Risk
4/25/2013
01:07 PM
Connect Directly
RSS
E-Mail
50%
50%

California Proposes 'Do Not Track' Honesty Checker

After DNT standards development stalls, legislators and advertisers seek new path forward on browser privacy.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Memo from California legislators to website owners: Tell us if you're honoring the Do Not Track (DNT) flag in people's browsers.

That's the intent of AB 370, a bill introduced earlier this year by Al Muratsuchi, a former state prosecutor who was elected to the California Assembly in November 2012.

"This bill would require an operator to disclose whether or not it honors a request from a consumer to disable online tracking," reads the draft legislation. "The bill would also require an operator to disclose if it does not allow third parties to conduct online tracking on the commercial Web site or online service."

[ Employee surveillance can be a slippery slope. Read Watching Workers: Where's The Line? ]

The proposed legislation sounds a rare note of clarity in the contentious debate surrounding do-not-track proposals, asking website operators simply: Do you honor consumers' do-not-track requests?

Working with the World Wide Web (W3C) Consortium, the advertising industry, browser developers and privacy advocates were already supposed to have developed a global Do Not Track standard, as was proposed last year in President Obama's Consumer Privacy Bill of Rights.

But the DNT standards work stalled in November 2012, prompting advertisers and marketers to focus again on self-regulation, after Microsoft enabled DNT by default in Internet Explorer 10. The Association of National Advertisers (ANA) reacted with outrage, as did some technology backers of the developing DNT standard, with the ANA's president and CEO playing the emotional card and expressing his "profound disappointment" at Microsoft's move.

Advertisers' subsequent inability to seal a DNT deal, however, didn't endear them to some members of the Senate Commerce Committee, which Wednesday held "a status update on the development of voluntary do-not-track standards."

Luigi Mastria, managing director of the Digital Advertising Alliance (DAA), told the committee that his group, in conjunction with numerous other advertising and marketing industry groups, had already created "a one-button choice mechanism to stop the collection and use of Web viewing data" for consumers. The advertising industry has long argued against DNT, saying that it would compromise the ability of sites to offer content to consumers without making them pay for it.

But Sen. Jay Rockefeller (D-WV), the committee chairman, said the one-button choice mechanism wasn't enough, and called on all players to honor the DNT standards work to which they'd committed. "It's now April 2013 and consumers are still waiting for these do-not-track standards," Rockefeller said, reported USA Today. "I believe these companies are dragging their feet."

Rockefeller, who's due to retire from Congress at the end of 2014, in February introduced the Do-Not-Track Online Act of 2013. He introduced an earlier version of the bill two years ago but didn't push the bill through the Senate after the advertising industry said it would develop a DNT standard.

Rockefeller's bill calls for the development of a DNT standard and penalties for any businesses that don't abide by it. "I do not believe that companies with business models based on the collection and monetization of personal information will voluntarily stop those practices if it negatively impacts their profit margins," he said at the committee hearing, reported Associated Press.

But not everyone thinks that a legal solution would work. "Generally speaking, when it comes to privacy protection, we should avoid placing excessive faith in schemes like Do Not Track because they could fail, just as previous techno-fixes failed to keep pace with fast-moving developments in this space," Adam Thierer, senior research fellow at the Mercatus Center at George Mason University, told the committee. Instead, he noted that concerned consumers can already safeguard their privacy using a number of free tools, including HTTPS Everywhere and VPN services.

"If our fear is that consumers lack enough information to make smart privacy choices, then let's work harder to educate them while pushing for greater transparency about online data collection practices," said Thierer. "Finally, we should remember that not everyone shares the same privacy sensitivities and that citizens also care about other values, such as cost, convenience, and choice."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PrideLand
50%
50%
PrideLand,
User Rank: Apprentice
4/26/2013 | 6:00:36 PM
re: California Proposes 'Do Not Track' Honesty Checker
I am a "concerned consumer", but I have never heard of "HTTPS Everywhere" or
"VPN Services", so his argument fails. He also needs to explain why consumers should have to go through a lot of research to figure out how to protect their privacy when it should be a given unless the opt out for a trusted source.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant