been on the side of seeing PCs wrecked from some of the apps you certified. When I look for trust- I’d like to see it enforced. When you see repeat violations of trust- you need a crowbar to change them. Again what is the real penalty for testing the trust?

Carolyn said “TRUSTe doesn’t kick out companies based on opinion, or on previous bad behavior, or because it makes us look better. We don’t accomplish our mission if companies don’t meet our standards for notice and choice. Sometimes it take some time to effect real change, or for standards to emerge in business practices. ”

That is very noble Carolyn, but what shall I tell users whose PCs are smoking piles of rubble? Who take them back to hardware vendors because of your slow and gentle process- who leave the net alltogether having being owned by sleazy adware? Sometimes it takes some real force to enact change, otherwise your seal starts to look rather watery. What is the real penalty for getting kicked out? You lose your seal?

I have a lot of interesting questions I’d like to ask, and some other privacy analysts would too, and since Revenews reaches a big chunk of your audience- Paying Merchants- are you and/or someone from TRUSTe willing to step into the Q&A Ring? It isn’t hostile- it’s just some in-depth questions.

Very simple- A series of questions on this blog, or SPG blog (or if you prefer your own blog) but prefer here.

To retard flaming I turn comments off (I do leave trackbacks on to promote well thought out responses and may add links to them in an addendum.) and you answer them honestly and openly…and have right to decline any question on the list.

Fair enough- do you trust me enough to abide by those rules of engagement?

When we learn of issues in trust we follow a process for requiring companies to change. The strength of this process is also its weakness – optimism that companies can change for the benefit of consumers, trust in our sealholders and thier commitment to thier customers, and an impartial process to obtain buy-in and make it happen.

Ben’s job is to weed out the bad guys – our job is to make companies change their practices. TRUSTe is constantly working on feedback we get from many sources. Case in point, because of feedback from the anti-spyware community we will be issuing new requirements for software that go beyond our current webseal requirements. Some of the companies Ben pointed out in his paper are no longer part of the TRUSTe program. Because of investigations we terminated Gratis Internet last year, and the New York AG sued them.

TRUSTe doesn’t kick out companies based on opinion, or on previous bad behavior, or because it makes us look better. We don’t accomplish our mission if companies don’t meet our standards for notice and choice. Sometimes it take some time to effect real change, or for standards to emerge in business practices.