HP VP Mike Nash On The Strict Policies Around Collecting User Data And Why Customer Privacy Is A 'Huge Priority'

Customer Privacy In Focus

After media reports this week leveled allegations against HP Inc. of secretly installing "spyware" on PCs, Mike Nash -- an IT industry veteran who's spent more than two decades at companies including HP, Microsoft and Amazon -- got on the phone with CRN to discuss the issue. For starters, Nash said the software in question is plainly not spyware -- as users must opt in to send any usage data back to HP. The software, HP Touchpoint Analytics, is also three years old and is "not a new thing" that was installed without permission, as claimed in several reports, he said.

"Making sure that people have great trust in the hardware and software that we ship is such a huge priority," Nash said. "This is a big deal that we take super seriously, and we have a lot of people in different functions that are really focused on customer privacy. Customer trust and privacy go hand in hand."

What follows is an excerpt of CRN's interview with Nash.

Is usage data from PCs being shared with HP without user permission?

When you turn on a computer, taking it through what we call the 'out-of-the-box experience' -- and then subsequently when you launch something called the HP Support Assistant -- you're asked if you want to share information back with [HP]. Actually, you're asked two things. Do you want the updates to be installed automatically? Which is your option. And the second thing is, do you want diagnostic information to be sent back to HP? And you can say yes or no to both. I will tell you that, in particular around updates, we recommend that. Because from a security perspective and from a quality of the experience perspective, we're often getting updates from hardware vendors or from Microsoft or our own first-party software. And making sure we have the latest software installed on the PC is kind of our best advice to customers.

This Touchpoint Analytics software is not actually new?

HP Touchpoint Analytics is a service that's part of HP Support Assistant. And we recently did an update to the HP Touchpoint Analytics service. And when you install it, I think on the UI it made it clear that it was installing that. [And people thought] 'What is this new thing?' It's not a new thing. My guess is that the name changed slightly, and someone saw it. But honestly, we were surprised that anyone even said anything to begin with. This service has been part of the HP Support Assistant since 2014. It's a service that's been there for three years. We update it, like anything else, to improve what it can do and the performance. But it's not a new thing.

What can you say to the claim that this is spyware?

There are some very specific definitions of spyware, and what spyware does, and this is not that. What's collected here is diagnostic information used to help us understand how our systems are performing out in the field. I think there's sort of two primary ways you'll see things being used. One is, you'll collect the data, and use it in an anonymous way to look at different categories of systems to make sure we understand how they're performing in the wild. When I say 'in the wild,' I mean with customers using them every day. And the second thing we'll do is, the information is also collected and stored locally on the system. So that if a person calls up HP, and says, 'Hey I'm having a problem with my computer,' we will often use that diagnostic information to help understand what happened. But again, in that moment, before HP looks at that data on the phone call, the customer gives our support engineer permission.

And nothing changed in terms of permissions with the new update?

That's right. Again, the name of the service changed slightly. It might be that the name of the service changing made someone notice it. I can't imagine someone noticed that, but maybe someone did. I just want to be clear, we have had this for three years. We did an update, as we often do. And by the way, we're always updating things to make sure we improve the customer experience. We've updated things in the past, we'll update things in the future. This has been there forever. Before things are sent back to HP, you have to tell us it's OK. And then when things are sent back to HP, they're used in an anonymous way.

So it's not like you're asked to agree to fine print, and then you're actually opting in to share data? You clearly have to agree to share information with HP?

I'm going to read to you what it says -- 'Help improve HP product quality by sharing your usage of HP and non-HP software and hardware.' And then it says, 'Yes (recommended)' or 'No.' You have to click 'yes' or 'no.' If you click nothing, we take that as a 'No.'

Can you say whether the recent update may be responsible for slowing down machines, as some are reporting?

It may be that when it was installed, it was using the network to download it. But we extensively check -- and we're really focused on the customer experience -- we're always looking to make sure that software that we install from third parties, and software of our own, goes through rigorous performance testing. I would say that a variety of factors can impact hardware performance -- if you're downloading other things, if you're taking other updates. So we take the customer feedback seriously and we'll always investigate and troubleshoot issues. But there's nothing about this that should be using up the [resources] we look at -- battery, CPU, memory, disk. There's nothing that changed there. But again, if a customer called saying that they had a problem, we'd certainly investigate it.

Could you talk about your view on customer privacy?

At the end of the day, people are using systems more and more to run their lives. And making sure that people have great trust in the hardware and software that we ship is such a huge priority. This is a big deal that we take super seriously, and we have a lot of people in different functions that are really focused on customer privacy. Customer trust and privacy go hand in hand.

Is the HP Support Assistant across both consumer and commercial products?

It is absolutely in both consumer and commercial. A lot of commercial customers, especially more in the enterprise, tend to wipe their systems. And sometimes they put Support Assistant on there, and sometimes they don't. But most consumer customers have it. Practically speaking, a lot of enterprises, either on their own or with their solution provider, when they wipe the system, HP Support Assistant gets wiped off.