Late last year, when law professor Peter Swire was tapped to co-chair the World Wide Web Consortium's do-not-track effort, the initiative was going nowhere fast.
At that point, the W3C's Tracking Protection Committee had spent more than a year trying to reach an agreement about how Web site operators should respond to do-not-track headers. The headers, now offered by every major browser, theoretically can let people permanently opt out of online behavioral advertising. But the headers don't actually prevent tracking. Instead, they send signals to publishers and ad networks, which those companies decide how to interpret.
The committee's privacy advocates, computer scientists and industry representatives differ on some critical issues. Among the most significant is whether companies should be able to collect any data from users who don't want to be tracked. Privacy advocates (as well as many consumers) say the answer is no. They argue that users who activate do-not-track don't want information about their Web-surfing activity compiled for any purpose. But the online ad industry generally says that companies need only to stop targeting ads based on users' behavior in response to a do-not-track request. One reason ad companies take that position is because they want to gather some data for market research and analytics purposes.
The question on the minds of many observers was whether Swire would be able to break that impasse. After last week's meeting in Boston, the answer is still uncertain.
Swire himself says things are looking up. He tells MediaPost that last week's event went better than some of the previous sit-downs. "There are positive things from Boston," he says. "The tone was professional and positive. At some earlier meetings, there had been personal attacks and a difficult tone. In Boston, people worked hard on the substance, and they did so in a professional way."
He adds that he hopes the group will have a document ready for public comment by this summer, and even authored a bullish blog post titled "Full Steam On Do Not Track," which concludes that the group is "now on a path to devising a workable, meaningful standard."
But is Swire's optimism really justified? After all, even if people were more polite at the most recent meeting, that doesn't mean that the group is any closer to forging an agreement now than in the past.
In fact, when it comes to substantive issues, the gulf between privacy advocates and industry representatives appears as wide as ever. Stanford University grad student and privacy advocate Jonathan Mayer says in an email that "pretty much every component of the policy is unsettled."
He adds: "I appreciate Peter's heroic efforts to bring the group to consensus. We are, however, still gridlocked."
Some others have made similar observations. But even if the W3C can't reach an agreement, do-not-track isn't necessarily dead. Justin Brookman, head of consumer privacy for the digital rights group Center for Democracy & Technology, suggests that browser manufacturers who eventually grow frustrated with the W3C's initiative could take matters into their own hands and start blocking tracking cookies by default. For now, Apple's Safari is the only browser to do so. But there's nothing to stop Mozilla or other companies from following Apple's lead in this area.
I don't understand "do not track" at all. Let's take two examples: (1) if a lot of people report the same email as spam, the email system which has been tracking this realizes that the sender is a spammer and blocks them from sending more, (2) if a lot of people view a product, but nobody buys, there could be something wrong with its description (perhaps the price was mistakenly keyed 10x too high) so the tracking system alerts the site owner to check. Most examples of tracking are like these, so what does tracking have to do with privacy?