Risk
12/1/2010
06:56 PM
50%
50%

FTC Proposes 'Do Not Track' Option For Internet

Web users could use a browser button to stop organizations from tracking their viewing habits, under the Federal Trade Commission proposal.

The Federal Trade Commission has made a potentially far-reaching proposal that would give web users the option of shielding personal information from advertisers, retailers and other companies while browsing the Internet.

The FTC gave its blessing to the so-called "Do Not Track" approach in a proposed framework for consumer privacy released Wednesday. The proposal would apply to all commercial organizations that collect or use data that can be linked to a specific consumer, computer or other device.

The commission favored giving consumers a simple mechanism for disallowing data gathering. To do that, the FTC recommended adding a button to browsers that would activate technology to prevent people from being tracked or receiving targeted advertising. The proposal would be an alternative to current browser privacy settings, which a recent study by Stanford University and Carnegie Mellon found inadequate to shield people's viewing habits.

The need for such simplicity stems from the fact that the voluntary approach -- in which organizations set their own privacy policies and notify consumers of the rules in advance of collecting information -- has failed. "Specifically, the notice-and-choice model, as implemented, has led to long, incomprehensible privacy policies that consumers typically do not read, let alone understand," the FTC report said.

The Future of Privacy Forum, a Washington, D.C.-based think tank, agreed with the FTC and praised the report. "Today's FTC report identifies the most pressing privacy issues facing consumers today," the group said in a statement. "They correctly recognize that the current framework needs to be updated to reflect consumers' ongoing concerns about how their data is being collected and used."

The commission's proposed privacy framework would have companies build consumer privacy protection into every stage of development of products and services. In addition, organizations would offer a clearly defined no-tracking option at the time a consumer is making a decision that would set data gathering in motion. Finally, companies would increase transparency of their data practices through clearer, shorter and more standardized privacy notices and by providing access to consumer data they maintain. If a company planned to use data for something other than its originally stated purpose, then consumers would have to agree to the new use in advance.

Advertisers have been adamantly against government-imposed privacy regulations, preferring a self-regulatory approach instead. In an appearance this year before the House Subcommittee on Commerce, Trade and Consumer Protection, Mike Zaneis, VP of public policy for the Interactive Advertising Bureau, argued that the industry "has a long and successful history of protecting consumers' privacy rights through effective self-regulation."

"Given the free content and services that consumers enjoy because of advertising revenue, it is imperative that any new laws be carefully tailored," Zaneis said.

Shar VanBoskirk, analyst for Forrester Research, said the firm's studies have shown that consumers are generally willing to share information with marketers if there's a valuable payback for doing so. Consumers are more concerned about the lack of control they have over their data, and VanBoskirk said she doesn't have a lot of faith that legislation would effectively address those concerns.

"Consumers need education to understand how their data is used, when data sharing has a benefit for them, where their data goes, who knows what about them, and then how to elect out of data sharing if they choose," VanBoskirk said in an e-mail sent to InformationWeek.

The FTC does not have the authority to require companies to follow its framework, much of which would require an act of Congress. The House Subcommittee on Commerce, Trade and Consumer Protection is scheduled to consider on Thursday the feasibility of a universal method for opting out of being tracked online, according to The New York Times.

SEE ALSO:

Web Browser Privacy Settings Flawed

The Massachusetts Data Privacy Law Debacle

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.