Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Asks To Regulate Privacy; Doubleclick Hires PR Team

Posted by michael on from the double-take dept.

Both the Washington Post and the New York Times have stories about the FTC's decision to ask Congress for the authority to regulate online privacy. The FTC had recently completed yet another privacy survey that showed companies were doing little to protect privacy on the Internet, even after several years of dire warnings. In other news, Doubleclick named a "No-Privacy Board" -- errr, a "Privacy Board." Its members are listed below, along with my notes on their backgrounds.

It is important to keep in mind what this is being billed as: Doubleclick calls this, in their press release, a "Consumer Privacy Advocacy Board." Supposedly this board is set up to, you know, advocate consumer privacy. So, let's take a look at its composition.

Robert Abrams, former attorney general of New York: hired because of his connections in New York State, which threatened to file suit against Doubleclick. His role will be to lobby his buddies in various government agencies to prevent privacy lawsuits.

Robert Litan, vice president and director of economic studies at the Brookings Institution: supports "opt-out" marketing and notification of privacy policies, as opposed to actual privacy. (Which is exactly Doubleclick's position, of course.)

Harriet Pearson, director of public affairs at International Business Machines Corp.: Pearson is one of the people behind the Online Privacy Alliance, a corporate front group working to attack privacy on the Internet. Pearson has moderated seminars on how to profile users without seeming to be Big Brother; her job is to make you feel good about not having any privacy. Every group needs a PR flack.

Lori Fena, chairman of Web privacy organization TrustE: Fena is an advertising executive by trade. And obviously, having her on board means that TrustE won't exactly be cracking down on any of Doubleclick's practices.

Daniel Weitzner, an executive at the World Wide Web Consortium: Weitzner's main job at W3C is promoting P3P, a protocol designed to automatically give out your name, address, phone number, credit card information, Social Security number, and other personal data to Web sites as you browse -- a sort of hyper-invasive universal cookie. Need I say more?

Elizabeth Lascoutx, a director and vice president at the Council of Better Business Bureaus: Lascoutx's work at the BBB used to center around children's advertising -- she sought to have commercial messages on children's Web sites set off from the rest of the content in the same manner as television advertising ("after these messages, we'll be right back").

David Stazer, vice president and co-founder of PlanetOut.com: I don't know of any qualifications Stazer might have with regard to privacy.

Stewart Baker, a partner at the law firm of Steptoe & Johnson: Baker used to be the general counsel of the National Security Agency, probably not the first people you'd think of when you think "privacy"; he's an influential Washington lobbyist now. Baker publicly attacked the efforts to boycott Intel and Microsoft over the Pentium-III processor ID and the GUID embedded in MSOffice documents -- he stated that if all machines on the Internet were authenticated and identified, things like denial of service attacks could be prevented (which is true enough, if you don't mind a total loss of privacy).

No one from EPIC? No one from the ACLU? You can draw your own conclusions about whether this "Consumer Privacy Protection Board" (sic) is intended to actually help Doubleclick change its ways, or whether it is merely intended to help protect the company from lawsuits and adverse governmental action, like, say, the FTC wanting the authority to force companies to respect privacy concerns.

16 of 178 comments (clear)

  1. What's wrong with P3P? by igaborf · · Score: 4
    ...P3P, a protocol designed to automatically give out your name, address, phone number, credit card information, social security number, and other personal data to websites as you browse...

    I'm not intimately familiar with the P3P spec. But according to the P3P guiding principles user agents are supposed to:

    • Provide mechanisms for displaying a service's information practices to users.
    • Provide users an option that allows them to easily preview and agree to or reject each transfer of personal information that the user agent facilitates.
    • Not be configured by default to transfer personal information to a service provider without the user's consent.
    • Inform users about the privacy-related options offered by the user agent.

    On the surface, at least, that looks pretty reasonable. It certainly doesn't sound like the description given above. What am I missing?

    1. Re:What's wrong with P3P? by jellicle · · Score: 3

      P3P is a mechanism designed to get you to enter all your personal data into your web browser and have your browser give it out, behind the scenes, to any website that asks for it.

      Today, a website can't just demand that, as a condition of entry, you provide it with your SSN and mother's maiden name. People have an initial bad reaction to that, and coupled with the hassle of filling out a form to enter that info, they'll turn away from the site. P3P allows web sites to do that without the hassle - instead of being presented with a form, you'll see a dialog box:

      "Website X is requesting full access to your personal information. Yes/No?"

      If you say no, website X won't let you enter. If you say yes, it gets access to every bit of information in the profile you filled out. Eventually, of course, you'll get tired of seeing those pop-up boxes and will turn them off and forget about it. You'll even have a hard time putting in fictitious information because ecommerce sites will use it for purchasing information - you'll have to enter the right information if you ever want to actually purchase anything.

      Consider: Doubleclick has a whole elaborate Doubleclick cookie with information you enter at a site when you make a purchase. Now Doubleclick could simply access your profile. The protocol is designed to move information from the user to the remote site behind the scenes, in such a way that the user doesn't see it go. If it actually caught on, the default for the web would switch from being more-or-less anonymous until you choose to identify yourself, to being identified, personally, at every site you visit.

      --
      Michael Sims-michael at slashdot.org

  2. Silly paranoia by Reality+Master+101 · · Score: 3

    I'm not going to make any comment on this "news", except to say DO YOUR OWN RESEARCH.

    This commentary is so ridiculously biased and paranoid that unfortunately this article tells you almost nothing, except Michael has been watching too many "1984" movies.

    I think it behooves everyone -- particularly the people who run Slashdot -- to remember that reasonable people can disagree even on matters of privacy. Sometimes these people don't even live in James-Bond-Villain style homes with albino cats, plotting how to take over the world. Good lord, sometimes they're even real people with real families!

    And sometimes these people even have good points.

    Knee-jerk -- dare I say immature? -- reactions like the kind that "michael" creates are NOT the way to influence policy.


    --

    --
    Sometimes it's best to just let stupid people be stupid.
    1. Re:Silly paranoia by jpatokal · · Score: 5
      This commentary is so ridiculously biased and paranoid that unfortunately this article tells you almost nothing, except Michael has been watching too many "1984" movies.

      Paranoia and albino cats are indeed quite unnecessary, as DoubleClick's actions are backed by sound logic. DC is a for-profit company, and the more information about their customers they have, the more profit they can make. Hence privacy is detrimental to their bottom line, and it's in DC's best interest to fight against it -- as long as the public backlash from doing so doesn't outweigh the gains.

      In this light, setting up that wonderfully named Consumer Privacy Advocacy Board is perfectly logical. Create a board so it looks like they care about privacy, and populate it with stooges (carefully selected from other organizations so it doesn't look too obvious) to prevent the board from actually interfering with their operations. Downright brilliant... unless you're a consumer. And without michael's research, would the average /. reader have noticed the "independent" board members' links to DC? I certainly wouldn't have.

      Cheers,
      -j.

    2. Re:Silly paranoia by Reality+Master+101 · · Score: 3

      Allright, let's just take one of your "insights"...

      Lori Fena, chairman of Web privacy organization TrustE: Fena is an advertising executive by trade. And obviously, having her on board means that TrustE won't exactly be cracking down on any of Doubleclick's practices.

      Nice character assassination, without any evidence. How about actually doing some research, since that's what you are alleging to be doing, and tell us:

      1) What evidence is there that TrustE being on a board of directors wouldn't be anything but good? Past history, please?

      2) Since you know she is an advertising executive, and you choose to take this as damning of her character, how about giving us a full resume? Tell us exactly when and how she has been damaging to privacy (as you define damage, of course).

      In fact, the only knees that are jerking are the net-libertarian types who hate government and automatically reject any suggestion that a corporation might be doing something bad. Like you.

      And yet another knee jerking. I specifically didn't tell you my opinion on privacy, corporations and specifically this one. I am specifically attacking you and your appalling lack of research, attacks on possibly innocent people without providing a shred of evidence, and your all-around irresponsibility.

      In short, what you are engaging in is gossip and innuendo, plain and simple.


      --

      --
      Sometimes it's best to just let stupid people be stupid.
    3. Re:Silly paranoia by jellicle · · Score: 3
      Nice character assassination, without any evidence. How about actually doing some research, since that's what you are alleging to be doing, and tell us:

      1) What evidence is there that TrustE being on a board of directors wouldn't be anything but good? Past history, please?

      2) Since you know she is an advertising executive, and you choose to take this as damning of her character, how about giving us a full resume? Tell us exactly when and how she has been damaging to privacy (as you define damage, of course).

      Any writer has to assume a few things about his audience. If every story included a total recap of everything that had happened to date, I wouldn't have to assume any knowledge, but the stories would quickly reach Katz-length. In this case, I am assuming that you know something about TrustE - how it was created as a PR device to ward off government regulation, how it has repeatedly refused to investigate or condemn any of its members, no matter how egregious their actions. It's been asked to investigate Microsoft, Real, Doubleclick, Dejanews, Hotmail, Geocities... and couldn't find anything wrong with any of them. That's right - Real wasn't violating its privacy statement by tracking what music you listen to, Geocities wasn't violating its user agreement that said it wouldn't sell information to outside parties when it (according to the FTC) sold information to outside parties.... TrustE is a very forgiving overseer, you see.

      After all, companies pay it for the privilege of being overseen - if TrustE started cracking down, the companies would stop paying! There have been dozens of stories about TrustE, several of them in slashdot. For an example, see TrustE Decides Its Own Fate Today.

      Perhaps I am assuming too much. I've been following TrustE for several years, and seen it evolve from an organization supposed to protect privacy to an organization solely geared toward PR work in protecting its member corporations. These facts might not be obvious to someone who hasn't been paying attention.

      --
      Michael Sims-michael at slashdot.org
    4. Re:Silly paranoia by kevin+lyda · · Score: 4
      ok, since you won't research lori fena, i will. and what i found from a google search on her name does question a negative assessment of her commitment to privacy. i'd be interested to see slashdot do an interview of her, and see what her impressions of the privacy board are.

      some links follow in case you're too lazy to hit google. but most of these are not current - 1995-1998 seem to be the ranges. this could just be google's problem, but again i think a slashdot interview with her would be in order.

      --
      US Citizen living abroad? Register to vote!
  3. European Privacy Laws by CaptainZapp · · Score: 4
    Sheesh, sounds like quite a panel (even if those folks backgrounds might be pulled out of context). I'm aware the Americans are very weary about regulations of all sorts, especially when it's the govinmint (or one of their designated agencies) regulationg. What I don't quite get is what's so bet to set up privacy laws that are simple and streight forward. Basically they dictate that:

    There must be a reason to collect data. This can have quite far reaching consequences. I.e. if an employer asks on an application about religion, sexual preferences or your dope smoking habits, this is verboten. Because this data is not relevant to the application

    Data can't be past to third party without explicit consent of the err! victim. Some 235 page click through agreement with a well hidden check box is not considered explicit consent.

    Every person has a right to get information what data is stored about her/him and has a right to correct wrong data.

    Data may not be collected indiscrimnately

    etc...

    Personally I'm rather regulated by a govinmint that puts my interests as an individual before those of big business entities, then by some strange privacy advocacy panels set up by corporations whose business model is to violate my privacy. But of course your mileage may vary.
    --
    ich bin der musikant

    mit taschenrechner in der hand

    kraftwerk

  4. Re:Govt regulation (=loopholes)will eliminate priv by NMerriam · · Score: 5

    The 'net simply moves/changes too fast for legislators and their regulators

    I keep hearing this and similar comments over and over, but I don't understand it.

    In what way has the Net changed so fundamentally that a privacy policy from 1990, or 1980 would be outdated today? The entire point of good lawmaking is to make a law general enough to be adaptable to new circumstantial details.

    If, at the beginning of Compuserve in the 70s, Congress had a made a law saying:

    "No one shall, without prior consent of the user, keep records of that user's activities on any electronic network, including personally identifiable information, except such that is necessary for technical or security reasons. This shall in no way limit the use of information provided by a user in any public forum such that a user would not reasonably expect such information to be considered private."

    And there would be another paragraph explaining that people with existing/ongoing relationships can store and use such information as is necessary to maintain that relationship (commercial or not). And another one talking about how sharing information with third-parties is subject to other rules, and some final sections with definitions of terms used.

    Making law is very much the same as making code -- if you do it high-level enough, you only have to change the details to make it work in entirely new situation.

    More regulation from the FTC is not the answer, because clever people always find a loophole or a way around regulations.

    So we shouldn't even try? People manage to get around the laws against murder on occassion, but we haven't seen fit to scrap them yet. At the beginning of the Civil Rights Era, the anti-discrimination laws were circumvented with dull regularity. Now you'd be hard-pressed to find a companies who won't do anything to avoid getting in trouble under them.

    The point is that yes, people will get around the law but we'll reach a balance point that's a lot closer to provacy than it is right now. We're certainly not going to get more provacy by doing nothing...

    --
    Recursive: Adj. See Recursive.
  5. Re:Govt regulation (=loopholes)will eliminate priv by NMerriam · · Score: 5

    If you want your personal information to remain private, the DON'T GIVE IT OUT. DUH!

    I'm curious, how did you get a job without telling your emplyer your Social security number and your home address? How do you get medical care without providing billing information to the hospital? How did you get a drivers' license?

    How did you get your credit cards? how do you get the things you order online (or offline) without a proper address? How do you pay your phone bill?

    I'm fascinated by the idea that anyone who doesn't live in a mud hut is an idiot for "giving out" information that we could so obviously simply keep private. The point is that many people you HAVE to give information to in order to exist have no relucatance whatsoever of selling that information to other people you specifically don't want it to go to.

    We're not getting pissed about people using information we gave them knowingly and willingly, but if I give my SS# to the insurance company I don't think they should have any legal right whatsoever to sell it to my gocery store, or Amazon.com, or anyone else.

    If the FTC gets in the act they won't just be nice about it, it will become a federal crime

    I should hope they wouldn't be "nice about it", otherwise you lose most of the deterrent effect. they aren't nice about it when I break laws, why should companies get a break? Of course, the truth is they generally ARE "nice about it". The FTC will send warnings, demand complaince, do everything but send a singing telegram with flowers before they penalize a company. If anything the FTC is too lenient, because 99% of the time the worst that happens for breaking the law is you get told to stop breaking it. I wish I got such harsh punishment!

    It is much easier to deal with a corporation which has it self interest at heart than it is to deal with a government which is hell bent on "helping."

    Why doesn't the government (or rather, regulators/politicians) have it's self-interest at heart? Why doesn't the corporation want to help? Ayn always says, check your premises...

    --
    Recursive: Adj. See Recursive.
  6. I know people hate Microsoft here, but... by M-2 · · Score: 4

    If you're using Internet Explorer 4 or Higher, there's the security settings which allow you to set zones. You can then assign websites into zones.

    Put *.flycast.com and *.doubleclick.net into the 'high' security zone and watch the problems go away.

    And if sites won't let you in 'cause the banner won't load... did you really need them ANYWAY?

    I don't know if Netscape 6 has anything like that - I never use alphas on my machine, I like the idea of vague stability. No matter how much of an illusion it may be.
    ----

    --
    Brazil has decided you're cute.
  7. Re:whew! thanks mike... by kevin+lyda · · Score: 3

    gee, slashdot does a fair bit of research *and* writes a story with a pretty obvious bias, and you're upset. you would prefer a subtle bias or do you actually believe journalists can write with complete objectivity?

    --
    US Citizen living abroad? Register to vote!
  8. Keeping your enemies close by Money__ · · Score: 4
    When there is a large public outcry (such as this case of fair use of private information) it's a typical PR move to try and get your enemies on your side. Like micros~1 hiring ambitious programers that threaten their market share (only to stuff the programers into a fruitless cushy R&D job) , Double-click is buying the silence of people that would normally stand against them.

    It fits the old saying "keep your allies close, but keep your enemies closer".

    Imagine the big three automakers hiring Ralph Nader as a "consultant" back in the 70s. Imagine Richard Nixon hiring Archibald Cox to form an "exploritory panel". Imagine Bill Clinton hiring Ken Star as a "advisor" in the 90s. Would any of these people sell out and join the oposition? I think not.

    Not to name names ;) but these people:

    Robert Abrams
    Robert Litan
    Harriet Pearson
    Lori Fena
    Daniel Weitzner
    Elizabeth Lascoutx
    David Stazer
    Stewart Baker

    are all selling out your privacy and their own personal integrity.
    ___

  9. Don't like Doubleclick? Use Junkbuster! by Frater+219 · · Score: 5
    Why complain about Doubleclick? Their actions need not have any effect whatsoever on you. You have every right to protect yourself. Are you using the Junkbuster Proxy yet? Do you have a comprehensive blockfile?

    Are you a sysadmin? Have you considered setting up a Junkbuster proxy alongside your Squid caching proxy and recommending it to your users? You can save a lot of bandwidth by letting your users opt out of banner ads. Most of them don't like 'em any more than you do.

    (If you use Debian on your server systems, Junkbuster is available in both slink (the current stable release) and potato (the current beta release) as the package "junkbuster".

    If you use a Macintosh for your home system, as I do, I recommend to you the iCab Web browser, which almost exactly duplicates the image-filtering abilities of Junkbuster -- right there in your browser configuration.)

    Advertisers do not have any right to your bandwidth or your private information. However, you need not rely on the FTC or any other branch of government to protect you, your children, or your institution's resources. And if you're only willing to stand up for your rights if government will help you -- then what rights do you really have?

  10. Not quite; check your facts by CrayDrygu · · Score: 4
    The one that it said it would leave and set to OPT_OUT, and then a ASPSESSION one. So they are still tracking you, no matter what they say.

    That ASPSESSION cookie is set by any site using IIS and ASP. It's one of the "features" of Microsoft's web server. In order to keep track of things like session variables, ISS sets a cookie in your web browser. There's no way around this, except to not use IIS and ASP.

    As proof, I run a web server locally (PWS, the Win98 version of IIS), and occasionally use Lynx (yes, there's a Windows version). I have Lynx's startup page set to localhost, and tell it to ask me about cookies. Every time I start Lynx, I get:

    localhost cookie: ASPSESSION=FANJPPAAJCAA Allow? (Y/N/Always/never)

    Or some similar string.

    --

    --
    "I personal[ly] think Unix is "superior" because on LSD it tastes like Blue." -- jbarnett

  11. Mozillas' sweet cookie blocking abilities. by Paran · · Score: 3

    Mozilla has a little cookie manager that lets you see every site that has set a cookie. It allows you the option of removing and not reaccepting any future cookies from removed sites. I really do love this feature, and it made my day when I found it.

    Now doubleclick, and a slew of others, aren't able to set cookies on my machines. This really is the only thing you can do. If you visit a site, they have every right to record your having been there, and it will never change (and it shouldn't).