|
Q:
Is it true that people (e.g., the competition) have been joining
online groups as participants or in the backroom? How secure
is your system? Have you experienced this problem?
Channel
M2 has not experienced any security problems or unauthorized
access. Here is an excerpt drawn from a discussion on M2’s
exhaustive security by Ron Riley, M2 principal, explaining why
any unauthorized entry and security breach is virtually impossible:
Channel
M2 uses the same encryption security as that of the Pentagon,
global financial systems, diplomacy corps, etc. (SSL 128 bit
network authentication and encryption), which is to say, the
highest level of encryption security that has ever existed for
public networks.
Further,
the only way that a competitor (or any other party that has
not been explicitly invited) could enter an interview room (or
any other back room area for that matter) on Channel M2 is by
guessing three separate components of the authentication: the
actual URL, email address and passwords for approved participants
or M2 staff.
Guessing
the URL, in any practical sense, is extremely improbable:
Our URLs end in 9 characters. Character one is an alpha (thereby,
26 possible ways to begin the critical portion of the URL
address). Character two is a numeric (thereby, 10 more possible
ways to continue the critical portion of the URL address),
thereby creating (let's see...) 260 possible combinations
of possible URLs. Character three is also a numeric, thereby
creating (let's see...) not sure, but a geometric or exponential
increase in the possible combinations of possible URLs. Then,
characters 4-9 also are numeric, each creating yet another
layer of geometric or exponential increase in the possible
combinations of possible URLs. Said differently, a hacker
has a 1 in (26 * 9,999,999) chance of guessing the right URL.
According to a basic Excel calculation, that translates into
a 1 in 259,999,974 chance of guessing the right URL.
Guessing
the unique email address of one or more of the few invited
guests seems unlikely:
Practically speaking, the hacker would have to know this in
advance, and is judged highly unlikely that a hacker might
accurately guess an approved participants email address.
Guessing
the 10 characters long password of one or more of the invited
guests is improbable:
M2 passwords are assigned with a combination of alpha and
numeric characters. Each of the 10 characters could be an
alpha (n=26 possibilities) OR a numeric (n=10 possibilities;
Said differently, a hacker has a 1 in (260 * 99,999,999) of
guessing the right URL. And, according to a basic Excel calculation,
that translates into a 1 in 5,999,999,740 chance of guessing
the right URL.
Now, the
odds of getting all 3 of these right = 259,999,974 * all possible
combinations of email addresses@domain (e.g. Ron@ChannelM2.com)
25,999,999,740. This exact figure is, in any practical sense,
infinite, since all possible combinations of email addresses@domain
is infinite.
Also, our
technology provider routinely conducts extensive and expensive
security audits, actually hiring a prominent outside security
firm to try to hack into our technology platform. For the infinite
number of reasons detailed above, they have not succeeded in
breaching the system.
In addition,
Channel M2 performs daily spyware and virus sweeps to ensure
that outsiders cannot access data on our computers using embedded
scripts, macros, and data miners.
As
for competitors posing as respondents?
During the 50-some year history of qualitative research and
the 75-some year history of survey research, I'm confident that
this has occurred. Why it would occur at a higher frequency
for one given modality of research vs. another, is not clear.
I can assure you that M2 panelists provide an exhaustive list
of physical addresses, phone numbers and email addresses, both
work and home (specifying that incentive checks will be mailed
to their work address, if they have one).
We then
take all of these data elements (typically 5-6 total) and cross-reference
them with the same for every for-profit organization in our
database (I can't disclose that number, but as you'd guess,
it's in M2's interests, that for prospecting efforts, to make
it quite significant). That way, if a match exists for any specific
phone numbers (or even area code + the next 4 digits), physical
addresses, or email addresses (even domain), we flag that record
and investigate. It hasn't happened yet, but if we even suspected
a prospective respondent to be working in the same INDUSTRY
as a client, they would be excluded from the recruiting frame
for that client's study. If they match with an actual name in
our extensive marketing database, we flag that record and never
recruit them for any study. No contact is made with them --
we just effectively ignore them in all recruiting efforts.
Sincerely,
Ron Riley
Principal
Channel M2 |
beta
