Does Anyone Actually Agree on What Do Not Track Means?By: Drew Bowling - July 5, 2012
If you’ve been following issues regarding online privacy for the past year or so, you most likely have read or heard people talking about Do Not Track, the proposed utility that permits internet users to indicate to third-party data collectors that they do not wish to have their information tracked. In brief, the problem with third-party data collectors is that you never really know who they are or what info of yours they have (or even how much) and so Do Not Track would theoretically permit internet users to increase the amount of control they have when it comes to sharing their information with third-party companies by allowing internet users to tell these companies, “Hey you, get offa my cloud.”
Before reading further, do you actually know about Do Not Track? If so, do you or will you be using the feature, or do you plan to just go about the internet as usual with no great concern about what third-party companies learn about you? Let us know how you feel in the comments section.
Nobody seems to like the practice of businesses tracking their browsing habits across the internet; at least, that much seems apparent given multiple studies have shown an overwhelming majority of people are concerned about the practice. How to actually honor those consumer preferences seems to be a bit of a morass, hence the introduction of Do Not Track and the contention that followed among affected and involved parties.
Microsoft set off a row last month when it announced that its upcoming Internet Explorer 10 will be released with the Do Not Track feature already on by default. Oddly, Microsoft’s justification for making Do Not Track the a default feature was that it gives people the right to decide if they want their information kept from third-party data collectors. However, if consumer preference were truly the issue, you would imagine that Microsoft would have included Do Not Track with IE10 but not as a default feature, thus allowing users to decide whether or not to turn it on, i.e., choose for themselves. The implication Microsoft seems to be trying to make is that third-party data collectors should naturally be distrusted.
Understandably, the Digital Advertising Alliance, a group that represents online advertisers, took issue with Microsoft’s decision to make Do Not Track a default setting. The thing is, when the Federal Trade Commission endorsed the anti-tracking feature back in March, the agency stopped short of actually requiring that browsers include Do Not Track because the FTC still believes that the online advertising industry can sufficiently self-regulate itself.
Amusingly, the DAA is now in the difficult situation of arguing against Microsoft’s decision to automatically opt-in Do Not Track on IE10 without actually coming out and saying, “But most people who use the internet won’t have any clue about how to turn off Do Not Track.” Calling consumers dim-witted isn’t exactly the best approach to winning their confidence, yeah?
And so, in a hearing on online privacy protections, the DAA argued to Congress last week that self-regulation has been working. Adding to the debate is Firefox-distributor Mozilla, which told Congress in the same hearing that it doesn’t think the Do Not Track policy has been developed enough so as to be effective. Alex Fowler, representing Mozilla, said that self-regulation could work but only if it’s “a multi-stakeholder process that reflects the views of all of the relevant parties involved in data transactions.”
So let’s tally this up: the DAA says self-regulation works, Mozilla thinks self-regulation can work but only if there is a mutually beneficial understanding between all parties that won’t disrupt the online advertising ecosystem, the FTC would like to see self-regulation work, and Microsoft doesn’t care about that self-regulation because it’s going to deploy Do Not Track for all of Internet Explorer’s users anyways.
The Do Not Track debate tends to illuminate one troubling reality: this anti-tracking feature is purely symbolic and, worse, confusing. Currently, third-party data collectors aren’t legally obliged to respect Do Not Track. They can still collect your information whether you have Do Not Track turned on or not. That’s the part of self-regulation that the DAA says online advertisers will respect, and so far the online advertisers say they plan to play along with consumers preferences on data-tracking. The DAA doesn’t want the FTC to actually intervene directly, and the FTC would really like to see this matter resolved without its intervention.
Make no mistake, nobody should be tracked around the internet and unknowingly have their information collected from them. That’s where the transparency of the internet has been one big whopping failure, and so “Do Not Track” sounds great for protecting consumers in that regard. But really, what does Do Not Track even mean?
For one, I would confidently bet that most of the people who use the internet have no idea what Do Not Track is, have never heard of it, and probably aren’t even completely aware of how their information is gathered from data collectors. I bet you a dozen Happy Meals that I could walk across the street to a McDonald’s and ask any random 50 people if they know about the Do Not Track issue. I wouldn’t be surprised if exactly 50 people reply with blank stares and shrugs.
Further, even within the sub-culture of people who are aware of Do Not Track and follow online privacy issues, what does Do Not Track mean to them? Thomas Roessler, a domain leader with the World Wide Web Consortium, questions if there’s any confidence in those three words. “I do think you will see a lot of contention going forward about what ‘Do Not Track’ means,” he said earlier this year, suggesting that the legal interpretation of the phrase could undergo some gymnastic flexibility if it becomes contested in a court.
Doc Searls, a privacy expert and fellow at the Center for Information Technology & Society, told Network World that Do Not Track may not even be plausible in 2012 and that the concept is somewhat misguided.
“I don’t think we need Do Not Track legislation,” Searls says. “I think it’s a bad idea at this stage, because we don’t have the technical solutions to the problem, the problem basically being that we got stuck at client/server in 1995 with the first Web servers and especially with the invention of the cookie, and we have this normative system in which almost all the power resides on the server side and not on the client side.”
So if Do Not Track isn’t even meaningful in our current era of internet, why are these companies spending so much of their resources arguing about what it means for the ecosystem of online advertising, or consumers, or tech companies, etc.?
Although Do Not Track may not even be an effective anti-tracking policy, methinks that Microsoft’s stake in the debate is to largely distinguish itself from Google by re-creating itself as more pro-consumer privacy than Google (again, more symbology than reality). Mozilla’s call for a “multi-stakeholder process” follows Searls’ recommendation of developing a more direct line of communication between online businesses and consumers so as to improve relations and targeted advertising.
Do Not Track is a great idea, but I fear that it will be executed poorly. In fact, maybe poor execution of Do Not Track should happen so that all parties – data-collectors, tech companies, the FTC, and, consumers – can reevaluate this issue and conjure up a pro-consumer, don’t-track-me-if-don’t-want-it policy that actually does put internet users first.
Do you think Do Not Track is actually a good idea, or is it really just a bunch of sound and fury signifying nothing? What kind of alternative to Do Not Track would you propose? Let us know in the comments.