A Contrarian Dissection Of The Web Privacy Debate
March 28, 2012

A Contrarian Dissection Of The Web Privacy Debate

Jedidiah Becker for RedOrbit.com

Though it's not likely to garner the frenzied flurry of public attention enjoyed by January's wildly unpopular SOPA-PIPA anti-piracy legislation (R.I.P.), another critical Internet issue has been seized upon by D.C. politicrats in recent months, and they're hard at work in their efforts to whip up public indignation over it.

That issue goes by the euphemistic misnomer "Web privacy," and unbeknownst to most people it could affect the future of the Internet as profoundly as the D.O.A. anti-piracy bill would have. Yet perhaps unsurprisingly, public reaction to Web privacy has been tepid at best, as professional politicians and bureaucrats continue to dominate the public discourse, framing the issue in terms of 'Internet rights' as though they were a natural extension of first ten amendments of the Constitution.

On Monday, the Federal Trade Commission (FTC) issued a report outlining the current situation in consumer Web privacy and providing a list of recommendations for legislators. But more on that later.

The majority of Washington's political class has long ogled the Internet with lusty eyes, almost resentful of the fact that there remains one truly free public domain not yet under a suffocating thicket of inane laws and regulations.

Yet the result of this still relatively free Internet has been a rapid-fire explosion in growth and innovation unheard of since the Industrial Revolution - and even surpassing it in terms of the prodigious speed of its evolution and its ubiquity.

Rifle through your mental list of friends, family and acquaintances to see if you can think of just one or two people who don't use some kind of Internet service at least once a day. If there is such a person in your life, it's likely your 89-year-old grandmother or a missionary cousin proselytizing disease-stricken villages in Central Africa.

(Note of disclosure: My 89-year-old grandmother keeps daily tabs on her grandchildren via Facebook and does genealogy searches on her iPad, and my missionary cousins all have smartphones.)

In fact, the statement that 'the Internet has become an integral part of our daily lives' has become such a vapid platitude that it's more likely to elicit bored yawns from anyone standing within a ten-foot radius than it is to inspire a reflective thought.

Yet given the significant role that most of us would confess the Internet plays in our daily affairs, it is perhaps worthwhile to take stock of Aldous Huxley's famous observation regarding our “almost infinite capacity for taking things for granted.” More often than not, it is precisely those things that we take for granted that come back to bite us most ferociously in the hindquarters.

In the case of the Internet, we seem to have retained the capacity for being continually impressed by the relentless stream of innovative and useful products it places at our feet, and yet tend to neglect the other side of the equation. In short, we marvel at and eagerly utilize everything it offers, while we prefer not to contemplate the nuts and bolts of what goes in to making it possible.

Given the ominous clouds now gathering over the nation's hive professional busybodies, there has never been a better time to move the issue to the forefront of our collective consciousness.


Since the mid to late 90s when entrepreneurs began to seize on the Internet's commercial potential, online advertising has played a steadily growing role in providing Web ventures with the revenue flow needed to innovate and grow.

While we marvel at the exponential growth in the number of websites and web services that have sprung up in the last decade, the source of that growth is, quite literally, right under our noses.

As the sophistication and effectiveness of Web advertising has evolved, so has the amount of money that advertisers have been willing pour into it.

Recall for a moment those so-called “banner ads” that used to adorn the top of nearly every website (and still do on many). For companies looking to sell a product or service, investing in this kind of advertising was like shooting an arrow in the sky and hoping to randomly hit someone. For every 1,000 of these banner ads that appeared on separate Web pages, an average of 2 to 5 people actually clicked on them, and only a fraction of these actually went on to actually purchase the product. Thus, in order for these kinds of advertisements to lead to a significant increase in sales, a company had to be sure that hundreds of thousands - if not millions - of people saw it.

Naturally, most companies weren't willing to spend much on this primitive, generally ineffective form of advertising. On average, companies paid only a fraction of a cent per single banner appearance, and thus the amount of revenue flowing into the Web industry remained highly limited and the number of websites able to survive was generally limited to a few giants like Yahoo who could boast millions of visitors a day.

But then came “sidebar ads” of various shapes and sizes, then the annoying pop-ups, then those ads that float across your screen, followed by the short video commercials that you typically have to watch for five seconds before you can skip over them. With each experimental new form of Web advertising, marketing experts noted which ones were most effective and passed this info on to companies.

If you're a company and you know that 100 people out of a 1,000 are going to click on your personalized sidebar ad versus 2 to 5 for those lame old sidebar ads, you'll be willing to dish out appreciably more for this type of Web advertising.

Thus as advertising grew more sophisticated and effective, the total amount of money invested in online advertising soared, and thousands of new niches were carved out for a panoply of smaller websites that never could have survived in the earlier capital-scarce Web environment. No longer did Web ventures need a gazillion hits a day just to pay for their overhead, staff and servers; a few thousand hits became enough to stay afloat.

This evolution in advertising techniques has served as both the rocket fuel propelling massive Web firms like Google towards astronomical earnings as well as the daily bread of those hundreds of thousands of unique little websites that make up the florid Internet landscape we now enjoy.

With this in mind, therefore, it's hardly hyperbole to state that the evolving sophistication of online advertising and marketing has been one of the greatest forces in the democratization of the Internet.

Yet ironically, it is this very sophistication that has recently ignited a swelling cacophony of criticism of Web advertising practices - albeit most of that criticism continues to emanate from Washington rather than Main Street.

In particular, it is the practices employed by Web companies to procure and peddle their users' information that are increasingly finding themselves in the crosshairs of politicians and technocrats.

In current practice, Internet data collection essentially lets online retailers and marketing firms get a glimpse into the anonymous Web user's personal profile, including age, gender and browsing history. This, in turn, allows companies to direct custom-fitted advertisements at you for products and services that you might actually be interested in buying. Advertisers see better returns on their investments, Web ventures as diverse as Google, Huffington Post and HowStuffWorks.com take in more revenue, and you get a constantly improving and expanding array of product and services at the cost of having to look at advertisements tailor-fitted to your profile.


Framed in these terms, one is (this writer hopes) inclined to ask “So, whats the big deal?”

According to handful of politicians and zealous consumer advocacy groups, the consumer's online privacy is rapidly being eroded by increasingly invasive online advertising practices.

As Jeff Chester of the Center for Digital Democracy recently told BBC: “Our privacy as citizens and users throughout the world is threatened by this powerful pervasive commercial surveillance system that is being created without our awareness and without our consent and that has nothing really to do with paying for online services.”

These are hefty charges, though Chester admittedly represents one of the more stringent voices in opposition to these advertising practices. But throughout the Internet one increasingly finds commentaries both tacitly and overtly comparing these sophisticated marketing practices to an Orwellian dystopia.

And in recent months, the legislative, regulatory and executive branches of government have seized upon this ostensible security threat and have begun calling for federal measures that would expand the government's role in Web practices in order to protect innocent consumers.

Several bills are already circulating in Congress addressing various aspects of Web privacy, and in January the White House announced its support of a so-called “online privacy bill of rights.” This digital addendum to the first ten amendments of the Constitution focuses on seven 'protections' which, if enacted into law, would give consumers unprecedented control over how websites record and utilize their visitors' information.


The most recent development in the government's mounting crusade to rescue consumers from dastardly Web companies came in the form of a report issued Monday by the Federal Trade Commission.

In addition to outlining and assessing the current situation in the world of Web privacy, the FTC “recommends that Congress consider enacting targeted legislation to provide greater transparency for, and control over, the practices of information brokers.”

In his blog [email protected], Chief Technologist for the FTC Ed Felton tersely summed up the four most significant focal points of the 112-page document.


The first of these pertains to so-called de-identified data (pages 18-22 in the report).   This involves forcing Web companies to remove anything from their users' information that could connect it to an individual person or device, making any data that it passes on to advertisers completely anonymous.

Felton concedes that this is a hazy, grey area that won´t be easy to define and regulate.

“If you're going to claim that data is de-identified, you need to have a good reason - the report calls it a 'reasonable level of justified confidence' - for claiming that the data does not allow inferences about individuals.  What 'reasonable' means - how confident you have to be - depends on how much data there is, and what the consequences of a breach would be.”

“But heres a good rule of thumb: if you plan to use a dataset to personalize or target content to individual consumers, its probably not de-identified. “But beyond that, figuring out whether your dataset is really de-identified can be challenging.”

So what would de-identifying data mean for consumers and the Web companies?

First of all, as this writer understands, it would essentially outlaw the use of effective targeted advertising. If Google can't let advertisers know that the device associated with your IP address frequently visits Banana Republics online store, then companies like BR or J.Crew can't specifically target you for ads when they have their end-of-season blowout sale.

Ultimately, this means less efficient advertising, which means that companies will invest less in Web advertising, which means that the total pool of revenue available to Web entrepreneurs will shrink, as will the number, variety and quality of websites that depend on that revenue.

Secondly, if the Chief Technologist for the FTC concedes that it's difficult to determine when data is really de-identified, then you can bet the farm that the FTC will add a new division to its army of regulators, equipped with a horde of newly hired technocrats charged with the task of arbitrarily interpreting vague terms like 'reasonably de-identified' and charging taxpayers billions for this service.

Thirdly, it will add another layer of bureaucratic red tape for Web entrepreneurs to deal with, meaning that they will have to invest additional capital in making sure that they're in compliance with the FTC's arbitrary terms rather than investing it in growing and improving their business.


Another of the four salient features of the FTC's report pertains to the much-hyped Do Not Track (DNT) option that regulators would like to make available to all consumers. As the title suggests, consumers would be able to simply tell a website or a search engine not to follow and record their browsing habits even while using that company´s service.

In light of the de-identified data recommendation, DNT seems to be largely - though not entirely - redundant. The effects, however, would likely be similar to those of de-identifying data.

There is, however, a fundamental, philosophical question at stake in these two measures, and this writer is not the first to point it out.

The question is this: Who owns a business like, say, Google? Does Google own Google or do the people who use Google own Google?  Phrased like this, it seems like a silly question. But the fact of the matter is that both de-identifying and DNT mandates would allow users who are voluntarily using the services provided by Google to tell the company what it can and can´t do with its own capital.

As Google's Peter Barron has pointed out, the company has a very specific privacy policy that lets every user know exactly what kind of personal information they use and how they use it. And if you don't want your data used and recorded for ad purposes at all, they note, you can still use the search engine if you don't have an account with any of Google's sixty or so other free services.

Thus, if you think Google is a vassal of Beelzebub, you don't have to use their services. If your favorite restaurant has cameras on the ceiling that you think are really creepy, you stop going there - you don't, however, get to tell them to take the cameras down. If enough people are creeped out by the cameras, the restaurant owner will either wise-up and take down the cameras, or it will go bankrupt. That's how a consumer's democracy works. What the FTC advocates is something more akin to a consumer dictatorship.

The remaining features of the report highlighted by Felton addressed how Web companies use “sensitive data” like financial and medical records as well as urging more transparent privacy policy disclosures for mobile-device applications. Though not without their barbs, these latter two appear significantly less controversial than DNT and de-identifying information. In fact, to the extent that it clarifies the terms of the tacit contract between Web users and Web services providers, privacy policies should be as transparent as possible.

On the whole the Center for Digital Democracy's Jeff Chester hailed the FTC's report for “open(ing) up an important new 'front' in the battle to protect consumer privacy.”

“The harvesting and sale of our valuable data, including about our financial and health interests, poses a major threat to consumers. The FTC's call for legislation is a digital wake-up call to Congress,” he told the BBC.


Until now, the FTC has continued to tout the voluntary nature of their recommendations, praising those progressive Web companies who are already working to fall in line with their recommendations given the present absence of concrete legislation.

In a recent statement, FTC chairman Jon Leibowitz said that: “If companies adopt our final recommendations for best practices - and many of them already have - they will be able to innovate and deliver creative new services that consumers can enjoy without sacrificing their privacy.”

Alluding specifically to the much-vaunted Do Not Track 'recommendation,' Leibowitz also stated that he was confident that DNT would be available to all consumers by the end of 2012 “because companies are moving forward expeditiously to make it happen and because lawmakers will want to enact legislation if they don't."

In what seems like a thinly-veiled threat, one gets the feeling that the FTC is telling the Web industry, “Do this voluntarily or we'll see to it that you're forced to do it.”

Surprisingly, at least one member of the FTC actually shares this perspective.

FTC Commissioner Thomas Rosch was the single dissenting voice in the 3-1 vote on the privacy report released this week. And while he supports some of the report's recommendations, he takes issue with the agency´s general approach to the Web privacy.

Although the FTC is merely an enforcement agency and has no formal authority to enact new rules and regulations, the agency´s political influence on Capitol Hill and in Congress is legendary.

And according to Rosch, there should be no illusions about the report's recommendations being truly “voluntary.”

Seeking to avoid dangerous political confrontations with the FTC, Rosch candidly wrote in his decision that most Internet companies will “feel obliged to comply with the 'best practices' or face the wrath of 'the Commission' or its staff.'”

What's more, Rosch further emphasized that the whole idea of 'fairness' and 'unfairness' in Web privacy is an “elastic and elusive concept” that leaves itself open for arbitrary political interpretation.

Turning the whole notion of a Foucaldian panopticon for Web consumers on its head, Rosch explained that the FTC's recommendations “would install 'Big Brother' as the watchdog over these practices not only in the online world but in the offline world,” thanks to the massive gray area surrounding the term 'fairness' and the fact that the recommendations would apply indiscriminately to nearly all online data collection.

In an attempt to preempt this criticism, the FTC has noted that companies would not have to give consumers the choice of opting out of what it terms “commonly accepted practices” of data collection.

The agency went on to list five categories of Web business practices for which companies would have the unabridged right to collect data, including product and service fulfillment, internal operations, fraud prevention, legal compliance and public purpose, and first-party marketing.

As an example of permissible data collection, commissioners cited Netflix's right to recommend movies to its subscribers based on what they've rented or streamed in the past.

Yet for the FTC to tout this as though it were a munificent compromise with Web businesses borders on the absurd. This is like telling a bartender at your favorite pub that he's allowed to remember what beers you usually drink so that he can recommend new brews to you the next time you come in.  Thanks FTC, that's mighty generous of you.

At the risk of pedanticism, this writer would like to wrap this discussion up with two reminders:

First, beware when any federal agency starts talking about wanting to protect you from something other than itself. No matter how reasonable it may initially sound, if you go along with it you will inevitably get more 'protection' than you bargained for.

Secondly, don't forget that the Web industry is not a fairy godmother: It consists of companies, both new and old, as well as those that are still just a twinkle in some ambitious entrepreneur's eye. And like any other industry, it needs revenue to reinvest in successfully growing companies as well as to create niches for innovative newcomers.

As technophilic consumers who have come to take for granted the growth, dynamism and innovation in Web services as an integral feature of modern life, we need to stop, reflect and weigh the consequences before we let our noble guardians in Washington abruptly cut off the pipelines that provide this industry with its fuel - not for the sake of the businesses, but for ourselves.