By NATASHA SINGER NY Times December 11, 2010
HOW far does consumer privacy protection lag behind data-collection systems, those advanced technologies that media companies use to gather, share and profit from our personal information?
Too far, according to two privacy advocates.
“Solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress,” the privacy experts wrote in the Harvard Law Review. “In this, as in other branches of commerce, the supply creates demand,” they added; and that demand, they noted, ends up broadcasting our private matters in public spheres.
The review article, written in 1890 by the young lawyers Samuel D. Warren and Louis D. Brandeis, concerned the spread of that era’s viral technology: snapshot photography. Newspaper photographers, the lawyers wrote, were feeding an “unseemly gossip” industry by taking and publishing candid shots of people without their consent.
Before the advent of the camera, explains Jon Leibowitz, the chairman of the Federal Trade Commission, newspaper photographers would have had difficulty carting heavy daguerreotype equipment and using it to peer over people’s back garden fences.
“But once you went to a real camera,” Mr. Leibowitz said in an interview last week, “that could easily be done.”
As the adage goes: Everything old is new again.
On the one hand, consumers often benefit from newfangled gizmos — be they cameras, tape recorders or cellphones. On the other hand, the widespread adoption of technology has often left legislators and regulators racing to play catch up.
The F.T.C., for instance, just published a report in which agency experts concluded that data-collection techniques on the Web had outdistanced user privacy control. So it was only natural that Mr. Leibowitz looked to tradition and invoked the 19th-century law review article, which essentially laid the legal foundations for protecting Americans’ privacy rights.
(My colleagues Tanzina Vega, Edward Wyatt and Verne Kopytoff have written in depth this month about the F.T.C. report, its proposed framework for increasing consumers’ privacy choices and its implications for the online marketing industry).
Mr. Warren and Mr. Brandeis wrote, for example, that privacy, an intangible right, was as important as more tangible common law rights, like the ownership of private property. People have the right, they wrote, to control dissemination of their personal thoughts or images. People also have “the right to be let alone.”
In a similar fashion, the F.T.C.’s report recommends that Internet and mobile app users receive better control over who sees, collects and shares information about their electronic behavior — like, say, the Web sites they peruse or the terms they plug into search engines. Indeed, the commission proposed a “do not track” mechanism that would allow consumers to opt out of “behavioral advertising,” the kind of marketing that tailors ads to a consumer’s personal track record.
This is not the first time since snapshot photography that new technology has inspired legal experts to rethink privacy protections.
“The laws haven’t really kept pace with the unbelievable developments,” says Jessica Rich, deputy director of the trade commission’s bureau on consumer protection.
As an example, Ms. Rich cited the 1960s, when deeper credit reporting allowed companies to use advanced database technology to collect consumers’ financial information. Once legislators began to understand how such databases could affect people’s ability to obtain mortgages, housing and even jobs, she said, Congress enacted the Fair Credit Reporting Act. The 1970 law allowed consumers to retrieve and correct credit information about themselves.
Indeed, privacy regulation is often reactive, says William McGeveran, a privacy scholar at the University of Minnesota Law School.
Take the Video Privacy Protection Act, enacted by Congress in 1988, after a local newspaper in Washington obtained and published the video rental records of Robert Bork, a Supreme Court nominee. The so-called Bork law, one of the country’s strongest privacy statutes, prohibits the disclosure of personally identifiable rental information without consumer consent.
“One of the comical attributes of privacy regulation is — a lot of it is responsive to fire alarms,” says Professor McGeveran.
Indeed, over time Congress has increased privacy regulation in different industries, he says. There’s the Health Insurance Portability and Accountability Act, for one, that in 1996 established certain federal protections for personal health information. And the Gramm-Leach-Bliley Act of 1999, which required financial service companies to notify customers about their information policies and allow them to opt out from having their data shared with unaffiliated parties.
“Maybe now it’s online privacy’s turn to have more of a direct regulatory intervention,” Professor McGeveran says.
The trade commission’s report proposes new industry practices to enhance online privacy choices for consumers. For those to take effect, however, either the interactive advertising industry would have to increase self-regulation or Congress would have to enact a law enabling the commission to enforce new rules.
Some industry groups are already stepping up transparency.
In October, the Digital Advertising Alliance, a coalition of trade groups, introduced an “advertising option icon”— a logo that Web sites can display to indicate that they collect consumer data and that they allow people to opt out of behavioral advertising. Next month, some data collection firms in that coalition are introducing the Open Data Partnership, a program that will allow consumers to edit their information profiles on certain sites or opt out of being tracked by participating companies.
But Christopher Soghoian, a privacy researcher and graduate student at Indiana University, says most Web sites don’t allow consumers to opt out of tracking.
Companies “promise they won’t use the data they collect for the purpose of picking the individual ads they are showing you,” he says, “but they don’t actually offer to stop collecting data about you.”
AND there’s another potential problem, Mr. Soghoian says.
Web sites often deposit cookies on consumers’ computers to track online preferences and activities. The F.T.C.’s recommendation for an opt-out mechanism would play on that idea with a privacy cookie, encoded in people’s browsers, that would alert advertising networks to users’ privacy choices.
But a few smaller companies have already moved beyond cookies, Mr. Soghoian says, with a technique called “device fingerprinting.” That advanced technology can follow online behavior — not by using cookies but by tracking signals that are specific to a person’s individual laptop or mobile device.
“That’s not something you can opt out of,” Mr. Soghoian says. “There’s no way to delete my fingerprint because there’s no way for me to delete my phone or my computer.”
Once again, technology forges ahead. Not much has changed since 1890.
Excerpted from Online Privacy Races Against Technology - NYTimes.com
Readability — An Arc90 Laboratory Experiment http://lab.arc90.com/experiments/readability
Follow us on Twitter »Readability version 1.7.1