Monday, February 17, 2014

An Update on Do Not Track and Privacy

In his January 2013 post to the Digital Analytics - University of Utah course blog, McCall Lewis wrote about the ongoing debate surrounding online consumer privacy and efforts towards a standard for "Do Not Track" [i].  McCall correctly stated that 2013 would be the year that these issues came to the consciousness of the consumer at-large. In this post, I intend to explore the ongoing saga of Digital Privacy and how consumers and online entities are reacting.

Digital Privacy in 2013, In a Nutshell (Help!  I'm in in a nutshell!)

It is safe to say that by the close of 2013, no American was completely isolated from developments in the world of digital privacy.  This was the year of Edward Snowden and Wikileaks, which exposed such government spying programs as PRISM, Tempora, and MUSCULAR [ii].  If people were not previously concerned with the monitoring of their internet behavior, it is hard to believe that they were not starting to think about it.  Most relevant to Digital Analytics is the allegation that the NSA was using cookies to piggyback on the tools that digital advertising firms were using to "pinpoint targets for government hacking and to bolster surveillance".  Google, Yahoo!, and Microsoft announced plans to encrypt traffic between their data centers, with Microsoft indirectly comparing the threat to that of Chinese government-sponsored hacking [iii].


Beyond allegations of government spying, other news events triggered a growing concern for digital privacy amongst citizens.  It was revealed that Google, despite their unofficial corporate motto being "Don't be evil", was collecting and storing data on WiFi networks while driving the avenues and boulevards in their mapping vehicles [iv].  Inadvertent or not, this revelation made big headlines in the year of Digital Privacy concerns.  Beyond government and corporate spying, there were a number of black-hat news stories as well.  Major retailers such as Target and Neiman Marcus were victims large-scale data breaches in which personal and credit card information were stolen from their servers.  While nothing connected to a network is ever totally secure, some of the details surrounding these breaches made it clear that retailers were not doing everything that they could to protect this sensitive data. In this particular case, the suspected security snafu source was an HVAC contractor that was given the keys to the castle, which were thusly compromised [v].

Current Sentiment
Not surprisingly, there have been numerous studies trying to suss out what the consumer reaction is to all of this. A University of Vienna focused on the act of "Virtual Identity Suicide" within the online social networking site Facebook.  The single biggest cause for this phenomenon, where a user deletes as much of their content as possible before permanently locking themselves out of their account, were concerns over privacy.  Among users studied, over 48% expressed this viewpoint [vi]. It turns out, they have a right to be concerned. Austrian law student Max Schrems found out, in 2010, that Facebook had over 1,200 pages of data on him alone.  This included data that he had never been supplied, but had been linked to him through his friends contact list.  As big-data analytics gets more powerful, this could translate into an enormous amount of personal information being available to online companies [vii].
Using information like Facebook collects, identification of protected classes is not only possible, but on the verge of child's play.  The Center for Digital Democracy is making efforts to address its concerns to the FTC.  They state that technologies such as hyper-local targeting, geo-fencing, and cross-platform targeting will allow for rampant discrimination.  The sorts of questions that it is illegal for employers to ask (age, marital status, sexual orientation) will become easily attainable information [viii].
TrustE, a digital privacy management company, conducted a study regarding consumer opinions about Online Behavioral Advertising recently [ix].  They found that 69% of internet users understood the value trade-off of online ads versus free content, but only 26% are willing to actually accept the same.  It seems as though most internet users feel powerless in the process that they need to just accept what is offered.  The study also showed that 62% of users would be more willing to do business with a company that allowed them to opt-out of targeting.

Ongoing Efforts
The WC3 is spearheading a Do-Not-Track and privacy working group, but things are not going as well as could be hoped.  One of the biggest internet watchdog and lobbying organizations, the EFF (Electronic Frontier Foundation), has lost confidence in the group [x].  They have directly stated that if the group continues in the direction that it is currently headed, that they may be forced to drop out.  Another watchdog group has a similar stance.  Jeffrey Chester, of the Center for Digital Democracy as called the efforts of the group "a farce".  It appears as though the group cannot even get the definition of tracking nailed down.  Are they concerned with 1st party cookies, 3rd party cookies, or other methods of data collection?  Original efforts in the Do-Not-Track space only targeted 3rd party cookie based ads, providing a guise of privacy to the relatively uneducated user.
It is unclear what the future may bring in terms of digital privacy, but it is doubtful that it will continue to be as unregulated as it currently is.  The European Union is enacting tough laws, requiring explicit consent in some areas, rather than the arguably implicit consent given by endless EULAs and TOCs that no one actually reads.  If the FTC gets involved in the United States, things are likely to change.


[i] Lewis, McCall ‘The “Do Not Track” Debate’ Digital Analytics – University of Utah, January 26, 2013. http://dauofu.blogspot.com/2013/01/the-do-not-track-debate.html
[ii] Wikipedia contributors, "Edward Snowden," Wikipedia, The Free Encyclopedia, http://en.wikipedia.org/w/index.php?title=Edward_Snowden&oldid=595457266 (accessed February 5, 2014).
[iii] Wikipedia contributors, "MUSCULAR (surveillance program)," Wikipedia, The Free Encyclopedia, http://en.wikipedia.org/w/index.php?title=MUSCULAR_(surveillance_program)&oldid=595197410 (accessed February 5, 2014).
[iv] “Street View: Google given 35 days to delete wi-fi data”, from BBC News: Technology, June 21, 2013. http://www.bbc.co.uk/news/technology-23002166
[v] Feinberg, Ashley “Last Month's Massive Target Hack Was the Heating Guy's Fault” Gizmodo, February 5, 2014. http://gizmodo.com/last-months-massive-target-hack-was-the-heating-guys-1516926877
[vi] Munson, Lee “Half of Facebook-quitters leave over privacy concerns” NakedSecurity, September 18, 2013. http://nakedsecurity.sophos.com/2013/09/18/half-of-facebook-quitters-leave-over-privacy-concerns/
[vii] Solon, Olivia “How much data did Facebook have on one man? 1,200 pages of data in 57 categories” Wired.co.uk, December 28, 2012. http://www.wired.co.uk/magazine/archive/2012/12/start/privacy-versus-facebook
[viii] Submitted by demedia, “CDD Calls on FTC to Protect Privacy in today's Hyper-local, geo-targeting, cross-platform, Big Data Era/Warns of Discriminatory Practices with mobile device tracking”, Center for Digital Democracy, February 6, 2014. http://www.democraticmedia.org/cdd-calls-ftc-protect-privacy-todays-hyper-local-geo-targeting-cross-platform-big-data-erawarns-disc
[ix] Deasy, Dave “TRUSTe Study Reveals Increased Transparency and Privacy Controls Produce More Positive Feelings about OBA” TrustE Blog, September 19, 2013. https://www.truste.com/blog/2013/09/19/truste-study-reveals-increased-transparency-and-privacy-controls-produce-more-positive-feelings-about-oba/
[x] Fung, Brian “The Internet’s best hope for a Do Not Track standard is falling apart. Here’s why.” The Washington Post Online, The Switch, October 11, 2013. http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/11/the-internets-best-hope-for-a-do-not-track-standard-is-falling-apart-heres-why/