Privacy Working Group

The Obama administration is proposing to scale back a long-standing ban on tracking how people use government Internet sites with “cookies” and other technologies, raising alarms among privacy groups.

A two-week public comment period ended Monday on a proposal by the White House Office of Management and Budget to end a ban on federal Internet sites using such technologies and replace it with other privacy safeguards. The current prohibition, in place since 2000, can be waived if an agency head cites a “compelling need.”

Supporters of a change say social networking and similar services, which often take advantage of the tracking technologies, have transformed how people communicate over the Internet, and Obama’s aides say those services can make government more transparent and increase public involvement.

Some privacy groups say the proposal amounts to a “massive” and unexplained shift in government policy. In a statement Monday, American Civil Liberties Union spokesman Michael Macleod-Ball said the move could “allow the mass collection of personal information of every user of a federal government website.”

Even groups that support updating the policy question whether the administration is seeking changes at the request of private companies, such as online search giant Google, as the industry’s economic clout and influence in Washington have grown rapidly.

Two prominent technology policy advocacy groups, the Electronic Privacy Information Center and Electronic Frontier Foundation, cited the terms of a Feb. 19 contract with Google, in which a unnamed federal agency explicitly carved out an exemption from the ban so that the agency could use Google’s YouTube video player.

Read More

For all the concern and uproar over online privacy, marketers and data companies have always known much more about consumers’ offline lives, like income, credit score, home ownership, even what car they drive and whether they have a hunting license. Recently, some of these companies have started connecting this mountain of information to consumers’ browsers.

The result is a sea change in the way consumers encounter the Web. Not only will people see customized advertising, they will see different versions of Web sites from other consumers and even receive different discount offers while shopping — all based on information from their offline history. Two women in adjoining offices could go to the same cosmetic site, but one might see a $300 Missoni perfume, the other the house-brand lipstick on sale for $2.

The technology that makes the connection is nothing new — it is a tiny piece of code called a cookie that is placed on a hard drive. But the information it holds is. And it is all done invisibly.

“Now, you’re traveling the Internet with a cookie that indicates you’re this type of consumer: age group X, income level, urban versus rural, presence of children in the household,” said Trey Barrett, a product leader at Acxiom, one of the companies offering this linking to marketers.

Advertisers and marketers say this specificity is useful, taking out the guesswork involved in online-only profiling, and showing products to the people most likely to be interested. Retailers including Gap and Victoria’s Secret are using this tactic.

But consumer advocates say such unseen tracking is troubling. On the old Internet, nobody knew you were a dog. On the new targeted Internet, they now know what kind of dog you are, your favorite leash color, the last time you had fleas and the date you were neutered.

“The industry’s love affair with persistent cookies has made it virtually impossible for users to go online without being tracked and profiled,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, in an e-mail message.

While Congress has been holding hearings on online privacy lately, the sessions have focused on online behavioral targeting. The industry has argued that no government intervention is needed, an argument that the Federal Trade Commission has so far accepted.

Consumers can avoid cookie-based tracking by deleting cookies from their computers or setting their browsers not to accept cookies. But few do, and privacy advocates say it is easy for companies to add cookies without users noticing.

For decades, data companies like Experian and Acxiom have compiled reams of information on every American: Acxiom estimates it has 1,500 pieces of data on every American, based on information from warranty cards, bridal and birth registries, magazine subscriptions, public records and even dog registrations with the American Kennel Club.

Read More

During the Open Government Initiative outreach, Federal employees and the public have asked us questions about the federal government’s policy on cookies. As part of our effort to create a more open and innovative government, we’re working on a new cookie policy that we’ll want your input on. But before we get into that, let’s provide some context.

In June 2000, the OMB Director issued a memorandum (M-00-13, later updated by M-03-22, http://www.whitehouse.gov/omb/memoranda_default/) that prohibited Federal agencies from using certain web-tracking technologies, primarily persistent cookies, due to privacy concerns, unless the agency head approved of these technologies because of a compelling need. That was more than nine years ago. In the ensuing time, cookies have become a staple of most commercial websites with widespread public acceptance of their use. For example, every time you use a “shopping cart” at an online store, or have a website remember customized settings and preferences, cookies are being used.

This past June, we blogged about ways to enhance citizen participation in government through basic policy changes, including revisions to the current policy on web-tracking technologies. We heard a lot of informal comments on that blog, so we decided to pursue the more formal comment route through the Federal Register (pdf). The goal of this review is to develop a new policy that allows the Federal Government to continue to protect the privacy of people who visit Federal websites while, at the same time, making these websites more user-friendly, providing better customer service, and allowing for enhanced web analytics.

Read the rest of the post here.

By dissecting behavioral data, e-marketers are creating sites armed with predictive technology

By Stephen Baker

Every once in a while in most Web surfers’ lives, a suggestion pops up on the screen that leads them to wonder: How did they know that about me? The moment can seem magical, and a bit creepy.

Consider this one. A shopper at the retail site FigLeaves.com takes a close look at a silky pair of women’s slippers. Next a recommendation appears for a man’s bathrobe. This could seem terribly wrong—unless, of course, it turns out to be precisely what she wanted. This type of surprising connection will happen more often as e-marketers adopt a new generation of predictive technology. It’s fueled by growing rivers of behavioral data, from mouse clicks to search queries—all crunched by ever more powerful computers.

Why the bathrobe? ATG (ARTG), a Cambridge (Mass.) e-commerce software company that crunches data for FigLeaves, has found that certain types of female shoppers at certain times of the week are likely to be shopping for men. Like all Web recommendations, this one will be wrong a good portion of the time. But as marketers scrutinize shoppers in greater detail, they’re edging closer to their ultimate goal: teaching computers to blend data smarts with something close to the savvy of a flesh-and-blood sales clerk. “In the first five minutes in a store, the sales guy is observing a customer’s body language and tone of voice,” says Mark A. Nagaitis, CEO of 7 Billion People, an Austin (Tex.) startup that competes with ATG. “We have to teach machines to pick up those same insights from movements online.”

This dissection of online shopping comes amid growing fears about invasions of privacy online. But unlike the most controversial advertising technology, which tracks Web surfers’ wanderings from site to site, many of these “preference prediction” methods limit their scrutiny to behavior on a retailer’s own Web page. Much of the analysis looks simply at the patterns of clicks, purchases, and other variables, without including personal information about the shopper. In most cases, personal details are incorporated only if customers register on sites such as Amazon.com (AMZN) and Walmart.com (WMT) and supply them.

In the early days of e-commerce, most of the analysis focused on simple buying patterns among shoppers. Amazon and others introduced so-called collaborative filtering in the late ’90s. They found, to no one’s surprise, that people who bought the same book were likely to share interests in other books.

Now the science is growing far more sophisticated. Three years ago, Netflix (NFLX), the movie rental powerhouse, dangled a $1 million prize before anyone who could plow through data from millions of anonymous users and improve Netflix predictions of what movies customers would like by 10%. Last month an international team of computer scientists reached that goal by introducing deeper analysis. The winning team factored loads of details into its algorithm. It attempts, for example, to compensate for the shifting sentiments of a movie watcher over time. If one reviewer pans a number of movies in a row, are they all really so terrible? The algorithm might allow for a stretch of the blues—and take those ratings with a mathematical grain of salt.

Read More

A number of advertising companies like Google and AOL have agreed to allow Internet surfers to opt out of targeted advertising from their companies by signing on with the Network Advertising Initiative.

And Congress has begun drafting new legislation to give consumers more control over the data that Internet companies collect from them for targeted advertising purposes.

But for Christopher Soghoian, a doctoral candidate at the Indiana University’s School of Informatics and a student fellow at Harvard’s Berkman Center for Internet and Society, these changes couldn’t come quickly enough.

So he took matters into his own hands last March and designed the Targeted Advertising Cookie Opt-Out, or TACO, an ad-on for Mozilla’s Firefox Web browser. TACO allows users to opt out of targeted advertising from some 84 different online ad networks, as compared with the NAI’s 34.

Read More

Chris Sogohian called out a problem and now takes credit for a fix to the way the Whitehouse.gov Web site delivered third-party cookies – specifically YouTube cookies.

The use of YouTube videos on the President’s site is a Web 2.0-ish improvement, which is welcome, but embedding videos meant that YouTube was placing cookies on the computers of visitors to Whitehouse.gov and – as a natural result – collecting records of people’s visits to that site.

Things got weird when the Whitehouse.gov privacy policy exempted YouTube cookies from the general ban on persistent cookies on federal Web sites.

Read More…

This is the first in a series of articles that will focus directly on technology instead of technology policy. With an average age of 57, most members of Congress were at least 30 when the IBM PC was introduced in 1981. So it is not suprising that lawmakers have difficulty with cutting-edge technology. The goal of this series is to provide a solid technical foundation for the policy debates that new technologies often trigger. No prior knowledge of the technologies involved is assumed, but no insult to the reader’s intelligence is intended.

This article focuses on cookies–not the cookies you eat, but the cookies associated with browsing the World Wide Web. There has been public concern over the privacy implications of cookies since they were first developed. But to understand them , you must know a bit of history.

According to Tim Berners Lee, the creator of the World Wide Web, “[g]etting people to put data on the Web often was a question of getting them to change perspective, from thinking of the user’s access to it not as interaction with, say, an online library system, but as navigation th[r]ough a set of virtual pages in some abstract space. In this concept, users could bookmark any place and return to it, and could make links into any place from another document. This would give a feeling of persistence, of an ongoing existence, to each page.”[1] The Web has changed quite a bit since the early 1990s.

Read More…