Sillycon Valley Biz

Personal & Sillycon Valley Biz & Spam12 Aug 2008 10:29 am

Word has already gotten out — in no small part due to my screwing up on LinkedIn — so I might as well post about it: August 1 was my last day at Habeas, and August 11 was my first day at Responsys. (The official announcement will be coming soon, so act surprised please!)

I will be serving in the role of Director of Privacy and Industry Relations. This is similar to what I was doing at Habeas, so all of those folks with whom I have interacted in the industry will probably see me doing all the same sorts of things, just wearing a different brand of hat.

To some of my colleagues at Habeas, my departure came as something of a surprise. I actually gave two weeks notice, but Des asked me to keep my impending departure confidential until my last day so as to not add further confusion or speculation to the internal office atmosphere during the pre-merger due diligence phase. So I had to forgo the lavish, tearful going-away party that I’m certain would have otherwise been scheduled. ;-)

While I am very much looking forward to my new opportunity, I do have some regret that I won’t be around to share in the excitement and adventure of merging Habeas and Return Path. I have known many of the folks at RP for many years and they’re a good group of people. I’m sorry I won’t have the chance to work directly with them — and to continue working with all of the great folks at Habeas. However, over at Responsys, we will still be travelling in all of the same circles and I look forward to seeing some of you at various industry events, conferences, etc., going forward.


Sillycon Valley Biz & Spam12 Aug 2008 09:52 am

As some folks know, August 1 was my last day at Habeas. I told a number of folks that the “other shoe” would be dropping soon, and indeed today it was announced (and discussed here and here): Habeas will be acquired by Return Path in a deal to be closed by the end of this month.

I’ve had a number of folks reach out to ask for insights, juicy details, etc. Having watched Habeas for many years, and having spent the last year working there as the company approached this crossroads, I have a unique perspective.

First and foremost, I think this acquisition is the best outcome for as many of the smart and hard-working employees of Habeas as possible. Some stakeholders are getting the fuzzy end of the lollipop, but that’s to be expected. My biggest concern has always been for the employees, and it looks like the Return Path acquisition will preserve a lot of jobs.

Generally, I think the choice to enter into this acquisition makes sense for Habeas. But “makes sense” doesn’t mean that it was inevitable. Habeas did not have to be in the position it found itself in.

I’ll refrain from airing the dirty laundry of where I think Habeas *could* have been had the executive team made some different choices at some critical moments. Suffice to say that I’ve made my peace with “what might have been” and once it was clear that those new directions weren’t going to be pursued, I did my best to pitch in and row towards the destination chosen by the glorious leader. ;-)

I’m a little dismayed — but not surprised in the least — by the classless comments of some industry observers. Many of those folks have personal axes to grind, and because I too occasionally have my own axes to grind, I understand that impulse. But I try to keep the schadenfreude to a minimum, since I know that the karmic boomerang is a real bitch. Others? Not so much, apparently.

A mentor of mine likes to say: “The best revenge is living well.” For me, life is looking just fine, as I hope it is for my friends and colleagues at Habeas and Return Path.


Return Path buys rival junk-mail fighter Habeas –

Return Path to acquire Habeas – DM News

Behind the Habeas Fire Sale – Direct Magazine

Return Path Acquires Habeas – ClickZ

AGLOCO & Personal & Sillycon Valley Biz19 Jul 2007 06:24 pm

I read it on Yahoo! News, so it must be true! ;-) I now work for email reputation services firm Habeas!

I’ve known the folks at Habeas for a long time and I’m really excited to finally get the chance to work with them directly. As Director of Email Policy, I’ll be working directly for Habeas’s CEO Des Cahill in revising (or in some cases, establishing) the policies that will drive Habeas’s new and existing products and services in the growing market for reputation services. I’ll also be bringing my experience in building privacy and security related services and technologies as Habeas expands its offerings into some new and exciting directions.

This move also represents something of a homecoming for me — after several years of work on security and authentication startups, I’m coming back to the issues of spam and email marketing where I first started almost fifteen years ago. A lot has changed in that time, and one of the things I’m able to bring to Habeas is that perspective on the past (a/k/a where all the bodies are buried) along with my experiences in related issues facing other industries.

Here’s the press release which went out this week and was picked up on Yahoo! Business.

Habeas Appoints Ray Everett-Church as Director of Email Policy
Privacy Guru to Lead Habeas’s Email Policy and Compliance Services for Volume Senders

MOUNTAIN VIEW, CA–Jul 17, 2007 — Habeas, Inc. (, the industry leader in email reputation services, today announced Ray Everett-Church has joined the company as Director of Email Policy.

In this role, Everett-Church will be responsible for the ongoing stewardship of Habeas’s email policy, as well as maintaining working relationships with ISP abuse desks, blocklists and anti-spam technology providers.

The addition of Everett-Church allows Habeas to expand its excellent support services to email senders and educate them on email best practices. In addition, the appointment further enhances Habeas’ ability to provide leadership and guidance on policy and sender requirements for audit, Safelist and compliance services for volume senders.

“Ray is an amazing addition to the Habeas family. His industry experience and qualifications make him the perfect person to help drive our compliance and best practices efforts,” said Des Cahill, CEO of Habeas. “As we continue to provide support and expert analysis for senders that will help them deliver email, Ray’s expertise will bolster our effectiveness in communicating the company’s compliance message to our many constituencies.”

Everett-Church is an internationally recognized expert on privacy law and Internet-related public policy, having served as founder and principal of PrivacyClue LLC and Vice President of Consulting with ePrivacy Group LLC.

Widely recognized as the “dean of corporate privacy officers,” he has provided consulting services to numerous companies such as Microsoft, AOL, Comcast, Pfizer, HSBC and Kimberly-Clark. Everett-Church co-authored “Internet Privacy for Dummies,” and continues to be a frequent commentator on legal and technology issues involving Internet privacy and security.

Prior to practicing law, Everett-Church worked as an independent consultant to the online services industry regarding legal, technical and policy issues.

About Habeas, Inc.
Habeas is an email Reputation Services Provider that offers solutions for legitimate senders to monitor and manage their email reputation to ensure maximum deliverability. Habeas sender reputation services include Habeas Audit for reputation assessment, Habeas Delivery Monitor for managing reputation information, and Habeas SafeList, the most broadly referenced Internet whitelist. Habeas also enables enterprises and ISPs to more efficiently process their inbound email and make better delivery decisions via its Reputation Network. This network is comprised of sender reputation information collected from four and a half million receiving systems in over 190 countries. For more information, visit

Some of you might be asking what this means for my involvement with AGLOCO. With the successful release of the AGLOCO Viewbar, the reality is that there is much less need for a full-time Privacy Officer, especially at this stage of the company when the team is so small and resources are tight. Of course there remain many privacy-related issues facing AGLOCO, and that is why I’ll be sticking around, just in a different way. I will become chairman of AGLOCO’s Privacy Advisory Council.

Later this Summer, we hope to be announcing the names of a few more people who will be joining me on the Privacy Advisory Council. Together, this body will be on-call to advise and counsel the AGLOCO executive team as they continue to build out the service. We’ll meet regularly with the executive and technical teams to review current practices, look forward to new services, and tackle the challenges that inevitably arise in trying to deliver the best value to members. I believe very strongly in the future prospects of AGLOCO (heck, I’ve got 38,000 referrals!!! Thanks David Lawrence! ;-) ), and am committed to doing everything I can to see that AGLOCO continues on is excellent trajectory towards success.

Privacy & Sillycon Valley Biz13 Jun 2007 02:39 am

In an interesting article on Monday, privacy activist Lauren Weinstein issued a call for an “At-Large Public Ombudsman” at Google, to help them address their ongoing privacy and other matters.

Since then, some discussion has been going on via Dave Farber‘s “Interesting People” (“IP”) mailing list.

On a number of occasions I’ve had strong disagreements with Lauren, but I’m with him on this one. Unfortunately though, I just don’t see it happening. Why? Here is my response to the discussion thread on IP:

What Lauren has described is in many ways the essence of a Chief Privacy Officer… someone who minds the store on privacy matters in a proactive way, moving easily between technical, marketing, strategic, and legal matters, and making sure the hard questions are asked (and answered) long before products launch. At many large consumer-facing companies the CPO heads a team of privacy professionals who become a central resource for executives and front-line personnel alike, across the entire company, across all business units and at all levels of the organization.

When I created the first corporate CPO position and dedicated corporate privacy team back during the dotcom boom days, some people scoffed at whether a dedicated privacy person (much less a whole team) was really necessary. Yet one need only look at the evolution of the industry over the last decade to see that the need for a CPO role and/or team at many organizations has been proven beyond any shadow of doubt.

My work in evangelizing the importance of the CPO role led me to a fascinating meeting at Google back in about 2001. I was told that they were hiring a lawyer to work on privacy matters, but I was somewhat surprised that they defined that “privacy” role as mostly limited to responding to subpoenas and other similar procedural matters. When I inquired about how they were intending to address the bigger privacy issues that were already starting to nip at their heels, I was told that privacy was so deeply engrained in the corporate ethos that they really didn’t see the need for a role like a Chief Privacy Officer.

Apparently they still don’t.

I walked away from the interview shaking my head, knowing then that privacy was going to be an ongoing headache for Google. The last six years have proven me right: with almost every major product/service release, glaring privacy issues have been evident and the company always seems shocked and surprised that anybody raises the issue. Time after time, it’s clear that stuff is going out the door without any evidence of serious attention to, or mitigation of, those glaring problems.

I think Lauren’s proposal is sound. But when I made a similar pitch directly to senior level executives at Google back in 2001, and again in 2004, the concept was met with such resounding indifference that I was forced to conclude that privacy at Google was evolving from a blind spot into an elephant in the room.

Today, I fear that acceding to a proposal such as Lauren’s would require them to admit that they’d gotten this one fundamentally wrong. Unfortunately, the hubris that led them into this blind alley will probably prevent them from escaping it anytime soon.

-Ray Everett-Church

AGLOCO & Personal & Podcast & Sillycon Valley Biz21 Nov 2006 11:34 pm

As many astute readers of this blog may notice, I’ve not been blogging too much lately. And if you’re also a listener to The David Lawrence Show, you will have a good idea why: I’ve been up to my eyeballs with the launch of my new company, AGLOCO.

AGLOCO — which is an acronym of sorts, short for “A Global Community” — is a modern incarnation of the Infomediary concept that I helped to pioneer back during the “dotcom” days with AllAdvantage. At AGLOCO, I am a co-founder (along with a couple of former AllAdvantage founders and a new cast of thousands*) and Chief Privacy Officer. Oh, and de facto General Counsel (at least until we have enough money to hire a better lawyer). ;-)

( * Okay, not a cast of thousands… But we’ve got about a dozen Stanford students that are running most of the operations. Actually, we may very well be the largest single employer of the Stanford Graduate School of Business Class of 2007…)

What is AGLOCO?

At it’s core, AGLOCO is an Infomediary. What’s that?

On the Internet, advertisers and marketers are eagerly and greedily gathering information about you, your interests, your shopping patterns, and other pieces of your personal information. They use this information to build a “profile” which can be used to target advertisements to you. In fact, some “data brokerage” companies will sell that profile information — your information! — to the highest bidder.

An infomediary turns this equation upside down by working as an agent on behalf of consumers to gather the same kind of data profile, but this time the profile is kept private and under the ultimate control of the consumer. The infomediary then pays consumers a share of the advertising revenue. As the community of users grows, and the quality of the targeting profile improves, the infomediary can provide advertisers with a richer and more valuable advertising audience and in turn the infomediary can deliver more value back to the community.

If you look today at the most vibrant communities on the Internet, places like MySpace, YouTube, Flickr and, the members of those communities have made those sites into incredible successes. When MySpace sold to News Corp. for $580 Million, how much money did the users of MySpace make? When YouTube sold to Google for $1.65 Billion, how much of that money went to those lip-syncing Korean guys and the other thousands of users who made the site such a success?

Don’t get me wrong: I think the folks who create exciting websites and think up innovative “Web 2.0” concepts deserve to be rewarded for their creativity and their vision. But so do the users, without whom those sites would be nothing more than cute little ideas with no audience. Now, some will say that the users of YouTube or MySpace get value because they get the enjoyment of participating in the community and creating wacky webpages… all of which they get for the low, low price of FREE!

Yeah, well… one of our founding team stumbled upon a quote that sums up my feelings: Sometimes “Free” is Too Expensive!

AGLOCO will be the only (at least until somebody swipes the idea) Internet community where all the Members who come together to make it a success will actually share in the wealth created by their hard work and dedication. If “Web 2.0 is all about user empowerment, AGLOCO is empowering a virtual revolution!

For more information, please check out AGLOCO and if you want to sign up, please use my referral number: AGLO-0009. You can also learn more about AGLOCO by checking out my exclusive Podcast Interview with David Lawrence. I did a written interview for the AGLOCO website, too.

Listen to the Podcast here. <img src=""

To read more about AGLOCO you can also check out the following blogs where AGLOCO’s launch is already generating a lot of interest:

AllAdvantage Is Back – GigaOM (11/03/2006)

AGLOCO launches – will pay you to surf the Web – VentureBeat (11/20/2006)

Web 1.0 Undead Rise: AGLOCO – TechCrunch

AGLOCO – AllAdvantage team launches new(ish) business – E-Consultancy (11/20/2006)

AllAdvantage 2.0, AGLOCO Launches – GigaOM (11/20/2006)

Now I like AGLOCO even more – McCall’s Notes (11/20/2006)

Privacy & Security & Sillycon Valley Biz06 Jun 2006 03:04 pm

Today Google launched “Google Spreadsheets,” the latest in a long line of ideas tossed out the door before it was done cooking — I think the term is “half-baked” — and slapped with the “beta” complaint-deflector. Already the uncritical fawning has begun, with predictions of mass self-immolations in Redmond, WA, soon to follow.

According to C|Net’s, it’s Google’s intent to make Microsoft quake in its boots, fearing that an advertising-littered web-based spreadsheet will be more attractive to consumers than Microsoft’s overpriced Office suite. So the theory goes, once Google can win over millions of consumers, enterprises will be forced to adopt it, and then the days of the villainous paperclip will finally be over.

Setting aside for a moment the abysmal history of consumer-oriented web companies who tried to create enterprise versions of their products, I think the deeper question is: Who in their right mind would trust their critical personal and financial data to the data mining machinery of Google? And assuming you could find individual takers, what company would do the same?

Google makes its money by sifting through the world’s data and dotting it with advertisements. Assuming you want to be bombarded with ads while you’re wrestling with some amortization formula (and no doubt thinking to yourself, “wow, a mocking advertisement for lessons in using spreadsheets would be handy right about now!”), all that data will be residing on Google’s servers, where it can be sifted through looking for advertising opportunities.

Even if you assume that Google keeps true to its “don’t be evil” mantra, there’s still the small matter that systems get hacked, employees get greedy and larcenous, and government investigators get overzealous and demand service providers keep data for two years.

Will that data include your “undos”? Think about the time when you entered in bogus tax data into a spreadsheet, just to see what your finances would look like if you didn’t report some extra taxable income. Would that be introduced as evidence of intent to defraud?

What if their algorithms, while searching through your spreadsheet to find relevant ads to serve, discover you have indeed been cheating on your taxes? Will they serve up ads for tax attorneys and bail bondsmen before the Feds come after you? Will they know the Feds are coming because they turned over your records to the IRS in one of the government’s regular subpoena “fishing expeditions” and illegal warrantless search and surveillance schemes?

These are not insignificant questions, and Google doesn’t have a track record of inspiring faith in their foresight and thoughtfulness on the tough questions of how data will stay private and secure. These are critical questions that Google will have to answer, not only to the satisfaction of clueless consumers and analysts but also to corporate privacy and security experts, before Google Spreadsheets can be taken as a credible alternative — much less a threat — to Microsoft Excel.

Privacy & Sillycon Valley Biz19 Jan 2006 10:33 am

I’ve been critical of Google on many scores, but I’m happy to hear that they’re fighting an attempt by the Department of Justice to cough up a bunch of log data for a fishing expedition.

Check out today’s scoop by the San Jose Mercury News, in which I’m quoted:

“This is exactly the kind of case that privacy advocates have long feared,” said Ray Everett-Church, a South Bay privacy consultant. “The idea that these massive databases are being thrown open to anyone with a court document is the worst-case scenario. If they lose this fight, consumers will think twice about letting Google deep into their lives.”

This should be an interesting fight! Kudos to Google for taking a stand.

Privacy & Sillycon Valley Biz17 Oct 2005 05:46 pm

I’m travelling this week, but word reached me this afternoon that Google has issued a new privacy policy, according to AP.

I haven’t had a chance to review the document in detail, but the commentators are already suggesting that it’s just as vague as it was before on many key issues.

Most of Google’s privacy issues boil down to questions about precisely what information they are collecting about you, how they’re going to use it, and what ability do you have to exercise any control over what they’re doing.

If the new privacy policy doesn’t give concrete answers to these questions, then it’s probably not an improvement.

News & Culture & Sillycon Valley Biz27 Sep 2005 12:51 pm

The good folks at Good Morning Silicon Valley noticed something interesting today: Google is talking to C|Net after about two months of the silent treatment. Like most toddlers who decide to refuse to talk, it breaks down the moment they have something exciting to share.

Congratulations to Google on passing this milestone. After all the ruckus, it was probably more like passing a kidney stone… but let’s just embrace the fact that they came ’round at all. :-D

Privacy & Sillycon Valley Biz06 Aug 2005 12:23 am

Google is so annoyed with one of CNet’s reporters for raising uncomfortable questions about Google’s privacy policies that they are refusing to talk to any CNet reporters for one year.

The startling news of the blackballing is mentioned in a parenthetical note at the bottom of a benign article about Google’s search for a new Chef to cook in the company’s cafeteria, replacing former Grateful Dead chef Charlie Ayers:

Google could not be immediately reached for comment. (Google representatives have instituted a policy of not talking with CNET reporters until July 2006 in response to privacy issues raised by a previous story.)

That story by CNet reporter Elinor Mills summarized the myriad privacy problems that Google seems hell-bent on pretending aren’t there. At the time, I praised her article in this blog entry, and added my voice to the chorus of concerned privacy analysts, asking my favorite question: Why does Google still not have a Privacy Officer?

Elinor’s story focused on the privacy issues that arise from the huge amount of data about individuals which Google has amassed and makes available through careful searching. But she also pointed out that the data which is publicly available is only a fraction of that actually gathered internally by Google about your private searches, what ads you click on, what topics you might be discussing in email, and other fascinating tidbits from your life.

As she suggested, such a treasure trove of data could be an irresistible prize for hackers, “zealous government investigators, or even a Google insider who falls short of the company’s ethics[.]” For what it’s worth, I too have previously analyzed some of the gaping holes in Google’s privacy policies, and how one of Google’s executives unwittingly pointed out just how significant a risk their growing database presents.

To demonstrate how much personal information is publicly available via Google, Elinor dug up a few bits of slightly personal information about Google’s CEO Eric Schmidt — including his salary, his neighborhood, a few of his hobbies and some of his political donations — all obtained by searches using Google:

Google CEO Eric Schmidt doesn’t reveal much about himself on his home page. But spending 30 minutes on the Google search engine lets one discover that Schmidt, 50, was worth an estimated $1.5 billion last year. Earlier this year, he pulled in almost $90 million from sales of Google stock and made at least another $50 million selling shares in the past two months as the stock leaped to more than $300 a share. He and his wife Wendy live in the affluent town of Atherton, Calif., where, at a $10,000-a-plate political fund-raiser five years ago, presidential candidate Al Gore and his wife Tipper danced as Elton John belted out “Bennie and the Jets.” Schmidt has also roamed the desert at the Burning Man art festival in Nevada, and is an avid amateur pilot.

A fairly benign list of details, but apparently enough to send the infants running Google’s PR shop into a full-fledged kindergarten tantrum. But instead of scapegoating the messenger, shouldn’t Google be punishing itself? As one commenter on Dave Farber’s IP List noted:

If digging into someone’s relatively public activities is worth starting a fight, why is the Google CEO running a company that makes it so easy for so many to spy on so many? Shouldn’t he resign if he feels that searching through Google’s index is so evil?

Indeed, it was Google’s CEO who defends privacy claims with the lame-ass excuse, “The company’s founding motto is ‘Don’t Be Evil’.” When Schmidt dropped that stinker at an analyst meeting last May, I blogged an explanation of the difference between “don’t be evil” and “be good.”

I know Elinor and many of the other great reporters at CNet, and I know that they’ll get their stories whether Google’s PR department deigns to return a call. And I have no doubt that Google’s hissy-fit will serve only to embarrass which ever of the company’s young and inexperienced public relations staffers issued the silly decree.

But this situation certainly doesn’t reflect well on the way Google, still very much the apple of Wall Street’s eye, can be expected to handle adversity. Meanwhile, Google’s “La-la-la-la-la-I-can’t-hear-you!” strategy on privacy issues isn’t going to solve them any problems either.

I’m sorry to say, but I remain convinced that Google is a privacy train-wreck waiting to happen. And when it does, it won’t be pretty — a fact to which this latest stunt attests.

Update: Good Morning Silicon Valley covered the issue and there are some really interesting trackbacks that give some different perspectives on this story. One dissenting view is from Jason Shellen, a member of the Blogger team at Google. Jason takes offense at the information about Eric Schmidt that was reported in the CNet article. His concerns were echoed by Jeremy Zawodny’s similarly themed blog entry. (I too joined the comment chorus on Jeremy’s blog). But I agree with Dan Gillmor’s take on the question whether printing such vague information about Schmidt was a problem. The New York Times has discovered the story now too.

Next Page »