Risk
4/25/2013
01:07 PM
Connect Directly
RSS
E-Mail
50%
50%

California Proposes 'Do Not Track' Honesty Checker

After DNT standards development stalls, legislators and advertisers seek new path forward on browser privacy.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Memo from California legislators to website owners: Tell us if you're honoring the Do Not Track (DNT) flag in people's browsers.

That's the intent of AB 370, a bill introduced earlier this year by Al Muratsuchi, a former state prosecutor who was elected to the California Assembly in November 2012.

"This bill would require an operator to disclose whether or not it honors a request from a consumer to disable online tracking," reads the draft legislation. "The bill would also require an operator to disclose if it does not allow third parties to conduct online tracking on the commercial Web site or online service."

[ Employee surveillance can be a slippery slope. Read Watching Workers: Where's The Line? ]

The proposed legislation sounds a rare note of clarity in the contentious debate surrounding do-not-track proposals, asking website operators simply: Do you honor consumers' do-not-track requests?

Working with the World Wide Web (W3C) Consortium, the advertising industry, browser developers and privacy advocates were already supposed to have developed a global Do Not Track standard, as was proposed last year in President Obama's Consumer Privacy Bill of Rights.

But the DNT standards work stalled in November 2012, prompting advertisers and marketers to focus again on self-regulation, after Microsoft enabled DNT by default in Internet Explorer 10. The Association of National Advertisers (ANA) reacted with outrage, as did some technology backers of the developing DNT standard, with the ANA's president and CEO playing the emotional card and expressing his "profound disappointment" at Microsoft's move.

Advertisers' subsequent inability to seal a DNT deal, however, didn't endear them to some members of the Senate Commerce Committee, which Wednesday held "a status update on the development of voluntary do-not-track standards."

Luigi Mastria, managing director of the Digital Advertising Alliance (DAA), told the committee that his group, in conjunction with numerous other advertising and marketing industry groups, had already created "a one-button choice mechanism to stop the collection and use of Web viewing data" for consumers. The advertising industry has long argued against DNT, saying that it would compromise the ability of sites to offer content to consumers without making them pay for it.

But Sen. Jay Rockefeller (D-WV), the committee chairman, said the one-button choice mechanism wasn't enough, and called on all players to honor the DNT standards work to which they'd committed. "It's now April 2013 and consumers are still waiting for these do-not-track standards," Rockefeller said, reported USA Today. "I believe these companies are dragging their feet."

Rockefeller, who's due to retire from Congress at the end of 2014, in February introduced the Do-Not-Track Online Act of 2013. He introduced an earlier version of the bill two years ago but didn't push the bill through the Senate after the advertising industry said it would develop a DNT standard.

Rockefeller's bill calls for the development of a DNT standard and penalties for any businesses that don't abide by it. "I do not believe that companies with business models based on the collection and monetization of personal information will voluntarily stop those practices if it negatively impacts their profit margins," he said at the committee hearing, reported Associated Press.

But not everyone thinks that a legal solution would work. "Generally speaking, when it comes to privacy protection, we should avoid placing excessive faith in schemes like Do Not Track because they could fail, just as previous techno-fixes failed to keep pace with fast-moving developments in this space," Adam Thierer, senior research fellow at the Mercatus Center at George Mason University, told the committee. Instead, he noted that concerned consumers can already safeguard their privacy using a number of free tools, including HTTPS Everywhere and VPN services.

"If our fear is that consumers lack enough information to make smart privacy choices, then let's work harder to educate them while pushing for greater transparency about online data collection practices," said Thierer. "Finally, we should remember that not everyone shares the same privacy sensitivities and that citizens also care about other values, such as cost, convenience, and choice."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PrideLand
50%
50%
PrideLand,
User Rank: Apprentice
4/26/2013 | 6:00:36 PM
re: California Proposes 'Do Not Track' Honesty Checker
I am a "concerned consumer", but I have never heard of "HTTPS Everywhere" or
"VPN Services", so his argument fails. He also needs to explain why consumers should have to go through a lot of research to figure out how to protect their privacy when it should be a given unless the opt out for a trusted source.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3304
Published: 2014-10-30
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

CVE-2013-7409
Published: 2014-10-30
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.

CVE-2014-3446
Published: 2014-10-30
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.

CVE-2014-3584
Published: 2014-10-30
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

CVE-2014-3623
Published: 2014-10-30
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vect...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.