3PHealth Blog

Do Not Track

Friday, November 16th, 2012

Consumer Reports Says Do Not Track, But Tracks Anyway

Here’s the punch line…

So, while the latest versions of IE, Firefox, Google Chrome, and Apple Safari do allow users to enable DNT, standards for whether or how online trackers should acknowledge those browser signals have yet to be agreed upon by government, advertisers, privacy advocates or the browser makers.

---

The New G-Men (or Should I Say G-Women) of Privacy

Friday, November 9th, 2012

Digital Privacy is a big deal and with the US elections behind us, we can get on with the business at hand – finalizing standards and regulation (or the enforcement thereof) that protect our basic rights to know who is collecting and using our data, how it’s being used AND having greater choice over who and how it is collected.

While it’s easy to bash our respective governments, I’d like to call out three government agencies, and the women that lead them, that truly seem to have their citizens’ best interests at heart and are a good use of our taxpayer dollars:  The US Federal Trade Commission (FTC), the European Commission (EU) and the Information Privacy Commissioner, Ontario Canada.  All have been active proponents of increasing transparency, accountability and consumer choice relative to digital data sharing and usage and are encouraging privacy by design principles.

First off, FTC Commissioner Julie Brill has been extremely proactive in the Privacy effort – long before the Obama Privacy Bill of Rights saw the light of day.  Commissioner Brill has not only been driving things back in Washington, D.C., but she has been on the road engaging with businesses, developers, academicians and attorneys to reinforce the importance and urgency of resolving privacy-related issues and encouraging those of us in the web and mobile spaces to design our products based on privacy best practices, not simply some obscure privacy policy hidden away on a site or an about or settings screen.  Key to this is putting privacy choice front and center in any user interface.  I feel fortunate enough to have heard Commissioner Brill speak on two occasions and get her personal opinion on the Do Not Track (DNT) initiative at a recent App Developers Privacy Conference sponsored by the University of Colorado at Boulder.  She is smart and thoughtful and her staff is responsive to enquiries.

While I have not personally met EU Commission Vice President, Neelie Kroes, her statements on privacy are thoughtful and to the point.  She is doing her job, which is to protect the privacy of EU citizens and ensure recent privacy laws are enforced.  This does not mean killing business, but it does mean that businesses are not “more equal” than citizens, just because they have more people or money and speak louder.  As with the FTC, the EU Commission team is open and responsive to enquiries and connecting interested parties whose businesses and lives are affected by the recent privacy regulations.

Lastly, Ontario Information Privacy Commissioner Ann Cavoukian, PhD, and her staff have been equally active in promoting the Privacy by Design concept throughout North American and Europe.  They actively reach out to organizations interested in setting new standards in privacy-centric web and app development and have a wonderful Privacy Ambassadors program for individuals and organizations who proactively promote the need for privacy within their field and utilize privacy by design principals within their organization’s development efforts. (I’m pleased to say my partner, Peter Cranstone has been named a Privacy Ambassador).

Based upon my personal experience, these three agencies, their leaders and their staff actually do something to serve their citizens and protect those rights deemed important by the different countries they represent.  Thank you!

---

Google joins the Do Not Track Party

Tuesday, November 6th, 2012

Just downloaded the latest version of Chrome and it’s official – Do Not Track is now a Privacy setting. Although you might want to read the disclaimer that shows up when you check the box.

---

The DNT Rope-a-Dope

Thursday, November 1st, 2012

Even us folks that don’t follow boxing know the infamous rope-a-dope.  Show them one thing and then deliver another.  The classic, you never saw it coming.  So what does this have to do with Do Not Track?

In theory, the DNT effort of the W3C is about defining the technical standards to support the ability of a user to request that a website not share their information with any other party.  It is in response to consumer, government and privacy advocate’s requests (and EU regulations) to give consumers a deliberate choice in determining how their personal information is used and shared.

Unfortunately, things are not going well, as summarized in this PCWorld article about IE10 Privacy Settings.  But are we really looking at the right things or is all this finger pointing simply a distraction from the real issues?

1. DNT has no clear definition.  Do Not Track is really Do Not Share, so the name of the standard is misleading.
2. DNT has a misleading objective.  There is nothing in the standard that prohibits a website from collecting data about its visitors and using that data to deliver personalized content or advertising.
3. DNT has no teeth.  It is voluntary, so even if a user sets a preference in their browser, the US websites and services are not obligated to honor it.
4. DNT offers minimal consumer recourse.  The FTC only gets involved if a site or service is not fulfilling it’s commitment to the user.
5. DNT lacks transparency.  While this is a public forum, most people wouldn’t know where to look for information.  The standard is being used to define the policy, rather than reflect the policy, which means non-obvious exceptions can be built-in.

So whether or not Microsoft has DNT turned on or off by default, or Apple hides it’s selection within the greater “Private Browsing” settings of iOS, so the user is unaware of what they have or haven’t selected, what does it matter?  The standard is a long way away from approval.

So all this hullabaloo about IE10 is a distraction.   DNT has no clear definition and is self-regulated with the biggest wallet at the standards development table being the same organizations who profit the most from tracking.  So while companies point fingers at Microsoft for “not adhering to” a yet to be approved standard, regardless of it’s original intent, DNT is starting to look and feel like the rope-a-dope, with a knock-out blow to privacy.

 

---

A Fool in search of Privacy

Wednesday, October 31st, 2012

As I watch with great interest in what can only be called the ‘Shenanigans’, taking place at the W3C Tracking Protection Working Group, my mind is drawn to Wikipedia’s description of the Fool (link)

In various tarot card games he has a unique role – (and I quote)…

• ‘In these games, the Fool is sometimes called “the Excuse”. The tarot games are typically trick taking games; playing the Fool card excuses the player from either following suit or playing a trump card on that trick. Winning a trick containing the Fool card often yields a scoring bonus.’

You don’t have to think too hard about whose playing the Fool card. That would be the advertising industry. On a day when California just passed this bill “California AG: Post Privacy Policy….Or Else!” (link) (in short there are heavy fines for abusing privacy) I can send a VALID DNT (Do Not Track) signal to a Web server (there are over 100 million browsers in the marketplace that can do this) and without everyone being absolutely, totally, 100 percent sure this was a ‘fully informed decision on the part of the user’… the Web server can disregard it.

And the best part (the Fool Card) is that the server doesn’t have to notify the user that they have just ignored their Do Not Track signal. Obviously the credibility of the W3C Tracking Protection Working Group is now reaching an all time low.

Throw in the other recent press release by Yahoo that they do NOT intend to honor a Do Not Track signal from ANY Windows 8 device and you’re left shaking your head as to what these Ph.D’s are thinking (or should I say smoking). Cue the sound track from John McEnroe – ‘You Cannot Be Serious’.

Through their own cleverness the Do Not Track signal that a browser sends has no way of communicating with the server that it was an informed decision on the behalf of the user. So what’s the server to do? Well – they can ignore it because how can they tell if the user was really informed?

Brilliant – the Fool is vindicated and the advertising industry marches on. Mission accomplished. The card now passes to the user and they now become the Fool in search of Privacy. Alas there is no such thing.

Well done to the W3C for architecting something so incredibly flawed that not even a Fool is protected.

---

Search

Email Subscription

Email Subscription

Subscribe

Categories

Categories Select Category #Choice  (49) #mobile  (87) #privacy  (30) #webperf  (62) #wpo  (28) APM  (2) BYOD  (6) Care Delivery  (7) Choice  (25) connected health  (4) Context  (30) digital health  (13) e-health  (7) Enterprise Mobility  (9) EUE  (4) Health IT  (5) healthcare delivery  (8) Hospitals  (3) Identity  (7) Patient Engagment  (12) Performance  (42) Personalization  (23) Privacy  (81) Quality of Experience  (16) Telemedicine  (2) Uncategorized  (30) User Experience  (26) Virtual Care  (3) WCO  (2) Web Standards  (1) What: Device Information  (9) Where: Location Information  (9) Who: User Information  (7)