October 3, 2024

Advertising: The Push for Online Privacy

On Friday, the Digital Advertising Alliance, a group of digital advertising trade organizations, will unveil its first ad campaign ever explaining what the icon is and how it helps users control ads they see online. The campaign, one of the largest domestic consumer privacy campaigns to date, comes as advertisers, technology companies and privacy advocates await a final report from the Federal Trade Commission on online privacy.

“We’re on record as publicly committing to the Federal Trade Commission, to members of Congress and to consumers that education is a key component to a lot of the uses of data” online, said Stu Ingis, general counsel for the alliance.

In addition to the commission’s final report, the White House is expected to prepare its own report on digital privacy. Last year, legislators introduced a number of bills in Congress that called for tighter regulation of mobile and digital privacy, as well as more control over children’s online privacy.

•

The alliance supports self-regulation of the digital advertising industry. The AdChoices icon-based system, which was introduced in October 2010, allows users who click on the turquoise triangle to opt out of having their behavior tracked online.

The alliance’s Web site receives about 100,000 visits a week, with 90 percent of that traffic coming from users clicking the icon. An average of 15 to 25 percent of the users who visit the site opt out of behavioral advertising each week.

MRM Salt Lake City, part of the McCann World Group, worked free of charge for the alliance to create the campaign, which features digital banner ads, videos and a campaign Web site. One of the videos introduces viewers to the phrase “interest-based advertising,” describing the concept as “Ads intended for you. Based on what you do online.” The video also notes the “promos, offers, coupons, brands and products” that are capable of finding users online.

What it fails to mention, however, is that users can opt out of being the target of personalized ads. A second video tackles that challenge by introducing the AdChoices icon as a stick figure and “an up and coming little star popping up everywhere on the Internet.”

That video goes on to explain that by clicking on the icon users can control and learn more about the information advertisers collect about them. Far from encouraging users to opt out, the ads emphasize how information that advertisers gather actually can improve the quality of the ads users see online.

“Wouldn’t you rather see ads, offers and discounts for that brand?” the narrator asks. “We thought so.”

Digital banner ads feature the headline “Will the right ads find you?” with one version showing a person dressed as a bookstore ad sitting next to a person reading a book.

In 2009, the Interactive Advertising Bureau introduced a similar ad campaign called Privacy Matters that had a decidedly different tone. “Advertising is Creepy” said one ad, which used words like “personally identifiable” information and “data privacy.” The alliance’s campaign takes a new approach. “We wanted this to be positive messaging,” Mr. Ingis said. “It demystifies that there’s nothing bad going on there.”

Lori Feld, the general manager of MRM, said the campaign was meant to emphasize “the positive side” of digital advertising.

“When you’re online it can be a fairly random environment,” Ms. Feld said, referring to users who get ads for dating sites when they are married or mortgage ads when they don’t own a home. “In that scenario we know that everybody loses.”

While the alliance is undertaking the campaign in an attempt to educate consumers, some critics say the banner ads and videos are meant more to fend off possible legislation.

“I don’t think these ad campaigns help Internet users protect their privacy online,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center. “I think they’re made to justify certain business practices.”

Mr. Ingis said he expected that the consumer education would “provide further support for the fact that the self-regulatory framework is making great progress.” And advertisers have been duly warned about the consequences of bad privacy practices.

Nancy Hill, chief executive of the American Association of Advertising Agencies, urged advertisers attending the association’s annual conference last March to participate in the discussion about privacy “because without self-regulation, our creativity will be increasingly threatened.”

In an interview on Wednesday, Ms. Hill said that most consumers “really do understand the quid pro quo” of giving up some behavioral data in exchange for ads that are relevant to their interests.

•

Digital ad companies are not alone in feeling pressure to explain their data collection practices. In December, Facebook began a campaign to educate its 800 million users on how it uses advertising to offset the costs of running the company. The message, delivered by a Facebook employee in an online video, was that the ads on the social networking site were meant to be useful and not disruptive.

This week, Google jumped on the consumer education bandwagon with its Good to Know campaign. In a blog post and related print ads, the company explains to users why it stores information like the Web sites they have visited or their Internet addresses.

But consumer awareness campaigns and federal reports may not be enough to stop the debate over privacy control. “The technologies are evolving so quickly, I don’t think the education campaign ends the dialogue,” Mr. Ingis said.

Article source: http://feeds.nytimes.com/click.phdo?i=05bb10f34a5faf5c6884731249908dd9

Slipstream: Online ID Verification Plan Carries Risks

Consumers who still pay bills via snail mail. Hospitals leery of making treatment records available online to their patients. Some state motor vehicle registries that require car owners to appear in person — or to mail back license plates — in order to transfer vehicle ownership.

But the White House is out to fight cyberphobia with an initiative intended to bolster confidence in e-commerce.

The plan, called the National Strategy for Trusted Identities in Cyberspace and introduced earlier this year, encourages the private-sector development and public adoption of online user authentication systems. Think of it as a driver’s license for the Internet. The idea is that if people have a simple, easy way to prove who they are online with more than a flimsy password, they’ll naturally do more business on the Web. And companies and government agencies, like Social Security or the I.R.S., could offer those consumers faster, more secure online services without having to come up with their own individual vetting systems.

“What if states had a better way to authenticate your identity online, so that you didn’t have to make a trip to the D.M.V.?” says Jeremy Grant, the senior executive adviser for identity management at the National Institute of Standards and Technology, the agency overseeing the initiative.

But authentication proponents and privacy advocates disagree about whether Internet IDs would actually heighten consumer protection — or end up increasing consumer exposure to online surveillance and identity theft.

If the plan works, consumers who opt in might soon be able to choose among trusted third parties — such as banks, technology companies or cellphone service providers — that could verify certain personal information about them and issue them secure credentials to use in online transactions.

Industry experts expect that each authentication technology would rely on at least two different ID confirmation methods. Those might include embedding an encryption chip in people’s phones, issuing smart cards or using one-time passwords or biometric identifiers like fingerprints to confirm substantial transactions. Banks already use two-factor authentication, confirming people’s identities when they open accounts and then issuing depositors with A.T.M. cards, says Kaliya Hamlin, an online identity expert known by the name of her Web site, Identity Woman.

The system would allow Internet users to use the same secure credential on many Web sites, says Mr. Grant, and it might increase privacy. In practical terms, for example, people could have their identity authenticator automatically confirm that they are old enough to sign up for Pandora on their own, without having to share their year of birth with the music site.

The Open Identity Exchange, a group of companies including ATT, Google, Paypal, Symantec and Verizon, is helping to develop certification standards for online identity authentication; it believes that industry can address privacy issues through self-regulation. The government has pledged to be an early adopter of the cyber IDs.

But privacy advocates say that in the absence of stringent safeguards, widespread identity verification online could actually make consumers more vulnerable. If people start entrusting their most sensitive information to a few third-party verifiers and use the ID credentials for a variety of transactions, these advocates say, authentication companies would become honey pots for hackers.

“Look at it this way: You can have one key that opens every lock for everything you might need online in your daily life,” says Lillie Coney, the associate director of the Electronic Privacy Information Center in Washington. “Or, would you rather have a key ring that would allow you to open some things but not others?”

Even leading industry experts foresee challenges in instituting across-the-board privacy protections for consumers and companies.

For example, people may not want the banks they might use as their authenticators to know which government sites they visit, says Kim Cameron, whose title is distinguished engineer at Microsoft, a leading player in identity technology. Banks, meanwhile, may not want their rivals to have access to data profiles about their clients. But both situations could arise if identity authenticators assigned each user with an individual name, number, e-mail address or code, allowing companies to follow people around the Web and amass detailed profiles on their transactions.

“The whole thing is fraught with the potential for doing things wrong,” Mr. Cameron says.

But next-generation software could solve part of the problem by allowing authentication systems to verify certain claims about a person, like age or citizenship, without needing to know their identities. Microsoft bought one brand of user-blind software, called U-Prove, in 2008 and has made it available as an open-source platform for developers.

Google, meanwhile, already has a free system, called the “Google Identity Toolkit,” for Web site operators who want to shift users from passwords to third-party authentication. It’s the kind of platform that makes Google poised to become a major player in identity authentication.

But privacy advocates like Lee Tien, a senior staff lawyer at the Electronic Frontier Foundation, a digital rights group, say the government would need new privacy laws or regulations to prohibit identity verifiers from selling user data or sharing it with law enforcement officials without a warrant. And what would happen if, say, people lost devices containing their ID chips or smart cards?

“It took us decades to realize that we shouldn’t carry our Social Security cards around in our wallets,” says Aaron Titus, the chief privacy officer at Identity Finder, a company that helps users locate and quarantine personal information on their computers.

Carrying around cyber IDs seems even riskier than Social Security cards, Mr. Titus says, because they could let people complete even bigger transactions, like buying a house online. “What happens when you leave your phone at a bar?” he asks. “Could someone take it and use it to commit a form of hyper identity theft?”

For the government’s part, Mr. Grant acknowledges that no system is invulnerable. But better online identity authentication would certainly improve the current situation — in which many people use the same one or two passwords for a dozen or more of their e-mail, e-tail, online banking and social network accounts, he says.

Mr. Grant likens that kind of weak security to flimsy locks on bathroom doors.

“If we can get everyone to use a strong deadbolt instead of a flimsy bathroom door lock,” he says, “you significantly improve the kind of security we have.”

But not if the keys can be compromised.

Article source: http://www.nytimes.com/2011/09/18/business/online-id-verification-plan-carries-risks.html?partner=rss&emc=rss