Good software always seems to be controversial. That’s not to say there’s not two sides to the debate: Those who think Plaxo is a scam to get you to give up your private data aren’t exactly right, but they may not be exactly wrong, either: time will tell whether it becomes a great service or an intrusive nag. Similarly, another product I’ve taken to, MSGTAG, has its critics, who say allowing folk to check whether their emails have been opened is an unacceptable invasion of privacy, not least because most folk who receive such ‘tagged’ emails don’t know their email program has just sent a message home advising the sender they’ve just opened an email. (See a recent email from an outraged user.) All this is true, but it doesn’t undermine the idea that in principle, it’s a great idea. We would all be a lot more productive — not to mention safe — if we knew the emails we were sending out to friends, colleagues, customer service departments, actually reached their intended recipient.
Anyway, for those of you who are interested in hearing MSGTAG’s side of the debate, here’s their recent response to the letter I mentioned above. Original complaints in purple. I’ve cut it back a bit.
The sender has no real right to know when and if I read his email, where will this go next…tracking how often the email is open, tracking to whom I on forward the email…the possibilities are endless and tantamount to spying and invasion of privacy.
The MSGTAG read receipt process is not designed to be invasive. We feel that it is more than reasonable for a person to know if and when their mail has been read by the intended recipients. There are many situations where this benefits both the sender and the recipient. If an email hasn’t been read before a critical time, a sender can know to contact the recipient to give them the information by another means.
Our view on the subject of mail notification is that at the moment email is an unbalanced exchange. The recipient gets to read the email, but the sender doesn’t get to know if they have. If you send something via a courier service, for example, if you refuse to sign for it, you can’t open it. If you do sign for it, the sender knows straight away.
With MSGTAG we are trying to make it as fair as possible. There are some services that offer to give out all sorts of information about the recipient, such as how long the email was viewed for, how many times, who it was forwarded to, etc. Though we know how to implement this type of functionality, we have chosen a different path of fixing what we see as a broken process, without making the cure worse than the disease by adding privacy-invading features. The negative “possibilities are endless” for all sorts of technologies: we ask that we are judged by what we do, not by what can be done.
MSGTAG tells the sender only the time a message was first opened. It does not provide the sender with the IP address or geographical location of their recipients, nor does it embed tags into attachments to track forwarding or printing behaviour.
However, I do appreciate that not all Internet users wish to receive MSGTAG tagged emails. We respect the business decisions of companies such as yours that wish to implement firewall or proxy technology to prevent MSGTAG tags from being triggered. Furthermore, we have implemented a system within MSGTAG Status that allows users to disable tagging for certain recipients who have asked not to be tagged.
MSGTAG also collects the recipient’s email address, email ID, IP address and email headers without the recipient’s authorisation or knowledge.
It is true that we collect the recipient’s email address and the email ID – this is provided to us by the sender of the email. As I pointed out in the previous paragraph, we don’t collect the recipient’s IP address and we don’t have access to the header information except for:
The subject line – this is used in the notification email so that users know which e-mail has been read, without it they would only know that one of their emails has been read, but they wouldn’t know which one.
The message ID generated by the sender’s e-mail client – this is a unique code attached to all emails by most email clients so that the clients can reliably tell e-mails apart. We use it for the same purpose.
The address the e-mail was sent to – we use this for the same reason as the subject line – so the user knows which e-mail the notification is about.
We also record when the tag was added, and when it was triggered so that we can tell the users when it was triggered, and what the elapsed time was. That is all that we collect from the email.
I agree that what we do with the small amount of information we collect is a serious privacy issue. That is why we have a privacy policy publicly posted on our site. There are several prominent links to it, including within the application itself. I refer to the following relevant section of our Privacy Policy:
The Software uses the MSGTAG service to determine whether an e-mail that has been tagged by the Software has been received by the intended recipient. In order to achieve this, MSGTAG must store the subject, message ID, message recipient, date sent, and MSGTAG account name of the sender for each e-mail tagged by the Software. If tagging is disabled in the application, MSGTAG does not store this information. MSGTAG will not sell, share or rent this information to any other parties.”
At present, there is only one person in our organisation who has access to the email addresses used in MSGTAG – a System Administrator. As General Manager of MSGTAG, I do not have access. Tech support staff must ask the system administrator for this information on a case by case basis, in order to address specific problems raised by our customers.
We publicly state what happens to email addresses collected. They are only valuable to spammers. They are not valuable to us, because we abide by our Privacy Policy, and cannot exploit them. It would be commercial suicide for us to misuse the email addresses stored on our servers. The integrity of our brand is more valuable than a list of email addresses. Besides, we hate spam with a passion.
“This is in direct contravention to the privacy act and the rules governing the collection of personally identifiable information.”
We also feel that MSGTAG’s email tracking service is not only an invasion of our privacy but is also an infringement of the “Information Access” and “Computer Equipment Access” laws as their service provides “back-flow” traffic, without the recipient’s knowledge or consent, directly from their computer software and hardware.”
We are unaware of any infringement as per your suggestions. Fisher Young Group takes its obligations and allegations of this nature extremely seriously. If you can provide us with more information about the specific areas of law that are at dispute, we will investigate your concerns thoroughly.
Matthew Miller
Interesting stuff. Let us know how you feel.