06:56 PM

FTC Proposes 'Do Not Track' Option For Internet

Web users could use a browser button to stop organizations from tracking their viewing habits, under the Federal Trade Commission proposal.

The Federal Trade Commission has made a potentially far-reaching proposal that would give web users the option of shielding personal information from advertisers, retailers and other companies while browsing the Internet.

The FTC gave its blessing to the so-called "Do Not Track" approach in a proposed framework for consumer privacy released Wednesday. The proposal would apply to all commercial organizations that collect or use data that can be linked to a specific consumer, computer or other device.

The commission favored giving consumers a simple mechanism for disallowing data gathering. To do that, the FTC recommended adding a button to browsers that would activate technology to prevent people from being tracked or receiving targeted advertising. The proposal would be an alternative to current browser privacy settings, which a recent study by Stanford University and Carnegie Mellon found inadequate to shield people's viewing habits.

The need for such simplicity stems from the fact that the voluntary approach -- in which organizations set their own privacy policies and notify consumers of the rules in advance of collecting information -- has failed. "Specifically, the notice-and-choice model, as implemented, has led to long, incomprehensible privacy policies that consumers typically do not read, let alone understand," the FTC report said.

The Future of Privacy Forum, a Washington, D.C.-based think tank, agreed with the FTC and praised the report. "Today's FTC report identifies the most pressing privacy issues facing consumers today," the group said in a statement. "They correctly recognize that the current framework needs to be updated to reflect consumers' ongoing concerns about how their data is being collected and used."

The commission's proposed privacy framework would have companies build consumer privacy protection into every stage of development of products and services. In addition, organizations would offer a clearly defined no-tracking option at the time a consumer is making a decision that would set data gathering in motion. Finally, companies would increase transparency of their data practices through clearer, shorter and more standardized privacy notices and by providing access to consumer data they maintain. If a company planned to use data for something other than its originally stated purpose, then consumers would have to agree to the new use in advance.

Advertisers have been adamantly against government-imposed privacy regulations, preferring a self-regulatory approach instead. In an appearance this year before the House Subcommittee on Commerce, Trade and Consumer Protection, Mike Zaneis, VP of public policy for the Interactive Advertising Bureau, argued that the industry "has a long and successful history of protecting consumers' privacy rights through effective self-regulation."

"Given the free content and services that consumers enjoy because of advertising revenue, it is imperative that any new laws be carefully tailored," Zaneis said.

Shar VanBoskirk, analyst for Forrester Research, said the firm's studies have shown that consumers are generally willing to share information with marketers if there's a valuable payback for doing so. Consumers are more concerned about the lack of control they have over their data, and VanBoskirk said she doesn't have a lot of faith that legislation would effectively address those concerns.

"Consumers need education to understand how their data is used, when data sharing has a benefit for them, where their data goes, who knows what about them, and then how to elect out of data sharing if they choose," VanBoskirk said in an e-mail sent to InformationWeek.

The FTC does not have the authority to require companies to follow its framework, much of which would require an act of Congress. The House Subcommittee on Commerce, Trade and Consumer Protection is scheduled to consider on Thursday the feasibility of a universal method for opting out of being tracked online, according to The New York Times.


Web Browser Privacy Settings Flawed

The Massachusetts Data Privacy Law Debacle

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.