Posts tagged as:

Adobe Improves Privacy Controls Before Regulators Can Saddle Up

by on January 14, 2011 · 6 comments

Via @csoghoian (who can be wrathful if you don’t attribute), Adobe buries the lede in its blog post about privacy improvements to the Flash player. They’re working with the most popular browser vendors on integrating control of “local shared objects”—more commonly known as “Flash cookies”—into the interface. Users control of Flash cookies will soon be similar to control of ordinary cookies.

It doesn’t end there:

Still, we know the Flash Player Settings Manager could be easier to use, and we’re working on a redesign coming in a future release of Flash Player, which will bring together feedback from our users and external privacy advocates. Focused on usability, this redesign will make it simpler for users to understand and manage their Flash Player settings and privacy preferences. In addition, we’ll enable you to access the Flash Player Settings Manager directly from your computer’s Control Panels or System Preferences on Windows, Mac and Linux, so that they’re even easier to locate and use. We expect users will see these enhancements in the first half of the year and we look forward to getting feedback as we continue to improve the Flash Player Settings Manager.

Mysterious, sinister “Flash cookies” were Exhibit A in the argument for a Do Not Track regulation. There is no way that people can cope with the endless array of tracking technologies advertisers are willing to deploy, the argument went, so the government must step in, define what it means to be “tracked,” and require it to stop—without kneecapping the free Internet. (Good luck with that!)

But Flash cookies are now quickly taking their place as a feature that users can control from the browser (or OS), customizing their experience of the Web to meet their individual privacy preferences. This is not a panacea, of course: People must still be made aware of the importance of controlling Flash cookies, as well as regular cookies. New tracking technologies will emerge, and consumer-friendly information controls meeting those challenges will be required in response.

But if this is what the drawn-out “war” against tracking technologies looks like, color me pro-war!

In a few short months, Adobe has begun work on the controls needed to put Flash cookies under peoples’ control. The Federal Trade Commission—prospective imposer of peace through complex, top-down regulation—took more than a year to produce a report querying whether a Do Not Track regulation might be a good idea. This problem will essentially be solved (and we’ll be on to the next one) before the FTC would have gotten saddled up.

Yes, Adobe may have acted because of the threat of damaging government regulation. That seems always to be what gets these companies moving. Of course it does, when the primary modus operandi of privacy advocacy is to push for government regulation. Were the privacy community to work as assiduously on boycotts as acting through intermediary government regulators, change might come even faster.

We could do without the standing army of regulators. Having a government sector powerful enough to cow the business sector is costly, both in terms of freedom and tax dollars.

With the failure of Do Not Track, the vision of a free and open Internet—populated by aware, empowered individuals—lives on.

SHARE: 6 comments

op-ed: “Privacy Regulation and the ‘Free’ Internet”

by on December 24, 2010 · 2 comments

[Here’s an oped of mine that recently ran on Reuters.  Readers will recognize many of these themes and arguments since I have developed them here on the TLF many times before.]

Privacy Regulation and the “Free” Internet

by Adam Thierer, Mercatus Center at George Mason University

Would you like to pay $20 a month for Facebook, or a dime every time you did a search on Google or Bing?  That’s potentially what is at stake if the Obama administration and advocates of stepped-up regulation of online advertising get their way.

The Internet feels like the ultimate free lunch.  Once we pay for basic access, a cornucopia of seemingly free services and content is at our fingertips.  But those services don’t just fall to Earth like manna from heaven.  What powers the “free” Internet are data collection and advertising. In essence, the relationship between consumers and online content and service providers isn’t governed by any formal contract, but rather by an unwritten  quid pro quo: tolerate some ads or we’ll be forced to charge you for service.  Most consumers gladly take that deal—even if many of them gripe about annoying or intrusive ads, at times. Continue reading →

SHARE: 2 comments

The Great Privacy Debate on WSJ

by on August 7, 2010 · 16 comments

I have a piece on Internet privacy in the Wall Street Journal today. It’s one side of a “debate” on Internet privacy and tracking. I say be careful what you give up if you thwart online tracking—personalization, free content, and other goodies may go by the wayside.

My “opponent” is Nicholas Carr, whose identity and arguments I didn’t know as I wrote, nor likely did he mine. His is a good piece that lays out the many legitimate concerns with online tracking. Must be nice to be the maximal-privacy “good guy”!

For the sake of making it interesting I’ll pick out one important point that highlights the nub of the issue.

Privacy tradeoffs have always been a part of life, Carr says, “But now, thanks to the Net, we’re losing our ability to understand and control those tradeoffs—to choose, consciously and with awareness of the consequences, what information about ourselves we disclose and what we don’t.”

This sentence brought back to me a memorable moment from law school. In a seminar course, the professor called upon a fellow student who rather dopily apologized, “Sorry, I didn’t have time to do the reading.”

“In fact you did have time to do the reading,” replied the teacher, “but you just didn’t take it. Isn’t that correct?”

It was funny, if embarrassing for my colleague, and a great illustration of precision with language.

Holding to that standard of precision, I’ll disagree with Carr’s statement: The Net is not affecting our ability to understand and control privacy tradeoffs. Its development has outstripped that capacity. Developing consumers’ understanding of information flows, information uses, and consequences will position them to restore privacy.

I don’t think Carr would disagree with that sentiment in the main. Later he says, agreeably to me, “We need to take personal responsibility for the information we share whenever we log on.”

And I do think that’s the heart of the problem: “Education is the hard way, and it is the only way, to get consumers’ privacy interests balanced with their other interests.”

SHARE: 16 comments

The Government Can Monitor Your Location All Day Every Day Without Implicating Your Fourth Amendment Rights

by on February 11, 2010 · 13 comments

If you have a mobile phone, that’s the upshot of an argument being put forward by the government in a case being argued before the Third Circuit Court of Appeals tomorrow. The case is called In the Matter of the Application of the United States of America For An Order Directing A Provider of Electronic Communication Service To Disclose Records to the Government.

Declan McCullagh reports:

In that case, the Obama administration has argued that Americans enjoy no “reasonable expectation of privacy” in their—or at least their cell phones’—whereabouts. U.S. Department of Justice lawyers say that “a customer’s Fourth Amendment rights are not violated when the phone company reveals to the government its own records” that show where a mobile device placed and received calls.

The government can maintain this position because of the retrograde “third party doctrine.” That doctrine arose from a pair of cases in the early 1970s in which the Supreme Court found no Fourth Amendment problems when the government required service providers to maintain records about their customers, and later required those service providers to hand the records over to the government.

I wrote about these cases, and the courts’ misunderstanding of privacy since 1967’s Katz decision, in an American University Law Review article titled “Reforming Fourth Amendment Privacy Doctrine“:

These holdings were never right, but they grow more wrong with each step forward in modern, connected living. Incredibly deep reservoirs of information are constantly collected by third-party service providers today. Cellular telephone networks pinpoint customers’ locations throughout the day through the movement of their phones. Internet service providers maintain copies of huge swaths of the information that crosses their networks, tied to customer identifiers. Search engines maintain logs of searches that can be correlated to specific computers and usually the individuals that use them. Payment systems record each instance of commerce, and the time and place it occurred. The totality of these records are very, very revealing of people’s lives. They are a window onto each individual’s spiritual nature, feelings, and intellect. They reflect each American’s beliefs, thoughts, emotions, and sensations. They ought to be protected, as they are the modern iteration of our “papers and effects.”

This is a case to watch, as it will help determine whether or not your digital life is an open book to government investigators.

SHARE: 13 comments

What Unites Advocates of Speech Controls & Privacy Regulation?

by on August 11, 2009 · 23 comments

What Unites Advocates of Speech Controls & Privacy Regulation? [pdf]

by Adam Thierer & Berin Szoka The Progress & Freedom Foundation, Progress on Point No. 16.19

Anyone who has spent time following debates about speech and privacy regulation comes to recognize the striking parallels between these two policy arenas. In this paper we will highlight the common rhetoric, proposals, and tactics that unite these regulatory movements. Moreover, we will argue that, at root, what often animates calls for regulation of both speech and privacy are two remarkably elitist beliefs:

  1. People are too ignorant (or simply too busy) to be trusted to make wise decisions for themselves (or their children); and/or,
  2. All or most people share essentially the same values or concerns and, therefore, “community standards” should trump household (or individual) standards.

While our use of the term “elitism” may unduly offend some understandably sensitive to populist demagoguery, our aim here is not to launch a broadside against elitism as Time magazine culture critic William H. Henry once defined it: “The willingness to assert unyieldingly that one idea, contribution or attainment is better than another.”[1] Rather, our aim here is to critique that elitism which rises to the level of political condescension and legal sanction. We attack not so much the beliefs of some leaders, activists, or intellectuals that they have a better idea of what it in the public’s best interest than the public itself does, but rather the imposition of those beliefs through coercive, top-down mandates.

That sort of elitism—elitism enforced by law—is often the objective of speech and privacy regulatory advocates. Our goal is to identify the common themes that unite these regulatory movements, explain why such political elitism is unwarranted, and make it clear how it threatens individual liberty as well as the future of free and open Internet. As an alternative to this elitist vision, we advocate an empowerment agenda: fostering an environment in which users have the tools and information they need to make decisions for themselves and their families. Continue reading →

SHARE: 23 comments

Ends, Means, and One Man’s War on Advertising

by on March 24, 2009 · 8 comments

Chris Soghoian has responded to my recent post lauding his Targeted Advertising Cookie Opt-Out (or “TACO” – documented and downloadable here). We’re agreed in the main on user empowerment. The interesting stuff is on the margin: He disagrees with me that blocking third party cookies as I do (and he does too) is a satisfactory approach to suppressing tracking by advertisers.

There are a couple of points worth making about the discussion.

The first has to do with our slightly differing objectives. Chris is deeply focused on advertisers and his dislike of being tracked by advertisers. Though it is not absolute, I have a preference against tracking by anyone other than sites that I know, like, and trust. I’m no more worried about advertisers than any entity that would track my surfing – and there are many.

Again, TLF readers, I ask you to try setting your browser to query you before setting cookies. It’s a real insight into the dozens of entities getting a look at you as you surf, including a bunch of social networks and news sites.

If “advertisers” are what you seek to harness, that seems like a group that can be captured through some kind of centralized control mechanism. (I don’t think it actually is.) But if your goal is privacy as against all comers, you don’t attempt to centrally plan or decide who is good and who is bad. Responsibility rests with the end user.

Let the goal be “advertisers,” though. And I ask: Those social networks and news aggregators – are they “advertisers”? If you’re going to require a subset of Web communicators to obey opt-out cookies, you have to be able to define that subset – a problem Chris doesn’t seem to have thought about yet.

Lots of different publishers, sites, and networks have data that is entirely fungible with the tracking data advertisers collect. What do you get if you push down on the “officially advertisers” part of the balloon? Workarounds.

But I’ve backed into the second point – the means to these ends. Chris soft-pedals how he would get at tracking, but as far as I can tell it’s a law that says “advertisers” have to obey opt-out cookies. Continue reading →

SHARE: 8 comments

Nuts & Bolts: Everything You Wanted To Know About Cookies But Were Afraid To Ask

by on January 27, 2009 · 16 comments

As a means of introducing myself to TLF readers, this is an article that I wrote for the PFF blog in September that has not been previously mentioned on the TLF. Most of my other PFF blog posts have been cross-posted by Adam Thierer or Berin Szoka, but I’ve taken ownership of those posts so they appear on my TLF author page.

This is the first in a series of articles that will focus directly on technology instead of technology policy. With an average age of 57, most members of Congress were at least 30 when the IBM PC was introduced in 1981. So it is not surprising that lawmakers have difficulty with cutting-edge technology. The goal of this series is to provide a solid technical foundation for the policy debates that new technologies often trigger. No prior knowledge of the technologies involved is assumed, but no insult to the reader’s intelligence is intended.

This article focuses on cookies–not the cookies you eat, but the cookies associated with browsing the World Wide Web. There has been public concern over the privacy implications of cookies since they were first developed. But to understand them , you must know a bit of history.

According to Tim Berners Lee, the creator of the World Wide Web, “[g]etting people to put data on the Web often was a question of getting them to change perspective, from thinking of the user’s access to it not as interaction with, say, an online library system, but as navigation th[r]ough a set of virtual pages in some abstract space. In this concept, users could bookmark any place and return to it, and could make links into any place from another document. This would give a feeling of persistence, of an ongoing existence, to each page.”[1. Tim Berners-Lee, Weaving The Web: The Original Design and Ultimate Destiny of the World Wide Web. p. 37. Harper Business (2000).] The Web has changed quite a bit since the early 1990s.

Today, websites are much more dynamic and interactive, with every page being customized for each user. Such customization could include automatically selecting the appropriate language for the user based on where they’re located, displaying only content that has been added since the last time the user visited the site, remembering a user who wants to stay logged into a site from a particular computer, or keeping track of items in a virtual shopping cart. These features are simply not possible without the ability for a website to distinguish one user from another and to remember a user as they navigate from one page to another. Today, in the Web 2.0 era, instead of Web pages having persistence (as Berners-Lee described), we have dynamic pages and “user-persistence.”

This paper describes the various methods websites can use to enable user-persistence and how this affects user privacy. But the first thing the reader must realize is that the Web was not initially designed to be interactive; indeed, as the quote above shows, the goal was the exact opposite. Yet interactivity is critical to many of the things we all take for granted about web content and services today.

Continue reading →

SHARE: 16 comments

Next Entries →