Nobody Apparently Likes Congress’s New Privacy Bill – Debating privacy in the age of deep packet inspection

This sounds like a potential can of worms …

You might recall how efforts by companies like NebuAD to impose behavioral advertising upon users fell apart — in part because many ISPs weren’t informing users they were collecting information using deep packet inspection (just like they don’t inform users they sell clickstream data). But there’s also questions surrounding whether such systems violate privacy and wiretap laws.

With the goal of opening the flood gates to this new, more profitable advertising — while codifying consumer protections — Congress has proposed a new, as-yet not-fully-named privacy bill (pdf).

Bill sponsor Rick Boucher insists the bill strikes a middle ground between privacy concerns (specifically the need to inform consumers how and why data is being collected) and the need to open the door to these new targeted advertising models. Among other things, the bill would set limits on how long user data could be stored (18 months) and would require that companies notify customers precisely what information is being collected about them (online and off).

So far, neither consumer advocates or corporations seem happy with the bill. Privacy groups complained that the bill simply keeps current broken practices in place, like requiring companies to bury user notification in fine print, and putting the onus on the consumer to “opt-out” — instead of requiring things like behavioral advertising be opt-in. They also are concerned that the bill would bar consumers from suing companies for data collection gaffes, and would also pre-empt a number of tougher state privacy laws.

The long list of corporations eager to profit from technology like behavioral advertising have always insisted they can self-regulate their use of consumer data — and that new laws aren’t necessary. Verizon, for instance, has consistently argued that public shame would keep them honest about privacy concerns. Of course, if an ISP is collecting user data and selling it without a user’s knowledge (the sale of clickstream data is exhibit A), and is implementing deep packet inspection technology they aren’t willing to talk about (see Windstream’s recent DPI snafu as exhibit B) it’s not clear at what point they’d be informed long enough to shame anybody.

Boucher’s bill is pretty clearly not the answer, and like much legislation — it has the potential to be so watered down by lobbyists before it’s finalized, it could easily work to harm — not help — consumer privacy.
read comment(s)

Link to Original Content

Western Telematic, Inc. (WTI) designs and manufactures remote device management products for IT applications. WTI’s Serial Console Server products, Remote Reboot products, Switched PDU products and A/B Fallback products are engineered to allow you to securely manage and troubleshoot rack equipment in remote locations.

Comments are closed.