Posts tagged as:

Adobe Improves Privacy Controls Before Regulators Can Saddle Up

by on January 14, 2011 · 6 comments

Via @csoghoian (who can be wrathful if you don’t attribute), Adobe buries the lede in its blog post about privacy improvements to the Flash player. They’re working with the most popular browser vendors on integrating control of “local shared objects”—more commonly known as “Flash cookies”—into the interface. Users control of Flash cookies will soon be similar to control of ordinary cookies.

It doesn’t end there:

Still, we know the Flash Player Settings Manager could be easier to use, and we’re working on a redesign coming in a future release of Flash Player, which will bring together feedback from our users and external privacy advocates. Focused on usability, this redesign will make it simpler for users to understand and manage their Flash Player settings and privacy preferences. In addition, we’ll enable you to access the Flash Player Settings Manager directly from your computer’s Control Panels or System Preferences on Windows, Mac and Linux, so that they’re even easier to locate and use. We expect users will see these enhancements in the first half of the year and we look forward to getting feedback as we continue to improve the Flash Player Settings Manager.

Mysterious, sinister “Flash cookies” were Exhibit A in the argument for a Do Not Track regulation. There is no way that people can cope with the endless array of tracking technologies advertisers are willing to deploy, the argument went, so the government must step in, define what it means to be “tracked,” and require it to stop—without kneecapping the free Internet. (Good luck with that!)

But Flash cookies are now quickly taking their place as a feature that users can control from the browser (or OS), customizing their experience of the Web to meet their individual privacy preferences. This is not a panacea, of course: People must still be made aware of the importance of controlling Flash cookies, as well as regular cookies. New tracking technologies will emerge, and consumer-friendly information controls meeting those challenges will be required in response.

But if this is what the drawn-out “war” against tracking technologies looks like, color me pro-war!

In a few short months, Adobe has begun work on the controls needed to put Flash cookies under peoples’ control. The Federal Trade Commission—prospective imposer of peace through complex, top-down regulation—took more than a year to produce a report querying whether a Do Not Track regulation might be a good idea. This problem will essentially be solved (and we’ll be on to the next one) before the FTC would have gotten saddled up.

Yes, Adobe may have acted because of the threat of damaging government regulation. That seems always to be what gets these companies moving. Of course it does, when the primary modus operandi of privacy advocacy is to push for government regulation. Were the privacy community to work as assiduously on boycotts as acting through intermediary government regulators, change might come even faster.

We could do without the standing army of regulators. Having a government sector powerful enough to cow the business sector is costly, both in terms of freedom and tax dollars.

With the failure of Do Not Track, the vision of a free and open Internet—populated by aware, empowered individuals—lives on.

SHARE: 6 comments

Do-Not-Track: The Recipe for Frosting is Not the Wedding Cake

by on January 11, 2011 · 2 comments

I laughed out loud when I read the following line in Harlan Yu’s post, “Some Technical Clarifications About Do Not Track“:

“[T]he Do Not Track header compels servers to cooperate, to proactively refrain from any attempts to track the user.”

(Harlan’s a pal, but I’m plain-spoken with friends just like everyone else, so here goes, buddy.)

To a policy person, that’s a jaw-dropping misstatement. An http header is a request. It has no coercive power whatsoever. (You can learn this for yourself: Take 30 minutes and write yourself a plug-in that charges ten cents to every site you visit. Your income will be negative 30 minutes of your time.)

Credit goes to the first commenter on his post who said, “What if they ignore the header? . . . Wouldn’t there also need to be legal penalties in place for violations, in order for this to work? (To encourage advertising companies to put in those lines of code.) Is this in the works?” Continue reading →

SHARE: 2 comments

op-ed: “Privacy Regulation and the ‘Free’ Internet”

by on December 24, 2010 · 2 comments

[Here’s an oped of mine that recently ran on Reuters.  Readers will recognize many of these themes and arguments since I have developed them here on the TLF many times before.]

Privacy Regulation and the “Free” Internet

by Adam Thierer, Mercatus Center at George Mason University

Would you like to pay $20 a month for Facebook, or a dime every time you did a search on Google or Bing?  That’s potentially what is at stake if the Obama administration and advocates of stepped-up regulation of online advertising get their way.

The Internet feels like the ultimate free lunch.  Once we pay for basic access, a cornucopia of seemingly free services and content is at our fingertips.  But those services don’t just fall to Earth like manna from heaven.  What powers the “free” Internet are data collection and advertising. In essence, the relationship between consumers and online content and service providers isn’t governed by any formal contract, but rather by an unwritten  quid pro quo: tolerate some ads or we’ll be forced to charge you for service.  Most consumers gladly take that deal—even if many of them gripe about annoying or intrusive ads, at times. Continue reading →

SHARE: 2 comments

Browsers Go After ‘Tracking’

by on December 19, 2010 · 4 comments

Advocates of regulation will credit regulators for the fact that major browser providers Microsoft and Mozilla are going after online “tracking.” In forthcoming versions of their browsers, they will provide controls that protect against unwanted monitoring even better than the controls that now exist.

When consumer advocates cluster in Washington, D.C., asking federal agencies to solve consumer issues, of course, any progress on the issues will be credited to the threat of coercion. But experiments like these have no controls.

Decisions about the qualities of goods and services are made out at the leading edge of consumer demand, where producers work to anticipate developing public interests. Meeting demand after it has been realized is a recipe for business failure because competitors getting there before the others win market share and profits. Laggards are losers.

You can tell when regulators push for something that does not match up with consumer demand as perceived in the business sector. The regulators get nowhere. That would be the FTC’s call a decade ago for a suite of regulations requiring “notice, choice, access, and security.” The current push for “tracking” controls does appear to meet up with consumer demand, and, again, the browser providers are working on it years ahead of what any regulation would have required.

I’ve put “tracking” in scare quotes because the open question is just what anyone means by the word. The report linked above notes a comment from Google, provider of the Chrome browser:

“The idea of ‘Do Not Track’ is interesting, but there doesn’t seem to be consensus on what ‘tracking’ really means, nor how new proposals could be implemented in a way that respects people’s current privacy controls,” said the company…

Maybe Google will be the laggard and loser for not moving on “tracking” as fast as its competitors. That’s one approach, while Microsoft and Mozilla will each take a different tack to the problem. The result will be an experiment that does have controls. The browser provider that meets up with consumer interests, in the consumer-friendliest way, wins. Such would not be the case if a federal regulation—yes, one-size-fits-all—determined what “tracking” was and how browsers or others would provide protection against it.

Marketplace competition will do better than any other known method for determining what “tracking” means to consumers and what to do about it. There is no privacy advocate, there is no technologist, no advocacy group, nor academic who knows what to do here.

The one thing I recommend is that do-not-track efforts should control the content of the header and the domains the browser communicates with. Simply putting a “do-not-track” signal in the header would punt the problem back to regulators and the cadre that surrounds them. This group would come up with something that satisfies itself, the regulatory community, but that does not digest and reconcile actual consumers’ competing interests in privacy, convenience, access to content, and so on.

SHARE: 4 comments

A Response to Nick Carr on Privacy & Trade-Offs

by on December 7, 2010 · 1 comment

This is a response to Nick Carr’s recent piece, “The Attack on Do Not Track,” in which he goes after me for some comments I made in this essay about the trade-offs at work in the privacy and online advertising debates.  In his critique of my essay, he argues:

What the FTC is suggesting is that the unwritten quid pro quo be written, and that the general agreement be made specific. Does Thierer really believe that invisible tradeoffs are somehow better than visible ones? Shouldn’t people know the cost of “free” services, and then be allowed to make decisions based on their own cost-benefit analysis? Isn’t that the essence of the free market that Thierer so eloquently celebrates?

My response to Nick follows. Continue reading →

SHARE: 1 comment

FTC Endorses “Do Not Track” Information Control Regime for the Internet

by on December 1, 2010 · 18 comments

This morning, the Federal Trade Commission (FTC) released its eagerly-awaited Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers. As expected, the agency has generally endorsed an expanded regulatory regime to govern online data collection and advertising efforts in the name of protecting consumer privacy.  More specifically, the agency endorsed a so-called “Do Not Track” mechanism that would supposedly help consumers block unwanted data collection or advertising.  Here’s how the agency describes it:

Such a universal mechanism could be accomplished by legislation or potentially through robust, enforceable self-regulation.  The most practical method of providing uniform choice for online behavioral advertising would likely involve placing a setting similar to a persistent cookie on a consumer’s browser and conveying that setting to sites that the browser visits, to signal whether or not the consumer wants to be tracked or receive targeted advertisements.  To be effective, there must be an enforceable requirement that sites honor those choices. (p. 66)

I’m sure we’ll have plenty more to say here about the issue in coming weeks and months (comments on the FTC report are due by Jan. 31), but we’ve already commented on this proposal here before. See 1, 2, 3.  To briefly summarize a few of those concerns: Continue reading →

SHARE: 18 comments

Ends, Means, and One Man’s War on Advertising

by on March 24, 2009 · 8 comments

Chris Soghoian has responded to my recent post lauding his Targeted Advertising Cookie Opt-Out (or “TACO” – documented and downloadable here). We’re agreed in the main on user empowerment. The interesting stuff is on the margin: He disagrees with me that blocking third party cookies as I do (and he does too) is a satisfactory approach to suppressing tracking by advertisers.

There are a couple of points worth making about the discussion.

The first has to do with our slightly differing objectives. Chris is deeply focused on advertisers and his dislike of being tracked by advertisers. Though it is not absolute, I have a preference against tracking by anyone other than sites that I know, like, and trust. I’m no more worried about advertisers than any entity that would track my surfing – and there are many.

Again, TLF readers, I ask you to try setting your browser to query you before setting cookies. It’s a real insight into the dozens of entities getting a look at you as you surf, including a bunch of social networks and news sites.

If “advertisers” are what you seek to harness, that seems like a group that can be captured through some kind of centralized control mechanism. (I don’t think it actually is.) But if your goal is privacy as against all comers, you don’t attempt to centrally plan or decide who is good and who is bad. Responsibility rests with the end user.

Let the goal be “advertisers,” though. And I ask: Those social networks and news aggregators – are they “advertisers”? If you’re going to require a subset of Web communicators to obey opt-out cookies, you have to be able to define that subset – a problem Chris doesn’t seem to have thought about yet.

Lots of different publishers, sites, and networks have data that is entirely fungible with the tracking data advertisers collect. What do you get if you push down on the “officially advertisers” part of the balloon? Workarounds.

But I’ve backed into the second point – the means to these ends. Chris soft-pedals how he would get at tracking, but as far as I can tell it’s a law that says “advertisers” have to obey opt-out cookies. Continue reading →

SHARE: 8 comments

PFF Launches Center for Internet Freedom

by on October 24, 2008 · 12 comments

The Progress & Freedom Foundation has just launched the new Center for Internet Freedom.  CIF offers an alternative to the proliferation of advocacy groups calling for government intervention online by offering timely analyses and critiques of proposals that diminish the vital role of free markets, free speech and property rights.  We aim to drive the Internet policy debate in new directions by emphasizing a layered approach of technological innovation, user education, user self-help, industry self-regulation, and the enforcement of existing laws consistent with the First Amendment.  Such an approach is a less restrictive—and generally more effective—alternative to increased regulation.  

Here are some of the issues I’ll be working on as CIF’s Director in conjunction with my esteemed colleagues Adam Thierer, Adam Marcus, and adjunct fellows: 

  • Defending online advertising as the lifeblood of online content & services, especially in the “Long Tail”;
  • Emphasizing market solutions to problems of privacy protection, especially regarding the use of cookies and packet inspection data;
  • Protecting online speech and expression both in the U.S. and abroad;
  • Defending Section 230 immunity for Internet intermediaries;
  • Opposing online taxation and legal barriers to e-commerce and digital payments, especially at the state and local levels; and
  • Ensuring that Internet governance remains transparent and accountable without hampering the evolution of the Internet.

SHARE: 12 comments

Online Advertising & User Privacy: Principles to Guide the Debate

by on September 24, 2008 · 28 comments

By Berin Szoka & Adam Thierer Progress Snapshot 4.19 (PDF)

Since the fall of 2008, a debate has raged in Washington over “targeted online advertising,” an ominous-sounding shorthand for the customization of Internet ads to match the interests of users.  Not only are these ads more relevant and therefore less annoying to Internet users than untargeted ads, they are more cost-effective to advertisers and more profitable to websites that sell ad space.  While such “smarter” online advertising scares some—prompting comparisons to a corporate “Big Brother” spying on Internet users—it is also expected to fuel the rapid growth of Internet advertising revenues from $21.7 billion in 2007 to $50.3 billion in 2011-an annual growth rate of more than 24%. Since this growing revenue stream ultimately funds the free content and services that Internet users increasingly take for granted, policymakers should think very carefully about what’s really best for consumers before rushing to regulate an industry that has thrived for over a decade under a layered approach that combines technological “self-help” by privacy-wary consumers, consumer education, industry self-regulation, existing state privacy tort laws, and Federal Trade Commission (FTC) enforcement of corporate privacy policies.

In an upcoming PFF Special Report, we will address the many technical, economic, and legal aspects of this complicated policy issue-especially the possibility that regulation may unintentionally thwart market responses to the growing phenomenon of users blocking online ads.

We will also issue a three-part challenge to those who call for regulation of online advertising practices:

  1. Identify the harm or market failure that requires government intervention.
  2. Prove that there is no less restrictive alternative to regulation.
  3. Explain how the benefits of regulation outweigh its costs.

Continue reading →

SHARE: 28 comments

Next Entries →