Original URL: http://www.theregister.co.uk/2009/06/29/bennett_google_privacy/
A Google monopoly today means packet snooping tomorrow
A plan to protect our privacy
Posted in Broadband, 29th June 2009 13:11 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Now that America’s lawmakers have repaired the world economy, they can turn their attention to more mundane matters, such as saving the Internet.
There’s an inherent conflict between traditional notions of personal privacy and the Internet’s emerging goldmine, targeted advertising. Other than the subscription fees that carriers collect for access to the Internet itself, the only reliable revenue stream the ’Net has ever generated is ad sales, which mostly depend on the advertiser having knowledge of the consumer’s tastes and interests.
Google's targeted advertising program AdSense is even more intrusive than the controversial Phorm and NebuAd systems. For example, Gmail scans your personal communication for keywords - there is no opt-out, and using a secure tunnel is no protection. More recently, Google has stepped up the aggressiveness of its program by shifting the tracking cookie used by AdSense from an opt-in to an opt-out system of consent, where opting-out requires arcane knowledge on the part of the consumer
"The tension between privacy and revenue took center stage in a House Subcommittee on Communications, Technology, and the Internet hearing on Internet privacy at which I was a witness recently. The new chairman, Rick Boucher, intends to conduct a series of hearings around a privacy bill he’s promised to introduce later in the session, the next of which will include actual ad merchants, such as Google and Yahoo.
No major American ISP is currently using DPI to track consumer behaviour, and the web trackers would prefer it remains that way. The practical implication of the current state of play would have Google gaining a functional monopoly on targeted advertising in the very near future, at which point we might reasonably expect Congress to beg ISPs to start using DPI to track consumer behaviour.
Instant Karma
As Scott McNealy and others have observed, there’s precious little privacy on the Internet. I was reminded of this by the author of one of the first Internet RFCs on my flight to DC. But that doesn’t prevent Google’s champions from using the privacy canard to preserve the status quo. Rep. Anna Eshoo (D, Google) tried to skewer me before the committee because of a remark in my written testimony [1] on the conflict between privacy and targeted advertising - I suggested that the only way to ensure personal privacy in the long term is for users to pay for content and services. The threat to privacy isn’t technical. It is a consequence of the Internet’s business model.
Eshoo quoted one of my sentences, calling it a modern day “Modest Proposal,” and asked the fire-breathing privacy advocates what they thought about it. The answer she got set her back on her heels, as the only witness to answer, EPIC chairman Marc Rotenberg, took the point even further, warning that the growth of unfettered advertising would come to have a corrupting effect on publishing itself, leading to a credibility meltdown of sorts.
Score 1-nil to the geek.
The Kumbaya Moment
While the hearing started on shaky legs, it was apparent toward the end that there’s considerable agreement that a legal framework for personal privacy needs to be created that covers all the technical bases.
Until now, the privacy debate has focused on particular ways of obtaining preference and stressed opt-in vs. opt-out. This approach is wrong-headed, as web spiders can extract more personal information from the Internet than DPI can. So the privacy problem actually needs to focus on what happens to dossiers of personal information that ad merchants own, regardless of how the information was obtained.
The new consensus dictates that the key issues are the protection of archived information from abuse, consumer notification about what’s held by whom and how it’s used, and the ability to have archived information erased. In the course of the discussion I suggested that consumers need periodic reminders of which services are building databases on their behaviour and the ability to have them erased. This notion found favour with the committee and the other witnesses.
While Washington continues to host fanatics on both sides of the policy spectrum, the current mood is one of pragmatism and regulatory restraint. While Obama Administration figure Susan Crawford and members of Congress with close ties to Google (primarily Silicon Valley congresswomen Lofgren and Eshoo) continue to promote wild-eyed, Utopian notions of net neutrality that simply protect the search monopoly’s position, my sense is that they’re outnumbered by pragmatists who would be pleased to allow a lightly-regulated market and the public relations machinery of the public interest organizations to correct egregious practices wherever they’re found.
How long this fit of temporary sanity will persist in Washington is anyone’s guess, but for the moment there’s not much to worry about on the banks of the Potomac.®
Richard Bennett is a Silicon Valley network architect and technical consultant. He blogs at BroadbandPolitics.com [2]