One thing I just don’t get are privacy policies. I don’t understand how a public can be so naive as to be upset that they are being tracked when they are on the Internet, and how unaware they are that invasive tracking is in our daily lives.
Julia Angwin wrote a piece in the WSJ about cookies and tracking, “Hidden inside Ashley Hayes-Beaty’s computer, a tiny file helps gather personal details about her, all to be put up for sale for a tenth of a penny.” It goes on to mention how this cookie “knows” she likes certain movies and doing online quizzes.
Lotame Solutions Inc. the company that made the beacon which collects information gathers the data which is then sold on a sort of data market, like BlueKai, where marketers can purchase the profiles of people to market to.
The data on Ms. Hayes-Beaty’s film-watching habits, for instance, is being offered to advertisers on BlueKai Inc., one of the new data exchanges.
“It is a sea change in the way the industry works,” says Omar Tawakol, CEO of BlueKai. “Advertisers want to buy access to people, not Web pages.”
The solution to the issue is simple, either make the sale of people’s personal information illegal, or make it mandatory to obtain consent (in writing) for the information that is for sale. Lotame Solutions did not ask Ms. Hayes-Baeaty’s permission to collect her information or to install the cookie. Therefore they violated her privacy, simple.
In television, people consent to having their watching habits monitored and recorded. that is now Neilsen ratings work. These people consent and are rewarded for their participation. And really awareness is the key if the information is going to be sold or distributed.
But I wonder if Ms. Angwin knows how many other things are tracking her. For instance, inside her car has a little black box, not unlike the black box (which is really orange) on a plane. Known as an EDR (event data recorder) this records the technical details of your vehicle for a short period of time. Here is the best part, ownership of the EDR is subject to state law. Here in Canada there are several cases before the courts which include EDRs.
One might suggest that such a black box is necessary for crash investigations and that having one isn’t that big an invasion of privacy since it contains no personal data. Most tracking cookies don’t either. Most only collect data which is then aggregated.
Perhaps she never noticed the CCTV cameras all over the place. Take Toronto for example. All over the city we have these boxes:
At first it was just in the entertainment district, then it was expanded for the G20 and now some of those cameras have been left in place. They are not all bad though. Remember Mary Bale? That was captured by CCTV. She did not give her consent to being filmed. I bet if she had realized she was on camera she wouldn’t have put the cat in the bin.
England, which is increasing becoming exactly what Orwell was writing about, has even begun installing facial recognition cameras in schools. The coupling of omni-present cameras with facial recognition constitutes a MUCH larger threat to personal privacy than a tracking cookie used by your average tracking software.
Walmart puts RFID tags in clothes so they know where they go, although they claim it’s to help with inventory. These RFID tags (radio frequency ID) would enable tracking of individuals everywhere. They could see now many of their customers enter their stores with clothes purchased from that very store. But tracking people is not really anything new. At work I have to scan a card to get in, so my boss knows what time I get to work. I have to enter a password to log in to by computer so they know when I am working and when I am not. They even have access to my emails, personal and business if they are sent on the company computer. These touch points of tracking capabilities are everywhere.
Have you ever gone to the washroom and had the automatic flush toilet, automatic sink, automatic hand drier or paper towel dispenser? Guess what, it’s collecting data! Is it evil? Is your privacy threatened? No, not really. The information is used to determine how often someone should check the amount of paper towel left, or how often a particular bathroom is used for cleaning purposes. So it is with tracking cookies.
Eric Petersen wrote an article entitled “You are all evil“; catchy to say the least. But theatrics aside he has some interesting points.
- Have a rock-solid privacy policy
- Not use tracking software they don’t understand
- Not be unaware of what tracking software they have deployed
- Have a clear answer for “how and why do you track us?”
- Be transparent as hell when anybody asks what you’re doing
He needs to add one more
6. Obtain consent if the information is going to be sold or distributed
The problem of course is that with any technology it can be used for good or evil purposes. Most web analysts are just interested in making their website better, which is good. Most marketers are interested in pushing their unwanted advertising at you, like spam, which is bad.
So while Mr. Petersen is attempting to capture the attention of the WAA, and incite some sort of a response, let’s be clear about who is evil and who isn’t. As an analyst, I fail to see why the WAA is so reluctant to jump into the fray we know better than anyone what is at stake here.