Commentary: Privacy Online: The Ftc Must Act NowHeather Green
Think the deluge of mail-order catalogs and dinnertime phone solicitations invades your privacy? Well, compared with what's possible on the Net, you ain't seen nothin' yet. On the Web, marketers can collect more information and in greater detail than ever before--without you even knowing it.
Luckily, the spotlight is turning toward the key players in this online snooping, called advertising networks, which track consumer behavior by, in effect, following people around as they surf the Web. With privacy advocates screaming about the threat, the Federal Trade Commission in early November held a workshop with ad services and privacy advocates to gain a better understanding of what's involved.
"COOKIES." Unlike TV, radio, and print, the Net can record what individuals--not demographic groups or neighborhoods--are actually reading, listening to, and shopping for, and then build detailed profiles of that behavior. Techniques pioneered by DoubleClick Inc. and now used by other online ad services allow an advertiser to monitor consumer behavior across thousands of sites. An auto company can find out what kinds of models a person is looking at online, where he or she lives, and how often the person visits competitors' sites. The services typically do this by placing "cookies," or tiny software tags, on surfers' browsers, which automatically record where they go online, how often, and for how long. Consumers can choose not to have data collected, but they rarely do. DoubleClick gets only 12 opt-out requests daily; it has 80 million customer profiles.
Even when profiles are stripped of any info about an individual's name or e-mail address, there's cause for concern. If law-enforcement officials want to find out about an individual's behavior, what's to stop them from subpoenaing the individual's unique I.D. from an ad service? "This is a little different than the privacy issues we've examined in the past," says FTC Chairman Robert Pitofsky. "I am not comfortable saying that because the information is not personally identifiable, that nothing needs to be done."
INVISIBLE. At the November FTC workshop, 10 of the biggest ad servers, representing 85% of the industry, proposed an opt-out arrangement that would let consumers choose not to have their data gathered. It's not enough. For starters, an opt-out provision works only if consumers are fully aware of what these invisible info-trackers are up to. Pitofsky admits that even he doesn't understand the technology.
There's one obvious solution. Instead of opt-out, why not opt-in? Web sites could be required to seek the consumer's O.K. instead of assuming that their silence means consent. At the very least, the FTC must make sure that any opt-out awareness campaign is heavily publicized.
Individuals should be able to control their private information and choose whom they give it to in cyberspace. The debate cannot be put off too long: Companies such as DoubleClick and CMGI Inc., which have pioneered ways of collecting information online, are gobbling up smaller ad services and building ever larger databases. The FTC meeting should begin a wider debate on this critical issue.