Enforcing Privacy Online: Industry Enforced versus Federally Regulated
Sharon O’Dell | July 29, 2011 | Full Sail University
Internet Security has been at issue since the early 1990s. Efforts to breach security were more about email hacking, attacks on websites and corporate servers with Denial of Service (DOS) attacks and against the individual using man-in-the-middle attacks. However, as the Internet matured and businesses began to use it more often for the purpose of commerce, other types of privacy violations were occurring and they were so ambiguous that most individuals had no reason to suspect them at first.
These actions were the result of online businesses that conducted marketing and sales from their websites. In addition to the information they collected which was provided with permission (the information you provided for the use intended such as making a purchase and giving your shipping address), there was information they would collect from you without your knowledge. This information was collected in a machine-to-machine format using code. This code could query your computer for basic information such as: what browser you were using, what operating system you had, as well as the date and time.
However, it could also give your computer a piece of code called a “cookie” that would allow the merchant to track your visits to other websites after you left their website and identify you when you returned. These cookies created a profile of each user that was extremely beneficial to the business doing the tracking. Cookies became a major problem because merchants were no longer just tracking your movements, they were also assaulting many computers with unwanted and excessive pop-up ads. There was also no way to remove these pieces of code from your computer.
As a result, in 1999 the Federal Trade Commission (FTC) held public hearings on the subject, and announced the formation of the Network Advertising Initiative (NAI), a self-regulating group of advertising companies, to develop standards in advertising in response to the FTC’s concern and potential government regulation. It was the NAI’s job to self-regulate the use of cookies and to create an opt-out technology consumers could use to protect their privacy from all ad networks. This was the first step by the FTC in regulating privacy on the Internet. In June, 2000, in an effort to set the Government’s position on Privacy and Data collection, Jacob J. Lew, Director, wrote a Memorandum that included (2000) “To ensure such adherence, each agency should immediately review its compliance with its stated web privacy policies. Particular privacy concerns may be raised when uses of web technology can track the activities of users over time and across different web sites”.
In July 2000, after negotiation with the NAI, the FTC reported to Congress that the solution had been found, and a written set of Principles was published by NAI and endorsed by the FTC. Further, a website would be forthcoming for public use. In May, 2001 the NAI released their website where Internet Users could access the opt-out cookies for “participating” networks.
Since then, the NAI has published other self-regulating documents in response to additional concerns of the FTC: (2002) Guidelines for use of Web Beacons, (2007) Self Regulatory Principles for Online Behavioral Advertising, and (2008) an updated set of the original set of Principles. Despite these attempts at self-regulation, it was clear that NAI was failing its duty to the consumer.
Fast forward to 2011 and we find that self-regulation by the Industry and its participants continue to fail the consumer in terms of tracking and obtaining personally identifiable information. A new example of this failure was reported by Declan McCullagh on July 29, 2011 in his article “Stanford Researcher Exposes Microsoft’s Wi-Fi Database”. McCullagh reported in the article “A Webpage was created by Elie Bursztein at Stanford Security Laboratory that allows anyone to enter a unique 12 character Wi-Fi address for any wireless device. It there’s a match, the site will display a map” of the exact location for the device. Allegedly Bursztein created it in order to encourage Microsoft to secure its databases – but at what cost to the individuals behind those Wi-Fi devices?
It’s not just business failures or intentional attempts to track our use of the Internet anymore. On July 28, 2011, a Panel of the U.S. House of Representatives approved a Bill that broadens the ability of an Internet Service Provider, ISP, to snoop on it’s customers. The Bill requires all Commercial ISPs to track and record the use of the Internet by every one of its customers. Further, the Bill requires the data to be stored for no less than one year, in the event that law enforcement may need it. This Bill was packaged under the guise of a preventative measure against child pornography, but it does not contain any protections for citizens in terms of others accessing the data for other purposes such as a civil suit or even Insurance Companies during investigations. As U.S. Representative for California, Zoe Lofgren stated, it represents”a data bank of every digital act by every American” that would “let us find out where every single American visited Web sites.”
Clearly, even the U.S. Government has failed the consumer, despite their best intentions.
References:
Dixon Pam., (2007). “The Network Advertising Initiative: Failing at Consumer Protection and Self-Regulation, World Privacy Forum, retrieved July 29, 2011, from http://www.worldprivacyforum.org/pdf/WPF_NAI_report_Nov2_2007fs.pdf
Lew, Jacob J. (2000). “M-00-13, Privacy Policies and Data Collection on Federal Websites” The White House, The Administration, Office of Management and Budget, retrieved July 29, 2011, from: http://www.whitehouse.gov/omb/memoranda_m00-13
McCullagh, Declan. “Stanford Researcher Exposes Microsoft’s Wi-Fi Database”. Retrieved July 29, 2011 from: http://news.cnet.com/8301-31921_3-20085575-281/stanford-researcher-exposes-microsofts-wi-fi-database/?part=rss&subj=news&tag=2547-1_3-0-20
McCullagh, Declan. “Your ISP as a Net Watchdog”, Retrieved July 29, 2011 from: http://news.cnet.com/Your-ISP-as-Net-watchdog/2100-1028_3- 5748649.html?tag=mncol;txt
Network Advertising Initiative (2001), “Opt Out of Behavioral Advertising”, retrieved from: http://www.networkadvertising.org/managing/opt_out.asp
Stanford University, “Do Not Track – Universal Web Tracking Opt Out”, retrieved July 29, 2011 from: http://donottrack.us/
