3PHealth Blog

Privacy: My Expectations vs.. My Reality

Monday, March 5th, 2012

 

I’m going to start this post with a famous quote from Wernher von Braun – you can recover from a production flaw but never from a design flaw.

Right now there’s lots of activity in the Privacy space (note that I say activity vs. outcome). There’s an initiative by regulators to reign in what they feel is invasive behavior by both content providers and carriers as it relates to your privacy, and there’s also an initiative by the W3 to introduce a “Do Not Track” preference in the browser.

All of these activities hinge around really defining what Privacy means to “Me”. As you can imagine everyone has an opinion on what it should be. For the purpose of this blog post lets keep it really simple – let’s go with the W3 initiative of a “binary solution”. If my browser sends a 1 then I don’t want to be tracked and if it sends a 0 then I consent to being tracked.

Ok, that’s really simple. And consequently my expectation is also very simple – if I send a 1 then I “expect” not to be tracked in any way shape or form. In fact I actually expect my browser to block any method a Web site may try to use to track me. For example – the second I set my Privacy preference to “Do Not Track” I expect all 3rd party cookies to be blocked. In fact you could also make the case that I don’t want any cookies on my device.

And herein lies the problem and the reason for Wernher’s quote. The Web was designed to track. Because I cannot ever know my real time device capabilities there had to be a mechanism by which a Web site could “remember” you. Welcome to cookies.

Here’s Wikipedias definition of cookies:

A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user’s browser and for the browser to return the state information to the origin site. The state information can be used for authentication, identification of a user session, user’s preferences, shopping cart contents, or anything else that can be accomplished through storing text data on the user’s computer.Cookies cannot be programmed, cannot carry viruses, and cannot install malware on the host computer. However, they can be used by spyware to track user’s browsing activities—a major privacy concern that prompted European and US law makers to take action. Cookie data can also be illicitly disclosed by hackers to gain access to a victim’s web account.

Remember HTTP is a stateless protocol – and the only way you can “CURRENTLY” add state is via a cookie. Cookies are required for just about everything these days. Imagine trying to buy something on the Web without the ability to use a cookie. It would be impossible.

So setting a binary preference for my privacy is very well intentioned, however the reality is going to be something that I wasn’t expecting. The very method that currently makes the Internet experience work is the one that is causing the problem. An incredible amount of money has been invested in keeping the status quo. In fact you can almost imagine that any Privacy initiative will fail simply because of the amount that must be invested by content providers to change the way they’ve been doing business.

 

Which leads me to the title of my next blog post – The Innovators Dilemma – Improving the Internet so I have a choice in how it recognizes me.

 

 

---

Privacy as a Competitive Differentiator

Thursday, March 1st, 2012

Time to take a step back from standards.  Let’s look at privacy from an entirely different angle – Privacy as a competitive weapon.

If your business could increase customer loyalty, improve employee compliance or attract new customers because you guarantee to respect their privacy by giving them a choice – would you?

It’s not just me that is thinking this way.  Listen to what Federal Trade Commission Chairman, John Liebowitz has to say on this topic in a recent C-Span Privacy Policy Interview (18:30 – 19:15), but the entire video is fascinating, if you have the time.

---

Privacy Must be a Choice. Managing Choice Must Be Simple.

Thursday, March 1st, 2012

The digital Privacy debate continues and the W3C are defining Do Not Track (DNT) standards right now. The goal is good, but I fear they are making things more complicated than they need to be. In an ideal world, users would have a choice over everything that gets shared and with whom it is shared. But alas, the world is not ideal and while choice can be 3P enhancing, I understand that everyone will progress through the 3Ps at their own pace.

The reality is that most people simply use default settings in every application – including their browsers (see this great little study by UIE). The other reality is people want their privacy to be respected. Most are willing to share relevant information to delivering a great experience – if you ask their permission. So if you are not going to give them full choice, give them a simple choice: Track or Do Not Track.

This is the worldwide Web. The standard affects everyone around the world. Not everyone has the same norms or laws. So while, I’m all for respecting the privacy laws of each country, don’t build the standards so that in order to comply with them, every website is obligated to collect location data with each request. A simple default to Do Not Track when it is unclear as to the user’s consent level is sufficient. I have not met a U.S. citizen, yet, who subscribes to the belief that the Web standard default should be Track Me. Simply because U.S. laws don’t address this specific issue like EU country laws, doesn’t mean it’s a U.S. cultural norm.

Now, lets forget “Joe Average Citizen” for the moment. Can you imagine the performance hit to the Web if every time a page is visited it must query the user’s location? What if GPS is not available and cell-tower or Wi-Fi location cannot be resolved? What about the cost of compliance? Most companies and websites are simply not that sophisticated. Will there be exemptions for B2B sites? My company doesn’t share any data – do I still have to comply?  Does regional privacy compliance create an even greater privacy threat than the issues surrounding behavioral targeting – the primary reason the DNT standard is being put into effect?

Keep it simple. More DNT exceptions equates to more complexity and more unintended consequences. The more complexity, the greater the implementation burden and cost to businesses.

Privacy is not binary… but if full choice is not supported, then a simple binary choice is far better than a good idea gone astray. Too many programmatic exceptions to the DNT standard will undermine the original intent of the initiative and we’ll have to keep writing these blogs.  Personalization and fast performance are much more fun!  😉

---

Privacy: It can be Global, Local & now Regional

Wednesday, February 29th, 2012

 

In yesterdays post Privacy: Do Not Track is Global – But can it ever be Local? I talked about Mozilla proposed new “Three state setting for “Do Not Track”

The current standard is either Allow Tracking or Do Not Track (binary). However this doesn’t satisfy all the use cases on the Web, nor fit well with laws in Europe. (The three-state setting for Do Not Track will consist of “no preference,” “do not track,” and “allow tracking.”).

I pointed out that this approach has a few potential pitfalls. So I offered some ideas that I think will work. So that you can see how this would work in the real world we added the changes to our Choice™ browser. Here’s a screen shot of what things look like using a “two state approach” but allowing for 3 states, in this case supporting regional privacy.

What the blue arrow is pointing to:

• Choice™ Verified – means that the server sends us a message that it’s honoring “Tracking Allowed”
• Tracking Allowed – means that we’ve set “Do Not Track” to off (we’re ok with you tracking us)
• Using Regional Privacy – means that the server is observing regional (e.g. US vs. EU) privacy laws

We’ve also adopted a “traffic light” metaphor – Green is good, Red is a warning. The user has the ability to disable these warnings via a checkbox.

So there you have it… a two state approach to the Do Not Track standard that allows for regional privacy laws to be observed.

 

 

 

---

Privacy: Do Not Track is Global – But can it ever be Local?

Tuesday, February 28th, 2012

 

 

Yes… (read on)

Today Mozilla proposed a new “Three state setting for “Do Not Track” The current standard is either Allow Tracking or Do Nott Track (binary). However this doesn’t satisfy all the use cases on the Web nor fit well with laws in Europe. (The three-state setting for Do Not Track will consist of “no preference,” “do not track,” and “allow tracking.”)

Here’s the idea around the three states…

• In the US
  • DNT = 1 – Do Not Track
  • DNT = 0 – Allow Tracking
  • DNT = “” – Null. This means users did not make a choice, keep tracking
• In the EU
  • DNT = 1 – Do Not Track
  • DNT = 0 – Allow Tracking
  • DNT = “” – Null. Users have NOT consented, Do Not Track

Ok so lets dig in and see what the issues are.

In the US and the EU we’re in perfect alignment when the DNT header is set to 1 or 0. The complication (the third state) appears in the case of the “Null” condition. It means different things in different countries i.e. it’s regional. So what happens if I set my browser to “No Preference”. Well I have insufficient data to resolve the condition. What I need to know in real time, is the current location of the user so I can determine the best solution. In other words if someone sets the browser to “No Preference” then every time they connect to the Web they have to be constantly sharing their location.

In theory this is not a big deal. Simply access the GPS, Cell Tower or Wi-Fi and resolve the location. In practice it’s a huge deal. Think about the amount of extra code, extra transmissions and extra battery energy (in the case of Mobile) required to send all this data to the Web server so that it can adhere to the correct regional privacy laws. And because the majority of transactions on the Web use standard HTTP vs. HTTPS (encrypted) there’s no way to encrypt all my location data.

So is there a solution to the “Do Not Track is Global – But can it ever be Local” problem.

Yes. Here’s a thought. Lets go with the following scenario:

• In the US
  • DNT = 1 – Do Not Track
  • DNT = 0 – Allow Tracking
    • In this case send my real time location encrypted as part of the Web request
• In the EU
  • DNT = 1 – Do Not Track
  • DNT = 0 – Allow Tracking
    • In this case send my real time location encrypted as part of the Web request

That works. The default in the browser should be “Do Not Track”. In the case that the user “chooses” to allow tracking then a dialog box pops up and indicates that his location will ONLY be used to determine his/her location to comply with local privacy laws. All data will be sent encrypted.

The beauty of this approach is that the Web server doesn’t have to ask the browser for the location of the user. It gets it as part of the request. It reads DNT = 0 and looks for the location data. It uses this to only resolve the regional privacy laws and then discards the information. If the user comes back to the site it includes the update location information. In the case that the user has selected DNT = 0 and no location data is shared then the default reverts back to a setting of DNT = 1 or Do Not Track me.

Summary…

Do Not Track can be a Global and Local standard – Only two conditions are required, and my privacy is assured without the need for computationally expensive (and battery consuming) HTTPS communications.

Be sure to read my next blog which shows this solution working

 

---

Search

Email Subscription

Email Subscription

Subscribe

Categories

Categories Select Category #Choice  (49) #mobile  (87) #privacy  (30) #webperf  (62) #wpo  (28) APM  (2) BYOD  (6) Care Delivery  (7) Choice  (25) connected health  (4) Context  (30) digital health  (13) e-health  (7) Enterprise Mobility  (9) EUE  (4) Health IT  (5) healthcare delivery  (8) Hospitals  (3) Identity  (7) Patient Engagment  (12) Performance  (42) Personalization  (23) Privacy  (81) Quality of Experience  (16) Telemedicine  (2) Uncategorized  (30) User Experience  (26) Virtual Care  (3) WCO  (2) Web Standards  (1) What: Device Information  (9) Where: Location Information  (9) Who: User Information  (7)