An old privacy model in which websites gave consumers notice about what information they were collecting and allowed them to opt out isn't working in an age of "unprecedented" online tracking, a member of the U.S. Federal Trade Commission said Monday.
The FTC will continue to push for a universal, persistent mechanism that allows Web surfers to stop websites and applications from tracking them, said Commissioner Julie Brill. The universal do-not-track mechanism should apply to mobile devices and applications as well as traditional websites, she said during a speech at the Center for American Progress in Washington, D.C.
Web-based companies are "harvesting and trading in information about where we are, what we do, who we meet and what we buy," Brill said. "The amount of tracking of an individual's behavior online -- what sites she visits, what ads she clicks on, what she says when she chats and where she wanders through the day -- is unprecedented."
Brill didn't advocate for new laws to enforce a do-not-track mechanism, but she called on mobile carriers and app providers to support do-not-track mechanisms that the FTC first suggested in December 2010. "This branch of the information superhighway is in desperate need of basic reform," she said.
Much of the online tracking is invisible to consumers, resulting in privacy concerns, Brill said. The FTC's notice-and-choice model for consumer control of their online privacy, adopted in the 1990s, is outdated in the face of increasingly sophisticated tracking techniques, she said.
"The theory is sound, but it has proven unworkable," Brill said. "It is not reasonable to expect consumers to read and understand privacy policies, most about as long and as clear as the Code of Hammurabi, especially when all that stands between them and buying that new flat-screen TV or downloading the latest version of Angry Birds is clicking the little box that says, 'I consent.'"
One privacy advocate at the event called for additional steps to protect online privacy. Websites shouldn't be allowed to track children and teens, and the Internet industry should pay for a comprehensive public awareness and education campaign about online privacy, said Jim Steyer, founder and CEO of Common Sense Media, an advocacy group focused on child-friendly media and technology.
The Internet industry should also pay for a mechanism that would allow a Web user to erase online information about himself, including information posted about him by other people, Steyer said.
There are currently few rules governing the tracking of children online, Steyer said. "It's essentially a wild, wild West environment," he said.
In May, U.S. Representatives Ed Markey, a Massachusetts Democrat, and Joe Barton, a Texas Republican, introduced the Do Not Track Kids Act, which would prohibit websites from delivering targeted marketing to children based on tracking and would establish an "erasure button" allowing children to eliminate online personal information about them when technically feasible.
But privacy lawyer Chris Wolf, co-director of the Future of Privacy Forum, noted that several groups have criticized the bill for being overly broad. The legislation could lead to colleges and music groups being prohibited from sending e-mail messages to teens, he said.
An eraser button may not be technically possible, added Ed Felton, the FTC's CTO. A website should be able to delete all the information about a user when a user cancels his membership, but it would be difficult for a someone to erase all information about himself across the Web, he said. Designing a technology-based eraser button would be a "head scratcher," Felton said.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.