Home/red-rock-eater/[RRE]DoubleClick privacy questions

[RRE]DoubleClick privacy questionswriting

militaryeducationinternationalmediaenvironmentsurveillanceprivacycryptographyactivismlawcommercegovernment-infohealth
2000-03-02 · 6 min read · Edit on Pyrite

Source

Automatically imported from: http://commons.somewhere.com:80/rre/2000/RRE.DoubleClick.privacy..html

Content

| | | | --- | --- | | Red Rock Eater Digest | Most Recent Article: Wed, 5 Jul 2000 |

[RRE]DoubleClick privacy questions

``` [Faced with possible action by the FTC in response to complaints by privacy activists (in addition to the ones I've already mentioned on RRE, see ), DoubleClick has announced that it is abandoning the online profiling plans that were so widely denounced a while back. Yet several questions remain. USA Today had reported that DoubleClick "has begun tracking Web users by name and address as they move from one Web site to the next", yet the company's press release specifically denies this. DoubleClick has not ruled out connecting anonymous cookie information with personal identities and profiling information from other sources. To the contrary, it reserves the right to go ahead once "there is agreement between government and industry on privacy standards". Meanwhile, CNET is reporting today that Richard Smith has discovered that sensitive personal financial data entered into the Intuit Web site was being sent to DoubleClick; Intuit claims that this was happening without their knowledge and would constitute a violation of DoubleClick's contract. Smith believes that this is happening at numerous sites, and that it results in these sites violating their own privacy policies.

Internet electronic commerce is giving rise to a new privacy disaster about once a week. Usually these sorts of panics are overblown, but the weird thing here is that most people are too complacent. "It's a one-time thing. It just happens a lot." The vast majority of people, including many in the computer industry, woke up to the Internet very recently; they take it as a given, and they have no way of imagining how it could be any different. Maybe you need to have been doing this stuff for decades to realize what a pile of junk it all is. It is not a superficial problem, and the necessary structural solutions won't happen unless a significant amount of force is applied. To this end, the FTC should be made responsible for enforcing the Fair Information Practices and promoting the adoption of privacy-enhancing technologies based on public-key cryptography.

The great danger is that the applications architecture we have right now will freeze in place due to well-known standards dynamics. We can't blame the people who designed the stuff; they assumed that they were sketching a first rough draft, not setting something in stone for all time. If we can't change those first rough drafts once they become widely used, then the ideological image of the Internet as a roiling cauldron of endless structural change is (like so much of the received wisdom in this area) the opposite of the truth. And in that case, we need to adopt a more deliberative method for adopting the standards that increasingly govern our lives.

One structural problem is that the client-server architecture of the Web is misconceived. The client-server concept arose in contexts such as proprietary airline reservations systems in which the institutional relationship between client and server is fixed and well-understood. In such an environment, it makes sense for the technological boundary between client and server to be invisible to the user: the moral and legal boundary is provided by the well-understood contract. As the client-server model moved onto public networks such as the Internet, however, the underlying assumption of a fixed and well-understood institutional relationship between client and server was undermined. A Web client transacts business with an unbounded variety of servers, and the institutional relationship between them -- the rules that govern privacy and a hundred other things -- are no longer fixed or well-understood. Yet the boundary between client and server is still invisible. It will simply not be possible to solve privacy problems in Web-based electronic commerce until this profound architectural and user-interface problem is repaired, and that will require substantial revisions to the most basic conception of the Web.

We can begin to imagine what this would look like: take the tools that sophisticated security experts like Richard Smith use to watch packets moving into and out of your personal computer, make those tools an integral part of the operating system, and incorporate user- friendly interfaces for those tools into the architecture of the Web browser. Those stupid pop-up windows that say "you've gotten a cookie XQW27RTOX990876GHRX91 from tormentor666.redzone.doubleclick.com; do you want to accept it?" are a band-aid version of this. They are not built into the operating system, they are annoying, and they are not intelligible to the user. They're designed to make you turn them off. We can do an awful lot better, but first we have to think in moral and legal terms about what personal boundaries are, and the respective roles of technology, policy, markets, consumer education, and community norms in supporting them.

Last point. If you're not grossed out enough by Internet privacy and security already, see .]

---

This message was forwarded through the Red Rock Eater News Service (RRE). You are welcome to send the message along to others but please do not use the "redirect" option. For information about RRE, including instructions for (un)subscribing, see http://dlis.gseis.ucla.edu/people/pagre/rre.html

---

Press Releases

STATEMENT FROM KEVIN O'CONNOR, CEO OF DOUBLECLICK

NEW YORK, March 2, 2000 - "Over the past few weeks, DoubleClick (Nasdaq: DCLK) has been at the center of the Internet privacy controversy. During this time, we have met and listened to hundreds of consumers, privacy advocates, customers, government officials and industry leaders about these issues. The overwhelming point of contention has been under what circumstances names can be associated with anonymous user activity across Web sites."

"It is clear from these discussions that I made a mistake by planning to merge names with anonymous user activity across Web sites in the absence of government and industry privacy standards."

"Let me be clear: DoubleClick has not implemented this plan, and has never associated names, or any other personally identifiable information, with anonymous user activity across Web sites."

"We commit today, that until there is agreement between government and industry on privacy standards, we will not link personally identifiable information to anonymous user activity across Web sites."

"This action does not affect our core business activity. It means we are going to await clear industry standards before we decide the future direction of a number of new products. We will continue to expand our successful media, technology, e-mail and offline data businesses. We will also continue to abide by common industry practices in building anonymous profiles for ad targeting."

"Since founding DoubleClick only 4 years ago, our company has grown to 1,800 employees with more than 7,000 customers worldwide. We are helping thousands of companies become successful in our new economy. I'm proud of DoubleClick's leadership as an innovator in improving the value of Internet advertising and keeping the Internet free for consumers. Taking risks, inventing new products and services, and correcting mistakes is a sign of responsible leadership."

"Creating industry policies involving something so incredibly important to our global economy and individuals is not something to be taken lightly. We all agree on the goals: keep the Internet free while protecting consumer privacy. It is now time for industry, consumers and government to develop a clear set of guidelines that help create a healthy, free Internet while protecting the privacy of all consumers."

About DoubleClick Inc. DoubleClick Inc. (www.doubleclick.net) is a leading provider of comprehensive global Internet advertising solutions for marketers and Web publishers. Combining technology, media and data expertise, DoubleClick centralizes planning, execution, control, tracking and reporting for online media campaigns. DoubleClick Inc. has Global headquarters in New York City and maintains over 30 offices around the world. ```

| | | --- | | ProcessTree Network TM For-pay Internet distributed processing. | | Advertising helps support hosting Red Rock Eater Digest @ The Commons. Advertisers are not associated with the list owner. If you have any comments about the advertising, please direct them to the Webmaster @ The Commons. |