Administrators of Web sites should look to banks as models of consumer trust in their efforts to keep sensitive personal data private online, consumer advocates said Tuesday morning at a panel discussion at the Federal Trade Commission.
The panel was part of the last of three workshops at the FTC examining privacy online and in other industries.
Privacy issues are handled by the consumer protection side of the FTC and often not considered by the agency in merger reviews. But when Commissioner Pamela Jones Harbour disagreed with the agency’s decision on Google Inc.’s DoubleClick acquisition in 2007, she outlined her concerns about the trove of consumer data the combined firm could access.
The FTC is currently reviewing Google’s acquisition of mobile advertising platform AdMob, and news reports have suggested the agency might challenge the deal.
Google also has come under fire from privacy advocates for making some personal user information public when it launched Buzz, its social networking service, last month.
At Tuesday’s discussion, experts focused on how to build a new layer into the Internet’s communication architecture that can give Web sites the information they need about their audience while also making sure sensitive information isn’t stored or shared with other providers.
Jules Cohen, who heads the Trustworthy Computing Group at Microsoft, suggested one online model that might replicate how identity works offline. Most individuals carry a wallet with a driver’s license, a corporate ID, an ATM card, retail cards, and other identifying cards, he said.
A person can take a utility bill to the DMV in order to prove who they are, for example, and get a driver’s license in return. Online entities can mimic that process, he said, and tailor it to the Internet’s needs.
If a person goes to a museum and uses a student ID card to get a discount, Cohen said, the card would show his name, his university, his graduation date, and other information that the museum does not need. “They just need to know that I am a student,” he said. “On the Internet, we can do that kind of redaction.”
Panelists suggested a third-party provider could play the role of an identity broker by taking personal data, validating it, and providing it to Web sites on a limited basis without sharing it between sites.
Some panelists expressed concern about how independent that service might be.
“Who does this broker work for?” asked Peter Eckersley, a senior staff technologist at the Electronic Frontier Foundation. The worst answer, he said, would be for a data service who would sell information to companies that want to know more about consumers. The best answer, he said, would be a broker that works on behalf of consumers.
The Federal Communications Commission’s plan to improve broadband access in America, released on Tuesday, included a framework akin to the FDIC, which protects bank deposits, to oversee identity brokers and ensure that consumer data is secure.
The kind of framework is only part of the goal, Eckersley said. “How do we get from the Internet of today, where most of us have no privacy, to the Internet of tomorrow?” he asked. “It involves throwing lots of kitchen sinks at the problem.”
Texas Speech. The topic of online privacy has been an issue elsewhere in the country recently. Online privacy in the age of Facebook and Google Buzz was the subject of a keynote speech at South by Southwest, a popular music and tech conference in Austin, Texas, this week. Microsoft Research’s Danah Boyd discussed user expectations and said that “just because something is publicly accessible doesn’t mean people want to be publicized,” according to the popular tech-site GigaOm.
[...] Microsoft, Consumer Groups Discuss Privacy at FTC – Main Justice [...]