CFC Blog Post: The Need for Internet Privacy
by Zack Kaldveer, Consumer Federation of California, Privacy Revolt
One of my most relied upon privacy experts – Beth Givens of the Privacy Rights Clearinghouse – just penned a fantastic op-ed in the San Diego Union Tribune on internet privacy. But, before I share some choice clips from it, let me provide some backdrop (taken from what I’ve written on the blog in the past…as there’s no reason to reinvent the wheel) on why this has become such an important privacy debate. The fact is, there’s been a virtual explosion in data collection, data analysis and use of behavioral marketing on the internet without the requisite privacy protections to go along with it. Billions of dollars at stake, and your private information is the currency.
We know for instance, and they have been sued for it, companies like Google, Yahoo, Microsoft and other Internet companies track and profile users and then auction off ads targeted at individual consumers in the fractions of a second before a Web page loads.
That in itself, may not be all that threatening to most. But it raises some interesting questions: What kind of control should we have over our own data? And, what kind of tools should be available for us to protect it? What about ownership of our data? Should we be compensated for the billions of dollars being made by corporations from their tracking of us? And of course, what of the government’s access to this new world of data storage?
The argument from privacy advocates has largely been that this massive and stealth data collection apparatus threatens user privacy and regulators should compel (not hope that) companies to obtain express consent from consumers before serving up "behavioral" ads based on their online history.
More generally, particularly on the issue of privacy on the Internet, the fact that we have next to no privacy standards as related to these technological innovations and trends is disturbing, and more than enough of a reason for legislation like California’s SB 761 (Do Not Track) is needed.
The Do Not Track flag is a rather simple concept that’s already been built into Firefox and IE9. If users choose to turn on the option, every time they visit a web page the browser will send a message to the site, saying ‘do not track.’
SB 761 (Lowenthal) would offer consumers such a mechanism, something the bill’s sponsor describe as "one of the most powerful tools available to protect consumers’ privacy." The mechanism will allow anyone online to send Websites the message that they do not want their online activity monitored.
Certainly one strong point of the legislation is that it is in line with public opinion, which a poll by Consumer Watchdog last summer found 80% of Americans support a Do Not Track option. In addition, a recent USA Today/Gallup poll found that most Americans are worried about their privacy and security when they use Facebook and Google.
The fact is, there’s no longer any anonymity on the Web. The most personal information about people’s online habits is collected and eventually bought and sold, often instantaneously and invisibly. Data collection practices have become a business in themselves, driven by profits at consumers’ expense. The Wall Street Journal recently highlighted these practices’which included targeting children’in its groundbreaking series "What They Know."
Individuals are increasingly using the Internet as their primary information source, often seeking information on sensitive matters such as finances, health, personal relationships, divorce, sexuality, workplace difficulties and legal conflicts. But few individuals realize the extent to which they are being tracked by companies that create rich profiles of their web-browsing activities. The 2010 Wall Street Journal series, ‘What They Know,’ reported that the nation’s top 50 websites installed an average of 64 pieces of tracking technology onto each visitor’s computer. Tracking tools go beyond the cookies many of us routinely delete. Some companies deploy ‘Flash cookies’ or other ‘supercookies’ that are not only extremely difficult to delete but can also be used to reinstall cookies that a user has removed.
Such data-gathering and profiling activities are largely invisible, except that they can result in the real-time display of behaviorally targeted ads. You might ask, ‘What’s the harm in receiving ads based on my web-surfing history’? In a legislative primer presented to members of Congress by 10 organizations, including ours, several potentially harmful effects of behavioral tracking and targeting were identified: (1) targeting economically distressed individuals with payday loans and subprime mortgages; (2) sending ads for bogus cures to individuals with serious medical conditions; (3) engaging in discriminatory pricing in which some people are offered products or services at higher prices than others; and (4) targeting children who lack the judgment capacity of adults. Further, profiles compiled originally for the ad industry may be sold to non-advertising third parties such as insurance companies.
Harms aside, let’s not forget, simply, the right to privacy. The definition of privacy that guides my organization’s work is the ability of individuals to control the use of their personal information. Everyone has a different comfort level regarding the collection and use of their personal information. We believe individuals’ choices must be respected, no questions asked.
However, studies show that robust profiles generated from anonymous data can be matched with other data sources, offline and online, to determine individuals’ identities. These days, the anonymity argument is largely a myth. Another myth is that young people are not concerned about privacy. These ‘digital natives’ have not known a world without the Internet, so the argument goes, and they are not worried about their personal information being revealed online. However, a 2009 academic survey found there are no significant differences between young adults and older individuals regarding online privacy concerns. While some believe that in a generation or two, concerns about online privacy will vanish, we at the Privacy Rights Clearinghouse are not so quick to accept that argument.
In closing, effective online privacy protection requires a multipronged approach involving policymakers, industry, nonprofits and consumers. It must not be lost to bogus arguments and unfounded myths.
As I have also written before, its not by accident that we are told by the same interests that profit off our information that privacy is dead, and people don’t care about it anymore, or that it will "kill business". Well, that’s easy to say when you are the ones developing the complicated and difficult to find privacy settings consumers have to deal with – and profiting off our personal information without our consent.
More to the point is the simple, unavoidable fact that consumers should have MORE control, not less, over what information of ours is used, shared, and profited off. This basic principle is at the heart of the ACLU’s DotRights campaign.
There remains an interesting dichotomy in all this: While people seem to "care" about privacy on one level, they tend to do very little to actually protect it. Which in my mind, makes easy to use, clear options to protect privacy so paramount. Once people are given such a choice, not only will more people choose to "not be tracked", I think more people will become more AWARE of just how all pervasive such monitoring of nearly everything we do has become."