If there’s one lesson I’ve learned in twenty-one years of covering information technology policy, it’s that there are no simple silver-bullet solutions to complex issues like online safety, hate speech, spam, cybersecurity, data breaches or digital privacy. Problems such as these demand a layered, multifaceted approach that incorporates many solutions, the first among these being education and awareness-based efforts.
That’s not to say that the search for technical solutions to such problems is a complete waste of time. But in my work on digital privacy, I have always stressed how misguided it is to place too much faith in any single techno-quick fix.
That brings me to “Do Not Track” (DNT) as a simple privacy solution. A great deal of ink has been spilled about the DNT mechanism, which in theory would let users block online “tracking” at the browser level. Proponents argue that DNT will not only empower users but also help us “end the technological arms race” between users and sites or services that use tracking techniques. By contrast, critics of DNT generally focus on the economic impact it might have on the digital economy and ongoing choice and innovation in this space.
But these arguments for and against DNT miss a larger point that I stressed in mytestimony before the Senate Commerce Committee last week: No matter what happens with DNT in the short-term, it is unlikely to have a lasting, meaningful impact in terms of long-term privacy protection. We should be careful about placing all our eggs in one basket because there are not many good examples of simple fixes that have been truly effective, at least not for very long. Such schemes are often easily defeated or, more generally, they just fail to work at the scale and pace of the Internet.
Indeed, the World Wide Web Consortium (W3C), which is overseeing the development of the DNT standard, has been down this path before. The W3C spent a decade trying to make thePlatform for Privacy Preferences (P3P) work, only to see it fail. P3P was a noble effort to make website privacy policies easier to understand as well as machine-readable.
The W3C also spent a decade pursing a comprehensive solution to controlling access to objectionable online content. The resulting Platform for Internet Content Selection(PICS), which was launched in 1995, was a voluntary metadata tagging and content labeling scheme that was supposed to make it easier for users to block objectionable online content.
There are plenty of other examples of ambitious techno-fixes failing miserably. Think of the federal “CAN-SPAM” Act, which aimed to curtail the flow of unsolicited email across digital systems, yet largely failed to do so. Similarly, music labels wasted almost a decade trying to make digital rights management (DRM) work before finally raising the white flag.
The lesson here is that time and resources devoted to hammering out a single tool or standard to solve a complex problem might be better spent developing a deeper toolbox of solutions. Certainly, technical solutions should be part of the mix. Luckily, an extensive array of privacy-enhancing tools already exists, including: ad and cookie-blockers, ad preference managers, “private browsing” tools, web script blockers, encryption and web proxy tools, reputation protection services, and even private Do Not Track tools. Using a combination of those tools, users can already block a great deal of “tracking” or unwanted advertising.
But education, media literacy and digital citizenship efforts must be the first line of defense in ongoing efforts to better protect personal privacy in the information age, just as they have been for online safety. As I discussed at greater length in my latest law review article, it is vital that we teach both children and adults smarter online hygiene (sensible personal data use) and “Netiquette” (proper behavior toward others). We must also do more to explain the potential perils of over-sharing information about ourselves and others while simultaneously encouraging consumers to delete unnecessary online information occasionally and cover their digital footprints in other ways.
To be clear, I’m not opposed to the W3C finishing its Do Not Track work, but I worry it won’t be worth all the time and fuss we’ve spent on it so far. Even if Do Not Track takes root and some consumers turn it on, many will be incentivized by ad networks or publishers to opt right back in to “tracking” to retain access to sites and services they desire. In doing so, they may end up sharing even more information than they do today.
While the Holy Grail-like quest for a single silver-bullet solution to our privacy woes remains as a tempting as ever, all of us—parents, educators, industry, and policymakers alike—must refocus our efforts on devising a more diverse, lasting set of solutions and strategies to cope with life in an age of ubiquitous, effortless information flows.