Jul 12, 1999
It is the ultimate in irony to see a web site describe itself as "Proprietary and Confidential". For obviously, a web site can be neither: its content is available for use by readers world wide; and a web posting is probably the most public of all documents.
It is even more ironic to see the label "Proprietary and Confidential" applied to a document which compares itself to such open standards initiatives as TCP/IP and similar protocols. The use of internet protocols depends on their widespread and free availability. Users should not have to fear secret draft documents or the possibility that royalties may one day be charged.
Yet Ziff-Davis weighs in today with a document which contains both ironies, the grandly titled "Standard for Internet Commerce." This self-described "seminal initiative" is intended as "a comprehensive codification of best practices in Internet commerce." Whether it can meet such lofty objectives in its current form is another matter.
Now of course nothing is official yet; the first press releases are not scheduled to begin until tomorrow, but Ziff-Davis couldn't wait, jumping the gun with a column this morning in Jesse Berst's AnchorDesk.
To hear Berst play it up, the whole thing is about customer service, good, bad or indifferent. "Bad service is frustrating enough in the real world," writes Berst. "But it's even more outrageous online -- because it doesn't have to be bad." The only thing holding up the emergence of good service on the web? A lack of standards - and so Ziff-Davis and its partners are ready to move into the gap.
The proposed standards, like any protocol, are intended to be voluntary. But there's an iron fist inside this velvet glove: "Once a best-practices ecommerce standard is crafted, e-merchants will adopt it -- or suffer the consequences." Consumers would patronize only those sites with the coveted SIC label; those vendors refusing to play ball would be shunned. Or so the story goes.
What Berst does not talk about, and what does not get discussed in the standards proposal at all, is the question of who does the monitoring and certification, and of how much the coveted SIC label will cost online merchants. And you can be quite sure it's going to cost something; otherwise, why would the standards be proprietary?
Well, OK, so they're going to make some cash on this. But standards are a good thing, right? We as online consumers want a measure of security and protection. And if we look at the aspects of e-commerce governed by the standards - everything from personal privacy to security to warranties and consumer complaints - it looks like the standards are the sort of thing which would do the job.
You'd think, anyways. But let's be clear about this from the start. The standards have nothing in particular to do with what online consumers want or expect in the way of security and protection. For one thing, consumers have no say in the content of the standards. Voting is restricted to a clique of founding members. Public input, while solicited, will only be "used as input by the editors and Founding Members".
The list of founding members makes fascinating reading. We see presidents and CEOs of such august institutions as Macy's, the Wall Street Journal, Barnes and Noble, Charles Schwab, and more. There is a sprinkling of university professors and consultants. More interesting, however, is the list of companies and institutions which are not represented.
Conspicuous by their absence are the heavy-hitters on the World Wide Web. The name Microsoft is nowhere to be seen. Usually, such gaps are filled by AOL or Netscape, but their representatives are not in the picture either. Amazon, the net's largest bookstore, isn't mentioned. Nor is eBay, the net's largest auction house. One wonders why Ziff-Davis has gone to press before lining up the heavy hitters. Or is this a power play - is ZD trying to run with the big dogs now?
Also absent are any representatives of the online community in general. One would thing that a document concerned with security and privacy would attract the attention of the Electronic Frontier Foundation. But no, nothing. Perhaps a consumer advocacy group; they're not hard to find. A technology representative, say, from W3C? SlashDot? Nada.
It's a bit of a stretch to expect anything of lasting value to emerge from a cabal such as this. And as we examine the proposed standards themselves, that sceptical prediction is confirmed. The standards are long on ensuring that merchants provide information about themselves, including the use of a cute little i logo and site search. They are big on such matters as product availability, shipping, and warranties. They suggest that merchants tell consumers how much the goods or service will cost. And they think online transactions ought to be private and secure.
That all sounds good, but when we dig into the details we find that the standards in every case err on the side of the merchant. Consider the section on information integrity (ie., can you trust the 'news' you're reading). The standard recommends only that "The merchant shall notify customers of its policy on accepting payments or other consideration from third parties for placement of any content related to the third parties' products/services that is not clearly identifiable as advertising." In other words, it is acceptable for such sites to hide advertising in with their news content, so long as somewhere on the site there is a page which says they do this.
Or consider their provisions on privacy. If the vendor gathers personal information, the standards say, they should disclose this fact to the user. So far so good. And the user should have the option of opting-out, right? Nope. The standard requires only that sites state "Whether customers have the opportunity to limit the use of their personal information (Opt in/Opt out) and how they can do so." Well, OK, but personal information cannot be used without the permission of that person, right? Nope. The standards impose no such restriction. How about restricting spam? Well, the standards do propose that users ought to have the right to say no (phew) - but according to the editors, that freedom should exist only when the information is first collected.
And a consumer-sensitive set of standards would up the ante. As Paul Evans comments on the ZDNet forum, "There should be traceability, so I could see who else is using my data. Further, I should maintain control of secondary, tertiary, etc. use. This includes medical records (contrary to what our business owned congress wants to do). All of this will require much better identity proofing than is currently used today. Things like X.500 identity certificates and, perhaps, smart cards instead of mag strips." But on such matters the standards say nothing. Advantage: vendor.
OK, how about customer complaints? You know - like when those antique Roman gold earrings turn out to be made of brass in Taiwan. The standards state only that there be "a means for customers to provide feedback or file complaints." There is not a word in the standards about how such complaints would be resolved, or whether they would be resolved at all. Online merchants could simply send back an acknowledgement form letter and then file the complaint into the circular directory /dev/null for long term storage. Such merchants would be in complete compliance with the standards! But perhaps not very popular with consumers.
The standards ought to endorse third-party dispute resolution centres, such as ilevel. But nobody like ilevel was asked to help create the standards, so it's not surprising that no dispute resolution process exists.
One would at least expect online vendors to obey the law. Of course, on the internet, many laws come into play, since the user, the service provider, and the vendor may all be in different jurisdictions. Even so, some law ought to apply. The standards recommend only that vendors "the merchant shall notify the customer which country's laws that the merchant believes apply to the customer's transaction." There is no requirement that the vendor get it right. There is no requirement that the vendor actually obey the applicable law.
Moreover, there is much that is missing from the proposed set of standards. Much that consumers would demand as their right, and about which the standards are completely silent.
For example, online commerce is much more than credit-card transactions, much more than the buy-sell exchange. Online marketing is to a large degree a matter of building a relationship with a customer, one where the customer is expected to contribute more than just money and demographic information. Sites such as Firefly, for example, ask customers to submit their musical and media preferences. Geocities encourages users to create home pages. eBay asks customers to submit reviews of online vendors.
One would ordinarily think that web sites, comments and reviews supplied by users would belong to those users. But in recent weeks, online merchants have tried to reverse that expectation, claiming ownership over these constributions. Yahoo made the audacious claim that it owns all Geocities websites. eBay has argued that no other site may refer to its vendor and customer reviews. More and more, it seems, the content provided by users is reverting into the hands of the providers. This trend would be reversed in any user-supported set of standards; but the Ziff-Davis proposal is completely silent.
Or how about site security? You as a consumer have a reasonable desire that your credit card information not be posted for all to see on www.hackers.are.us and thus that online merchants employ reasonable precautions against hacking. But the standards are completely silent on this point; the online merchant could leave your information in an unprotected file and still be in compliance with the standards.
Consumers also have a reasonable expectation that the claims made about a product are complete and accurate. This expectation should extent both to product information posted on the site, and also product information posted in advertisements and other promotional materials. About the only thing the standards require the vendor to get right is the price! About other forms of misrepresentation the standards are completely silent. Of course - you could always complain.
Now you may be arguing - but consumers have a voice in these standards! Yes - a non-binding voice. But more to the point, a non-binding vote on the multiple-choice poll voice. There is no mechanism for proposing and having adopted anything which is not on the ballot. Sure, consumers have a voice - they can choose which way they want to be shafted by these online shysters.
It's all nice and good to say that you are creating a set of standards for online commerce. But you have to do a little more homework than the good folks at Ziff-Davis. You have to make sure the major players are onside. You have to ensure that there is representation from the web standards community and from the consumer advocacy community. And you have to ensure that there is a mechanism for real input from web users, input which is not only listened to, but which has a measurable impact in the nature and content of the standards which would evolve out of such a process.
Nice try, Ziff-Davis. Stick to producing magazines.