I’ve already laid out my own reactions to Google’s roll-out of an “interest based advertising” (IBA) program here. In a nutshell, I applauded Google setting a new “gold standard” in user empowerment by providing:
- Notice in their IBA-targeted ads of who’s paying for the ad and the fact that Google is serving it; and
- A link to a powerful “Ad Preference Manager” that allows users to:
- See and modify the “digital dossier” (to use the fearmonger’s term) of interests associated with the cookie on their computer; and
- Opt-out of tracking for IBA purposes.
But as I predicted, despite these pro-privacy features (and despite the fact that other major companies such as Yahoo! and Microsoft already have IBA programs), a number of privacy advocacy organizations are attacking Google for daring to enter the IBA (or “online behavioral advertising”) business at all. I’ll have much more to say about the criticism of Google’s new Ad Preference Manager soon, especially coming from Marc Rotenberg of EPIC (a “disaster“) and Jeff Chester of CDD—precisely the sort of the “paroxysms of privacy hysteria” I predicted.
But first, the criticism from Ari Schwartz of the Center for Democracy & Technology requires a response today. At its best, CDT plays a vital role in calling corporations to continually raise the bar on privacy. My own think tank, the Progress & Freedom Foundation, works closely with CDT on many issues, such as advocating user empowerment through technological means as a constitutionally “less restrictive” way of protecting children than government censorship.
Here’s what Ari had to say:
[T]he opt-out is based on a failed premise. The truth of the matter is that the industry needs to work together to move beyond the discredited cookie opt-out model…. Google claims to have improved upon the old model by creating a plug-in for users to keep their opt-out cookie while deleting the rest of their cookies. While as a technical matter that may be true, without an industry-wide solution these plug-in options just serve to confuse users about what they need to do to protect themselves. If this plug-in approach catches on, will users need to download a plug-in from every network advertiser and every analytics company to stop the tracking? That model just isn’t sustainable.
Ari is setting up a straw man when he suggests that users are going to have to download a separate plug-in for every ad network. The obvious solution, as Ari points out, is an industry-wide plug-in. But if it’s so obvious, why can’t CDT just write it themselves? Indeed, why didn’t they write it years ago?
These aren’t rhetorical questions. I really want to know what would be required to create a plug-in that does what Google’s plug-in does for every other ad network’s opt-out cookie in the Opt-out tool developed by the Network Advertising Initiative (NAI): Maintain “persistent” user choice by checking to see whether a user has deleted whatever their opt-out cookies and, if so, restoring those cookies.
CDT will probably insist that, if it’s really so easy to create such an industry-wide plug-in, NAI should have done so years ago. Maybe so. Perhaps if the industry had moved faster to innovate in privacy protection, they would be in a stronger position right now politically. Of course, if the industry moves slowly in this regard, maybe that’s because they’ve got their hands full trying to keep advertising, the economic engine that funds the Internet’s “free” content and services, working-a reality Ari ignores. Or perhaps it wouldn’t matter: It seems that no matter what industry might do, it’s just not good enough for Ari. Under the banner of “Keeping the Internet Open, Innovative and Free,” Ari is in fact leading CDT in a full-on attack on the Internet, pushing for regulation that will make the Internet:
- Less “Open” to competition among service providers and the diversity of voices and choices produced by online content creators who depend on advertising;
- Less “Innovative” in terms of new content, new services, new online personalization technologies, and new advertising business models that could broaden the base of economic support for the entire Internet; and
- Less “Free” both in political terms—“free” from government regulation and controls—and in financial terms—“free” to users because advertisers foot the bill.
CDT ignores these very real costs to crippling online advertising, which will ultimately be borne by the very consumers whom CDT claims to be protecting. This is precisely why Adam Thierer and I have argued so strongly for a layered approach (and here at page 7) to privacy concerns about online advertising that combines self-regulation and tough FTC enforcement of privacy policies with a recognition that only by empowering individual users to make their own choices can we balance inherently subjective concerns about privacy with the need to fund the Internet’s future:
We stand at an important crossroads in the debate over the online marketplace and the future of a “free and open” Internet. Many of those who celebrate that goal focus on concepts like “net neutrality” at the distribution layer, but what really keeps the Internet so “free and open” is the economic engine of online advertising at the applications and content layers. If misguided government regulation chokes off the Internet’s growth or evolution, we would be killing the goose that laid the golden eggs.
Back to the plug-in… CDT argues that the opt-out cookie system is flawed in respects other than ensuring the persistence of user opt-outs. We can debate that question. But I’d just like to get a clear answer once and for all about why CDT hasn’t already developed this plug-in themselves.
Since CDT doesn’t seem up to the task, we’ve already modified the Google plug-in to preserve another ad network’s opt-out cookie (download our beta plug-in here) and are currently working to expand the plug-in to work for multiple cookies—which is simply a matter of coding. We’d welcome help from anyone with experience in writing Firefox plug-ins.
NAI could (and probably should) do this, themselves. But if CDT wants to start being philosophically consistent about empowering consumers across in the board—on privacy issues as well as child protection issues—writing this plug-in themselves is a great way to shame the rest of the advertising industry into picking up where Google left off. I suspect CDT’s failure to do so thus far reflects a crass political calculation that anything they does to empower users to manage their own privacy through technical solutions simply undermines their arguments that only government can protect users—thus weakening their push for regulation. So much for CDT’s declared mission of “seek[ing] practical solutions to enhance privacy!”