|Privacy - FTC Begins Exploration with Google and Others|
| 6:31 am on Dec 20, 2009 (gmt 0)|
It's just the beginning of an immense task. But finally in the US, the Federal Trade Commission began officially exploring online privacy issues with a series of roundtables that kicked off on December 7.
The records from this first session make it clear that those very issues webmasters have been concerned about are now on the table - including informed opt-in decisions for the end user. Alan Davidson, Director of Public Policy and Government Affairs, represented Google on the second panel.
Video Files and PDF Transcripts from the First Day [htc-01.media.globix.net] - All 5 panels
Google Public Policy Blog Article [googlepublicpolicy.blogspot.com]
News Coverage from Reuters [reuters.com]
Slide Show about Google Data Collection [scribd.com]
The Slide Show includes a sample log file from Google's back end (slide #5) and a specific dissection of a Google cookie (slide #6)
| 6:45 am on Dec 20, 2009 (gmt 0)|
|For several months, [FTC Chairman] Leibowitz and his deputies have raised doubts about how well current practices are protecting consumers. They worry that many Americans don't have a clear idea about how they’re being tracked online. |
WSJ Article [blogs.wsj.com]
The FTC has scheduled at least two more Privacy Roundtables for the new year. The first will be January 28, and the second date is TBA.
This is a good time for us to become even more informed, and for US webmasters to communicate with policy makers. A lot of information is likely to be disclosed over the coming weeks and months. You can file your comments on the FTC website [ftc.gov].
Within the commentary I noted from the first panel, it is now more expensive for large data aggregators to delete specific data than it is to acquire and store it. Data acquisition and storage costs are approaching near to zero, according to some of the panel participants. This will likely be a major factor for all the data collectors - creating resistance to full user control of how their data is stored or not.
[edited by: tedster at 6:28 pm (utc) on Dec. 20, 2009]
| 8:55 am on Dec 20, 2009 (gmt 0)|
Even at first glance, the FTC roundtables are extremely impressive, as is the online documentation of them. There's parallel video coverage, searchable pdf transcripts, and slide shows of the accompanying Power Point presentations.
Here are some excerpts I pulled from introduction of the first December 7, 2009 panel, to give a sense of how this is being approached and what the level of discourse is....
Panel 1: Benefits and Risks of Collecting, Using, and Retaining Consumer Data
Note that the panel is looking beyond simply the web, at "the privacy challenges posed by the vast array of 21st century technology and business practices that collect and use consumer data. Such practices include social networking, cloud computing, online behavioral advertising, mobile marketing, and the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses."
|FTC Chairman Jon Leibowitz: ...I'd argue that we're at another watershed moment in privacy, and that the time is right for the Commission to build on the February Behavioral Targeting Principles and take a broader look at privacy, or look at privacy writ large. And let me explain why. One of my advisers is about to buy a home computer with a quad core chip at 2.66 gigahertz. It costs under $2,000. In the early 1990s, a slower Cray supercomputer cost about $10 million. These advances have created extraordinary benefits for consumers, but also have tremendous implications for privacy. The computer costs of data collection seems to be approaching zero. Data storage costs are unbelievably low, too. The efficiency made possible by cloud computing, compliments unbelievable advances in chip technology. So, companies can store and crunch massive amounts of data relatively cheaply. Now, these developments have allowed companies to collect and use data about consumers in ways that were never feasible or even conceivable before. |
And, early in the discussion, the co-moderator, Jeffrey Rosen ("one of the nation's leading legal scholars and privacy experts"), looks at some history, including the 2006 AOL search data leakage, and the 2007 court order regarding Viacom/Google YouTube data. Rosen then explores potential solutions with various experts....
|Jeffrey Rosen: Richard Purcell, how much faith do you have in anonymity as a solution here? Researchers are now exploring ways of anonymizing e-mails and other data so that it has expiration dates, it can only be read for a certain period of time and then it becomes inaccessible. Is anonymity a solution to our concerns about searches being read out of context? |
Richard Purcell [CEO of the Corporate Privacy Group]: For search -- well, first of all, anonymity is not yet well defined. And so, we struggle to a great degree with making a lot of assumptions, like privacy, like happiness. A lot of these words are words that are more subjective than objective. So, it would be -- first of all, we have to begin to think about what anonymity means. And frankly, we have to start thinking about - - and the more difficult question for me becomes how do we begin to apply privacy rules to data that's perhaps not personally identifiable data? Our underlying concept for privacy is that there's personally identifiable information. If, indeed, records that are difficult to identify an individual within can become identified, should we start applying regulatory and other standards to those that are a greater standard of care? That might be very helpful. There are researchers who believe that the identifying anonymous records is relatively easy today, because the identification processes are so poor, and they can be improved. As Alessandro has said, this becomes an economic model -- how do you make it very, very difficult to re-identify data, and what's the cost trade-off of attaining that level of difficulty and preventing any exposure?
I'm less impressed by the Google Privacy videos and blogs I've seen thus far (because they are understandably not self-critical), but there is useful information to be found in them....
| 11:30 am on Dec 20, 2009 (gmt 0)|
PLEASE DO THIS
From working with the FTC on other privacy issues,
it takes a certain amount of momentum for them to actually take this seriously.
(instead of just "playing" at an investigation)
A good number is 10,000+ complaints
Place a prominent link on your websites for your visitors to complain as well.
That's the easiest way for the FTC to actually investigate out of
VERIFIABLE PUBLIC CONCERN instead of a rubberstamped investigation.
| 11:38 am on Dec 20, 2009 (gmt 0)|
Actually here's a better link to file your complaints.
>> ***FTC Complaint Form [ftccomplaintassistant.gov]***
Read details about it here [ftccomplaintassistant.gov]
| 8:25 pm on Dec 20, 2009 (gmt 0)|
Not to sidetrack discussion on this topic... a note regarding the FTC website. It works fine in FF, etc, but has scrolling problems in IE8.
This notice appears on the home page, but not throughout the site....
|ATTENTION TO ALL INTERNET EXPLORER 8 (IE8) USERS! |
If you are experiencing difficulty viewing or scrolling FTC.gov, please ensure to click the Compatability View button. This button is located at the top of your browser between the Address bar and the Refresh button.
| 1:37 am on Dec 21, 2009 (gmt 0)|
I've read a good bit of this now, and I see at least two critical factors for consumer protection:
The informed consent part would be possible with a massive media effortand some clear requirements for public notice. But before that can happen, the tougher stuff needs to get hammered out. And that won't be easy.
- Can data anonymization actually be achieved - in a way that the pieces cannot be put back together? If so, then can guidelines be created and be practically monitored/enforced?
- How can the public be truly informed about the "choices" they are making? And by "informed", I mean my sister-in-law knows it without needing to call me.
I'm not enough of a data science geek to know the answer to question #1. But it seems to me like there are enough very clever people in the field that something could be done if there were a will to do it.
With a strong enough public opinion, I hope we see Google becoming more of a leading force for the good. They seemed to have that inclination. At least they are making some of the right noises, even if their own implementation is falling far short for the moment, such as opt-in by default for personalized search results.
Google's Dashboard is a baby step [webmasterworld.com], but a decent one. It's still a lot more than my sister-in-law will be willing to take in. She will need very clear directions, focused just on search and right there on the main page.
There is enough idealism in the Google ranks that, just maybe, the engineer idealists can overrule the bottom line bean counters. I'm more concerned that the FTC will be flummoxed by the corporate interests, rather than embracing their mandate to be a consumer protection arm.
I'm remembering now the "public be damned" attitude attributed to railroad tycoon Vanderbuilt. It took many decades from that point to bring railroad safety in line - and in the process of achieving that safety, government involvement also had a negative and depressive effect on the entire US rail industry.
That's also a direction I don't want to see - so much government meddling with the web that it loses its power and potential.
| 2:06 am on Dec 21, 2009 (gmt 0)|
|Can data anonymization actually be achieved - in a way that the pieces cannot be put back together? If so, then can guidelines be created and be practically monitored/enforced? |
Those question (s) would be irrelevant if they stopped the data gathering
|At least they are making some of the right noises at present |
Where are they making these right noises ..certainly not eric nor marrissa making them ..
|There is enough idealism in the Google ranks |
Where ..because their PR machine says there is ..doesn't cut it ..
|How can the public be truly informed about the "choices" they are making? And by "informed", I mean my sister-in-law knows it without needing to call me. |
Easy ..GORG could use the button that they consider for "tricks" ( such as the "countdown" ) ..the "I feel lucky" button ..
Rename it the "use perso search" button ( and then explain honestly ( if they can remember what the word "honestly" means..they could always use another search engine to look up the meaning ;) ) it via a "what is this" link ..
Keep it next to the current "search" button just like now ..that doesn't even interfere with their layout ..
Make the "search" button cookieless ( except for prefs "safe" - "moderate" -"unfiltered"..and not record the IP ( see startpage.com for how to do this ..if GORGS engineers cant remember where they put their integrity )..and make the "use perso search" 30 day ( or even shorter )cookies of the same sort ..with opted in ( if you click through "what is this" and then accept the "honest" explanation of cross site tracking via all google properties and or tracking systems being used to profile you ..then and only then could clicking "use perso search" be considered "consent" ..
That means ..
They would have to make no change to the search page interface buttons other than the text on one of them ( the translations of "use perso search" ..or "perso search" are not onerous or too large to fit on the button ) ..and they would have to make a "what is this link" appear somewhere on the page if there was an "on hover" over this button ..the "use perso search" button..they could even make the "what is this" link work if scripts were disabled ie: visible all the time just under the button..
Obviously clicking on the standard "search" button disables the cookie reading from the "use perso search" ..remember radio buttons anyone at the plex .."choice" buttons they are called ..same ethical principle :)
Not beyond the wit of the plex one would think ..if they really want to play straight with searchers ..
The above idea I'll let them ( or any other search engine use ) use under GNU ..GORG or MS want that on paper ..they know where to write to me direct or sticky me here ..
| 4:18 am on Dec 21, 2009 (gmt 0)|
I tend to agree with you, @Leosghost. And I'm a bit put off by the gripe I saw in the transcript, about Jane/Joe User not reading "YULAs" (as they were called, or EULAs, as I call them)...
I read EULAs, but, somehow, I'd like something a bit simpler than GOOG's lengthy implicit TOS when I do a search...
Too bad EULAs are non-negotiable.
But: back to my transcript reading.
| 4:57 am on Dec 21, 2009 (gmt 0)|
|Slide Show about Google Data Collection |
So I opened the slideshow and the Google Privacy slide kept returning blank. An ironic error, I'd say.
| 5:11 am on Dec 21, 2009 (gmt 0)|
Thanks for noting this Tedster, it is definitely a very complicated and game-changing debate.
| 9:57 pm on Dec 21, 2009 (gmt 0)|
Are submitted comments under the umbrella of FOIA?
| 11:45 pm on Dec 21, 2009 (gmt 0)|
|Are submitted comments under the umbrella of FOIA? |
Could you clarify what aspect of the Information Act you are referring to?
Disclaimer: All statements made by whitenight in this thread are NOT Legal Advice...(cause i know the corps. attys like to play silly games)