Chris Jay Hoofnagle will be giving the keynote address Networks, Regulation and Privacy: Understanding Where We are Today at the US Network Forum in San Francisco on June 17.
We asked him a few questions in advance of his presentation about privacy issues facing the industry today.
Q: Can you please give us a bit of information on background and your work with the Berkeley Center for Law and Technology?
CJH: My position is focuses upon teaching, research, and outreach in the information privacy law space. I coordinate an academic workshop for researchers in privacy, write articles principally in the area of identity theft research, and generally attempt to connect academic work in the privacy field with practitioners. Prior to coming to Berkeley, I was a fellow with Stanford’s Center for Internet and Society, and before that, a privacy advocate with the Electronic Privacy Information Center.
Q: Facebook has released simplified privacy settings in response to the negative user feedback and profile deletions. Do you think the recent developments regarding sites like Facebook have created a heightened sense of awareness for consumers of this type of data collection? Are they more aware of and concerned about their personal information being collected and used by these sites?
CJH: We are observing an entirely new problem in the privacy field that I call “blowforward.” Entities that behave transgressively usually experience blowback: they lose market share or some power they once had. But platforms such as Facebook are so compelling that users will not defect, even as the companies shift the default settings.
It’s now a pattern: change a setting, apologize, but then require users to take action to restore the status quo. The result is that Facebook achieved its core goal of opening users’ profiles more broadly to advertisers while weathering the criticism. It is this type of tactic that has led me to call companies like Facebook, “The Machiavellis of Privacy.”
Q: What is your take on the draft legislation being proposed by Rick Boucher and Cliff Stearns regarding behavioral advertising practices?
CJH: The discussion draft is very 1999. Whenever I read it I hear Kid Rock.
For the past ten years, we learned how notice and choice does not work, and now we have a bill to cement an approach that will reify a broken system.
Q: Do you think that self-regulation is achievable by the online advertising industry?
CJH: Yes, but it’s really difficult to craft an effective system. We’re past the point where aspirational statements will do. However, standards and seals suffer from weaknesses–they tend to be underinclusive (for instance, NAI allows tracking even if one opts out) and they tend to wither once the formal regulatory spotlight moves on to other issues (NAI had only 2 members shortly after it formed). The challenge is to create a system with adequate incentives to cause regular review and update in light of new technologies and risks, to clearly delineate between compliant and non-compliant actors, and to discipline its own members.
Q: What are your thoughts on opt-in by the consumer?
CJH: It’s a trap! Seriously. Companies will find ways to get consumers to consent, and once “consent” is gained, companies will have greater license to use information than under an opt out system.
I favor a different approach entirely. Consumers think they already have strong privacy rights, they do not bother to read privacy policies or to opt out. We need to find a reasonable compromise that protects consumers without requiring them to take action. One potential solution is a limit on how long clickstream data can be kept. Deleting it after a short time, say three months, would allow advertisers to compete on targeting while creating a default pro-privacy rule.
Register for the US Network Forum today: https://www.admonsters.com/event/nf-us-2