Posts about privacy

Piracy v. do not track

February 23, 2012 by Jeff Jarvis
, , , ,

Consider the similarities between piracy and do not track. They’re greater than you think, for both reduce value for content creators. And both are excuses for internet regulation.

In piracy, a content company sets business rules: You must pay for my product; if you take it without paying for it, you are robbing me of value.

With do not track, an advertising-supported content company sets business rules: You will get my content for free because I will serve you ads and I will increase their efficiency, performance, and value by targeting them to your interests and behavior; if you block the cookies that make that possible, you are robbing me of value.

The difference between the two is that there is a furor over piracy as theft but, quite to the contrary, there is a rush to enable the blocking of ad tracking as a virtue.

If you listen to The Wall Street Journal, Apple was a good guy for blocking by default third-party cookies (ask what Apple gets out of that). And it’s good news that technology companies just agreed to implement a do-not-track button on browsers.

There is nothing sinister about third-party ad tracking cookies. They’ve been used since very early in the history of the web when General Motors, for example, insisted in serving its own ads on content sites so it could verify what was bought and optimize its targeting. Without that ability, many large advertisers will refuse to buy ads and the value of ad-supported media could plummet — just at a time when we are concerned about how we will support news media.

Odd that a media company wouldn’t be crying foul. The Journal’s owner, Rupert Murdoch, cries bloody murder over piracy — going so far as to accuse Google of theft — but his paper crusades for blocking tracking, claiming it is a violation of privacy (though in most cases, the cookies have no personally identifiable information and so it’s hard to justify a moral panic based on their use).

Murdoch’s News Corp is, at its core, an entertainment company, thus a paid-content company. The ad-supported portion of his P&L is not only small but is causing him much agita as his journalists in the U.K. are accused of violating laws of the nation and the profession.

I’m not building a conspiracy theory. I’m just pointing to the priorities that emerge when one follows the money.

So what about the rest of the industry — the media, advertising, and technology industries, that is? Oh, they blew it. They were never transparent enough about what technology they were using, what data they were gathering, and why — not to mention the benefits that accrued to their users (i.e., free content). That opened the door for other parties — privacy scare-mongers, competitors for our media attention, and government regulators — to demonize the mysterious cookie and stir up this moral panic and paranoia. The M.A.T. industries have only themselves to blame.

In the EU, government regulators have decreed that sites must obtain opt-in permission to set cookies. In the US, the industry agreement today announced is an attempt to forestall government regulation with self-regulation.

But don’t be too quick to celebrate as if these are consumer victories. I believe the EU dictum could lead to (a) a much poorer web experience as we are bombarded with boxes to tick and (b) poorer media companies and thus (c) the possibility of less free media and more pay walls. And in the U.S., it has been shown that one can whip up an anti-net hysteria and bring even giant technology companies to expose their soft underbellies. Each leads to more threats of regulation of the net. That’s what I fear.

It is time for technology companies especially to adopt radical transparency of how they operate so they can’t find themselves in gotcha moments when the hysterical “discover” something they’ve been doing all along. Under such openness, it is also time for them to learn that doing sneaky things will not benefit them. And it is also time for the media, advertising, and technology companies to start fighting back against accusers’ misinformation and explain the truth of what they are doing and how we benefit. That is transparency’s dividend.

LATER: By the way, this post was inspired and informed by a discussion last night on This Week in Google, in which Leo Laporte said he was grateful that I was going so far that I was making him look moderate.

One more point from that discussion: We all practice blocking ads when we fast-forward through commercials on our DVRs. And the industry adapted and still prospers (for now). That’s what may happen here. But one should still recognize the impact of one’s actions — whether skipping or blocking — on the economics of what is provided. And one difference is that we have to skip each commercial manually (especially since, as Leo pointed out, a company that provided easy 30-second skipping was hounded out of business as a result). In the case of do not track, especially government-mandated opt-in — that is wholesale devaluing of advertising in a medium.

Privacy and speech

February 10, 2012 by Jeff Jarvis
, , ,

Two notable decisions in Europe reflect the tension between privacy and free speech.

The European Court of Human Rights came down on the side of press freedom — thus speech — when it ruled in favor of media reporting on public figures. And a Dutch German court ruled that journalists had a right to interview a Nazi murderer with hidden cameras.

This tension is addressed but only glancingly in the EU’s proposed rules on privacy, which create vague carve-outs for journalism, history, and scientific research.

What none of this acknowledges at a more fundamental level the right we have to talk about someone else (with carve-outs for libel and slander already in the law) — not just the press and not just public figures. If you tell me I must forget you and erase what I have said about you, then you affect my speech. If you reveal something to me and I interact with that information and then you claim the right to pull back your information, then we must debate about who has rights to the results of our interaction (whether that is a conversation or a transaction).

Privacy isn’t as simple as some of its advocates would lead us to believe. It is interweaved with other rights and interactions.

I’ve been studying the full proposed EU privacy regulations and now I’m going through ancillary documents. I’ll be writing more about this soon.

#DLD12: Viviane Reding on privacy

January 22, 2012 by Jeff Jarvis
, ,

I’m at the DLD conference in Munich. Haven’t live-blogged in ages. But the European Commission vice-president Viviane Reding is speaking and I disagreed with her rather a lot in Public Parts, arguing that her four pillars for internet governance — privacy by default, demanding European standards for storage of data, the right to be forgotten, and transparency — bring unintended consequences.

Reding says that in “Europe, we have too many rules, too many conflicting rules.” So she wants to take over the rules for all Europe. Look at SOPA, too: There is a competition among governments to regulate the internet, to consolidate power.

“Persosnal data is the currency of today’s digital market. And like any currency, it needs stability and trust,” Reding says. Yes, but is government — which can most abuse our data — its best protector?

“Can we be sure that the rules we make today will fit tomorrow?” she asks. She says one cannot build rules that are too rigid; they need to be “futureproof.” But then, they also become very broad and that, too, has consequences.

She argues that following 27 separate sets of regulations costs 2.3 billion euros a year. Again, she justifies taking over local authority. But that is the EU.

She also calls for a smoother exchange of data among police authorities in the EU members to fight terrorism. Well, that sounds like the greatest threat to privacy I can imagine: all governments pooling what they know about you.

Reding says companies will be required to appoint data protection (privacy) officers. Thus the regulatory-industrial complex of the new privacy industry grows.

She says data-protection authorities need to be “independent” of politics. Does that mean they are above government by the people and representation?

Now to her “right to be forgotten.” It is a right, she says, to “withdraw permission” for data held by companies. I fear the implications for free speech. And on a practical level, how can one as a principle to tell people to no longer know what they know?

She says it is not an absolute right. “There are no absolute rights,” she says. She says it’s not a right to erase history or impact media. So this shows the problem with this notion, when one starts making exceptions for a principles.

Now she speaks about the debate about the freedom of the internet. She says the freedom of information and expression is a basic right and “this is directly linked to the freedom of internet, which has thus to be preserved. But those are not the only freedoms…. Sometimes one must balance freedom.” She claims the right of the creator (read: copyright) is “equally important.” Really? Higher than speech? But she says that Europe will never pass blocking legislation (read: SOPA).

No opportunity to question Reding. Shame.

Now a Microsoft guy is giving a talk and I cannot figure out what he’s trying to say. Otherwise, I’d blog it.

Next up, Andrew Keen. Polemic time. He reads a quote from Sheryl Sandberg about deeper portraits online. “I’m here as someone who is raising my voice in defense of lost privacy,” he says. But he doubts that Reding and government are the protectors.

He calls me a spokesman for “the cult of the social.” AKA society, I’d say.

He says we need to learn to live alone. Funny, but the internet was last accused of making us antisocial and now it’s accused of making us too social. It makes us neither. We make it.

Now Nick Bilton leads a panel asking the premise of his book: is privacy dead. Garg.

Odd how the topic of privacy has turned an internet conference into an anti-internet conference.

Nick asks 4Chan’s Chris Poole whether we “should allow anonymity on the net.” That’s how the net is built, Nick. It already is allowed. It is part and parcel of free speech.

I have no tongue left. I bit it off.

FTC Fines Santa Claus Over COPPA Violations

December 19, 2011 by Jeff Jarvis
, , ,

WASHINGTON–Federal Trade Commission Chairman Jon Leibowitz today announced a record fine against Santa Claus for violations of the Children’s Online Privacy Protection Act.

“Mr. Claus has flagrantly violated children’s privacy, collecting their consumer preferences for toys and also tracking their behavior so as to judge and maintain a data base of naughtiness and niceness,” Leibowitz said. “Worse, he has tied this data to personally identifiable information, including any child’s name, address, and age. He has solicited this information online, in some cases passing data to third parties so they may fulfill children’s wishes. According to unconfirmed reports, he has gone so far as to invade children’s homes in the dead of night. He has done this on a broad scale, unchallenged by government authorities for too long.”

Claus was fined $2 million and ordered to end any contact with children. Prior COPPA fines include $1 million against now-virtually-unknown social site Xanga, $400,000 against UMG Recordings, and $35,000 against notorious toymaker Etch-a-Sketch.

The FTC action follows similar complaints against Claus brought by European privacy authorities. European Commission Vice-President Viviane Reding has complained about Claus holding data on children outside of EU data-protection standards in North Pole server farms. German head of consumer protection Ilse Aigner has called for an investigation of Claus’ use of Google Street View in navigating his Christmas Eve visits. German Federal Commissioner for Data Protection and Freedom of Information Peter Schaar has demanded that Claus give children, naughty or nice, the right to be forgotten in his data base. And Thilo Weichert, head of the privacy protection office in the German state of Schleswig-Holstein, demanded that German web sites take down any Facebook “Like” button referring to Claus.

Meanwhile, Canadian Privacy Commissioner Jennifer Stoddart has attempted to bring together an international coalition of privacy officers opposed to Claus’ practices. In California, Claus has been threatened with severe penalties for nonpayment of the state sales tax. And the UK has vowed that Claus will be detained and could face extradition should he set foot in any English chimneys on Christmas Eve.

Reaction to the FTC decision was mixed in Washington. Republican presidential candidate Rick Perry vowed to kill the Federal Trade Commission, relieved that he had finally recalled the final agency he had marked for death. Rival Newt Gingrich suggested that Claus apply for U.S. citizenship, “having contributed much to U.S. industry by stimulating greed at all ages; we need more Clauses and more spending to fix this Democrat-ruined economy.” Ron Paul suggested that Claus set up a Liberatarian nation at the North Pole and offered to run for office there. Herman Cain, whose candidacy remains on hold after allegations of sexual improprieties, said that he “always wondered why the old coot didn’t get in hot water for plopping kiddies on his lap; seemed a lot creepier than anything I ever did.” President Barack Obama refused comment.

From his North Pole headquarters, Claus said through a spokesman that he endeavored only to fulfill children’s dreams. “I regret that the world has come to this: treating any adult who wants to make a child happy as a dangerous stranger,” he said. “The problem with our modern world is not technology but fear, suspicion, and cynicism.” He vowed to continue his Christmas mission of joy. “What’s the worst they can do to me?” he asked, “cookie me?”

Contact: Elfelman Public Relations
Photo via Dreadcentral

Do-not-track hypocrisy

November 21, 2011 by Jeff Jarvis
, , , ,

Sunday’s New York Times editorializes in favor of Do Not Track and other privacy legislation going through Congress and the Federal Trade Commission. Yet The New York Times itself makes much use of personal, private, and tracking information itself. Indeed, it requires tracking.

The editorial (my emphasis): “Congress should act on the F.T.C.’s recommendation to establish a system that would allow consumers to effectively opt out of all tracking of their online activities. There are other worthy proposals, including the administration’s call for limits on the collection of data about consumers online. Lawmakers have proposed about a dozen privacy bills this year alone. But with Congress stuck in a partisan rut, it is reassuring to see the F.T.C. at work.”

Now read The Times’ privacy policy (and highlights):

* If you subscribe to the print New York Times, the company will sell your name *and address* and other unspecified data to others. “If you are a print subscriber to The New York Times newspaper and subscribed either by mail, phone or online, we may exchange or rent your name and mailing address and certain other information, such as when you first subscribed to The New York Times (but not your e-mail address) with other reputable companies that offer marketing information or products through direct mail.” That’s not opt-in; it’s opt-out.

In Public Parts, I argue that privacy policies in old media have long been far worse than online. Magazines, newspapers, and other recipients of your media money have for years sold information about what you read and consume and who you are and where you live to large data-base companies and marketers. If a library or an online site did that, it would be shot. But The New York Times does that. Want to pass a law about that, Times?

* The New York Times requires that you use cookies. It decrees: “You will not be able to access certain areas of our Web sites, including NYTimes.com, if your computer does not accept cookies from us.” So what happens when Congress passes Do Not Track, Times?

In its explanation of cookies, The Times says: “Our registration system requires that you accept cookies from NYTimes.com in order to log in to our Web site. Cookies are not spyware, viruses or any other kind of malicious program. For best results, set your browser options to accept all cookies from NYTimes.com. You can use your browser options to clear the cookies later, if necessary.”

Precisely. You have many means now to get rid of cookies: You can turn them off, kill them at the end of every session or whenever you want, or open a private session (an “incognito” window in Chrome) that relays no data about you. Do Not Track is redundant. It’s political cynicism.

Oh, and The Times — which gathers more personally identifiable data about you than most any other newspaper — could not operate its paywall without cookies.

* Just like other online marketers, The Times uses cookies to target advertising. “The New York Times Home Delivery Web site also transmits non-personally identifiable Web site usage information about visitors to the servers of a reputable third party for the purpose of targeting our Internet banner advertisements on other sites. To do this, we use Web Beacons in conjunction with cookies provided by our third-party ad server on this site.” Would The Times outlaw this essential business behavior? This is how The Times earns its premium rates with branding advertisers.

* The Times hires a number of analytics companies to track your behavior, from the creepily named Audience Science to WebTrends for the web and from Localytics to the fluffily named Flurry for mobile.

* The Times logs what pages you see and uses that to recommend content.

* It logs your location if you use mobile applications.

* It allows third-party ad servers to place cookies on your computer and track your behavior.

Note, too, that The Wall Street Journal, which has been on a Reefer Madness high regarding privacy, also collects personally identifiable information and connects it to browsing history without users’ permission. More hypocrisy.

Mind you, I do not object to any of these tracking behaviors. They are, in my opinion, necessary to pay for the content we get from The Times and The Journal and much of the rest of media. They are used to reduce noise, repetition, and irrelevant advertising and content. They are all-in-all harmless and have been demonized by privacy’s regulatory-industrial complex and now even by The Times. If The Times gets its wish and Do Not Track passes, enabling too many consumers “to effectively opt out of all tracking of their online activities,” then I fear we will get less content or more paywalls or both.

I also argue that media and marketing companies have done a godawful job of letting their customers know what information they were gathering and what they were doing with it and how consumers benefited. They long ago should have learned from Amazon, which reveals what it collects and what results and enables customers to see and control and correct that information (which also only gives Amazon yet more valuable data). So it’s their own damned fault they’ve been demonized, opening the door to the cynical pols and bureaucrats who proposed Do Not Track — and to their allies, such as The Times editorialists, who argue on the basis of nonspecific emotions rather than tangible facts about harm and consequences.