The nation’s top consumer protection agency came out Wednesday in favor of tougher restrictions on online data collection, backing a “Do Not Track” setting in browsers and proposing that companies make it easier for individuals to see the data collected about them.
The FTC’s 122-page draft privacy report (.pdf) comes after more than a year of hearings, and a string of complaints and lawsuits against online ad companies for surreptitiously collecting data on internet users. The online advertising industry has long argued that it can police itself, but today’s report said those efforts haven’t worked.
“Industry efforts to address privacy through self-regulation have been too slow, and up to now have failed to provide adequate and meaningful protection,” the draft report said.
The FTC’s head Jon Leibowitz went further in a call with reporters.
“Self regulation of privacy is not working for American consumers,” Leibowitz said.
And in a thinly-veiled warning to online companies to clean up their acts, he added, “A legislative solution will surely be needed if industry doesn’t step up to the plate.”
The most prominent of those efforts has been the National Advertising Initiative that purports to give internet users a one-stop shop for opting out of advertising networks that track what users do online to build profiles in order to serve targeted advertisements. That system works via cookies in your browser that tell an advertising network such as Google’s DoubleClick system that puts ads on non-Google websites.
But that system has been buggy, inconsistent and often used identifiable tracking cookies to set a preference not to be tracked. Those practices were exposed by outspoken security and privacy researcher Christopher Soghoian, who subsequently worked for and then left the FTC.
The “Do Not Track” proposal endorsed by the FTC simplifies the process of opting out. The idea is that users would be able to choose to have their browser tell any website not to track them for advertising purposes, and that setting wouldn’t be wiped out if a user clears her browser cookies, as currently happens with opt-out cookies.
But the FTC says “Do Not Track” is not just about behavioral advertising. It could apply to any service, such as Google Analytics, that have to do with “sites and servers that build up a profile of what an individual does online,” according to the FTC’s incoming staff technologist Professor Ed Felten.
Leibovitz called on browser makers — including Google, Mozilla, Microsoft and Apple — to build in “Do Not Track” technology and called out Adobe for privacy problems in its ubiquitous Flash plug-in, which some advertisers are now using to place tracking cookies that can’t be controlled by browser settings. Unlike the “Do Not Call” list, users will not have to register with a government database.
It’s not clear that the FTC has the power to force advertisers to obey the browser setting, and called for voluntary cooperation from the online ad industry. The agency could, however, go after companies that pledge to obey but then do not. To force compliance, the FTC would likely need Congress to pass legislation but the current report makes no recommendations for new legislation.
The report also calls for companies to make it easier for individuals to see the information collected about them. Some online advertising companies, including Yahoo and Google, allow individuals to see what topics the companies have inferred that they are interested in.
Radar images taken from the space shuttle confirm that a lake broader than Lake Erie once sprawled a few hundred kilometers west of the Nile, researchers report in the December issue of Geology. Since the lake first appeared around 250,000 years ago, it would have ballooned and shrunk until finally petering out around 80,000 years ago.
