IDG News Service - An old privacy model in which websites gave consumers notice about what information they were collecting and allowed them to opt out isn't working in an age of "unprecedented" online tracking, a member of the U.S. Federal Trade Commission said Monday.
The FTC will continue to push for a universal, persistent mechanism that allows Web surfers to stop websites and applications from tracking them, said Commissioner Julie Brill. The universal do-not-track mechanism should apply to mobile devices and applications as well as traditional websites, she said during a speech at the Center for American Progress in Washington .
Web-based companies are "harvesting and trading in information about where we are, what we do, who we meet and what we buy," Brill said. "The amount of tracking of an individual's behavior online -- what sites she visits, what ads she clicks on, what she says when she chats and where she wanders through the day -- is unprecedented."
Brill didn't advocate for new laws to enforce a do-not-track mechanism, but she called on mobile carriers and app providers to support do-not-track mechanisms that the FTC first suggested in December 2010. "This branch of the information superhighway is in desperate need of basic reform," she said.
Much of the online tracking is invisible to consumers, resulting in privacy concerns, Brill said. The FTC's notice-and-choice model for consumer control of their online privacy, adopted in the 1990s, is outdated in the face of increasingly sophisticated tracking techniques, she said.
"The theory is sound, but it has proven unworkable," Brill said. "It is not reasonable to expect consumers to read and understand privacy policies, most about as long and as clear as the Code of Hammurabi, especially when all that stands between them and buying that new flat-screen TV or downloading the latest version of Angry Birds is clicking the little box that says, 'I consent.'"
One privacy advocate at the event called for additional steps to protect online privacy. Websites shouldn't be allowed to track children and teens, and the Internet industry should pay for a comprehensive public awareness and education campaign about online privacy, said Jim Steyer, founder and CEO of Common Sense Media, an advocacy group focused on child-friendly media and technology.
The Internet industry should also pay for a mechanism that would allow a Web user to erase online information about himself, including information posted about him by other people, Steyer said.
There are currently few rules governing the tracking of children online, Steyer said. "It's essentially a wild, wild West environment," he said.
In May, U.S. Reps. Ed Markey (D-Mass.) and Joe Barton (R-Texas) introduced the Do Not Track Kids Act, which would prohibit websites from delivering targeted marketing to children based on tracking and would establish an "erasure button" allowing children to eliminate online personal information about them when technically feasible.
But privacy lawyer Chris Wolf, co-director of the Future of Privacy Forum, noted that several groups have criticized the bill for being overly broad. The legislation could lead to colleges and music groups being prohibited from sending e-mail messages to teens, he said.
An eraser button may not be technically possible, added Ed Felton, the FTC's CTO. A website should be able to delete all the information about a user when a user cancels his membership, but it would be difficult for a someone to erase all information about himself across the Web, he said. Designing a technology-based eraser button would be a "head scratcher," Felton said.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts