Internet privacy conflicts

By: Scott Bradner

The Wall Street Journal just published the 6th article in its excellent series about Internet privacy, or the lack of it. (http://online.wsj.com/public/page/what-they-know-digital-privacy.html?mod=quicklinks_whattheyknow) This article (http://online.wsj.com/article/SB10001424052748703904304575497903523187146.html?mod=WSJ_Tech_LEADTop) focus on web sites and ad companies tracking kids on-line.. It shows that kids are tracked even more extensively than adults, if that is possible. Meanwhile, over in Europe things are about to get much harder for the trackers.

The previous Journal article on third party tracking of Internet users was scary enough. (See The price of free Internet: a piece of your soul - http://www.networkworld.com/columnists/2010/080310bradner.html) The latest article will strike fear, and cause feelings of revolution, in the hearts of parents all over the US. The Journal research showed that the top 50 kid centric web sites installed an average of 30% more tracking cookies, beacons and other pieces of tracking technology than did the top 50 adult-targeted sites. The journal also found that some companies were openly selling the information they got from this tracking. One was shamed into stopping when the Journal came calling but the article paints a very sad picture of the aggressive lack of concern these companies have for the privacy of their users.

Meanwhile, in a related story, on the same day the New York Times published an article entitled "Cloud Computing Hits Snag in Europe." (http://www.nytimes.com/2010/09/20/technology/20cloud.html?ref=technology) The gist of this story is that European companies have been slow to move to cloud computing, at least in part because of European data privacy laws. Europe has some quite strong laws that block the movement of data gathered about identifiable individuals to anyplace outside the European Union (EU) unless that place protects such information at least as well as does the EU. The US explicitly is seen in Europe as not having any useful data privacy laws. Google seems to have figured out a way to limit where data can go, at least for the US Government (http://www.physorg.com/news199372748.html) but I have not seen any indication that Google will offer the same assurance to its other customers here or in Europe.

Since many of the sellers of cloud computing services will not, or cannot, provide guarantees about where in the world data might wind up, European companies are not legally able to use such cloud services for employee or customer data. That limits the usefulness of the services in Europe. The Times quotes Gartner as estimating that $8.3 B will be spent in the US this year on cloud services while all of Europe will only spend $18 B. At this point European law is scheduled to get even tougher. For example, over then next few months the EU countries are supposed to pass laws requiring opt-in for web cookies, the very sort of tracking technology the Journal article shows to be running amuck in the US. (http://www.theregister.co.uk/2010/09/17/eu_cookie_law/) That could put quite a dent in the legal ability of those companies to track anyone in Europe.

The Times article says that Microsoft has called for "a comprehensive, workable global privacy framework that is consistent, flexible, transparent and principles-based." A lot of nice words there - but arranged in a way that makes it clear that Microsoft thinks that the framework should just trust companies to do the right thing rather than making any actual rules. For what its worth, while I sort of trust Microsoft to see any private information it has about me as a company resource and thus something to be exploited by Microsoft itself rather than being sold to others. I do not feel that way about any of the many ad companies that the Journal has been writing about.

disclaimer: As far as I know the main thing Harvard exploits is the good will of it’s alums so the above privacy lament is mine, not the university's.