Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

California Proposes 'Do Not Track' Honesty Checker

After DNT standards development stalls, legislators and advertisers seek new path forward on browser privacy.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Memo from California legislators to website owners: Tell us if you're honoring the Do Not Track (DNT) flag in people's browsers.

That's the intent of AB 370, a bill introduced earlier this year by Al Muratsuchi, a former state prosecutor who was elected to the California Assembly in November 2012.

"This bill would require an operator to disclose whether or not it honors a request from a consumer to disable online tracking," reads the draft legislation. "The bill would also require an operator to disclose if it does not allow third parties to conduct online tracking on the commercial Web site or online service."

[ Employee surveillance can be a slippery slope. Read Watching Workers: Where's The Line? ]

The proposed legislation sounds a rare note of clarity in the contentious debate surrounding do-not-track proposals, asking website operators simply: Do you honor consumers' do-not-track requests?

Working with the World Wide Web (W3C) Consortium, the advertising industry, browser developers and privacy advocates were already supposed to have developed a global Do Not Track standard, as was proposed last year in President Obama's Consumer Privacy Bill of Rights.

But the DNT standards work stalled in November 2012, prompting advertisers and marketers to focus again on self-regulation, after Microsoft enabled DNT by default in Internet Explorer 10. The Association of National Advertisers (ANA) reacted with outrage, as did some technology backers of the developing DNT standard, with the ANA's president and CEO playing the emotional card and expressing his "profound disappointment" at Microsoft's move.

Advertisers' subsequent inability to seal a DNT deal, however, didn't endear them to some members of the Senate Commerce Committee, which Wednesday held "a status update on the development of voluntary do-not-track standards."

Luigi Mastria, managing director of the Digital Advertising Alliance (DAA), told the committee that his group, in conjunction with numerous other advertising and marketing industry groups, had already created "a one-button choice mechanism to stop the collection and use of Web viewing data" for consumers. The advertising industry has long argued against DNT, saying that it would compromise the ability of sites to offer content to consumers without making them pay for it.

But Sen. Jay Rockefeller (D-WV), the committee chairman, said the one-button choice mechanism wasn't enough, and called on all players to honor the DNT standards work to which they'd committed. "It's now April 2013 and consumers are still waiting for these do-not-track standards," Rockefeller said, reported USA Today. "I believe these companies are dragging their feet."

Rockefeller, who's due to retire from Congress at the end of 2014, in February introduced the Do-Not-Track Online Act of 2013. He introduced an earlier version of the bill two years ago but didn't push the bill through the Senate after the advertising industry said it would develop a DNT standard.

Rockefeller's bill calls for the development of a DNT standard and penalties for any businesses that don't abide by it. "I do not believe that companies with business models based on the collection and monetization of personal information will voluntarily stop those practices if it negatively impacts their profit margins," he said at the committee hearing, reported Associated Press.

But not everyone thinks that a legal solution would work. "Generally speaking, when it comes to privacy protection, we should avoid placing excessive faith in schemes like Do Not Track because they could fail, just as previous techno-fixes failed to keep pace with fast-moving developments in this space," Adam Thierer, senior research fellow at the Mercatus Center at George Mason University, told the committee. Instead, he noted that concerned consumers can already safeguard their privacy using a number of free tools, including HTTPS Everywhere and VPN services.

"If our fear is that consumers lack enough information to make smart privacy choices, then let's work harder to educate them while pushing for greater transparency about online data collection practices," said Thierer. "Finally, we should remember that not everyone shares the same privacy sensitivities and that citizens also care about other values, such as cost, convenience, and choice."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PrideLand
50%
50%
PrideLand,
User Rank: Apprentice
4/26/2013 | 6:00:36 PM
re: California Proposes 'Do Not Track' Honesty Checker
I am a "concerned consumer", but I have never heard of "HTTPS Everywhere" or
"VPN Services", so his argument fails. He also needs to explain why consumers should have to go through a lot of research to figure out how to protect their privacy when it should be a given unless the opt out for a trusted source.
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35196
PUBLISHED: 2021-06-21
** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended fo...
CVE-2010-1433
PUBLISHED: 2021-06-21
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauth...
CVE-2010-1434
PUBLISHED: 2021-06-21
Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulne...
CVE-2010-1435
PUBLISHED: 2021-06-21
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5...
CVE-2010-0413
PUBLISHED: 2021-06-21
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.