Today I’m changing it up a little, folks. The topic is how to voice your concerns about privacy, and possibly have an effect on regulatory policy. This concerns the recent, ahem, Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers. Here's the press release, which has links to the report text, questions for comment, public comments, form for submitting a public comment, and more.
The tl;dr version for those who trust my opinion on this matter -- skip to the bottom, copy the bullet-pointed section, and paste it here (they also accept files as attachments) and fill out the personal information field. It would help if you changed the wording around a bit, or even used your own language but I do not mind if you just copy what I've written. Do it by January 31, 2011.
For those with the patience to read a bit more, I've tried to include links where appropriate, page numbers to the report where useful. At the bottom I've bullet pointed some of the questions and answers that I propose. I'd like to encourage all to add their own comments, criticisms, responses to other questions, or discussion points below.
So the FTC is currently asking for public comments through January 31, 2011 regarding its "Proposed Framework for Business and Policymakers." If you have a half an hour or so, the report is a worthwhile read. It describes some of the nastier abuses of privacy currently going on, a framework it has developed to address these concerns, and finally wants to know what you think.
While the report describes some disturbing trends (see pages 23-38, and read the footnotes), the report misses a few of the nastier business practices, though... like this company, who has announced it will create dating profiles for anyone it can find public information about.
That’s right, it doesn’t matter if you’re in a relationship or if you're just not interested in using their scummy company. If your name is out there, and if it is linked to any information, you’ll soon have a dating profile courtesy of those asswipes! Sweet.
Not concerned yet? Try this one: if you entered any personal data into your Facebook profile --real name, hometown, current location, phone number, email address, schools you attended, etc-- not only can you get an involuntary dating profile with all that info (and pics!) included, this info will be sold to advertisers thanks to that awesome new game you tried out, or that link you accidentally clicked that turned out to be an app.
Feel safe because you never disclose this info online? Guess what, there’s more! It doesn’t matter, because your friends do. That’s right -- by identifying common characteristics of people in your networks, your comments and *thumbs up* likes, it’s trivial to identify your current location, hometown, schools attended, real name, and brand preferences.
This isn’t just a facebook rant, though. Unless you know exactly what you're doing, your browsing history has been tracked for quite some time. Companies known as data brokers are aggregating data about you, your interests, and the crazy things you search for, and these data brokers are building increasingly detailed and individualized profiles... all about you.
Data brokers then sell these profiles. You know how your credit report tracks your financial information, doesn’t bother to ask permission, and sells it to companies? It’s like that.
Here’s the deal -- regulatory agencies (like the FTC) at various times must, by law, submit material for public comment. Few people ever do this, but it can be effective. Remember that Superbowl where Janet Jackson’s nipple popped out, and the FTC went crazy? That was in great part because a bunch of tittyphobic douchebags coordinated their efforts and flooded the FTC’s public comment system -- and by “flooded”, I mean they got in a whopping ~1500 comments or so. This really isn’t a lot, and coordinated commenting doesn’t happen that often.
More frequently, public comments number in the hundreds, and take one of two forms:
The tl;dr version for those who trust my opinion on this matter -- skip to the bottom, copy the bullet-pointed section, and paste it here (they also accept files as attachments) and fill out the personal information field. It would help if you changed the wording around a bit, or even used your own language but I do not mind if you just copy what I've written. Do it by January 31, 2011.
For those with the patience to read a bit more, I've tried to include links where appropriate, page numbers to the report where useful. At the bottom I've bullet pointed some of the questions and answers that I propose. I'd like to encourage all to add their own comments, criticisms, responses to other questions, or discussion points below.
So the FTC is currently asking for public comments through January 31, 2011 regarding its "Proposed Framework for Business and Policymakers." If you have a half an hour or so, the report is a worthwhile read. It describes some of the nastier abuses of privacy currently going on, a framework it has developed to address these concerns, and finally wants to know what you think.
While the report describes some disturbing trends (see pages 23-38, and read the footnotes), the report misses a few of the nastier business practices, though... like this company, who has announced it will create dating profiles for anyone it can find public information about.
That’s right, it doesn’t matter if you’re in a relationship or if you're just not interested in using their scummy company. If your name is out there, and if it is linked to any information, you’ll soon have a dating profile courtesy of those asswipes! Sweet.
Not concerned yet? Try this one: if you entered any personal data into your Facebook profile --real name, hometown, current location, phone number, email address, schools you attended, etc-- not only can you get an involuntary dating profile with all that info (and pics!) included, this info will be sold to advertisers thanks to that awesome new game you tried out, or that link you accidentally clicked that turned out to be an app.
Feel safe because you never disclose this info online? Guess what, there’s more! It doesn’t matter, because your friends do. That’s right -- by identifying common characteristics of people in your networks, your comments and *thumbs up* likes, it’s trivial to identify your current location, hometown, schools attended, real name, and brand preferences.
This isn’t just a facebook rant, though. Unless you know exactly what you're doing, your browsing history has been tracked for quite some time. Companies known as data brokers are aggregating data about you, your interests, and the crazy things you search for, and these data brokers are building increasingly detailed and individualized profiles... all about you.
Data brokers then sell these profiles. You know how your credit report tracks your financial information, doesn’t bother to ask permission, and sells it to companies? It’s like that.
Here’s the deal -- regulatory agencies (like the FTC) at various times must, by law, submit material for public comment. Few people ever do this, but it can be effective. Remember that Superbowl where Janet Jackson’s nipple popped out, and the FTC went crazy? That was in great part because a bunch of tittyphobic douchebags coordinated their efforts and flooded the FTC’s public comment system -- and by “flooded”, I mean they got in a whopping ~1500 comments or so. This really isn’t a lot, and coordinated commenting doesn’t happen that often.
More frequently, public comments number in the hundreds, and take one of two forms:
- Mouthbreathingly idiot comments that are just so stupid they make you feel embarrassed for whoever wrote them (I mean just *look* at this crap); or
- Company astroturf, where interested industries have paid a few dozen people to write in fake, insincere comments singing the praises of letting that particular industry do whatever they please.
The FTC Report asks a number of specific questions for comment. You might notice that few of the public comments bother to address these questions. For our purposes, specifically answering these questions will help your own comments be more informed.
The proposed FTC framework involves three concepts, all of which I think are great ideas for consumer privacy, and all of which I think any company with a marketing department or consumer profiling concern will resist as much as possible:
- Companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services;
- Companies should simplify consumer choice, including by providing an easy to use Do-Not-track option;
- Companies should increase the transparency of their data practices, in part by changing their privacy policies from extensive legalese that just covers their own asses into something actually readable.
Here now, is an example of what I think would make for an informed comment. Now I’m not going to submit this verbatim, and will add to it throughout the week but you’re certainly free to copy and paste it if you want.
COMMENT ON PROPOSED FRAMEWORK
- Is it feasible for the framework to apply to data that can be “reasonably linked to a specific consumer, computer, or other device”?
- Yes, it is entirely feasible, because data is already being linked to specific consumers, computers, or other devices.
- How should the framework apply to data that, while not currently considered “linkable,” may become so in the future?
- Three approaches can be used.
- 1. With the incorporation of the Do Not Track system, any data that is later found to be linked to a consumer, computer, or other device that has already been opted into the Do Not Track system can be disposed of as soon as this linkage is determined.
- 1. An option for reasonable auditing of tracking data on consumer demand, similar to the legislating compelling free disclosure of credit report information from credit bureaus. This after all is data that is already being aggregated and sold to other companies, or used internally; providing this data to the target consumer will not be burdensome.
- 3. An option must be developed to allow consumer back tracing of tracked information. At any point that a consumer is presented with individualized advertising, solicitations, or any similar use of data, a company should be obliged to, upon demand, disclose the data used, the company source of that data, and time and date of purchase or aggregation such that a consumer should be able to with reasonable ease track backwards from a use of individual data to the time, place, and means by which that data was collected.
- Can companies minimize or otherwise modify the data maintained in legacy data systems to protect consumer privacy interests?
- Companies should be afforded a “safe harbor” in such circumstances. Under such a safe harbor, companies can take specific, documentable, and pre-defined steps to protect consumer privacy interests that will allow them to avoid liability for good-faith efforts. This safe harbor should include standards for data and metadata deletion, and restrict or eliminate online, near-line, and offline access.
- Even if first-party marketing in general may be a commonly accepted practice, should consumers be given a choice before sensitive data is used for such marketing?
- Yes. Giving this choice to consumers will promote consumer education as to marketing use of sensitive data.
- Should marketing to consumers by commonly-branded affiliates be considered first-party marketing?
- No. Such an approach would encourage greater scope of common branding simply to maximize marketing data flexibility, at the expense of consumer privacy.
- How should a universal mechanism be designed for consumers to control online behavioral advertising? How can such a mechanism be offered to consumers and publicized? How can such a mechanism be designed to be clear, easy-to-find, usable, and understandable to consumers?
- A prominent link to an FTC entry point for the Do Not Track database should be visible in the top left corner of every page subject to the DNT requirement. It should be accessible with the most rudimentary browsing applications, and should never be covered by any pop-up advertising. In other words, it should be a prominent, clear, briefly-worded or branded hyperlink.
- How can such a mechanism be designed so that it is clear to consumers what they are choosing and what the limitations of the choice are?
- Likely abuse of the link should be anticipated. Brief, easy-to-read text helping consumers to distinguish between the DNT system and maliciously-intended impostor sites should be easily and clearly accessible. URL choice should be made with this concern in mind, and easily accessible verification tools (such as IP tracing) should be provided so that consumers can trust the authenticity of the DNT mechanism.
