On the Internet, things get old fast. One prime candidate for the digital dustbin, it seems, is the current approach to protecting privacy on the Internet.
It is an artifact of the 1990s, intended as a light-touch policy to nurture innovation in an emerging industry. And its central concept is “notice and choice,” in which Web sites post notices of their privacy policies and users can then make choices about sites they frequent and the levels of privacy they prefer.
However, policy and privacy experts agree that the relentless rise of Internet data harvesting has overrun the old approach of using lengthy written notices to safeguard privacy.
These statements are rarely read, are often confusing and can’t hope to capture the complexity of modern data-handling practices. As a result, experts say, consumers typically have little meaningful choice about the online use of their personal information — whether their birth dates, addresses, credit card numbers or Web-browsing habits.
“There are essentially no defenders anymore of the pure notice-and-choice model,” said Daniel Weitzner, a senior policy official at the National Telecommunications and Information Administration of the Commerce Department. “It’s no longer adequate.”
So if the current model is broken, how can it be fixed? There are two broad answers: rules and tools.
Rules would mean new regulations. The US Congress and the Federal Trade Commission are looking at further rules that could limit how personal information is used. For example, the government might ban the use of recorded trails of a person’s Web-browsing behavior — so-called click streams — in employment or health insurance decisions.
Still, the next round of online privacy regulation needs to proceed carefully, policy experts warn. They say that online data collection and analysis is an economic imperative, and that the Internet industry of the future will involve adding value to the free flow of information — much of it created by individuals and their browsing activity. Google, Facebook and Twitter are evidence of the trend, and so are legions of start-ups seeking riches in fields like social networking, cloud computing and smartphone applications.
“Getting this balance right is critical to the future of the Web, to foster innovation and economic growth,” Weitzner said.
Whatever the future of regulation, better digital tools are needed. Enhancing online privacy is a daunting research challenge that involves not only computing, but also human behavior and perception. So researchers nationwide are tackling the issue in new ways.
At Carnegie Mellon University, a group is working on what it calls “privacy nudges.” This approach taps computer science techniques like machine learning, natural language processing and text analysis, as well as disciplines like behavioral economics.
The goal is to design software that essentially sits over your shoulder and provides real-time reminders — short on-screen messages — that the information you’re about to send has privacy implications.
“It learns, helps you and occasionally prompts you,” said Lorrie Faith Cranor, a computer scientist at Carnegie Mellon. “When we go online, there are a lot of ways we can inadvertently give up our privacy.”
On a social networking site, Cranor says, people often type in their birth dates and widely circulate them, hoping to receive online birthday greetings. But a birth date posted online, she says, can also be used for marketing profiling, identification and potentially identity theft. A software agent, she says, could inform the user of that before a birth date is typed.
RSS