Slashdot Log In
FTC Asks To Regulate Privacy; Doubleclick Hires PR Team
from the double-take dept.
It is important to keep in mind what this is being billed as: Doubleclick calls this, in their press release, a "Consumer Privacy Advocacy Board." Supposedly this board is set up to, you know, advocate consumer privacy. So, let's take a look at its composition.
Robert Abrams, former attorney general of New York: hired because of his connections in New York State, which threatened to file suit against Doubleclick. His role will be to lobby his buddies in various government agencies to prevent privacy lawsuits.
Robert Litan, vice president and director of economic studies at the Brookings Institution: supports "opt-out" marketing and notification of privacy policies, as opposed to actual privacy. (Which is exactly Doubleclick's position, of course.)
Harriet Pearson, director of public affairs at International Business Machines Corp.: Pearson is one of the people behind the Online Privacy Alliance, a corporate front group working to attack privacy on the Internet. Pearson has moderated seminars on how to profile users without seeming to be Big Brother; her job is to make you feel good about not having any privacy. Every group needs a PR flack.
Lori Fena, chairman of Web privacy organization TrustE: Fena is an advertising executive by trade. And obviously, having her on board means that TrustE won't exactly be cracking down on any of Doubleclick's practices.
Daniel Weitzner, an executive at the World Wide Web Consortium: Weitzner's main job at W3C is promoting P3P, a protocol designed to automatically give out your name, address, phone number, credit card information, Social Security number, and other personal data to Web sites as you browse -- a sort of hyper-invasive universal cookie. Need I say more?
Elizabeth Lascoutx, a director and vice president at the Council of Better Business Bureaus: Lascoutx's work at the BBB used to center around children's advertising -- she sought to have commercial messages on children's Web sites set off from the rest of the content in the same manner as television advertising ("after these messages, we'll be right back").
David Stazer, vice president and co-founder of PlanetOut.com: I don't know of any qualifications Stazer might have with regard to privacy.
Stewart Baker, a partner at the law firm of Steptoe & Johnson: Baker used to be the general counsel of the National Security Agency, probably not the first people you'd think of when you think "privacy"; he's an influential Washington lobbyist now. Baker publicly attacked the efforts to boycott Intel and Microsoft over the Pentium-III processor ID and the GUID embedded in MSOffice documents -- he stated that if all machines on the Internet were authenticated and identified, things like denial of service attacks could be prevented (which is true enough, if you don't mind a total loss of privacy).
No one from EPIC? No one from the ACLU? You can draw your own conclusions about whether this "Consumer Privacy Protection Board" (sic) is intended to actually help Doubleclick change its ways, or whether it is merely intended to help protect the company from lawsuits and adverse governmental action, like, say, the FTC wanting the authority to force companies to respect privacy concerns.
What's wrong with P3P? (Score:4)
I'm not intimately familiar with the P3P spec. But according to the P3P guiding principles [w3.org] user agents are supposed to:
On the surface, at least, that looks pretty reasonable. It certainly doesn't sound like the description given above. What am I missing?
Silly paranoia (Score:3)
I'm not going to make any comment on this "news", except to say DO YOUR OWN RESEARCH.
This commentary is so ridiculously biased and paranoid that unfortunately this article tells you almost nothing, except Michael has been watching too many "1984" movies.
I think it behooves everyone -- particularly the people who run Slashdot -- to remember that reasonable people can disagree even on matters of privacy. Sometimes these people don't even live in James-Bond-Villain style homes with albino cats, plotting how to take over the world. Good lord, sometimes they're even real people with real families!
And sometimes these people even have good points.
Knee-jerk -- dare I say immature? -- reactions like the kind that "michael" creates are NOT the way to influence policy.
--
European Privacy Laws (Score:4)
There must be a reason to collect data. This can have quite far reaching consequences. I.e. if an employer asks on an application about religion, sexual preferences or your dope smoking habits, this is verboten. Because this data is not relevant to the application
Data can't be past to third party without explicit consent of the err! victim. Some 235 page click through agreement with a well hidden check box is not considered explicit consent.
Every person has a right to get information what data is stored about her/him and has a right to correct wrong data.
Data may not be collected indiscrimnately
etc...
Re:Govt regulation (=loopholes)will eliminate priv (Score:5)
I keep hearing this and similar comments over and over, but I don't understand it.
In what way has the Net changed so fundamentally that a privacy policy from 1990, or 1980 would be outdated today? The entire point of good lawmaking is to make a law general enough to be adaptable to new circumstantial details.
If, at the beginning of Compuserve in the 70s, Congress had a made a law saying:
"No one shall, without prior consent of the user, keep records of that user's activities on any electronic network, including personally identifiable information, except such that is necessary for technical or security reasons. This shall in no way limit the use of information provided by a user in any public forum such that a user would not reasonably expect such information to be considered private."
And there would be another paragraph explaining that people with existing/ongoing relationships can store and use such information as is necessary to maintain that relationship (commercial or not). And another one talking about how sharing information with third-parties is subject to other rules, and some final sections with definitions of terms used.
Making law is very much the same as making code -- if you do it high-level enough, you only have to change the details to make it work in entirely new situation.
More regulation from the FTC is not the answer, because clever people always find a loophole or a way around regulations.
So we shouldn't even try? People manage to get around the laws against murder on occassion, but we haven't seen fit to scrap them yet. At the beginning of the Civil Rights Era, the anti-discrimination laws were circumvented with dull regularity. Now you'd be hard-pressed to find a companies who won't do anything to avoid getting in trouble under them.
The point is that yes, people will get around the law but we'll reach a balance point that's a lot closer to provacy than it is right now. We're certainly not going to get more provacy by doing nothing...
Re:Silly paranoia (Score:5)
Paranoia and albino cats are indeed quite unnecessary, as DoubleClick's actions are backed by sound logic. DC is a for-profit company, and the more information about their customers they have, the more profit they can make. Hence privacy is detrimental to their bottom line, and it's in DC's best interest to fight against it -- as long as the public backlash from doing so doesn't outweigh the gains.
In this light, setting up that wonderfully named Consumer Privacy Advocacy Board is perfectly logical. Create a board so it looks like they care about privacy, and populate it with stooges (carefully selected from other organizations so it doesn't look too obvious) to prevent the board from actually interfering with their operations. Downright brilliant... unless you're a consumer. And without michael's research, would the average /. reader have noticed the "independent" board members' links to DC? I certainly wouldn't have.
Cheers,
-j.
Re:Govt regulation (=loopholes)will eliminate priv (Score:5)
I'm curious, how did you get a job without telling your emplyer your Social security number and your home address? How do you get medical care without providing billing information to the hospital? How did you get a drivers' license?
How did you get your credit cards? how do you get the things you order online (or offline) without a proper address? How do you pay your phone bill?
I'm fascinated by the idea that anyone who doesn't live in a mud hut is an idiot for "giving out" information that we could so obviously simply keep private. The point is that many people you HAVE to give information to in order to exist have no relucatance whatsoever of selling that information to other people you specifically don't want it to go to.
We're not getting pissed about people using information we gave them knowingly and willingly, but if I give my SS# to the insurance company I don't think they should have any legal right whatsoever to sell it to my gocery store, or Amazon.com, or anyone else.
If the FTC gets in the act they won't just be nice about it, it will become a federal crime
I should hope they wouldn't be "nice about it", otherwise you lose most of the deterrent effect. they aren't nice about it when I break laws, why should companies get a break? Of course, the truth is they generally ARE "nice about it". The FTC will send warnings, demand complaince, do everything but send a singing telegram with flowers before they penalize a company. If anything the FTC is too lenient, because 99% of the time the worst that happens for breaking the law is you get told to stop breaking it. I wish I got such harsh punishment!
It is much easier to deal with a corporation which has it self interest at heart than it is to deal with a government which is hell bent on "helping."
Why doesn't the government (or rather, regulators/politicians) have it's self-interest at heart? Why doesn't the corporation want to help? Ayn always says, check your premises...
I know people hate Microsoft here, but... (Score:4)
If you're using Internet Explorer 4 or Higher, there's the security settings which allow you to set zones. You can then assign websites into zones.
Put *.flycast.com and *.doubleclick.net into the 'high' security zone and watch the problems go away.
And if sites won't let you in 'cause the banner won't load... did you really need them ANYWAY?
I don't know if Netscape 6 has anything like that - I never use alphas on my machine, I like the idea of vague stability. No matter how much of an illusion it may be.
----
Re:What's wrong with P3P? (Score:3)
Today, a website can't just demand that, as a condition of entry, you provide it with your SSN and mother's maiden name. People have an initial bad reaction to that, and coupled with the hassle of filling out a form to enter that info, they'll turn away from the site. P3P allows web sites to do that without the hassle - instead of being presented with a form, you'll see a dialog box:
"Website X is requesting full access to your personal information. Yes/No?"
If you say no, website X won't let you enter. If you say yes, it gets access to every bit of information in the profile you filled out. Eventually, of course, you'll get tired of seeing those pop-up boxes and will turn them off and forget about it. You'll even have a hard time putting in fictitious information because ecommerce sites will use it for purchasing information - you'll have to enter the right information if you ever want to actually purchase anything.
Consider: Doubleclick has a whole elaborate Doubleclick cookie with information you enter at a site when you make a purchase. Now Doubleclick could simply access your profile. The protocol is designed to move information from the user to the remote site behind the scenes, in such a way that the user doesn't see it go. If it actually caught on, the default for the web would switch from being more-or-less anonymous until you choose to identify yourself, to being identified, personally, at every site you visit.
--
Michael Sims-michael at slashdot.org
Re:Silly paranoia (Score:3)
Allright, let's just take one of your "insights"...
Lori Fena, chairman of Web privacy organization TrustE: Fena is an advertising executive by trade. And obviously, having her on board means that TrustE won't exactly be cracking down on any of Doubleclick's practices.
Nice character assassination, without any evidence. How about actually doing some research, since that's what you are alleging to be doing, and tell us:
1) What evidence is there that TrustE being on a board of directors wouldn't be anything but good? Past history, please?
2) Since you know she is an advertising executive, and you choose to take this as damning of her character, how about giving us a full resume? Tell us exactly when and how she has been damaging to privacy (as you define damage, of course).
In fact, the only knees that are jerking are the net-libertarian types who hate government and automatically reject any suggestion that a corporation might be doing something bad. Like you.
And yet another knee jerking. I specifically didn't tell you my opinion on privacy, corporations and specifically this one. I am specifically attacking you and your appalling lack of research, attacks on possibly innocent people without providing a shred of evidence, and your all-around irresponsibility.
In short, what you are engaging in is gossip and innuendo, plain and simple.
--
Re:whew! thanks mike... (Score:3)
Re:Silly paranoia (Score:3)
Any writer has to assume a few things about his audience. If every story included a total recap of everything that had happened to date, I wouldn't have to assume any knowledge, but the stories would quickly reach Katz-length. In this case, I am assuming that you know something about TrustE - how it was created as a PR device to ward off government regulation, how it has repeatedly refused to investigate or condemn any of its members, no matter how egregious their actions. It's been asked to investigate Microsoft, Real, Doubleclick, Dejanews, Hotmail, Geocities... and couldn't find anything wrong with any of them. That's right - Real wasn't violating its privacy statement by tracking what music you listen to, Geocities wasn't violating its user agreement that said it wouldn't sell information to outside parties when it (according to the FTC) sold information to outside parties.... TrustE is a very forgiving overseer, you see.
After all, companies pay it for the privilege of being overseen - if TrustE started cracking down, the companies would stop paying! There have been dozens of stories about TrustE, several of them in slashdot. For an example, see TrustE Decides Its Own Fate Today [slashdot.org].
Perhaps I am assuming too much. I've been following TrustE for several years, and seen it evolve from an organization supposed to protect privacy to an organization solely geared toward PR work in protecting its member corporations. These facts might not be obvious to someone who hasn't been paying attention.
--
Michael Sims-michael at slashdot.org
Keeping your enemies close (Score:4)
It fits the old saying "keep your allies close, but keep your enemies closer".
Imagine the big three automakers hiring Ralph Nader as a "consultant" back in the 70s. Imagine Richard Nixon hiring Archibald Cox to form an "exploritory panel". Imagine Bill Clinton hiring Ken Star as a "advisor" in the 90s. Would any of these people sell out and join the oposition? I think not.
Not to name names ;) but these people:
Robert Abrams
Robert Litan
Harriet Pearson
Lori Fena
Daniel Weitzner
Elizabeth Lascoutx
David Stazer
Stewart Baker
are all selling out your privacy and their own personal integrity.
___
Re:Silly paranoia (Score:4)
some links follow in case you're too lazy to hit google. but most of these are not current - 1995-1998 seem to be the ranges. this could just be google's problem, but again i think a slashdot interview with her would be in order.
Don't like Doubleclick? Use Junkbuster! (Score:5)
Are you a sysadmin? Have you considered setting up a Junkbuster proxy alongside your Squid caching proxy and recommending it to your users? You can save a lot of bandwidth by letting your users opt out of banner ads. Most of them don't like 'em any more than you do.
(If you use Debian [debian.org] on your server systems, Junkbuster is available in both slink (the current stable release) and potato (the current beta release) as the package "junkbuster".
If you use a Macintosh [apple.com] for your home system, as I do, I recommend to you the iCab [www.icab.de] Web browser, which almost exactly duplicates the image-filtering abilities of Junkbuster -- right there in your browser configuration.)
Advertisers do not have any right to your bandwidth or your private information. However, you need not rely on the FTC or any other branch of government to protect you, your children, or your institution's resources. And if you're only willing to stand up for your rights if government will help you -- then what rights do you really have?
Not quite; check your facts (Score:4)
That ASPSESSION cookie is set by any site using IIS and ASP. It's one of the "features" of Microsoft's web server. In order to keep track of things like session variables, ISS sets a cookie in your web browser. There's no way around this, except to not use IIS and ASP.
As proof, I run a web server locally (PWS, the Win98 version of IIS), and occasionally use Lynx (yes, there's a Windows version). I have Lynx's startup page set to localhost, and tell it to ask me about cookies. Every time I start Lynx, I get:
localhost cookie: ASPSESSION=FANJPPAAJCAA Allow? (Y/N/Always/never)
Or some similar string.
Mozillas' sweet cookie blocking abilities. (Score:3)
Now doubleclick, and a slew of others, aren't able to set cookies on my machines. This really is the only thing you can do. If you visit a site, they have every right to record your having been there, and it will never change (and it shouldn't).