Last week, the Obama Administration announced a framework for a proposed Consumer Privacy Bill of Rights, a move that has been long overdue. Announced at the same time was an agreement to abide by a browser-based “Do Not Track” button by a number of technology and advertising firms including Google, Microsoft, and Yahoo, as well as the Digital Advertising Alliance (DAA). The DAA’s membership is reported to include almost 90% of existing firms that engage in online behavioral tracking as its members.
The “Do Not Track” button allows users to opt out of having their Web surfing tracked, or at least from having ads served to them based on that data. In ComputerWorld‘s excellent FAQ about “Do Not Track,” Gregg Keizer takes note of the crucial difference between not serving ads based on tracking and simply not tracking:
But the companies that lined up Thursday to support Do Not Track — the ad networks, websites and corporations who belong to the latest online ad industry trade group, the Digital Advertising Association (DAA) — haven’t promised to actually stop tracking users’ Web movements. Instead, they’ve pledged to not use tracking data to serve targeted ads — which the DAA calls ‘behavioral advertising’ — or use that tracking information ‘for the purpose of any adverse determination concerning employment, credit, health treatment or insurance eligibility, as well as specific protections for sensitive data concerning children.’
Another thing that gives me pause is the fact that “Do Not Track” requires faith in all the companies involved adhering to the agreement. Something of this magnitude requires a little more than a mere “gentleman’s agreement.” Google’s agreement to adopt “Do Not Track” as part of its Chrome browser is a great step forward (it was the last holdout) for the technology side of things, but the policy side is still little closer to being implemented. Without policy in place, the agreement really lacks teeth if someone violates it.
Tony Bradley at PC World really gets it. However great the idea of “Do Not Track” might seem, the major flaw resides in an opt-out approach. He writes:
Assume for a minute, though, that Do Not Track actually meant what it says, and that every online company agreed to play along. There is still something inherently wrong with a system that automatically assumes you want to be spied on until or unless you figure out where the Do Not Track button is for your browser and make the effort to enable it.
The Internet operates on some sort of reverse moral code that says if you don’t make it implicitly clear that you don’t want something to happen, then — ipso facto — you have given implied consent for that something to occur.
What if other areas of life worked that way? Most people expect others not to randomly walk up and kick them without having to wear a sign that says ‘Do Not Kick.’ They assume that nobody will throw rocks through their windows without the need for a sign that says ‘Do Not Stone.’ They are confident that strangers won’t come up and start screaming in their face without having to display a ‘Do Not Yell’ sign.
Why is it, then, that when we go online it becomes OK for companies to do things they know cross the line simply because they choose to pretend the line doesn’t exist unless you explicitly remind them? It doesn’t make any sense.
Bradley calls it a reverse morality on the Web, which is a pretty accurate view. The fact that the means of opting out, when the option is available, are quite often buried in the browser settings where many Web surfers rarely venture exacerbates the problem. Tracking companies and marketing firms have a decided interest in getting the best possible information, and each opt-out reduces the amount of data available to them.
So, why a mere “code of conduct”? The proposed idea at this point is one of “co-regulation” by the industry and the government. Why isn’t the White House pushing for an actual law? Quite probably because of the election-year politics. Election years are always rough on legislation cycles, and everything on the floor gets slowed down by all the rhetoric.
Clayton Morris of Fox News recently posted a number of ways in which you can protect your browsing privacy while we wait for something more substantive. As a matter of fact, one of his suggestions is perfect for demonstration just how much data about you is being accumulated:
See who’s watching. Another great way to find out what companies are watching you is to use a service called Ghostery.com. This services alerts you to the cookies currently watching you. Run Ghostery while you’re browsing your favorite websites, and you might be surprised to see the five or six different companies watching you.
I highly advise running Ghostery, I’ve been using it for quite awhile. There’s nothing that can drive home to you why these issues are important quite like a real-time report on how much of your data is being collected.
Image of Google Chrome logo is used under Fair Use: Reporting.