Internet Privacy 2010 – "big cookies" and the global discussion
Concern and debate about the ethical issues of having a third party track and sell the online habits of PC users is not new in the Internet age. However, the debate over personal privacy on the Internet is heating up dramatically in 2010 and gaining global attention from civic and government organizations around the world. The impetus for a renewed focus on standardized levels of consumer privacy online is largely driven by new technology in cookie-tracking tools that are earning a name in some industry circles as “super cookies.”
To understand the latest round in the online privacy debate, we must first get a brief, non-technical overview of what a supercookie is and how it differs from a standard browser cookie. The standard browser cookie is familiar to most PC users. It is a small piece of non-viral text that a web browser stores on a user’s computer primarily for authentication, session tracking, user preferences, shopping carts, etc. but it also allows the capture of personal information and preference data. Web bugs are particularly sneaky cookies that can be deposited on your PC through your browser or through a small 1X1 pixel graphic that can be stored in a document or email that someone sends you. Standard browser cookies are, for the most part, easy to identify and delete, if you wish, through your browser’s cookie management tools.
The new generation of super cookies transcends traditional settings and can be used for the same good or questionable purposes. What really differentiates a supercookie from a standard cookie is how they track a user’s online activity, what they are storing, and the difficulty of identifying and managing a supercookie. Today’s super cookies are synonymous with Adobe Flash and Microsoft Silverlight cookies, which are browser-independent.
According to a WIRED.com article I recently read about a UC Berkeley report on Internet privacy, the phenomenal explosion of non-browser cookies created through tools like Adobe Flash and Microsoft Silverlight should give us pause. The article quotes from the report that “More than half of the major Internet websites use Flash cookies to track users and store information about them.”
Adobe Flash software is estimated to be installed on approximately 98% of personal computers. Therefore, when you visit a site like YouTube, you are likely using a multimedia tool like Adobe Flash that may deposit a cookie on your system each time you visit it. The cookie is not actually in your browser, where you would normally be able to find and delete it. They are browser independent, so even if you change browsers, that cookie will still be on your system, tracking your next online visit and building up an ongoing profile of your habits. Most alarmingly, few sites acknowledge the use of Flash in their privacy statements.
The fundamental concern is how much and to what extent anyone’s online habits can be stored for behavioral targeting and online contextual advertising when the user does not know how and what is being tracked. Especially when the user believes that he is taking adequate measures to protect her privacy. In general, the question on the table is “Who regulates the tracking and sale of personal and online shopping data?”
With the proliferation of super cookies, government and industry regulation is evolving as an agenda item in the Internet privacy debate as it relates to stored online activities. The “Do Not Call” telemarketing database protection from several years ago (and Unsolicited FAX many months prior) is largely working. It’s not perfect, but it does offer consumers some level of protection against invasion of privacy. The same applies to CANSPAM laws to opt out of unsolicited email from a business. It’s not okay for him to call me over dinner if I explicitly ask him not to. Similarly, if I opt out of receiving email requests from a company, I should not expect further email from that company within a reasonable period of time that allows the company to mark me as “no email” in its database. data. Now, however, our online habits are being tracked, bought and sold without our knowledge and subtly re-sold in the way of our next “suggested” site visit or “contextual ad.”
The consumer privacy ramifications of super cookies are already on the radar of the Federal Trade Commission (FTC), many state offices of the US government, and global Internet privacy organizations. It will be interesting to follow the outcome of the recent FTC roundtable discussions on this topic that took place in California in January 2010. Also, let’s see how Barbara Anthony, the Assistant Secretary for Consumer Affairs in Massachusetts, can lead the way. with your statement that you want similar consumers. online data protection in her home state before March 1. All we ask for when it comes to our online privacy is something like a gentleman’s agreement regarding disclosure and recourse. We just want a level playing field, regulated by industry or government that protects us in an age of unscrupulous business practices, identity theft, and invisible collection of personal data.
On the technology side, we know there will be a huge increase in the code and practices that generate viruses, malware, and spam. We also know that the good creative vendors will stay very close to the bad ones who create these vile things. But super cookies don’t come from bad guys in an unidentified location. They come from large companies with strong ties to industry and access to the pockets of government lobbyists.
The online user is at a disadvantage because super cookie management technology seems to be in its infancy. Even if there is government or industry self-regulation in the coming months and years, the user needs a comprehensive tool to automatically manage and manually adjust all types of allowed and disallowed cookies according to their personal data protection requirements. With all the renewed global discussion about online privacy, especially since the recent proliferation of super cookies, 2010 will likely be a watershed year for positive changes in online consumer protection.
