as software engineers and marketers think up new services, they’ll be tempted to use that information in ways that you might not be comfortable with.
“PII is like uranium: quite valuable, but more than a little dangerous when it falls into the wrong hands,” wrote Lori Fena and Charles Jennings in their 2000 volume The Hundredth Window. When they wrote the book, Fena was chair of the Electronic Frontier Foundation, and Jennings was an Internet entrepreneur who had founded Internet startups like Preview Systems, GeoTrust, and Supertracks. It was a manifesto of sorts for TRUSTe, which Fena and Jennings had founded in 1997 with the mission of encouraging websites to disclose their privacy policies, so that consumers could know how their personal information was being collected and used. Sites that did so, and that paid a licensing fee, were allowed to display the TRUSTe seal.
But these days, simply having a privacy policy doesn’t cut it. You also have to adhere to it—and you have to give your users easy ways to control how much they share. These are all tough challenges, as the endless saga of Facebook’s evolving privacy settings illustrates. Part of the problem is that Silicon Valley culture seems hard-wired to think about computer security—which is a simple problem of debugging code until all off the vulnerabilities have been removed—but not so much about privacy, which is “so different, and much more complicated,” in the estimate of Maier, TRUSTe’s president, executive chair, and former CEO. (She handed the title to Babel in 2009.) Privacy is “nuanced, personal,” Maier says. “What I want might be different from you want. There is not a common enemy, like hackers. It’s more of a contract between the individual and the company. We hold the companies to whatever promises they have made.”
Fena and Jennings set up TRUSTe as a non-profit, and Maier, who had previously co-founded Match.com, kept that model when she joined in 2001. She says the organization grew from $1 million in licensing revenues that year to $5 million by 2006, and was always cash-flow positive. It recruited top brands as licensees, from Apple and Adobe to the New York Times and the NFL. But it was a manual operation, and there was never enough money to hire serious engineering or product-development teams to build automated systems.
That became a problem as tech-savvy competitors began to crop up. For example, one startup called Scan Alert, later bought by McAfee, developed a form of automated A/B testing that allowed it to prove to business customers that its “Hacker Safe” certificates improved sales of downloadable software, an area TRUSTe had also entered. “Our whole franchise was at risk,” Maier says. “I realized that we were going to become a boutique if we didn’t start to address the issues in a way that was more scalable and impactful.”
Maier formed a plan to incorporate and raise venture funding, but she says TRUSTe’s board was initially skeptical. In fact, she says she had to threaten to resign to get them to go along. But most of TRUSTe’s clients had the opposite reaction. “They said, ‘We don’t care about your non-profit status, we just want to be sure you continue to do what you’re doing, and to the extent that you can grow your brand, that is only good for us,” Maier recounts.
The changeover was finalized in 2008, when TRUSTe pulled in $10 million in Series A funding from Accel and Baseline. The next year, Maier—who says her strengths are in branding, marketing, and relationships, not operations and technology—hired Babel away from Verisign.
Babel points out that his first months at TRUSTe, in late 2009 and early 2010, coincided with a remarkable flareup of privacy-related controversies. Silicon Valley startup NebuAd was taking heat for using so-called “deep packet inspection” software to help Internet service providers monitor consumers’ Web browsing habits and serve them targeted ads. Facebook was still smarting over
