The “Do Not Track” header in websites is a feature that states if a user wishes to be tracked by websites (mainly for advertising purposes through cookies) or not. However, it is optional for the websites if they respect the user’s decision or not. Today, most browsers support this feature (the Chrome browser will support it by the end of 2012), Microsoft recently even announced that it will be turned on by default in IE10. From a privacy perspective this is a very welcome development, which gives power back to the users. However, two recent articles focused on the economical implications of restricting technology that funds big parts of our (free) Internet as we know it. Without ads, websites such as Google or Facebook would have a hard time financing themselves. In Technology Review, Antonio Regalado asks if this feature will kill off innovation in online advertisement, with serious implications for the $40B online ad industry and as such for us as users as well.
Another reason I find the article quite interesting is that it points out the positive sides of tracking the user to deliver highly targeted ads. You might even get relevant information out of ads instead of useless spam.
In order to better understand online tracking I highly recommend the guide from the Guardian. Also check out their nice graph about the biggest advertising companies and websites that use them.
A paper, already published in 2008, by Aleecia McDonald and Lorrie Cranor of the Carnegie Mellon University, suggests that the time needed to read all privacy policies we accept in our daily online lives amounts to 250 hours of “work” in a year and the cost of reading these policies amounts to $781 Billion per year. It is obvious that no one can spare the time to read these policies and I do not know anyone who does. It is also obvious that these are not there to inform the user in any way but to create legal protection for the companies against lawsuits. As a result, it is claimed that only 3% percent of users read the policies carefully (though this number still sounds quite high to me, the original study does not seem to be available anymore).
Starting from April 1st, the so called “Vorratsdatenspeicherung” (VDS, data retention) took effect in Austria (after being sued by the EU for non-compliance in 2010). Basically, this law requires telecommunication providers (telcos, ISPs) to store all communication data (though no content of calls and emails etc.) for six months. There is much controversy about this law and a growing opposition against it. But rather than writing about VDS, which has been discussed in numerous places before, I find it much more interesting to look at the situation in other countries.
Generally, the EU Data Retention Directive requires member states to store Internet information for at least six months. Some member states, such as France, Bulgaria and the Netherlands, already implemented the directive, some resisted and got sued by the EU, such as Sweden or Austria and implement it now. Germany implemented it 2008 but stopped in 2010 following a court ruling that stated that VDS is unconstitutional.
Further, most notably, in the UK there is currently a proposal for a bill making the rounds, which would allow somewhat of an extension to VDS. The big difference to Austria is that in the UK this bill would allow real-time government surveillance and surveillance without any warrant. For the time being, no content of any messages would be surveilled, but, as this article points out, in a time of crisis this is just a small step to take. This is especially interesting since the current UK government pledged in its coalition agreement that they would stop storage of Internet data without reason! But I would have been surprised if they actually stopped it. I find it rather surprising that they didn’t manage to pass such a bill well before the Olympics 2012 for which security and surveillance systems were upgraded significantly.
I believe that generally there is no reason why ISPs and telcos should not store connection data (not content). I would be surprised if they don’t do that already anyway. And I think it is okay to use this data in criminal investigations.
However, I do see a problem if this data can be accessed at any time, without any warrant and without explaining yourself to anyone. In Austria, police does need a warrant and is only allowed to access this data if the charge for the crime committed is over two years prison time. But this is not enough, there needs to be stricter regulation. I propose an external, independent institution (ideally directly elected) that controls police who access this data. In Austria, this might be the “Datenschutzkommission” (DSK, data protection agency). The police would regularly have to report, which data they accessed and, more importantly, why. This institution would have to have the authority and political independence to stop access and inform the public. This institution in return has to publish regular public reports on their work. Of course, this institution has to be adequately funded with enough people to check and regulate. This is something that is definitely not the fact right now at the DSK. I believe it is only fair to provide more financial ressources for this since these new regulations cost the telcos and ISPs significantly more money, which they will collect from their customers.
A true democracy can only work if for every power there is an opposition. This is an ancient concept and works in Parlament and between the different powers of the state. So if one institution has the power to surveil communication data, there should be an opposition to hold the balance. This is how it works in a democracy and I think this where all of us want to live.
Obamas “Consumer Data Privacy in a Networked World: A Framework For Protecting Privacy and Promoting Innovation in the Global Economy”, better known as simply “privacy bill of rights” has made some headlines this year. Recently, since it was one of the topics at the EU Conference on Privacy and Protection of Personal Data held on March 19th, both in Washington DC and Brussels. The aim of the bill is to increase the privacy of consumers on the Internet and get closer to a common international privacy standard. Currently, the EU is known to have much stricter privacy regulation laws than the US and is working on a proposal for new data protection regulations. Now, the Obama administration created a draft for a new kind of privacy regulation to protect the privacy of consumers. However, critics state one major problem with the plan: It won’t become a law anytime soon. Instead, it is planned to create a more or less voluntary code of conduct that big corporations should commit themselves to. If they do, the FTC has the authority to enforce this commitment. This shows fundamentally different approaches to privacy protection in the US and EU. In the EU privacy is a human right while in the US it is more of a consumer right than anything.
However, I do find arguments in favor of this approach, this code of conduct, interesting. In an interview with a US civil liberty group it is argued that in an election year, it is hard to pass a law, which brings tougher regulations to corporations. Further, one problem with European privacy law, it is stated, is avoided: European law stated “protect peoples privacy” and nobody knows what that exactly means. Instead, the US approach gives this responsibility to the corporations: They have to define what it exactly means and then stick to it. And this is enforceable by the FTC. I personally think it is a nice touch that they want a “do not track button” in browsers, so consumers can turn off cookie tracking. This is one of the few, very concrete measures for privacy protection. I think that this bill is a big step forward in privacy protection in the US and that eventually it will find its way into a law. Until then, this privacy bill of rights is a good start: Amazon, Apple, Google, HP, Microsoft, and Research In Motion already confirmed that they would abide by new privacy principles. And it is definitely not the worst kind of press Obama can wish for in his election year.