Computers, Privacy & the Constitution

View   r3  >  r2  ...
GlennLortscherFirstPaper 3 - 29 Mar 2008 - Main.GlennLortscher
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper%25"
Line: 9 to 9
 How much are lists of nouns worth? Quite a lot, if you can tie them to individuals. Google's AdWords? network has seen unprecedented growth doing just that-- scouring information from email, forms, and website content to sell individually- and demographically-targeted advertisements. Yahoo, playing catch-up, has increased the number of times it collects such data from its visitors each month to 2,520 (compared to Google's 578). As long as targeted advertising stays profitable, this type of data collection will continue to grow in size and sophistication (see Phorm, for an extreme example).
Changed:
<
<
This is arguably fine, as long as consumers consent to how their information will be used. But website privacy policies are inadequate, and often cleverly worded to allay privacy concerns and maximize usage rights. If users knew the big picture-- how companies actually use their information, many would act differently. Several good solutions have been proposed, such as a Nutrition Facts-inspired label required on websites that collect any personal information. [1] In this paper, I flesh out why such a regulation is necessary and how to implement it in a way that empowers consumers.
>
>
This is arguably fine, as long as consumers consent to commercial use of their information. But website privacy policies are inadequate, and often cleverly worded to allay privacy concerns and maximize usage rights. If users knew the big picture-- how companies actually use their information and how much it is worth, many would act differently. Working toward this more results-based view of consent ("informed" consent, perhaps?), one solution is to require a Nutrition Facts-inspired label on all sites that collect any personal information. [1] In this paper, I flesh out why such a requirement is beneficial and how to implement it in a way that empowers consumers.
 
Changed:
<
<

Types of Personal Information

>
>

A Framework for Personal Information Online

 
Changed:
<
<
Consumers generally provide personal information to commercial websites for three purposes: to make purchases, to access services, or to add content to a social network or message board. In the first instance, for example, when a consumer buys a camera online, she provides her full name, telephone number, shipping and billing addresses, and credit card information. This information is kept in the form of electronic sales records. A consumer's expectations for usage of these records are grounded in the real world-- just like in-store or phone purchases, sales records can help resolve billing conflicts and facilitate product exchanges and returns.
>
>
Consumers generally provide personal information to commercial websites for three purposes: to make purchases, to access services, or to add content to a social network or message board. In the first instance, a consumer might buy a camera online. Her purchase information is kept in the form of electronic sales records. A consumer's expectations for usage of these records are grounded in the real world-- sales records can help resolve billing conflicts and facilitate product exchanges and returns, just like at the store.
 
Changed:
<
<
Second, where personal information is exchanged for access to online services, usage of this information remains murky for consumers, since the economic value of such information is left unclear. That users treat these fields much like annoying End User License Agreements, clicking past them as quickly as possible, can be seen in the popularity of automated form-fillers like Gator and Roboform . A classic example is the New York Times, which requires free user registration to view much of its online content. The New York Times then uses this personal information to sell expensive, highly-targeted advertisements. [5] But user registration is not presented to consumers as a valuable transaction. It's easy for users to assume they're paying for content solely by viewing ads, just like on the TV, and not also by providing the personal information used to target those ads.
>
>
In the second instance, a consumer provides personal information in exchange for access to online services, such as a social network or comparison shopping service. But the economic value of such information is rarely made clear. Take the New York Times for example, which uses personal information from free registrations to sell expensive, highly-targeted advertisements. But the NYT policy frames the exchange as being a matter consumer convenience-- targeted ads are more useful. The result being that users treat registration fields much like annoying End User License Agreements, clicking past them as quickly as possible, a behavior epitomized by the popularity of automated form-fillers like Gator and Roboform .
 
Changed:
<
<
Third, where personal information, preferences, and opinions are revealed in user-generated content, consumers have no expectations for how this content might be mined and tied back to their various online persona. This is likely due to several user assumptions: that companies have little interest in reading user-generated content; that information revealed in content, as opposed to neatly-titled registration fields, is safe from mining and analysis; and that because there is no privacy release when posting content, that content is safe from being mapped back to the user's profile. These assumptions are usually incorrect, since most registration agreements state that all user-created content is "public", giving the website carte blanche permission to analyze and map that data however it pleases-- an unexpected outcome for most users.
>
>
Third, where personal information, preferences, and opinions are revealed in user-generated content, consumers have no expectations for how this content might be mined and tied back to their various online identities. Users may be assuming that information revealed in content, as opposed to neatly-titled registration fields, is safe from mining and analysis, and the content fields lack privacy releases anyway. These assumptions are usually incorrect, since most registration agreements state that all user-created content is "public", giving the website carte blanche permission to analyze and map that data however it pleases-- an unexpected outcome for most users.
 
Changed:
<
<
This last example strikes at the core of the Privacy Policy problem-- seemingly innocuous provisions that ultimately fail to inform users what is actually done with information. By consenting only to vague processes, and not their outcomes, websites are at most obtaining barely informed consent. While companies use consumer information for pretty distinct purposes, from the consumer's point of view, all web forms appear the same. When Joe Consumer sees the Almighty Required Field Star when creating an Expedia account, is he going to enter "Easter J. Bunny" or his real name? With corporations in the better bargaining position, there is a strong case for regulatory intervention to achieve greater clarity for consumers.
>
>
Of course, in reality the lines between information types aren't so clear. But the last instance strikes at the core of the Privacy Policy problem-- seemingly innocuous provisions that ultimately fail to inform users what is actually done with information. By consenting only to vague processes, and not their outcomes, websites are at most obtaining barely informed consent. While companies use consumer information for pretty distinct purposes, all web forms appear the same to the consumer. When Joe Consumer sees the Almighty Required Field Star when creating an Expedia account, is he going to enter "Easter J. Bunny" or his real name? With corporations in the better bargaining position, there is a strong case for regulatory intervention to achieve greater clarity for consumers.
 

The Solution: Before, During, and After

Changed:
<
<
Since current privacy policies and terms of use are not successfully informing users about what happens to their data, then revealing those outcomes is the first step toward informed consent. To accomplish this, I propose that as long as a website wishes to retain personal information for use that extends beyond mere purchase records, it must take comprehensive steps before, during, and after it retains such information to inform and empower users.
>
>
Revealing privacy outcomes is the first step toward informed consent online. I propose that as long as a website wishes to retain personal information for use that extends beyond mere purchase records, it must take comprehensive steps before, during, and after it retains such information to inform and empower users.
 

Before: Privacy Facts

Changed:
<
<
Before a user submits personal information, a Nutrition Facts-inspired Privacy Facts label should briefly summarize whether the website reserves any right to transfer or use personal information, and how (i.e. "Yes/No/Consent Required"). The label should also summarize any past transactions in user information with subsidiaries, affiliates, and third parties, including the dates and parties of the transaction, as well descriptions of all data transferred (i.e. "names, zip codes, hobbies"). Websites that conduct few or no transactions in user information will thus have nice, small labels. A Privacy Facts label would thus incentivize websites to pursue honest information policies, cutting off any attempts to allay concerns of potential users with a boring, overly general, and marketing-conscious privacy policy. By forcing websites to reveal cold hard facts and numbers beforehand, consumers can see for themselves how each website values privacy.
>
>
Before a user submits personal information, a Nutrition Facts-inspired Privacy Facts label should inform the user of all usage and transfer rights (i.e. "Yes/No/Consent Required"). The label should also summarize any past transactions in user information with subsidiaries, affiliates, and third parties, describing of all data transferred (i.e. "names, zip codes, hobbies"). The result is nice, small labels for websites that minimize information collection; conversely, social networks should have huge labels. Forcing websites to reveal cold hard facts and numbers will cut off many attempts to allay privacy concerns with boring, overly general, and marketing-conscious privacy policies.
 
Changed:
<
<

During: Complete Disclosure

>
>

During and After: Disclosure and Destruction

 
Changed:
<
<
While a user maintains an account (or, on websites that track users by IP address, a reasonable period of time), that user should have an easily accessible and complete profile of what is being tracked, how it is used, and to whom it is available.

After: Verified Destruction

As long as a website wishes to use personal information beyond purchase records, it must offer consumers the option to terminate the relationship, including all personal and associated information. The option must be easy to locate, and the destruction of this information must be verifiable.

>
>
As long as a website retains user information, that user should have an easily accessible and complete profile disclosing all retained information, how it is used, and to whom it is available. As long as that site wishes to use the information for more than purchase records, it must indefinitely present an offer to terminate service in exchange for information destruction.
 

Conclusion

Changed:
<
<
If a website wants to profit from the retention of personal information, it must be prepared to protect the interests of those whose information it seeks to exploit. So far, websites have failed to prove that they can be trusted to independently seek informed consent. Private sector solutions like the TRUSTe Web Privacy Seal may only further mislead consumers, since they still fail to inform consumers about outcomes, while encouraging them to reveal their information. Further, a private solution would likely never rock the privacy boat, for fear that it might scare off its membership. Thus, as personal information increases in value, I argue that regulation as outlined above is the necessary path to empower consumers and protect consumers in managing this information.
>
>
There is a growing gap between the actual value of personal information and consumers' perceived value of such information. A Privacy Facts label would help close this gap by unveiling, concisely, what websites track. While there are private sector solutions, like the TRUSTe Web Privacy Seal, they still fail to inform consumers of the real outcomes of revealing personal information. Further, their voluntary nature makes true change difficult. Thus, as personal information value gap increases, I argue that requiring a Privacy Facts label is the necessary path to empowering and protecting consumers.
 [1] S. Tian, "All I Want for Christmas is A New Privacy Policy"
Added:
>
>
Word Count: 943
 # * Set ALLOWTOPICVIEW = TWikiAdminGroup, GlennLortscher \ No newline at end of file

Revision 3r3 - 29 Mar 2008 - 20:47:02 - GlennLortscher
Revision 2r2 - 24 Mar 2008 - 06:55:36 - GlennLortscher
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM