Monday, June 28, 2010

Boucher Bill could severly impact today's Internet business models, affecting small publishers

During the Potomac Tech Wire Digital Media Conference East at Tyson’s Corner VA Friday (reported here then, June 25), concern was expressed about a Senate draft, created in May, of a bill (link here) originated by Virginia Representative Rick Boucher (D) (and no relation to my name, which sounds similar). It's already called "The Boucher Bill", although Boucher has introduced related legislation in the past, according to search engines.

This purports to be a bill “to require notice to and consent of an individual prior to the collection and disclosure of certain personal information about that individual.” The draft is still in discussion and apparently it has yet to be formally introduced. It does not appear to have an HR number yet.

There is an analysis of the bill by Tanya Fosrsheit on the web site of the Info Law Group, dated May 12, 2010, with link here.

The bill tends to suggest that, for example, that companies or other entities serving advertisements to web viewers would have to seek opt-in permission before gathering information that could be used to market other products or services to users to that computer (which the company probably believes to be the same or related persons). Already, websites that offer ads that plant cookies are generally advised or required by publishing services to have privacy policies that advise viewers how certain kinds of data might be collected, but generally they don’t have an opt-in or op-out. For example, this blog page has a Privacy Policy displayed conspicuously (even if the print font is small) at the very bottom of this page.

Marketing companies do aggregate information regarding viewing “preferences” of visitors as an abstract notion – admittedly that can imply probably relevant information about a viewer (even sexual orientation, for example). However, the information does not by itself comprise “PII” or personal identifying information (a term particularly relevant, for example, to recent Census operations and particularly guarded by Census, particularly, by oath in collection, and generally required to be guarded by financial institutions and usually retailers from improper disclosure). The information represents an entity that demonstrates a certain pattern of interests as a potential consumer.

The greatest security problem for web users, apart from possible disclosure of PII to hackers by companies with inadequate encryption and security, probably comes from the fact that various data companies sell reports on individuals, including information like home address (rather than mail box) or home phone, to parties that may have hostile intentions (of impersonation or stalking), compared to credit reporting companies, which at least are supposed to require legitimate membership of interests to whom they sell credit reports. The sort of information acquired by advertisers from web users generally does not represent this kind of risk to ordinary users. However, a few companies have, of course, promulgated malware that does indeed try to obtain PII from users later from keystrokes. Anti-virus software and anti-spyware is intended to intercept these efforts. In some cases, interception of information, as parents watching minor children, may have an ethically or legally permissible purpose.

There is no question that the spontaneous Web (call it 2.0, 3.0, etc) that invites so much user participation and even self-broadcast depends on advertising and on the acceptance of advertising by Internet users as a way of paying for their service, very much as was the case with broadcast television and even radio in past decades. Of course, it’s possible to imagine a marketing model that is much more tied to the content (and less to the behavior of the consumer), and to a relationship between the publisher and marketer. Ten years ago (even during the “dot-com” boom and bust around 2000) that’s pretty much how it was, with operations like LinkShare, where advertisers had to approve of specific sites.

At the conference, speakers expressed the belief that the bill would not get too far in the current form. If it did pass and if the Federal Trade Commission had to enforce it literally, business models upon which blogging and social networking platforms depend would become much less profitable than they are today, and so many speakers might eventually no longer find an outlet.

Pam Horan, of the Online Publishers Association (link), has noted the importance of geocentric information on mobile devices, which is really not PII, although in “Tom Clancy” scenarios people could be tracked down with it. I found her video on a Washington Post link given here Friday; I couldn't find it on the OPA site.

Wendy Davis had a story June 5 in Online Media Daily that the Interactive Advertising Bureau (link ) had said “Boucher bill stikes at the ‘Heart and soul of today’s Internet offerings”, story here although I could not find that story on IAB’s press releases.

Not everyone interprets the bill so negatively. Steve Igo of the Kingsport (TN) Times writes “Boucher bill would protect privacy of Internet users” here. But San Francisco station KQED has a story by Martin Kaste (link)  which shows how a site that helps people who buy Ikea furniture ("Ikea fans") would be severely affected. (By the way, Ikea is good for other things besides furniture, like gravlax, according to a tweet I got—rather like lutefisk from MN.)

I’ll take up this bill with my own congressman (Moran, VA) and I welcome comments that I could share with him on this bill.

No comments: