'Do Not Track' Won't Save You From Yourself

Congratulations! You've got privacy. Thanks to the Obama Administration's Consumer Privacy Bill of Rights, no one will ever know about your secret shame, cat breading (yes, breading, not breeding).

Through the miracle of self-regulation--the very thing you can't manage as you post picture after picture of cats wearing slices of bread to your Facebook account--companies like Facebook and Google will start honoring your wish to use online services without being tracked for the purpose of advertising. Soon, your Gmail ads will not include any mention of cats or bread, except by chance. Instead, the online ads you see will be irrelevant and annoying. How's that for progress?

Google and its ilk may still use your data for market research and product development. And law enforcement, of course, will still be able to demand data from online companies about your suspicious cat breading activities. But if you just keep telling yourself, "Now, I have privacy," then everything will be okay.

That is, assuming you can actually be bothered to opt-out.

That task will be easier as browser makers implement a "Do Not Track" button. Online ad networks will also be providing a Do Not Track icon on ads, according to the Federal Trade Commission. Just make sure to click on the button and not the ad, or that will be a billable event for the advertiser. Not that Google is likely to complain.

[ Find out about the new Consumer Privacy Bill of Rights. Read Obama's Consumer Privacy Bill of Rights: 9 Facts. ]

Make no mistake, this is a real victory for Mozilla, the first browser maker to implement Do Not Track. And if Google, which pays the lion's share of the non-profit organization's bills thanks to a Firefox search deal, sees ad revenue decline as a result of a data drought, Mozilla doesn't have to worry for another three years.

Alex Fowler, privacy and public policy lead at Mozilla, sees the Consumer Privacy Bill of Rights and the growing momentum of Do Not Track as an expansion of user control.

"While Internet users have always had some measure of control, the needs for online privacy are not being fully addressed by the controls that exist today," he said in an email. "The problem with the existing controls is that users lose some functionality and erode their experience. Having to break one's Web experience to get privacy shouldn't be an acceptable tradeoff."

But privacy isn't dispensed with a button. Nor is it guaranteed by a Consumer Privacy Bill of Rights that specifies many things that companies "should" do, but offers no detail about enforcement or penalties.

Given that the rights guaranteed in the U.S. Constitution's Bill of Rights were not really available to large numbers of U.S. citizens through the Civil Rights era, and even today get bypassed, we should not expect privacy to descend with the stroke of a legislative pen. It should be noted that last year, the Obama administration was arguing that email should not be protected by the Fourth Amendment. Privacy with exceptions is about as comforting as a parachute that "usually" opens.

The Obama administration's privacy framework represents the beginning of what's going to be a long, drawn-out discussion. It's a positive step, but it's just a step, and a step toward responsible business practices--data usage policies--rather than privacy. As Electronic Freedom Foundation attorney Kevin Bankston noted via Twitter, the White House framework preserves the possibility that online companies could be required to retain data for law enforcement purposes beyond stated data retention times. We promise not to track you, unless we have to.

One anonymous commenter posting to the website of privacy researcher Christopher Soghoian, who helped create Do Not Track, voiced his (or her) skepticism: "I personally wouldn't ever trust ad companies to respect law and many countries [don't] even have laws about privacy on the Net. So I'm inclined to laugh out loud at the idea. I will continue to recommend and help friends and family to install and configure Adblock Plus, NoScript, and Ghostery 'correctly' (as in 'extremely restrictive mode') for them to evade as [many] ads and [as much] profiling [as] possible."

Better still, think before you post anything online or send an email. Take the time to understand Internet technology and its repercussions. Know that using a computer is an act of self-surveillance. The efforts of advertisers to understand your behavior and deliver relevant ads are largely inconsequential. Ads can be ignored or blocked, if you care enough to make that choice. But no government guidelines can save you from yourself if you insist on posting pictures of cats bedecked in bread.

As federal agencies embrace devices and apps to meet employee demand, the White House seeks one comprehensive mobile strategy. Also in the new Going Mobile issue of InformationWeek Government: Find out how the National Security Agency is developing technologies to make commercial devices suitable for intelligence work. (Free registration required.)