Online marketing myopia

We are in the middle of an advertising revolution, driven by
technology. Congress is up in arms over "behavioral advertising" online
by companies like Google.

Targeted advertising helps fuel today’s flood of information,
frictionless e-commerce, and the global blogger soapbox – so much so
that it has become cliche to call the Internet one of the most
important wealth-creating and democratizing technologies ever known.

Unfortunately, every new information technology advance stokes
privacy fears – and marketing that tracks our online comings and goings
is no different.

Behavioral advertising employs heretofore unexploited "tracking"
capabilities of the Internet – which reminds us that there is more to
the Internet than just the Web at any given juncture, and it’s only
2008.

The cries have become familiar. Is my data personally identifiable?
Can it become so? Will my identity be stolen? And if a breach occurs,
who will be punished?

Remember how angry we would get at receiving ads that were
untargeted spam? Today, the ads are relevant, but we are still not
satisfied.

Privacy is not a "thing" to legislate; it is a relationship
expressed in countless ways. User preferences preclude
one-size-fits-all privacy policy. Online, some hide behind digital
gated communities; others parade before personal Webcams.

Trying to legislate would be exceedingly complex, as any law would
need to contend with myriad questions. If online privacy is regulated,
what about offline? Should the standard be opt-in or opt-out? Who
defines "behavioral," or "sensitive"? Should the federal government
preempt state laws? What about non-commercial information collection?

Many companies, of their own accord, already follow principles much like the Federal Trade Commission‘s (FTC) proposed opt-in for sensitive information, even when the information is not personally identifiable.

But the rise of the information society amid a "homeland security
culture" is an unfortunate coincidence, as it has blurred the important
distinction between public and private data. This has complicated
things unnecessarily.

Total Information Awareness, CAPPSII and Real ID – such invasive
government proposals undermine privacy by preventing data from being
confined to an agreed-upon business purpose. Most of the time,
government does not need to protect privacy, but to allow it in the
first place. (One is reminded of the cartoon of Snoopy typing, "Dear
IRS, Please remove my name from your mailing list.")

An old joke holds that if McDonald’s were giving away free Big Macs
in exchange for a DNA sample, there would be lines around the block.
But consumers do care about safekeeping their personal information –
and increasingly have the means to protect it.

The Internet itself empowers consumers to vent their discontent –
through blog backlashes against companies, for example. The result:
Firms alter their information handling procedures without being told to
by law. Consumers can also avoid certain sites, or use Anonymizer,
Scroogle or TrackMeNot, and other such self-help tools. A federal
mandate for "choice" isn’t persuasive when choice is increasingly the
default.

The fury in the online privacy debate implies that real, unexploited
market opportunities exist in providing online anonymity. A marketer
does not necessarily want to know who you are, but how somebody like
you acts.

No firm in a free market is lucky enough to "self-regulate," as the
FTC puts it. Firms (like Phorm and NebuAd) now under attack for peering
too deeply into personal behavior online are regulated by the threat of
consumer backlash, competition from rivals, non-cooperation by
potential ISP partners, and discontent from investors. There is no such
thing as no regulation – the choice is between political control or
competitive discipline in a dynamic market.

Clamping down too hard will undermine what the Web can become.
Tomorrow’s Web page will not look like today’s, as "widgets" scooping
information from numerous sources become more routine and accepted.

Despite the accusations hurled against behavioral advertising,
marketing to an unidentified customer is today’s goal. Therefore,
privacy thrives best as a war between computer scientists competing to
offer anonymity.

However, at the same time, there is great value in technologies that
prevent others from posing as us – the opposite of anonymity. That is
one reason we should be hesitant about outright bans on the use of
personally identifiable data.

Meanwhile, we need improved cyber-insurance and enhanced liability
to evolve in online commerce. Government regulation of privacy
standards can short-circuit such innovation. Besides, the private
sector needs "practice" for the really difficult cases like the future
use of biometrics in online transactions.

Privacy policies are already legally binding. Therefore a realistic federal privacy agenda should:

• Target identity theft and computer crime;

• Enforce privacy policies;

• Remain neutral on technology;

• Keep compulsory databases separate from private ones;

• Stabilize government’s own insecure networks;

• Avoid mandates that undermine private security guarantees.

To protect consumers online, we must consciously avoid entrenching
regulation such that effective private alternatives and institutions,
however warranted, simply cannot emerge. Online marketers are today’s
"Battered Business Bureau" – but they need battering by competitive
discipline, rather than regulators.

Wayne Crews is vice president for policy at the Competitive
Enterprise Institute in Washington, D.C. and co-editor of "Who Rules
the Net?" (Cato Institute, 2003). He testified in the Senate on behavioral advertising in July.