By Chris Jay Hoofnagle, San Francisco Chronicle
Imagine being followed in a shopping mall by a marketer who watches what you browse and buy and then recommends products. You might find this useful at times, but some consumers might never want to be followed.
Ubiquitous consumer tracking is the reality in the online world. Your browsing is being followed on almost all Web sites by a single company: Google. In a study published last year, my colleagues found Google trackers on over 88 percent of 393,000 unique Web sites. Only governments have the ability to monitor individuals this expansively.
Yet, you have no way to ask Google to stop this tracking. Instead, you can merely opt-out of the targeted advertising – the product recommendations. Exercising your privacy options creates a worst-case-scenario outcome: If you opt out, you are still tracked, but you do not receive the putative benefit of targeted ads.
An illusory opt-out system is just one of the increasingly sophisticated sleights of hand in the privacy world. Consider Facebook’s privacy options. Regulators in the United States have long called for companies to give users choices to control personal data. Facebook can proudly proclaim that it offers these choices – more than 100 of them. Therein lies the trick; by offering too many choices, individuals are likely to choose poorly, or not at all.
Facebook benefits because poor choices or paralysis leads consumers to reveal more personal information. In any case, the fault is the consumer’s, because, after all, they were given a choice.
Machiavelli taught that individuals lack tools to assess political leaders, thus politicians can manage their perception through public relations alone. This is particularly apt in the technology field, where even expert users cannot effectively assess a company’s privacy practices. Our survey research shows that users falsely believe that privacy policies create strong legal protections and limits on data use. Thus, just talking about privacy can create cover for tracking while consumers believe that they are protected.
The privacy Machiavellis are masters of the bait and switch. But unlike the unsophisticated old-school scammers who simply replaced one product with another, Facebook and Google change the product slowly so that consumers are less likely to perceive the switch.
Facebook became a trusted brand by presenting itself as a private club of peers. Meanwhile, the site was changing settings and revealing more personal information to more people.
Google used to tout its search engine advertising as privacy friendly, because it focused upon users’ interests per-transaction, rather than through an analysis of past searches and browsing. But in 2007, Google quietly began behavioral profiling, tracking searches, and, with the acquisition of DoubleClick, nearly all browsing behavior.
Privacy “messaging” is masking the actions and goals of companies such as Google and Facebook. These for-profit companies have business models that depend upon increasing the collection of personal information, yet they tell us that “privacy is important.” The real question is: How important?
As informed citizens, we are wise to the public relations tactics of the tobacco and pharmaceutical industries. It’s time to recognize similar manipulation among information-intensive companies.
Chris Jay Hoofnagle, a professor at UC Berkeley School of Law, is a director of the Digital Trust Foundation, formed from the proceeds of privacy lawsuits against Facebook. This piece is based upon a longer article, “Beyond Google and Evil,” at sfg.ly/cfAvwQ.