For the US federal government, privacy rights on the Internet -- or more precisely, control of personal information -- is a thorny issue.
Like many aspects of tech policy, Washington looks at this issue through the prism of standing law, inherited from a time when the ability and motivation to harvest, store, examine, and sell this kind of information was very different. Current laws about privacy were driven by concerns raised by telephone and direct-mail solicitors, where opt-outs and “do not call lists” were big political winners.
And like many current controversies around the Internet, the issue of personal information control pits companies with different business models against each other. Most firms making money off of Internet advertising (which includes virtually all of the free Internet) want to be able to use personal information the better to monetize eyeballs; those who don’t rely on advertising have a continuum of interests depending on what they sell. The firms that sell subscription services can afford to be privacy hawks, but those that depend on repeat sales of small-ticket items, as Amazon.com Inc. (Nasdaq: AMZN) does, are dying for as much information about potential buyers as they can get.
The personal information issue passed a major milestone last week as the Senate convened its most serious hearing on the matter to date. The panel featured a star-studded cast, including Facebook (Nasdaq: FB), Google (Nasdaq: GOOG), Apple Inc. (Nasdaq: AAPL), AT&T Inc. (NYSE: T), and the heads of both the Federal Communications Commission (FCC) and the Federal Trade Commission .
The content of the hearing was much more general than that of the first hearing in the House Subcommittee on Communications, Technology, and the Internet last April, at which I was a witness. The House Subcommittee wanted to understand the technologies that collect personal information (such as tracking cookies, Deep Packet Inspection, and GPS reports) while the Senate Committee was more concerned with retention and sale of the information once it’s been gathered.
The Senate’s emphasis is consistent with some of the testimony I gave to the House, but not all of it.
We have technologies that permit all Web activity to be tracked at both the browser end of the connection and at the server end. We have business models in which users, knowingly or otherwise, routinely barter personal information for “free” access to information services, and we have a culture of “publicness” in which people willingly share personal information with others in order to expand their social circles for all the obvious reasons. You can’t find the gadget you want to buy around the corner from where you are or the employer you want to hook up with if you don’t share the fact that you’re looking for it, as we all know.
Sharing becomes interesting after these transactions are over, of course. Is Amazon permitted to build a dossier of your entire history of product research, buying, reviewing, and returns? If they are, what protections do they need to put in place in order to prevent your dossier from leaking into the hands of less scrupulous people, and what conditions should limit their ability to sell this information to third parties or use it to target ads to you?
The position that seems to be emerging from the Senate -- which is quite different from the House’s point of view -- is to sharply limit the use of personal information in the sale of ads. Ad placement based on consumer interests (so-called "behavioral targeting") is an important enabler of high-cost information services; it’s probably the only business model with a hope of keeping investigative journalism viable and is a key enabler of the “long tail” of the free Internet. Congress would do well to allow advertising-dependent business models to grow, as the ITIF has argued.
One desired outcome that may emerge from Congress (or more likely, from self-regulation) is an insistence on clarity around the ownership of data uploaded to media-sharing sites like Flickr and Facebook. One of the most important elements of the personal information issue that gets insufficient attention is how our willingness to share personal information changes as we get older, after we’ve found the new job, or when we’re in a relationship. Users should be able to take down media and other information they’ve uploaded when they no longer wish to share it. This is a good current practice that should continue.
It’s easy to dismiss privacy as a 20th century concern that’s nothing more than a speed bump on today’s networks; but basic standards of personal control will go a long way toward assuaging the fears that keep a quarter of Americans off the Internet. It’s therefore in everyone’s interest for Congress to move ahead with a progressive, 21st century notion of privacy that allows new business models to develop, free services to be supported, and users to maintain basic control over the information they want to share with their friends.
— Richard Bennett is an ITIF Senior Research Fellow specializing in broadband networking and Internet policy.