The UK Government are not the only people who want to track your emails, and to try to determine who your other emails contacts are.
Email tracking is one of the snooping technologies which we try to keep an eye on, whether it is at the Communications Traffic Data logfile level, or through the use of tricks like web bug images in HTML emails, or URLS hidden in word documents or .pdf files or in active content like Flash animations or video clips etc.
An example of this sort of abuse was the use made of the Australian based ReadNotify service, which Hewlett-Packard used to try to smoke out which corporate insider whistleblowers various journalists had been in contact with.
We were therefore interested in this short piece in today's Guardian:
* Matthew Taylor
* The Guardian, Monday 26 January 2009
The firm behind President Barack Obama's online election campaign have been signed up to help anti-racists take on the British National party in the European parliament elections in June.
Blue State Digital (BSD), which used the latest internet technology to mobilise millions of people behind Obama, has been employed to help create a grassroots network across the UK as part of the campaign to stop the BNP leader, Nick Griffin, becoming the far-right party's first MEP.
The firm began work last week and has already signed up thousands of supporters and donors. As part of the first stage of its campaign BSD and an anti-fascist magazine, Searchlight, has sent thousands of emails asking each recipients to forward it to five friends and make a small donation. The software means campaigners can then track who opens the emails, where they are sent and what happens when they arrive at the other end - tailoring future emails to groups and individuals
If all the tracking is done through explicit, up front, web links on the Blue State Digital web servers, then that may be acceptable, but that may rather be overselling the efficacy of their software's tracking capabilities to their campaign organisation clients.
The description in the Guardian article, together with Blue State Digital's Email Tools web page, implies at least the use of the standard but optional internet email Content Disposition header / Read Receipt, which many email recipients never see, or never manually reply to.
Are they also making use of ReadNotify style tricks, to also try to sneakily track and identify the email and IP address and other web browser details etc. of the friends and contacts of the people to whom the BSD software has been used to send a targeted mailshot to ?
Such secondary recipients of the emails are those who the NGO campaigners employing the Blue State Digital software do not yet know about, but who they hope to grow the grassroots activist base and get money from, regardless of whether most of the recipients of such email marketing are interested or offended by such marketing spam. Most of these secondary email recipients will not have opted in, and given their prior, informed consent for their IP address and other details to be tracked by BSD, even before they have actually decided to reply to the email or to trash it.
Political campaigns, wherever they are on the political spectrum, should not be using the same sort of tricks as email spammers and those who try to sneakily hunt down anonymous whistleblower sources and contacts, since this will betray the Sensitive Personal Data of their supporters, to some of their political enemies.
Since the Blue State Digital server infrastructure is based in the USA, with lax Data Protection and large scale snooping on foreigners (and on US citizens) by US Government agencies, who else gets to read the Communications Traffic Data of any particular group of political activists or campaign supporters who have been targeted this way ?
Blue Sky Digital were touting their "grassroots" campaign online expertise and tools, to various campaign groups and pressure groups recently.
We might perhaps support some of the aims of this campaign, but not if it uses sneaky email tracking, which contravenes the fundamental data protection principle of prior, informed consent, and which probably also contravenes the Direct Marketing industry codes of practice and European Union wide laws.
We did try to get a public comment about this on the Hope not Hate blog entry, but to no avail, so we must assume the worst.
Please forward one of Blue State Digital's tracking emails to us for analysis.