January 5, 2000


Federal Trade Commission Advisory Committee
on Online Access and Security,
Washington DC 20580

RE: Advisory Committee on Online Access and Security- Nomination, P004807

To Whom It May Concern:

On behalf of my company, MatchLogic, I request to participate on the Advisory Committee on Online Access and Security. I believe I would add to the workshop in a variety of areas.

MatchLogic is a third-party ad server (the Internet's first), and an integrated digital marketing solutions provider. MatchLogic's customers include national advertisers, Fortune 100 companies, direct marketers, and digital merchants that are interested in capitalizing on MatchLogic's expertise. We combine a comprehensive understanding of the online consumer with an array of proprietary technology and core competencies in key interlocking disciplines. We use volunteered data from consumers and anonymous (non-personally identifiable) information as part of our data modeling sequences to assist our customers in directing their Internet advertising to the market segment that would be most interested in their advertisements. We have on staff expert skill and leadership in database marketing, data modeling, data analysis, direct marketing, research, brand management, statistical analysis, and customer retention.

As Chief Technology Officer I oversee all engineering activities within MatchLogic, including database and applications software engineering groups, production support and data center operations. I am also responsible for engineering standards and methodology, intellectual property, privacy policy, industry standards and corporate self-regulatory efforts. I would be well versed to address the issue of information technologies on the subject of Online Access and Security.

I would like to comment that I feel the debate will come down to consumer rights and corporate responsibilities set in a context of an immature but evolving technical environment, existing legal context, and good business practice. I would certainly recommend appropriate representation from each field participate on the committee

On a more detailed point, in my mind the issue of user authentication is central to the discussion of online access and security. To what degree do we require proof of identity before access and control are granted? Perhaps a name and password (over a secure channel) are sufficient for access to certain classes of private but not sensitive data (e.g. web-site preferences). Perhaps an electronic certificate of verified identity is required for private and sensitive data (e.g. health information, financial services. Online pharmacies, etc.). It seems that the sensitivity of the data as well as the access cost should determine the degree of authentication.

MatchLogic does collect personally specific data and would likely be impacted by any new rules or mandates in this area. I feel I can contribute in a very positive manner on this issue and can represent the interests of MatchLogic and its respective industry

If you have any questions, please feel free to contact me at (303) 222-2198, or via email at I look forward to hearing from you.


Mike Griffiths