Privacy groups seek Internet 'Do Not Track' list

Washington Post
WASHINGTON – Privacy, consumer and technology groups Wednesday proposed the creation of a "Do Not Track" list similar to the "Do Not Call" phone list so people can prevent companies from tracking which Web sites they visit.
This proposal comes as Internet giants are looking to step up the tracking of users' online behavior to tailor ads to their interests. Nine groups, including the Center for Democracy and Technology, the Consumer Federation of America and the World Privacy Forum, submitted the proposal to the Federal Trade Commission ahead of a two-day conference on behavioral advertising.
The Do Not Track list is modeled after the popular Do Not Call registry maintained by the FTC. Since 2003, telemarketers have been barred from calling numbers submitted to the list, which has about 145 million numbers.
"Consumers obviously know the Do Not Call list and have reacted well to it," said Mark Cooper, director of research at the Consumer Federation of America. "As an analogy, it helps socialize an important concern and idea."
The FTC does not regulate ad networks' privacy policies, but a group called the Network Advertising Initiative, comprising 11 advertiser members, said the industry polices itself. People can opt out of advertising by downloading a small piece of data known as a cookie.
Privacy advocates say self-regulation has not been sufficient for several reasons. First, not all behavioral advertising firms join the advertising initiative. Pam Dixon, executive director at the World Privacy Forum, said only about 25 percent of advertising networks are members. Second, the opt-out process is technical and requires a separate download for each ad network, so few customers use it.
Finally, Web-tracking technology has advanced since the initiative was created, so its members have developed new ways of tracking behavior even if a user has downloaded the cookie. Wednesday, America Online, announced an improvement on this system, but it still drew criticism from privacy groups who say the program relies on technology that allows loopholes.
AOL defended the technology and its improvement on it.
"Most of this behavioral advertising business model is built around cookie information. I don't know of anybody who's using a get-around technology, and if they are, they really ought to be called out," said Jules Polonetsky, AOL chief privacy officer.
The advertising initiative, for its part, argues that a Do Not Track registry isn't necessary, the voluntary program is user-friendly and most unwanted ads can be avoided using the cookie technology.
"We think this [CDT] proposal is redundant and overwrought," said J. Trevor Hughes, NAI executive director.
Making Do Not Track technology work would involve substantial technical challenges, according to Richard Smith, a Boston-based Internet consultant and privacy advocate.
"It would require either a change to Web browsers or an add-on to a browser to make it all work," Mr. Smith said. Companies such as Microsoft and Mozilla that offer Internet browsers are unlikely to cooperate because they rely on online advertising revenue, either directly or indirectly, he said.
Privacy advocates want the FTC to maintain a list of all advertising networks. Consumers could then essentially opt out of each network.
"You still receive ads," said Ari Schwartz, director of the Center for Democracy and Technology Deputy, who helped craft the proposal. "Companies just won't be able to track what sites you visit."
The FTC has considered extending the concept of the Do Not Call list to the Internet before, FTC Commissioner Jon Leibowitz said.
"It's a really promising idea that would empower consumers to choose their own level of privacy protections," he said. "We still need to learn a little more about it. For example, would there be a problem with malefactors getting folks' e-mail addresses? We looked at the notion of doing a Do Not Spam registry, and we decided against it because we were afraid the list of people opting out could get into the wrong hands."
Mr. Leibowitz also said that the FTC would probably need legislators' approval and increased appropriations before it could implement a Do Not Track registry, just as it did for the Do Not Call registry.