Sears Christmas Spyware Surprise

Updated: Opinion: Did Sears use spyware to secretly track what its customers were doing online?

Download the authoritative guide: Big Data: Mining Data for Revenue

Did Sears decide to give its holiday shoppers the gift that keeps on taking—spyware?

It appears that Sears isnt disputing that it did distribute spyware, but is merely saying that consumers knew that they were agreeing to spyware.

The $53 billion retailer is learning that the online world—with its thousands of bloggers armed with screen captures—is fairly unforgiving when it comes to marketing excesses.

The latest blogger to capture and dissect the Sears incident is Harvard Business School Assistant Professor Benjamin Edelman, whose posted screen captures and commentary came out Jan. 2. His assessment followed by a couple of weeks a blog from CA that included a detailed response from a Sears vice president.

Heres the consensus of what happened: Sears created something called My SHC Community, which Sears describes as a member-feedback-based online community.

To encourage consumers to join, it offers the following carrots: "Its a community that connects shoppers like you to SHC employees, including the most senior executives, so that together we can build a better shopping experience. In exchange for participating in the community, members will have access to free planning and budgeting tools, special forums to express their views and ideas and will receive exclusive offers and promotions. Members are also eligible to win cash and merchandise prizes via sweepstakes that occur regularly throughout the year."


Click here to read more about e-commerce sales this season.

As part of the project, Sears installs a program from ComScore onto the consumers PC. Is the consumer asked for permission first? Thats an interpretation issue. Sears—correctly—says that the consumer first has to agree.

But Harvards Edelman said the information is vague and hidden deep within a very long "privacy statement and user license agreement," a document made even more dense because it is presented in a very small scrolling window.

The "2,971 words of text, shown in a small scroll box with just ten lines visible, requires fully 54 on-screen pages to view in full," Edelman wrote. "The tenth page admits that the application monitors all of the Internet behavior that occurs on the computer on which you install the application, including ... filling a shopping basket, completing an application form, or checking your...personal financial or health information. Thats remarkably comprehensive tracking—but mentioned in a disclosure few users are likely to find, since few users will read through to page 10 of the license."

An e-mail sent to some site visitors was even more vague. "In seven paragraphs plus a set of bullet points, 582 words in total, the e-mail describes the SHC service in general terms. But the paragraphs topic sentences make no mention of any downloadable software, nor do the bullet points offer even a general description of what the software does," Edelman wrote.

The software Sears used is from ComScore, Edelman said, but Sears goes out of its way to hide that fact. "The initial SHC e-mail refers to the ComScore software as VoiceFive. The license agreement refers to the ComScore software as our application and this application. The ActiveX prompt gives no product name, and it reports company name TMRG, Inc." he wrote. "These conflicting names prevent users from figuring out what software they are asked to accept. Furthermore, none of these names gives users any easy way to determine what the software is or what it does. In contrast, if SHC used the company name ComScore or the product name RelevantKnowledge, users could run a search at any search engine. These confusing name-changes fit the trend among spyware vendors."

Page 2: Sears Christmas Spyware Surprise