The Problems of Policing Internet Privacy
Congress Seeks to Legislate Transparency of Internet Privacy Policies
As personal activities like paying bills, shopping, and making travel arrangements have increasingly moved online, Internet users may find it convenient that more and more websites “remember” the last time they visited or “know” the types of ads they would like to see. But there’s something important Internet users are giving up in the process: their privacy.
Many websites, or ads placed on websites, quietly install cookies, beacons, and other tracking files on Internet users’ computers whenever they are accessed. Cookies generally perform harmless tasks like allowing websites to remember usernames and passwords for future logins. But some cookies can track the websites a user visits, while beacons, which consist of more complex software, can actually track what an Internet user is doing on a website—from the buttons they click to the words they type. Some tracking files may even locate and record sensitive information such as the incomes, locations, and medical conditions of Internet users.
In an examination of the top 50 most visited websites, The Wall Street Journal estimated in July 2010 that approximately two-thirds of tracking files from these sites were dispatched by tracking firms that compile Internet users’ personal information into consumer profiles. These profiles can then be sold to Internet companies to assist them in developing more personalized web services and advertisements.
A number of bills have recently been proposed in Congress to address the privacy concerns raised by the collection of this kind of information. In April 2011, Sens. John Kerry and John McCain put forth the Commercial Privacy Bill of Rights Act of 2011, which would require Internet companies to increase the transparency of their privacy policies, acquire consent before acquiring sensitive information, and give users the option to opt out of being tracked.
In May, Senate Commerce Chairman Jay Rockefeller introduced the Do Not Track Online Act of 2011, which would complement Kerry and McCain’s bill with a mandate for an across-the-board “do not track” option that would allow Internet users to prevent all websites from tracking them instead of having to opt out for each one. A similar bill specifically aimed at children, the Do Not Track Kids Act of 2011, was introduced to the House that same month. It calls for amending the Children’s Online Privacy Protection Act of 1998, or COPPA, to include teenagers, require online companies to obtain parental consent before acquiring personal information from minors, and an “eraser button” to allow users to eliminate personal information online, among other things.
On June 27, the Center for American Progress hosted a panel of leaders and experts in Internet privacy who discussed the problems of Internet tracking and the merits of proposals to fix them. A video of the event can be viewed here.
The keynote speaker at the event, Federal Trade Commissioner Julie Brill, said that the Federal Trade Commission, or FTC, is compiling a preliminary report on a new privacy framework proposal, which recommends that companies build privacy protections into new products and use more transparent policies that can be understood by consumers. The commission also supports the creation of a “do not track” mechanism. “Our proposal is a technology driven approach that will allow consumers to make persistent choices that will travel with them through cyberspace, communicating tracking preferences to every website they visit,” said Brill.
Ed Felton, the chief technology officer of the FTC, said that web browsers like Microsoft Internet Explorer and Mozilla Firefox have already started developing antitracking features, like Tracking Protection Lists and Do Not Track Flags, both of which allow users to block websites from tracking them. “These technologies exist, they’re out there,” said Felton. “Three of the four major browsers now support them and we’re now seeing a dialogue about how to put the choices users are expressing into effect.”
All of the panelists emphasized a need to protect children online, especially Jim Steyer, the founder and CEO of Common Sense Media, a nonpartisan organization dedicated to improving the media lives of families and children. “Privacy is an incredibly important issue for kids and families,” he said. “COPPA was written in 1998, which is like the stone ages. I believe there should be new legislation written.”
Although many people agree that kids need protection on the Internet, not everyone agrees on the components of the recent Do Not Track Kids Act. “Most people have applauded the motivation of this bill,” said Chris Wolf, a partner of Hogan Lovells LLC and co-director of the Future of Privacy Forum, who addressed a number of concerns that have been raised in response to the act. “The reactions have been mixed [so] it probably makes sense to carefully look at what this bill would accomplish.”
The act might require websites to verify the ages of Internet users, which seems contrary to the intentions of the bill because it would require the collection of even more personal data. It could also prevent underage Internet users from accessing lawful and benign content for personal or educational purposes. Additionally, the act would have to contend with industry’s First Amendment right to commercial free speech and the fact that the technology to erase personal information from all parts of the web has not been invented yet.
Peter Swire, a professor of law at Ohio State Law School and a Senior Fellow at the Center for American Progress, discussed the importance of finding the right balance between consumer choice and industry expense. “I have a slightly more optimistic view,” said Swire, who noted that other privacy issues have been successfully solved in the past through legislation like the Health Insurance Portability and Accountability Act, or HIPAA; the Controlling the Assault of Non-Solicited Pornography And Marketing Act, or CAN-SPAM; and other initiatives. “We have found ways to manage them through technology, self regulation and legislation,” said Swire.
While the diverse perspectives in the privacy discourse have their merits, Swire urged participants to refocus the discussion on the future. “One of my questions for kids and privacy is, five years from now, what will be obvious that we should have done now and that we’ll all do then?”
Michelle Spektor is an intern with Science Progress, and a rising senior at Cornell University in Ithaca, NY.
Comments on this article