Digital Discourse / Policy / Policy - Privacy

Do Not Track: Time for DAA to Move Forward

October 2, 2012 By

It is increasingly likely that the W3C process for Do Not Track will reach an impasse.  In a recent note to Federal Trade Commission Chairman Jon Leibowitz several consumer groups described their sense that the process is deadlocked, and asked the Chairman to intervene.  FTC officials are usually at the discussion, which are set to resume in Amsterdam this week, but in his letter to Congress last week Chairman Leibowitz made it clear that it is the private sector group not the government that will adopt any Do Not Track standard.  Even with more direct FTC intervention, however, it is unlikely that parties will act contrary to their perceived fundamental interests.

The key disagreement is an understanding of what the Do Not Track flag means and what actions users can expect from websites and service providers if they turn it on.  Without this, the Do Not Track standard is incompletely specified, and provides less than comprehensive guidance for browser providers, websites and their service providers, and the general public.

If the W3C cannot reach a common understanding, perhaps the industry can.  The Digital Advertising Alliance has been looking at this issue for some time.  Indeed, back in February it indicated to the White House that it was going to address it:

“…the DAA intends to begin work immediately with browser providers to develop the consistent language across browsers regarding the browser based header signal uniform consumer choice mechanism that is simple to use and in a clear manner that describes to consumers the effect of exercising such choice.”

Mozilla proposed an easy-to-understand focused definition of Do Not Track back at the beginning of 2011:  “Tracking is the accumulation and use of a profile by advertising networks through invisible or subtle noting of which sites an individual visits, and the use of the profile data to customize advertisements displayed.”  Or, more succinctly, DNT means “a way for people to opt-out of online behavioral advertising (OBA).”

These definitions make sense.  They focus on the issue that appears to be of most concern to the public and policymakers: cross-site tracking for the purpose of advertising profiling and targeting.  We need to give consumers another mechanism to say no to OBA if they wish.  Of course, the DAA definition should incorporate the current W3C consensus that DNT “on” imposes no obligation on first parties, except that first parties may not help third parties circumvent DNT.

Other uses of tracking should be permitted.  For example, if a website is doing standard analytics, such as keeping track of where their visitors come from and where they go, market research, product debugging and improvements, investigating possible fraud or intellectual property violations or security risks.

DAA is doing great work on OBA. Its AdChoices program already gives consumers a cookie-based mechanism to opt out of OBA.  With DNT, DAA can do the industry and the public a service by bridging the browser DNT flag with the existing AdChoices program.

Customers should be told clearly that they can decline online behavioral advertising and how to do it.  DAA is in a unique position to move forward and break the logjam that is threatening to derail the promising initiative that is DNT.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

Share|
Filed Under: Policy, Policy - Privacy Tagged With: , ,

COPPA Rulemaking Goes Far Beyond Congressional Intent; Will Harm American Innovation

September 24, 2012 By

SIIA today filed comments with the Federal Trade Commission regarding its notice of proposed rulemaking on the Children’s Online Privacy Protection Act (COPPA). SIIA expressed significant concern that the FTC is creating a burdensome regulatory framework that goes well beyond congressional intent.

The FTC’s proposed COPPA rulemaking takes the effort to protect online privacy and turns it into a harmful barrier to American innovation. For years, we’ve worked closely with industry and government to advance online privacy and security. We’re confident that, with smart regulation and public-private cooperation, both the goal of protecting online privacy of children and the goal of business innovation can be served. Unfortunately, what we’re currently seeing from the FTC is an overly broad and unworkable regulatory framework for implementing COPPA.

To read SIIA’s full comments, please click here. In its comments, SIIA states:

“We are supportive of the goals of the Commission to protect children from third-party plug-ins, social networks and any other third party service that collects personal information.

“However, the inappropriately broad expansion of the statute’s definition of personal information, combined with the increasingly broad definitions of ‘operator’ and ‘web site or online service directed to children’… create a broad regulatory framework that dramatically exceeds the scope of COPPA and will most certainly stifle innovative Internet-based offerings-not just for sites and services directed at children under 13, but much more broadly.”

SIIA addresses six specific areas of concern:

1. Expansion of “Personal Information” to include persistent identifiers creates an unworkable regulatory construct.

2. Modification to the rule’s definition of “operator” is overly-broad, and it places an unworkable responsibility on operators of sites and services well beyond the scope of COPPA.

3. Proposal to make third parties qualify as “operators” under COPPA by creating a “reason to know” standards is an inappropriately broad expansion of the statute and impractical.

4. Requirement for operators of “child-friendly mixed audience sites” to take an affirmative step to attain actual knowledge of child users would inappropriately expand the scope of COPPA.

5. Application platforms should not be characterized as “operators” under COPPA, but the Revised NPRM leaves this unclear.

6. The broad regulatory construct proposed in the Revised NPRM is likely to challenge application of COPPA to Internet-based educational materials and services.

Ken WaschKen Wasch is President of SIIA.

Share|
Filed Under: Policy, Policy - Privacy Tagged With: ,

Do Not Track is at a Crossroad

September 17, 2012 By

The New York Times weekend piece on Do Not Track revived the debate on what the industry should do when users’ online privacy choices are made for them. Our view is that the choice should be left to the user, and not imposed by any platform or service provider. Last week, Google announced that it would make available this user-controlled feature in its Chrome browsers by the end of the year.

In June Microsoft disrupted the industry discussions about how to provide a workable mechanism to empower users to make choices about online privacy and personalization. It announced that it would turn on the Do Not Track (DNT for short) signal in Internet Explorer 10 by default. Mozilla, the maker of the competing browser, Firefox, was critical. SIIA objected. Advertisers announced that this decision ran counter to an agreement struck between the industry and the White House around opt-out as a genuine consumer choice.

Last week, Apache revealed that it will disable the DNT signals coming from Internet Explorer 10. Roy Fielding, an author of the DNT standard and principal scientist at Adobe Systems, wrote a patch for Apache that sets the Web server to disable DNT if the browser reaching it is Internet Explorer 10.

The message is that a unilateral action forced on users by one industry player is not a sustainable solution. We as an industry have to do it together, or not at all. If websites powered by Apache do not accept the IE10 DNT signal, it simply won’t reach critical mass. Consumers, mislead by industry announcements and superficial stories from the trade press, might think their browers are giving them privacy over personalization–but the reality will be very different.

The danger is that the collaborative effort that has been building toward real privacy protection collapses. As Peter Bight said in ArsTechnica in August,” …there’s a very real prospect that the Do Not Track header will be both widely used, and widely ignored. In this situation, it would be difficult to describe it as anything other than a failure.”

Do not track is at a crossroad. Now it is up to the industry to create a a simple, easy to use, consumer activated Do Not Track system that all parties can respect.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

Share|
Filed Under: Policy, Policy - Privacy Tagged With: ,

Mobile Privacy: Time for Collaboration, Not Legislation

September 12, 2012 By

Representative Ed Markey’s proposed mobile legislation, scheduled to be introduced today, is the wrong way to go. It would impose rigid privacy rules on the mobile industry that can only lead to stagnation and a loss of innovative dynamism.

And what a loss that would be for such a dynamic, growing industry. According to a recent study, there were over 44,000 app-related positions open in the U.S. in the last quarter of 2011, and overall, there were 45 percent more open app positions than in the previous year. Based on this number, the study found the app economy firms represented 311,000 jobs. Using a standard multiplier, this number grew to nearly a half a million jobs created by the app economy in both direct and indirect jobs since 2007.

Rather than overregulating an industry that holds such potential for economic growth, Congress should be following the House Energy and Commerce Committee’s lead in supporting the industry. The Committee is holding a hearing today focused on apps and where the jobs are.

So if legislation isn’t the answer, what should be done?  Over the summer, the National Telecommunications and Information Administration (NTIA) launched an effort to nudge stakeholders into adopting codes of conduct for mobile transparency.  SIIA was supportive of this effort and remains so.  But after several meetings it appears that things may be starting to drift. Some scheduled meetings have been postponed. Fortunately, discussions between various industry stakeholders, as well as discussion between industry and consumer watchdogs, are ongoing.

The industry needs to get the substantive mobile transparency discussion moving again, if not through NTIA action then separately.

It’s also important to remember that consumers are not passive victims.  If they think they are being abused, they have a healthy capacity for self-defense. As the New York Times wrote last week “many consumers seem to be already taking steps to guard their personal information from data-grabbing apps. A study by the Pew Research Center, released Wednesday, found that among Americans adults who use smartphone apps, half had decided not to install applications on their mobile phones because they demanded too much personal information. Nearly a third uninstalled an application after learning that it was collecting personal information “they didn’t wish to share.” And one in five turned off location tracking “because they were concerned that other individuals or companies could access that information.”

This is good.  In the absence of government mandates, and industry codes of conduct, consumers are doing some sensible things to protect themselves.  But the lack of consumer trust is troubling and can only inhibit growth in the market.  If consumers just say no, the whole industry suffers.

The FTC is trying to help with some guidance.  Last week it published its recommendations for mobile application developers, suggesting that companies seek “express agreement” for consumer data they collect and share.  Nothing is binding on companies, however, and there is no indication that these recommendations are forming the core of industry codes of conduct or best practice.

Recommendations are good.  Consumer self-help is good.  But the world is looking to us to show that self-regulation can work as a viable alternative to government mandates.  To allow the multi-stakeholder efforts on mobile transparency to falter now would confirm their belief that only the government can set the rules of the road in this area.  It is time for the industry to step up and make progress on setting its own rules of the road.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

Share|
Filed Under: Mobility, Policy, Policy - Privacy, Software Tagged With: , ,

SIIA Op-Ed: Data-Driven Innovation is an Economic Driver

June 21, 2012 By

In a Roll Call op-ed today, SIIA President Ken Wasch explains how data is empowering innovation, and warns policymakers that a fixed regulatory approach could stunt economic growth.

The IT ecosystem is evolving at unprecedented speed, and data is becoming a driver of economic and social growth. Cloud computing, the ubiquity of smartphones, and improved bandwidth are fueling a new era of data-driven innovation, Wasch says.

“A range of previously unimaginable applications of data-driven innovation are already being produced — or will be in the near future. These innovations are making people’s lives better and safer and more prosperous, while also increasing energy efficiency and saving money.”

Wasch’s sentiment echoes a forum hosted earlier this month by the National Institute of Standards and Technology and the University of Maryland. Attendees like Google, the National Institutes of Health, and Lockheed Martin came together to discuss the ways data can help address a range of national priorities. The opportunities are vast.

“Right now, hospitals are providing better care by analyzing data about the triage process and using that information to eliminate wasteful steps that prevent patients from getting to the doctor quickly. Traffic-management centers are processing millions of cellphone and GPS signals, combining them with a wide range of other data about car speeds, weather conditions and more to assess road conditions in real time and avoid traffic jams. And financial services companies can collect and integrate customer transaction information in real time to quickly identify questionable patterns and proactively enact new processing rules to reduce fraud.”

But if this technological and economic evolution is to truly take hold, it needs support from policymakers who can ensure that the conversation stays focused on how to best benefit customers and the economy at large. A fixed regulatory approach would only stifle innovation and hurt consumers. If industry and policymakers can work together, we can safeguard consumers and unleash data’s enormous potential for transformative growth.

Laura Greenback is Communications Director at SIIA. Follow the SIIA Public Policy Team at @SIIAPolicy

Share|
Filed Under: Policy, Policy - Privacy, Software Tagged With: , ,

SIIA Welcomes Beginning of NTIA Multistakeholder Privacy Process

June 15, 2012 By

SIIA offers its enthusiastic support for the first multistakeholder privacy meeting, announced today by the National Telecommunications and Information Administration (NTIA). The meeting will take place on July 12 and the goal will be to develop a code of conduct to provide transparency in how companies provide applications and interactive services for mobile devices.

Today’s announcement marks the beginning of a multistakeholder process that can contribute significantly to the continuation of interoperable data privacy regimes, including the European Union’s proposed data protection regulations.

SIIA concurs with the Department of Commerce that voluntary, enforceable codes of conduct are the appropriate approach for data privacy protections because they develop faster and provide more flexibility than legislation or regulation.

Continued growth and innovation in the vibrant mobile marketplace depends on consumer confidence in the privacy protections provided by mobile application providers. For this reason, SIIA has been actively working to develop best practices that can help protect personal information while encouraging continued growth and innovation in the mobile marketplace.

In establishing this first multistakeholder process, NTIA was wise to focus on a definable area where stakeholders have begun to collaborate to develop practices, and we look forward to actively participating on behalf of our members and the industry broadly.

View comments SIIA made to NTIA in April here.

Ken WaschKen Wasch is President of SIIA.

Share|
Filed Under: Policy, Policy - Privacy

Mozilla Confirms Consensus on User Choice for Behavioral Advertising

June 1, 2012 By

There is broad agreement that consumers must have a clear and easy mechanism for opting out of online tracking. And there is also broad agreement that industry self-regulation and voluntary efforts are making substantial progress in developing solutions to provide consumers with meaningful choices about collection of their data. So much so that Obama administration officials just months ago cited these efforts as an example of voluntary but enforceable best practices.

Why is there such agreement on this topic? Well, that’s because customers, businesses and policymakers alike also broadly recognize the need to preserve the economic model that has been propelling the availability of content online: effective advertising. Indeed, targeted advertising is more effective and generates substantially more value that, in turn, provides for much of the valuable content provided on the Web.

In light of the broad consensus emerging around behavioral advertising and consumer choice, it was surprising that Microsoft announced yesterday that Internet Explorer 10 in Windows 8 will have “Do Not Track” (DNT) feature on by default—a move that defies the objective to enable users to make informed decisions.

But of even greater concern, Microsoft’s decision is likely to have the opposite effect. That is, in light of the fact that there is not yet consensus among the advertising industry (including among Microsoft’s own ad networks) on how to implement settings such as this, the end result will be confusion and disappointment from consumers when this ultimately doesn’t do what it says it will do. The Microsoft blog announcing the decision was clear in admitting that a uniform, industry-wide response is still under development:

“Sending a DNT signal from a browser is only part of the process. Obviously, for DNT to be effective, it is also important that websites have a common understanding of what the consumer expects when their browser sends the DNT signal. As well as engineering the world’s most used browser, Microsoft also owns and manages a growing advertising business – including a network that provides advertising to our own and other Web properties, so we have a unique perspective into this discussion.

At the moment there is not yet an agreed definition of how to respond to a DNT signal, and we know that a uniform, industry-wide response will be the best way to provide a consistent consumer experience across the Web.”

Fortunately, in response to Microsoft’s recent decision, Mozilla announced that the user’s choice is absolutely critical on this issue, and they confirmed that it will not set the “Do Not Track” feature in its Firefox browser to turn on by default. As articulated by Mozilla:

“DNT is intended to express an individual’s choice, or preference, to not be tracked. It’s important that the signal represents a choice made by the person behind the keyboard and not the software maker, because ultimately it’s not the browser being tracked, it’s the user.”

Amen, this also reflects the consensus that has emerged within the W3C Tracking Protection that “[k]ey to that notion of expression is that it must reflect the user’s preference, not the preference of some institutional or network-imposed mechanism outside the user’s control.”

So, again, there’s broad consensus on user choice and preference. Hopefully Microsoft will come to recognize this and continue to support the consensus effort.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Policy, Policy - Privacy Tagged With:
« Older Posts
Newer Posts »