This story appeared on Network World at
http://www.networkworld.com/columnists/2013/030513-bradner.html

Privacy as product differentiation. Is it time?

'Net Insider By Scott Bradner, Network World

March 05, 2013 01:11 PM ET

One of the big problems standing in the way of getting anything that remotely resembles a concern among Internet companies for the privacy rights of their customers is that there has been no business reason for any such concern. That may be changing, but don't bet big on the possibility.

Other than some spotty, but quite good, efforts by the Federal Trade Commission (FTC), there is little interest in Washington to force Internet companies to develop a concern for customer privacy. The FTC did come down on Facebook last fall following "charges that Facebook deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public." The resulting settlement does have some teeth, requiring for example that Facebook retain an independent third party to review its privacy practices every two years for 20 years and provide a copy of the review to the FTC within 10 days of the report being finished. But such efforts are few and far between.

It would be far more effective if Internet companies saw privacy protection as a competitive advantage, and there are minor signs that some do. Microsoft has been blasting Google in its "Scroogled" ad campaign over privacy invasions in Gmail. The Scroogled website says, "Google goes through every Gmail that's sent or received, looking for keywords so they can target Gmail users with paid ads. And there's no way to opt out of this invasion of your privacy. Outlook.com is different -- we don't go through your email to sell ads."

I will note that the Scroogled website's privacy link points to a 4,000-plus word Microsoft privacy policy. If a company actually had customer privacy as a primary concern it should be able to explain that in far less than 4,000 words.

Google, as one might expect, is not thrilled with this Microsoft ad campaign. During a panel session at the recent RSA Conference the chief privacy officers of Microsoft, Facebook and Mozilla, as well as the senior privacy counsel for Google, talked about Internet privacy. Google's Keith Enright described the Microsoft Scroogled effort as "misleading and intellectually dishonest," and added that Google had been working at simplifying its privacy policies. The current base policy is about half the length of Microsoft's but, while clearly written, is still far from terse. But, having the big Internet players arguing over who protects their customers' privacy better is a very positive, but small, step.

Another topic discussed by the privacy officers at the RSA Conference panel was the Do Not Track option in most current Web browsers. This once looked like a good way for Internet users to tell websites that they did not want their Internet usage to be tracked. But this has turned out to be, at best, a false hope. First, a number of big ad companies maintained that "do not track" actually meant "track but do not use the information to serve ads." A strange way to read the English language. Then Microsoft decided to turn on the flag by default in IE. That sounds good, unless one spends more than three nanoseconds thinking about it. If the flag is turned on without the user making the decision to turn it on, then the ad companies can rightly say that the user is not expressing an opinion and be justified in ignoring the flag. Apparently many are silently doing so now. Some sites are quite in your face about ignoring user desires. Somehow the Information Technology & Innovation Foundation approach does not, to me, match its slogan of "smart ideas for the innovation economy."

Actual concern for the privacy of Internet users may possibly come at some point, but there is little evidence of any at this point.

Disclaimer: Harvard has a comparatively terse privacy statement, but I had nothing to do with creating it nor have I heard the university express any view on Internet privacy. So the above lament is mine alone.