Posts tagged as:

Digital Sensors, Darknets, Hyper-Transparency & the Future of Privacy

by on January 28, 2011 · 3 comments

A headline in the USA Today earlier this week screamed, “Hello, Big Brother: Digital Sensors Are Watching Us.”  It opens with an all too typical techno-panic tone, replete with tales of impending doom:

Odds are you will be monitored today — many times over. Surveillance cameras at airports, subways, banks and other public venues are not the only devices tracking you. Inexpensive, ever-watchful digital sensors are now ubiquitous.
They are in laptop webcams, video-game motion sensors, smartphone cameras, utility meters, passports and employee ID cards. Step out your front door and you could be captured in a high-resolution photograph taken from the air or street by Google or Microsoft, as they update their respective mapping services. Drive down a city thoroughfare, cross a toll bridge, or park at certain shopping malls and your license plate will be recorded and time-stamped. Several developments have converged to push the monitoring of human activity far beyond what George Orwell imagined. Low-cost digital cameras, motion sensors and biometric readers are proliferating just as the cost of storing digital data is decreasing. The result: the explosion of sensor data collection and storage.

Oh my God! Dust off you copies of the Unabomber Manifesto and run for your shack in the hills!

No, wait, don’t. Let’s instead step back, take a deep breath and think about this. As the article goes on to note, there will certainly be many benefits to our increasing “sensor society.”  Advertising and retail activity will become more personalized and offer consumers more customized good and services.  I wrote about that here at greater length in my essay on “Smart-Sign Technology: Retail Marketing Gets Sophisticated, But Will Regulation Kill It First?”  More importantly, ubiquitous digital sensors and data collection/storage will also increase our knowledge of the world around us exponentially and do wonders for scientific, environmental, and medical research.

But that won’t soothe the fears of those who fear the loss of their privacy and the rise of a surveillance society in which our every move is watched or tracked. So, let’s talk about what those of you who feel that way want to do about it.

Continue reading →

SHARE: 3 comments

Data Privacy Day is Among Us

by on January 27, 2011 · 2 comments

Data Privacy Day is January 28. And as Steve DelBianco writes at the NetChoice blog, now is an opportune time for it as Congress, the Commerce Department, and the Federal Trade Commission each have proposed new rights and rules for data privacy.

To appreciate Data Privacy Day you must first ignore the Euro-babble description of what is Data Privacy Day (“an international celebration of the dignity of the individual expressed through personal information”) and take it for what it really is: a prodding for Internet users to take a critical look at how they share and communicate information online.

Importantly, this is not a day for governments, but for users. As Steve writes, “the role for government should be in areas where users and business cannot act alone, including law enforcement, international data flows, and pre-empting a patchwork of state laws. Government should use is powers to pursue online fraud and criminal misuse of data, not to create rules that narrowly prescribe what and how data should be used.”

Also, check out the tech-friendly quotes from Obama’s State of the Union in Steve’s post.

SHARE: 2 comments

new paper: “Unappreciated Benefits of Advertising and Commercial Speech”

by on January 14, 2011 · 0 comments

Today the Mercatus Center has released a short new paper I have authored on “Unappreciated Benefits of Advertising and Commercial Speech.”  I begin the piece by noting that:

Federal policy makers, state legislators, and state attorneys general have recently shown interest in regulating commercial advertising and marketing. Several new regulatory initiatives are being proposed, or are already underway, that could severely curtail or restrict advertising or marketing on a variety of platforms. The consequences of these stepped-up regulatory efforts will be profound and will hurt consumer welfare both directly and indirectly.

I go on to note that “advertising can be an easy target for politicians or regulatory activist groups who make a variety of (typically unsubstantiated) claims about its negative impact on society,” but then continue on to explain how “the role of commercial speech in a free-market economy is often misunderstood or taken for granted.” I outline how, despite regulators’ concerns, consumers actually derive three important types of benefits from advertising and marketing: (1) Informational / Educational Benefits; (2) Market Choice / Pro-Competitive Benefits; and (3) Media Promotion / Cross-Subsidization.  After discussing each benefit, I conclude that:

For these reasons, a stepped-up regulatory crusade against advertising and marketing will hurt consumer welfare since it will raise prices, restrict choice, and diminish marketplace competition and innovation—both in ad-supported content and service markets, and throughout the economy at large.  Simply stated, there is no free lunch.

Read the entire 1,800-word essay here.  I have also embedded the document down below in a Scribd reader.

Continue reading →

SHARE: 0 comments

Adobe Improves Privacy Controls Before Regulators Can Saddle Up

by on January 14, 2011 · 6 comments

Via @csoghoian (who can be wrathful if you don’t attribute), Adobe buries the lede in its blog post about privacy improvements to the Flash player. They’re working with the most popular browser vendors on integrating control of “local shared objects”—more commonly known as “Flash cookies”—into the interface. Users control of Flash cookies will soon be similar to control of ordinary cookies.

It doesn’t end there:

Still, we know the Flash Player Settings Manager could be easier to use, and we’re working on a redesign coming in a future release of Flash Player, which will bring together feedback from our users and external privacy advocates. Focused on usability, this redesign will make it simpler for users to understand and manage their Flash Player settings and privacy preferences. In addition, we’ll enable you to access the Flash Player Settings Manager directly from your computer’s Control Panels or System Preferences on Windows, Mac and Linux, so that they’re even easier to locate and use. We expect users will see these enhancements in the first half of the year and we look forward to getting feedback as we continue to improve the Flash Player Settings Manager.

Mysterious, sinister “Flash cookies” were Exhibit A in the argument for a Do Not Track regulation. There is no way that people can cope with the endless array of tracking technologies advertisers are willing to deploy, the argument went, so the government must step in, define what it means to be “tracked,” and require it to stop—without kneecapping the free Internet. (Good luck with that!)

But Flash cookies are now quickly taking their place as a feature that users can control from the browser (or OS), customizing their experience of the Web to meet their individual privacy preferences. This is not a panacea, of course: People must still be made aware of the importance of controlling Flash cookies, as well as regular cookies. New tracking technologies will emerge, and consumer-friendly information controls meeting those challenges will be required in response.

But if this is what the drawn-out “war” against tracking technologies looks like, color me pro-war!

In a few short months, Adobe has begun work on the controls needed to put Flash cookies under peoples’ control. The Federal Trade Commission—prospective imposer of peace through complex, top-down regulation—took more than a year to produce a report querying whether a Do Not Track regulation might be a good idea. This problem will essentially be solved (and we’ll be on to the next one) before the FTC would have gotten saddled up.

Yes, Adobe may have acted because of the threat of damaging government regulation. That seems always to be what gets these companies moving. Of course it does, when the primary modus operandi of privacy advocacy is to push for government regulation. Were the privacy community to work as assiduously on boycotts as acting through intermediary government regulators, change might come even faster.

We could do without the standing army of regulators. Having a government sector powerful enough to cow the business sector is costly, both in terms of freedom and tax dollars.

With the failure of Do Not Track, the vision of a free and open Internet—populated by aware, empowered individuals—lives on.

SHARE: 6 comments

Privacy Community Wracked by Controversy—Are DoJ Officials Mustache-Twisting Enemies of Privacy?

by on January 12, 2011 · 6 comments

I’ve been bemused by a minor controversy about remarks Ryan Calo of Stanford University made to a New York Times reporter for this story on Internet privacy and government access.

“When your job is to protect us by fighting and prosecuting crime, you want every tool available,” said Ryan Calo, director of the consumer privacy project at the Center for Internet & Society at Stanford Law School. “No one thinks D.O.J. and other investigative agencies are sitting there twisting their mustache trying to violate civil liberties. They’re trying to do their job.”

That apparently didn’t sit well in some corners of the privacy community, and Calo felt obligated to explain the comment as though he had implied that DoJ efforts to undercut privacy should not be resisted. He hadn’t.

But evidently some people do think DoJ officials, or some relevant segment of them, are mustache-twisting privacy-haters. There are a few genuine oddballs committed to undercutting privacy, but it’s not worth casting aspersions on the entire security bureaucracy because of these few.

I believe the motivations of the vast majority of DoJ officials are good. They feel a real sense of honor from doing their self-chosen task of protecting the country from various threats. On average, they’ll likely weigh security and safety more heavily than the average privacy advocate or civil libertarian. Because they don’t think about privacy as much, they may not understand as well what privacy is and how to protect it consistent with pursuing justice. These are all good faith reasons why DoJ officials may undervalue and, in their work, undercut privacy. It is not necessary to believe that a dastardly enemy sits on Constitution Avenue mocking the document that street is named after.

The theory of the evil DoJ official says more about the theoretician than the DoJ. Experience in Washington has shown me that incompetence is almost always the better explanation than malice. (That’s not very nice, talking about “incompetence,” but there are some DoJ officials who lack competence in the privacy area.) Some people apparently need a dramatic story line to motivate themselves.

I’m sure it feels good to cast oneself as a white hat facing down a team of secretive, nefarious, government-sponsored black hats. But this mind-set gives away strategic leverage in the fight for privacy. The story is no longer how to protect privacy; it’s who is bad and who is good. Everyone (everyone thoughtful about messaging and persuasion, anyway) recognizes that Wikileaks veered off course by letting Wikileaks itself and Julian Assange become the story. We’re not having the discussion we should have about U.S. government behavior because of Assange’s self-regard.

I agree with my privacy brethren on the substance of the issues, but those who have similar self-regard, who insist on good-vs.-evil framing in order to cast themselves as heroic—they are closing the ears of DoJ officials they might reach and giving away opportunities to actually improve protections for privacy in the country.

SHARE: 6 comments

Do-Not-Track: The Recipe for Frosting is Not the Wedding Cake

by on January 11, 2011 · 2 comments

I laughed out loud when I read the following line in Harlan Yu’s post, “Some Technical Clarifications About Do Not Track“:

“[T]he Do Not Track header compels servers to cooperate, to proactively refrain from any attempts to track the user.”

(Harlan’s a pal, but I’m plain-spoken with friends just like everyone else, so here goes, buddy.)

To a policy person, that’s a jaw-dropping misstatement. An http header is a request. It has no coercive power whatsoever. (You can learn this for yourself: Take 30 minutes and write yourself a plug-in that charges ten cents to every site you visit. Your income will be negative 30 minutes of your time.)

Credit goes to the first commenter on his post who said, “What if they ignore the header? . . . Wouldn’t there also need to be legal penalties in place for violations, in order for this to work? (To encourage advertising companies to put in those lines of code.) Is this in the works?” Continue reading →

SHARE: 2 comments

Obama Admin’s “Let’s-Be-Europe” Approach to Privacy Will Undermine U.S. Competitiveness

by on January 5, 2011 · 2 comments

Reading through the respective December 2010 privacy reports from the Federal Trade Commission (FTC) and Department of Commerce (DoC), one cannot help but be struck by the Obama Administration’s seeming desire to make America’s tech sector — and the regulatory regime that governs it — more closely resemble Europe’s.  The push for an ambitious new “privacy framework” and set of “fair information practices” is just a riff borrowed from the EU data directive.  And although the Obama team stops short of calling privacy a “dignity right” as many European policymakers are prone to do, it’s clear from both the FTC and DoC reports that that’s were they want to take us.

It’s interesting to me, though, that the Obama Administration relies on two fundamentally flawed rationales for the “European-ification” of American privacy law.  In this regard, I’ll reference some passages from the DoC’s report that appear in the section on “The Economic Imperative” for a new regime, which appears on pages 13-16 of the report.

Myth #1: Privacy Regs Are Needed to Get More People Online or Using Digital Technology

First, the DoC pulls out the old saw about the need for expanded privacy regs to ensure greater online trust and, as a result, promote increased online interactions.  The report claims that “maintaining consumer trust is vital to the success of the digital economy” and that “an erosion of trust will inhibit the adoption of new technologies” (p. 15)  The problem with the theory that online commerce or consumer interactions online are somehow being thwarted by a lack of more privacy regulation is that it is plainly contradicted by the facts.  Continue reading →

SHARE: 2 comments

op-ed: “Privacy Regulation and the ‘Free’ Internet”

by on December 24, 2010 · 2 comments

[Here’s an oped of mine that recently ran on Reuters.  Readers will recognize many of these themes and arguments since I have developed them here on the TLF many times before.]

Privacy Regulation and the “Free” Internet

by Adam Thierer, Mercatus Center at George Mason University

Would you like to pay $20 a month for Facebook, or a dime every time you did a search on Google or Bing?  That’s potentially what is at stake if the Obama administration and advocates of stepped-up regulation of online advertising get their way.

The Internet feels like the ultimate free lunch.  Once we pay for basic access, a cornucopia of seemingly free services and content is at our fingertips.  But those services don’t just fall to Earth like manna from heaven.  What powers the “free” Internet are data collection and advertising. In essence, the relationship between consumers and online content and service providers isn’t governed by any formal contract, but rather by an unwritten  quid pro quo: tolerate some ads or we’ll be forced to charge you for service.  Most consumers gladly take that deal—even if many of them gripe about annoying or intrusive ads, at times. Continue reading →

SHARE: 2 comments

Is Watching “Spying”?

by on December 23, 2010 · 4 comments

I was struck by the absurd title of a New York Post story from yesterday: Is Your Restaurant Spying on You? Some restaurants are—shocker—making note of your preferences and your qualities as a customer, for good or bad. That’s “spying”?

Of course, headlines are meant to catch attention. The story illustrates a phenomenon that will continue to proliferate, and that will probably continue to raise hackles, classed as “spying”, “privacy invasion”, “dossier building”, and such. People and businesses are more able to capture information about each other than they were before. (It is a two-way street. We consumers know more about businesses, and businesses know more about us.)

That’s a big change from the recent past. Over the past century or so, people got more mobile and thus less amenable to consistent observation—which means less amenable to being affixed with a reputation. Now information systems are catching up. What kind of person you are—a good tipper, a brusque faux gastronome—that information might precede you to a restaurant. Object to it. Call it what you want. But you might also consider getting used to it, tipping better, and being polite.

None of this is a comment on what our public policies should be. They should neither favor this cultural change nor fight it. People need to understand what happens with information about them, and they should be able to withhold information if they want, though that may be hard for privacy outliers to do.

As a student of information, I find it hard to accept that a restaurant noting the information you’ve made available to it is “spying.”

SHARE: 4 comments

Browsers Go After ‘Tracking’

by on December 19, 2010 · 4 comments

Advocates of regulation will credit regulators for the fact that major browser providers Microsoft and Mozilla are going after online “tracking.” In forthcoming versions of their browsers, they will provide controls that protect against unwanted monitoring even better than the controls that now exist.

When consumer advocates cluster in Washington, D.C., asking federal agencies to solve consumer issues, of course, any progress on the issues will be credited to the threat of coercion. But experiments like these have no controls.

Decisions about the qualities of goods and services are made out at the leading edge of consumer demand, where producers work to anticipate developing public interests. Meeting demand after it has been realized is a recipe for business failure because competitors getting there before the others win market share and profits. Laggards are losers.

You can tell when regulators push for something that does not match up with consumer demand as perceived in the business sector. The regulators get nowhere. That would be the FTC’s call a decade ago for a suite of regulations requiring “notice, choice, access, and security.” The current push for “tracking” controls does appear to meet up with consumer demand, and, again, the browser providers are working on it years ahead of what any regulation would have required.

I’ve put “tracking” in scare quotes because the open question is just what anyone means by the word. The report linked above notes a comment from Google, provider of the Chrome browser:

“The idea of ‘Do Not Track’ is interesting, but there doesn’t seem to be consensus on what ‘tracking’ really means, nor how new proposals could be implemented in a way that respects people’s current privacy controls,” said the company…

Maybe Google will be the laggard and loser for not moving on “tracking” as fast as its competitors. That’s one approach, while Microsoft and Mozilla will each take a different tack to the problem. The result will be an experiment that does have controls. The browser provider that meets up with consumer interests, in the consumer-friendliest way, wins. Such would not be the case if a federal regulation—yes, one-size-fits-all—determined what “tracking” was and how browsers or others would provide protection against it.

Marketplace competition will do better than any other known method for determining what “tracking” means to consumers and what to do about it. There is no privacy advocate, there is no technologist, no advocacy group, nor academic who knows what to do here.

The one thing I recommend is that do-not-track efforts should control the content of the header and the domains the browser communicates with. Simply putting a “do-not-track” signal in the header would punt the problem back to regulators and the cadre that surrounds them. This group would come up with something that satisfies itself, the regulatory community, but that does not digest and reconcile actual consumers’ competing interests in privacy, convenience, access to content, and so on.

SHARE: 4 comments

← Previous Entries

Next Entries →