Speaking of privacy

I went to the FTC’s second privacy workshop yesterday in Berkeley, and found it a generally interesting and worthwhile event, although it did exhibit some of the familiar patterns. Privacy, like net neutrality, isn’t as much a coherent issue as a grab-bag of grievances about a number of loosely connected concerns. Privacy is even more diverse and more incoherent than NN, which is after all driven by the desire to preserve traditional features of the Internet. Privacy seeks to change Internet tradition, which has never had any meaningful privacy but has simply created a sufficiently strong illusion of anonymity to make some people think there’s privacy on the net.

So what you have in privacy is two major issues of totally different character: (1) the capture of fleeting personal information by various services; and (2) the building of databases of personal activity and the subsequent analysis, use, and sale of the information they contain. These issues have to be resolved against the background of the Internet’s defective security architecture and tradition of people using handles instead of real names. When people feel anonymous, they misbehave, which is why there’s no much theft and generally churlish behavior on the net.

Congress is looking into these issues as well, and toward that end has held several hearings. I’m attaching testimony I delivered at one of these last Spring for your enjoyment. It holds up pretty well.

Second Hearing in Internet Privacy tomorrow

From House Energy and Commerce:

Energy and Commerce Subcommittee Hearing on “Behavioral Advertising: Industry Practices and Consumers’ Expectations”

Energy and Commerce Subcommittee Hearing on “Behavioral Advertising: Industry Practices and Consumers’ Expectations”
June 16, 2009

The Subcommittee on Communications, Technology and the Internet and the Subcommittee on Commerce, Trade, and Consumer Protection will hold a joint hearing titled, “Behavioral Advertising: Industry Practices and Consumers’ Expectations” on Thursday, June 18, 2009, in 2123 Rayburn House Office Building. The hearing will examine the potential privacy implications of behavioral advertising.


* Jeffrey Chester, Executive Director, Center for Digital Democracy
* Scott Cleland, President, Precursor LLC
* Charles D. Curran, Executive Director, Network Advertising Initiative
* Christopher M. Kelly, Chief Privacy Officer, Facebook
* Edward W. Felten, Professor of Computer Science and Public Affairs, Princeton University
* Anne Toth, Vice President of Policy, Head of Privacy, Yahoo! Inc.
* Nicole Wong, Deputy General Counsel, Google Inc.

WHEN: 10:00 a.m. on Thursday, June 18

WHERE: 2123 Rayburn House Office Building

This is the second in a series of hearings on the subject of behavioral advertising. I’ll predict that the Democrats will praise Google, the Republicans will criticize them, and nobody will pay much notice to Yahoo.

I only know four of the six personally, I need to get out more.

The Privacy Hearing

Here’s some news on Boucher’s privacy campaign:

It’s not clear how broad a law Boucher has in mind, though it’s likely to be some codification of generally accepted data-privacy practices. Those include telling people when you collect data and why, letting them choose to join in or not, using the data only for the reason you collected it, letting people see and correct the information and destroying it when its not longer needed.

But engineer Richard Bennett argued that DPI and network management techniques were getting a bad name and are simply the logical extension of the tools used in the early days of the internet.

Hoping to convince the subcommittee not to write legislation, AT&T’s chief privacy officer Dorothy Atwood said that the committee’s previous hearings and investigations have led to “robust self-regulation,” code-words for “no laws needed.” There’s some truth in that statement, since last summer, the subcommittee single-handedly ended ISPs dreams of letting outside companies spy on their subscribers in exchange for a little more revenue.

If the privacy is the problem, it needs to be the focus of the bill, not one of many techniques that may be used to compromise it, of course.

What I Did This Morning

While California was sleeping, I enjoyed a bit of broadband politics in the heart of the beast, testifying at the House Subcommittee on Communications, Technology, and the Internet on Communications Networks and Consumer Privacy: Recent Developments

The Subcommittee on Communications, Technology, and the Internet held a hearing titled, “Communications Networks and Consumer Privacy: Recent Developments” on Thursday, April 23, 2009, in 2322 Rayburn House Office Building. The hearing focused on technologies that network operators utilize to monitor consumer usage and how those technologies intersect with consumer privacy. The hearing explored three ways to monitor consumer usage on broadband and wireless networks: deep packet inspection (DPI); new uses for digital set-top boxes; and wireless Global Positioning System (GPS) tracking.

Witness List

* Ben Scott, Policy Director, Free Press
* Leslie Harris, President and CEO, Center for Democracy and Technology
* Kyle McSlarrow, President and CEO, National Cable and Telecommunications Association
* Dorothy Attwood, Chief Privacy Officer and Senior Vice President, Public Policy, AT&T Services, Inc.
* Brian R. Knapp, Chief Operating Officer, Loopt, Inc.
* Marc Rotenberg, Executive Director, The Electronic Privacy Information Center
* Richard Bennett, Publisher, BroadbandPolitics.com

It went pretty well, all in all; it’s really good to be last on a panel, and the Reps aren’t as snarky as California legislators. I’ll have more on this later.

, ,

What’s good for Google is good for the Internet

Anna Eshoo used to be my Congressional representative, so I paid particular attention to her remarks in the recent Markey Committee hearing on Internet privacy. Frankly, she’s an embarrassment. She started her remarks by jumping all over Scott Cleland for being a shill of the broadband industry, which would be funny if it weren’t so pathetic. Scott started his remarks by disclosing who pays him, and I didn’t hear any disclosure from Rep. Eshoo about who’s paying her (see: Open Secrets for details of Google employee contributions to Eshoo and for Google PAC bucks. This Congresswoman has raised $3 million from PACs.)

She carried Google’s water, essentially saying: “Google is entitled to rape and pillage personal information for their own purposes, but nobody else better mess with it in the slightest way.” You can see the video of the hearing here, warts and all. Eshoo, like her colleague Zoe Lofgren (D, Google) has a place in these hearings, but it’s at the table with all the other lobbyists, not on the dias.

Aside from Eshoo, it wasn’t a totally bad hearing. Markey likes to simplify issues to the point that they’re all so black-and-white that you can’t see why they warrant discussion, but the witnesses were (with one exception) pretty clear on the fact that DPI is simply a technology, and as such has no moral significance. What matters, obviously, is how it’s used.

After all the hand-wringing, it should be clear that DPI isn’t a privacy issue in its own right because it’s simply a tool for harvesting information out of network packets. The privacy issues are solely in the realm of the information itself: who provides it and under what terms, who processes it, and who retains it. And these same issues have to be addressed for all personal information, on the Internet or off it, in the packets or on the web site.

But the pattern here is something that’s all too common in Congress: this technology has a scary name, so it must be bad. The focus on the technology with the scary name then takes up the time that should be spent on the important issue, privacy.

But privacy isn’t black-and-white, so we better not talk about it; it might be bad for Google.

Technorati Tags: