This opinion piece by a consumer watchdog group (literally named "Consumer Watchdog") does a good job of expressing the tensions between the FTC and the State of California regarding approaches to internet privacy.
Now, I've certainly banged the privacy drum loudly this past year – and I don't intend to focus on it as much in 2011, lest I risk being compared with Chicken Little (by the way, just because a chicken tells you the sky is falling, doesn't mean it's not true) – but my focus has been on the evidentiary risks of not protecting your privacy, whether it be on an individual basis, corporate or somewhere in-between.
This is an e-discovery blog, after all…
Nor do I necessarily agree with the concept of a "do not track" list, as I've mentioned before (because in my opinion, it probably won't work). There has to be an effort at formulating comprehensive policy, rather than acting like tracking a node is somehow like tracking a telephone number. What do I mean?
- Has anybody thought about how one would manage such a list? How will one identify the requestor? By name? By IP#? By a unique device name/code? (Whoops; there goes your privacy). Suppose the individual has a PC, a laptop and a PDA – and they swap PDAs annually. How will the database account for this?
- Take into account everything above, now add all of the devices in a corporate environment – and we know how often those are refreshed. Will the firewall be enough?
- Now, what about the spouse, the children and all of their devices? Children are by far the most vulnerable because, a) they already think they're bulletproof and b) they don't yet fully understand the concept of privacy (heck, neither do a lot of their parents!)
On the plus side, there are brilliant minds out there who may actually have answers to some of these issues, but the point I'm making is, you can't just slap a feel-good name on something, then give the public the impression that it's a panacea to all of their concerns.
We're not just talking about preventing annoying sales-calls at dinnertime. Placating the public without actually achieving the goal will increase the risk (through a false sense of security), not reduce it.