Web companies race to look privacy-friendly
By SOMINI SENGUPTA
The New York Times | March 04,2013
SAN FRANCISCO — Privacy is no longer just a regulatory headache. Increasingly, Internet companies are egging each other on to prove to consumers that their data is safe and in their control.
In some instances, established companies are trying to gain market advantage by casting themselves as more privacy-friendly than their rivals. For example, Mozilla, an underdog in the browser market, suggested last week that it would allow its users to disable third-party tracking software altogether.
At the same time, Web platform companies are setting limits on other companies with which they do business. Last year, for instance, Apple began requiring applications in its operating system to get permission from users before tracking their location or peering into calendars and contacts stored on an iPhone. Also, a host of companies big and small are offering a variety of privacy tools, ranging from ways to encode Facebook posts to ways to secure personal data stored in the cloud.
During a panel at the RSA Conference, a security-focused industry gathering here last week, Brendon Lynch, chief privacy officer at Microsoft, declared that companies like his had come to appreciate the “market forces at play with privacy.”
“It’s not just privacy advocates and regulators pushing,” Lynch said. “Increasingly, people are concerned more about privacy as technology intersects their life.”
That statement might sound somewhat rich to those who recall Microsoft’s troubles 10 years ago with European regulators. At that time, it was compelled to make substantial changes to how its online login system, .Net Passport, stored addresses, ages and other personal details.
Nonetheless, earlier this year, the Redmond, Wash.-based company signaled its sensitivity to user privacy by turning on, by default, an anti-tracking signal in its latest Internet Explorer browser. Microsoft also took aim at its rival Google with a marketing campaign declaring that consumers were being “scroogled” with targeted advertisements based on their emails and search histories.
Lynch’s counterpart at Google, Keith Enright, called that marketing campaign “intellectually dishonest.” At the RSA Conference, Enright said Google took pains to secure consumer information and simplify privacy settings.
Joel R. Reidenberg, a professor at Fordham Law School, said Microsoft had made a 180-degree turn in emphasizing consumer data protection. “You’re seeing more companies trying to do that — develop privacy protecting services,” said Reidenberg, whose Center on Law and Information Policy at Fordham has received donations from both Microsoft and Google. “Platforms recognize they have to deal with privacy. They’re looking at how they can be competitive.”
To some degree, these developments are a sign that the industry is working hard to stave off government regulation, which is moving at a glacial pace anyway. There seems to be no movement on broad privacy legislation on Capitol Hill, and no consensus has been reached on standards for “Do Not Track,” a browser setting that would let Internet users indicate that they did not want their activity tracked by marketers.
Advertisers have said openly that they will not stop tracking just because a consumer sends a Do Not Track signal through his or her browser. Facebook has said it needs more clarity on whether a Do Not Track signal applies, for instance, to social plug-ins like the Facebook “like” button, which is integrated into millions of websites.
Still, companies are refining the controls users have over their data, on mobile devices as well as on desktop computers.
In addition to requiring applications to seek user permission before tracking location, Apple has included in its latest mobile operating system a way for users to disable or reset a series of digits that identify a particular device for tracking purposes. The Advertising Identifier, as it is called, replaces what was an immutable unique device identifier and allows app developers to monitor user behavior, but it also gives consumers the option of turning it off.
In 2011, Google sought to distinguish its social networking tool, Google(PLUS), as privacy-sensitive. It introduced the idea of “circles” as a way to limit sharing certain things with certain people.
To be sure, market rivalry does not mean that companies are not worried about regulatory scrutiny of their use of personal data. Facebook agreed to 20 years of audits by the Federal Trade Commission after the agency found that the company had deceived consumers by making public data that they had intended to be private. In a measure of change, Facebook began nudging its users to review their privacy settings before they could start using the new search tool the company introduced this year.
“What does privacy mean?” Facebook’s chief privacy officer, Erin Egan, asked at the RSA Conference. “It’s understanding what happens to your data and having the ability to control it.”
That very imperative seems to be buoying a cottage industry of privacy startups. A Boston-based company, Abine, is testing what is effectively the opposite of a Facebook single sign-in for the Web. Instead of exposing your Facebook login credentials to dozens of websites, the company offers a proxy email address or phone number for every transaction. You sign in with the email address and a password you remember; Abine creates one address for an e-commerce site you visit, another for a news site, another for a dating site.
Abine offers the basic service for free and plans to charge a monthly fee for more advanced features.
Whether Internet users are ready to pay to protect their personal data is unclear, though surveys have repeatedly pointed to consumer anxiety.