MSNBC's Red Tape Chronicles: What will talking power meters say about you?
What will talking power meters say about you?
MSNBC’s Red Tape Chronicles
By Bob Sullivan
October 9, 2009
Would you sign up for a discount with your power company in exchange for surrendering control of your thermostat? What if it means that, one day, your auto insurance company will know that you regularly arrive home on weekends at 2:15 a.m., just after the bars close?
Welcome to the complex world of the Smart Grid, which may very well pit environmental concerns against thorny privacy issues. If you think such debates are purely philosophical, you’re behind the times.
Jules Polonetsky quoted:
“The potential benefits of the Smart Grid are fabulous,” he said. “I just think that it’s critical that sober and adequate thinking be done at this stage. We must do this right or we could hamper the rollout of the Smart Grid and you could have folks unwilling to participate. … We are trying to help before it’s too late.” Polonetsky, director of The Future of Privacy Forum, heads a small crowd of researchers who are asking important questions about the future of our futuristic power delivery plans. “Knowing what’s going on in people’s homes … this strikes at some of our most core values,” he said.
Re “Tracked for Ads? Many Americans Say No Thanks” (Business Day, Sept. 30):
As your article suggests, there’s little doubt that consumers will object to behavioral advertising when they feel it is being done to them instead of for them.
So what can responsible companies do online? For starters, they can take the advice of Prof. Joseph Turow, the lead author of the study of attitudes toward online tracking, and help consumers “feel they have control over the data that marketers collect about them.”
This means clearly letting consumers know what is going on at a Web site, not hiding the information in a privacy policy that isn’t usually read. It means giving consumers real choices about the collection and use of their data. It also means showing consumers the profiles that are created and then deleting the old data on a regular basis.
The only way to turn around the online advertising debate is to provide users with real transparency and control. Why wait for Congress or regulators to mandate a solution?
Jules Polonetsky
Christopher Wolf
Washington, Sept. 30, 2009
The writers are co-chairmen of the Future of Privacy Forum, a think tank that focuses on consumer privacy issues.
Future of Privacy Forum Announces Partnership with The George Washington University Law School
Privacy Scholars to Partner with Think Tank to Focus on the Future of Privacy Law and Policy
WASHINGTON, October 8, 2009 – The Washington-based think tank The Future of Privacy Forum (FPF) and The George Washington University Law School (GW Law) announce a unique partnership to advance programs focused on the future of privacy law and policy.
“FPF and GW Law have come together to create something quite new: a formal partnership to examine the privacy challenges presented by new technology,” said FPF Co-Chair Christopher Wolf. “By bringing together some of the best-thinking people from academia, the private sector and government, we can ensure critical examination of the social, legal and policy implications of the digital age.”
GW Law boasts a prestigious roster of privacy scholars on its faculty including professors Jeffrey Rosen, Daniel Solove and Orin Kerr, and is known for its in-depth scholarship on privacy issues. FPF, led by founder and co-chair Christopher Wolf (who leads the privacy and data security law practice at Hogan & Hartson LLP) and co-chair and director Jules Polonetsky (formerly chief privacy officer of AOL) is known for its efforts to advance responsible data practices. FPF and GW Law will jointly present programs on privacy issues of scholarly interest, as well as address policy issues to government, businesses, and advocates. The partnership will also help support the Privacy Law Scholars Conference, an annual gathering of top privacy academics organized by GW Law and Berkeley School of Law.
“GW Law is one of the leading law schools in the country for privacy scholarship,” said Mr. Solove, professor and author of numerous books on privacy issues and policy. “At a time when privacy models are being debated by government and industry, this relationship will enhance the opportunities for faculty and students to participate in some of the most important privacy developments in our nation’s capital.”
As part of the new partnership, GW Law and FPF will host a series of public events and panel discussions throughout the year to explore a variety of different privacy issues. FPF will also provide fellowship opportunities for two GW Law students each summer. These students will research the privacy implications of issues posed by technologies such as behavioral profiling, mobile devices and smart grid technologies.
Mr. Polonetsky said, “FPF is focused on advancing responsible data practices in both the United States and abroad. This partnership will bring a greater visibility and more thorough discussion of the legal intricacies involved in privacy-related public policies.”
The Future of Privacy Forum (FPF) is a Washington, D.C.-based think tank that seeks to advance responsible data practices. The forum is led by internet privacy experts Jules Polonetsky and Christopher Wolf and includes an advisory board comprised of leading figures from industry, academia, law and advocacy groups. FPF was launched in November 2008, and is supported by AOL, AT&T, Deloitte, eBay, Facebook, Intel, Microsoft, The Nielsen Company, Verizon and Yahoo.
Established in 1865 and located four blocks from the White House, The George Washington University Law School is the oldest law school in the District of Columbia. Accredited by the American Bar Association and a charter member of the Association of American Law Schools, the Law School enrolls approximately 2,000 students each year in its J.D. and LL.M. programs.
For media inquiries or interviews about this partnership, please email: [email protected]
Next Steps on Smart Grid Privacy
Today, we filed comments with the Federal Communications Commission outlining recommendations to protect consumer privacy on the Smart Grid. Among our comments we stated:
“Viable Smart Grid technologies will rely heavily on the collection, communication, and storage of data from electricity producers, consumers, and other participants in the energy ecosystem. Although this data can be used to create a more efficient and cost-effective electricity grid, it could also be used improperly to gain detailed insight into consumer behaviors, habits, activities, and lifestyles.
A deeper dive into behavioral advertising in Europe
As mentioned in a previous blog post, we had the pleasure of speaking with nugg.ad CEO Stephan Noller last week. Nugg.ad is the German company that has just been awarded the EuroPrise Privacy Seal. nugg.ad’s new behavioral targeting system, Predictive Targeting Networking (PTN) 2.0, received the seal favored by many EU regulators after a vetting process by an independent expert which covered every aspect of their company’s business model, down to the language of their employee contracts. The success of nugg.ad’s business model testifies to a simple fact that FPF has known for a long time: that effective behavioral ads and respect for consumer privacy are not mutually exclusive goals.
Cookie Expiration Dates: A number of ad networks have set limited expiration dates for the tracking cookies they use. This is generally a good practice, as for many years companies simply set a default 30 year expiration date for cookies. Although no cookie has ever survived for 30 years (how old is your computer?) the issue created consumer alarm. In fact, most cookies do not survive for even one year and many are lost sooner. Rare is there a business use of cookies that depends on much more than a one year period. There are some who do seek to use year-to-year comparisons of campaign performance, for example comparing last year’s holiday sale campaign to this year’s, but that is probably the outer limit for the most robust business needs of tracking cookies. As such, companies such as Google and AOL have set expiration dates for their tracking cookies of 2 years. (http://code.google.com/apis/analytics/docs/concepts/gaConceptsCookies.html)
But here is the catch. Most ad networks will reset the date of previously placed tracking cookies each time they interact with a user. This effectively means that tracking cookies with limited expiration dates will remain on users’ computers and continue to transmit information about their browsing habits indefinitely, as long as users are surfing the web with any regularity.
In this area, nugg.ad stands out. Despite the technological hurdles involved, nugg.ad’s tracking cookies are not re-set – their cookies really do expire at the end of 26 weeks. This is certainly more in line with what users who are promised that their cookie expires expect.
With regard to expiration of opt-out cookies – those we urge companies to maintain long term and not expire quickly – kudos to Chris Soghoian who has successfully pressed ad networks to extend the expiration dates of their opt-out cookies. See Chris’s discussion of the issue here. (http://paranoia.dubfire.net/2009/07/open-letter-regarding-opt-out-cookie.html)
IP addresses: nugg.ad proudly does not log IP addresses, avoiding one of the leading flash points in the privacy debate and we credit them for this effort. A third party passes nugg.ad useful geographic information gleaned from the user IP address and then, hashes or deletes the information. However, we don’t want to make too much of this because it is important to understand nugg’s place in the ad system. They are assisting an ad network or a publisher with targeting the ads delivered by those entities. Those entities likely are logging IP addresses for important click fraud or audit purposes that are needed. So certainly nugg.ad is doing the best thing here, but they are positioned to do so because of their role in the system.
Sensitive data: US companies and trade groups have had a hard time deciding what types of profiles are too ‘sensitive’ to be used for non-personal targeting. For example, 7 or 8 years ago, most networks simply had a large category called ‘health and wellness.” But in more recent years, most have begun offering clickstream profiles labeled by specific illnesses. Asthma, diabetes, heart disease are all usually allowed. Cancer, impotence, and HIV are not permitted. But where to draw the line? What about pregnancy, that sensitive but widely marketed segment in other media? Hearing loss? Dandruff? Baldness? Unable to draw a logical line in the sand, industry groups have generally punted and restrict only pharmaceutical prescriptions and medical information about a specific individual. This is an area where continued effort to disavow use of categories that users would find discomfiting or where there is high concern about potential misuse is sorely needed.
nugg.ad, does not use any category in the health area that is more specific than “health and wellness, nor any other category addressed by the EU directive section covering sensitive data.
Notice to users: Many of our readers are likely aware of the recent IAB DMA AAAA ANA NAI agreement, (http://www.iab.net/media/file/ven-principles-07-01-09.pdf) following on the heels of firm advice from the FTC that behavioral advertising self-regulation needed to improve (http://www.ftc.gov/os/2009/02/P085400behavadreport.pdf). The agreement requires users to get notice of behavioral ads outside of a privacy policy, by labeling ads or some other web site notice. Because EU law, in theory, already requires web sites to give users appropriate notice and consent around data use, nugg.ad like others in the EU consider this notice to be part of the publishers obligations and does not mandate this of its partners. However it does provide clients with guidance and encouragement to do so.
Opt-Out: Typically, users in the US opt-out by finding a link in a site’s privacy policy and then clicking over to the Network Advertising Initiative opt-out page (http://www.networkadvertising.org/managing/opt_out.asp) or the adserver’s optout page, where they can choose to click to get an opt out cookie. nugg.ad admirably provides code to publishers that they can use, if they wish, to let users click to opt-out from the publisher’s own page.
Of course this is an area where the bar is moving, as companies such as Google and Lotame have begun to offer an optional downloads to ensure that their opt-out cookie is not deleted. The TACO (https://addons.mozilla.org/en-US/firefox/addon/11073) Firefox plug-in which provides users with permanent opt-out cookies from every ad network has received in excess of 150,000 downloads. And here at FPF, we are in discussion with some companies about ways to avoid requiring a separate download by using a browser header or other more stable opt-out method.
FPF applauds the efforts of nugg.ad to safeguard the privacy of internet users while working to provide them with ads more pertinent to their interests. As the Federal Trade Commission kicks off an effort to re-examine the model for privacy regulation in the US (http://www.ftc.gov/opa/2009/09/privacyrt.shtm) nugg.ad’s European certification of privacy compliance is a useful guidepost.
October 6 Future of Privacy Forum Teleconference
Talk of the town in privacy land this week was the survey/study released by our Advisory Board colleague Chris Hoofnagle, together with Joseph Turow and others at their institutions.
The report shows that Americans have very strong feelings about tailored advertising and takes issue with the policy arguments business make in favor of the consumer value of online customization based on past user activity. However, the authors do suggest steps forward for industry based on “respect” and “information reciprocity”. What is the business practical path for the use of data based on these operating values?
Please join us and the authors for a discussion of the report and its implications for the future of behavioral advertising.
October 6
Noon to 1pm EST
Joseph Turow is Robert Lewis Shayon Professor of Communication at the University of Pennsylvania’s Annenberg School for Communication.
Chris Jay Hoofnagle is director of the Berkeley Center for Law & Technology’s information privacy programs and senior fellow to the Samuelson Law, Technology & Public Policy Clinic
Turow Berkeley Study: Consumers have a Bad Attitude about Behavioral Ads
Prof Turow’s study of consumer attitudes toward behavioral advertising reported in the NY Times today is a severe indictment of the current state of behavioral advertising. Consumers just do not like the feeling of being tracked. What can companies do about it? How about take Turow’s advice! Despite the significant concerns captured by the poll, Turow says: “I don’t think that behavioral targeting is something that we should eliminate, but I do think that we’re at a cusp of a new era, and the kinds of information that companies share and have today is nothing like we’ll see 10 years from now. He would like “a regime in which people feel they have control over the data that marketers collect about them. The most important thing is to bring the public into the picture, which is not going on right now.”
We think there is a very short window of time for businesses to put users in charge and shift the debate to which site or ad network best helps you tailor your own experience to your preferences or provides the best offers.The only way to turn this debate around is to lean in to the issue and provide users with real transparency and real user control.
What’s the first step you can take? Let consumers know what is going on in an open and honest way. If you are a business involved in behavioral advertising, contact us ASAP to join our effort to design icons and symbols that can be used to let users know how you and your ad network or re-targeting partners are tailoring ads to consumers.
In Trust We Trust
Business Week’s cover story this week is about a commodity that many businesses don’t seem to have in abundance these days: trust. Only 44 percent of Americans in a recent public survey said that they trusted business, the lowest rating since 2001. According to BW, that’s led to some serious soul-searching in corporate America:
Not long ago, trust and reputation were the domain of the PR department. Marketing executives, by contrast, pushed products and brands…. That approach doesn’t work so well now—and not just because recession, job insecurity, and hammered home values have made consumers disinclined to part with their coin. The days of consumers passively absorbing a TV commercial—or, for that matter, a banner ad—are over. People research purchases as never before, and they read peers’ opinions about brands and products. [Emphasis ours]
Business Week’s article focuses on companies like Ford, McDonalds and American Express and their efforts to be more transparent and responsive to the concerns raised by consumers and advocates.
It’s easier than ever for consumers to switch brands – or avoid purchases altogether – which is why businesses need to focus on all aspects of the consumer experience, not just customization or value.
As the article notes, trust has moved back to the top of many corporations’ outreach efforts. Yes, that means such things as stressing quality and new technology, but it also means responsible use of consumer’s personal information. As headline after headline has shown, there are few better ways for a company to undermine trust than to act cavalierly with its users data.
Many businesses have responded to their awareness of the key role privacy plays in ensuring trust by appointing a senior level chief privacy officer to help oversee their practices. Across almost every business sector, the International Association of Privacy Professionals now reports 6000 members. Oddly, one sector which makes robust use of consumer data is underrepresented. The major advertising agencies, charged with protecting and enhancing the brands of their clients and often delving deep into consumer data use to do so, do not appear to be active in privacy circles. WPP has a senior executive charged with privacy; the others surely are aware of the proliferating privacy issues today, and it would be in their interest to be more visible, one would think.
AS BW makes clear, engaging users and critics before they blog, Facebook and Twitter their gripes to the world is smart business and key to maintaining a trustworthy brands. The ad agencies charged with responsibility for those brands would do well to recognize the importance of trustworthy data practices to the success of those brands.
Kudos to Rebecca Herold on Smart Grid Work…
Rebecca Herold, the newest member of our smart grid privacy working group, was a lead drafter of the Smart Grid Privacy Impact Assessment released today by NIST. At her site, she provides some of the background to the drafting process, and includes some key material that didn’t make it in to the final document. Kudo’s to her for some groundbreaking work. Follow Rebecca @PrivacyProf on Twitter for great privacy commentary on the grid, health care IT and general privacy.
