Enter, slowly, the feds. At this moment there are no fewer than five pieces of legislation that have been introduced on subjects relating to tracking and Internet privacy. Given that the political web in Washington is much more tangled than the Web we surf, no one can predict if, when, or which of these proposals will actually become law. But at least, finally, everyone is getting in on the act. One recent offering, authored by two former presidential candidates on opposite sides of the aisle–John McCain and John Kerry–is called "The Commercial Privacy Bill of Rights." Although the bill is laudable in many respects, it leaves out what many think is perhaps the most important protection for consumers; that is, a "Do Not Track" option, akin to the "Do Not Call" list codified into law only a few years ago. The FTC agrees, and has lobbied vigorously for such a provision for some time.
Part of the problem is that the issues raised by any legislation in this area are extremely complex, and involve very high stakes. Some legislation has been deemed unconstitutional on First Amendment grounds. A 1998 law known as The Child Online Protection Act ("COPA"–not to be confused with COPPA or CIPA—whew!) was eviscerated in 2008 by a federal court. Although that law didn't deal with tracking, it serves to illustrate that the federal government's approach to online privacy has been less than perfect.
But where the U.S. government has had problems creating reasonable rules of the cyber-road, some states have had greater success, a success now threatened by preemption; that is, federal law superseding an effective state law such as California's "Online Privacy Protection Act" (called–you guessed it–"OPPA"). But perhaps the thorniest issue is what such a "Do Not Track" registry would do to the cornucopia of free services we all receive from companies like Google and Facebook.
Most search and social-network companies seem to support the Kerry-McCain proposal, perhaps precisely because it doesn't include a "Do Not Track" provision. "The bottom line is that behavioral ad networks sound more scary than they are in practice," said Mark Hopkins, editor-and-chief of SiliconANGLE, a popular tech blog, "and regulating the fundamentals of that business would knee-cap a large swath of the web. It should go without saying that this is a bad thing." On the other hand, regardless of the good intentions of an online data collector, the simple fact that data is being collected about all of us puts each of us in harm's way. Until Internet security is such that we don't have news of a huge data breach every week, the better part of valor requires less tracking, even if it means less service for those who choose to opt out.
[Related Article: When You're the Apple of Their Eye]