Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

February 07 2011

18:49

Will U.S. Government Crack the Whip on Online Privacy?

This week MediaShift will be running an in-depth special report on Online Privacy, including a timeline of Facebook privacy issues, a look at how political campaigns retain data, and a 5Across video discussion. Stay tuned all week for more stories on privacy issues.

MP_internetprivacy_small.jpg

Online privacy is the new openness.

After years of telling all on the Internet, of tweeting about armpit rashes and tantric sex, we may have gone too far, shared too much. We may have lost control of the information that we reveal about ourselves and of the way others use that information. Which is a bad thing.

That's the thinking, at least, behind two government reports released at the end of 2010. The first one, produced by the Federal Trade Commission (FTC), outlines a plan to regulate the "commercial use of consumer data." The second one, produced by the Commerce Department, recommends that the federal government "articulate certain core privacy principles" for the Internet. Together they show that online privacy is very much on the public agenda.

FTC ENDORSES "DO NOT TRACK"

The FTC report, titled Protecting Consumer Privacy in an Era of Rapid Change, begins by noting that "consumer information is more important than ever" and that "some companies appear to treat it in an irresponsible or even reckless manner." It says data about consumer online activity and browsing habits are "collected, analyzed, combined, used, and shared, often instantaneously and invisibly."

google optout.JPGFor example, if I browse online for a product, which I often do, then advertisers could collect and share information about me, including my search history, the websites I visit and the kind of content I view. Likewise, if I participate in a social networking site, which I do, then third-party applications could access the stuff I post on my profile. Today my only lines of defense would be to adjust the privacy controls on my browser, to download a plug-in, or to click the opt-out icon that sometimes appears near an ad.

That's not good enough, according to the FTC report, which is intended to be a roadmap for lawmakers and companies as they develop policies and practices to protect consumer privacy. To that end, the FTC made three proposals.

First, companies should build "privacy protections into their everyday business practices." More specifically, they should provide "reasonable security for consumer data," they should collect "only the data needed for a specific business purpose," they should retain "data only as long as necessary to fulfill that purpose," they should safely "dispose of data no longer being used," and they should create "reasonable procedures to promote data accuracy." In addition, they should implement "procedurally sound privacy practices throughout their organizations."

Although it's unclear what would constitute a "specific business purpose," those suggestions to a great degree reflect existing law. Section 5 of the FTC Act, which prohibits unfair or deceptive practices, can be used to nail companies that fail to secure consumer information. Similarly, the Gramm-Leach-Bliley Act requires financial institutions to take certain steps to secure their information, and the Fair Credit Reporting Act requires consumer agencies to ensure that the entities receiving their information have a permissible reason to receive it. The latter also imposes "safe disposal" obligations on those entities.

Second, companies should "provide choices to consumers about their data practices in a simpler, more streamlined way." This would allow consumers in some transactions to choose the kind and amount of information they reveal about themselves. I say "in some transactions" because companies would have to distinguish between "commonly accepted data practices" and those "of greater concern."

The former includes ordinary transactions in which consumer consent is implied, e.g., I buy a book through Amazon, and I give the company my shipping address. No big deal, says the FTC. The latter, however, includes activities and transactions in which consent is not implied, e.g., an online publisher allows a third party to collect data about my use of the publisher's website. Big deal, says the FTC.

consumers_choice.jpgWhere consent is not implied, consumers "should be able to make informed and meaningful choices," and those choices should be "clearly and concisely described." In the context of online advertising, that means I would be able to choose whether to allow websites to collect and share information about me. The most practical way to give me that choice, according to the FTC, is to place a persistent setting on my browser to signal whether I consent to be tracked and to receive targeted ads. This "do not track" mechanism could give consumers the type of control online that they have offline with the "do not call" list for telemarketers.

Third, companies should "make their data practices more transparent to consumers." They should ensure that their privacy policies are "clear, concise and easy-to-read," and in some circumstances they should allow consumers to check out the data kept about them. Those circumstances remain unclear, but the report says if a company maintains consumer data that are used for decision-making purposes, then it could be required to allow consumers to review that data, essentially to give them the chance to correct any errors.

It's a good thing for the FTC to encourage companies to revisit their privacy policies. Most of them are long and dense and monuments to legalese, and some companies seem to notify me every week about changes to their terms and conditions. Nowhere is their ineffectiveness more apparent than in the world of mobile devices, which often spread privacy policies across dozens of screens, 50 words at a time. On the Internet, meanwhile, it would take consumers hundreds of hours [PDF file] to read the privacy policies they typically encounter in one year. That's hardly helpful to the consumer.

All in all, the FTC report has received mixed reviews. Some say its recommendations won't stop the information free-for-all, while others say it's promising and a step in the right direction. In any case, the commission will need the help of Congress to implement the plan, and that help isn't a sure thing.

COMMERCE DEPT. CALLS FOR PRIVACY CODES

The Commerce Department report, very sexily titled Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework [PDF file], begins by noting that consumer privacy must address "a continuum of risks," such as minor nuisances and unfair surprises, as well as the disclosure of sensitive information in violation of individual rights. The report's purpose is to stimulate discussion among policymakers, and it includes recommendations in four areas.

First, the government should "revitalize" the FTC's Fair Information Practice Principles, a code that addresses how organizations collect and use personal information and the reasonableness of those practices. The amended code should "emphasize substantive privacy protection rather than simply creating procedural hurdles." The specifics are similar to those in the first section of the FTC report: the code should call on companies to be more transparent, it should articulate clear purposes for data collection, it should limit the use of data to those purposes, and it should encourage company audits to enhance accountability.

Screenshot-code.pngSecond, the government should "enlist the expertise and knowledge of the private sector" to develop voluntary codes for specific industries that promote the safeguarding of personal information. To make that happen, the Commerce Department should create a Privacy Policy Office to bring the necessary stakeholders together, and the FTC would enforce the codes once they've been voluntarily adopted.

Well, this makes me think of the old saw that socialism is good in theory but doesn't work. Whether or not that's true, too often the same can be said (truthfully) of voluntary codes. To make this scheme work, at the very least, the FTC should be given rulemaking authority to develop binding codes in the event the private sector doesn't act. Alternatively, as the report suggests, the FTC could ramp up its enforcement of existing privacy laws, to encourage companies to buy in to the voluntary codes, on the theory that the buy-in would entitle them to a legal safe harbor. In other words, complying with a voluntary code would create a presumption of compliance with any privacy legislation based on the amended Fair Information Practice Principles.

Third, the government should be mindful of its global status as a leader in privacy policy. On the one hand, it should develop a regulatory framework for Internet privacy that "enhances trust and encourages innovation," and on the other hand, it should work with the European Union and other trading partners to bridge the differences, in form and substance, between their laws and U.S. law. As the report notes, although privacy laws vary from country to country, many of them are based on similar values.

Fourth, Congress should pass a law to standardize the notification that companies are required to give consumers when data-security breaches occur. Lawmakers also should address "how to reconcile inconsistent state laws," because the differences among them have created undue costs for businesses and have made it more difficult for consumers to understand how their information is protected throughout the country.

In the privacy world my sympathies are chiefly with the consumer, but the patchwork of state security breach notification (SBN) laws is a very real challenge for businesses. Not long ago, I worked with a company that had offices in a number of states, and as a result, it had to comply with a number of different state SBN laws. They were variations on the same theme, of course, but the differences had to be accommodated. The devil was in the details, and from that work it became obvious to me that the compliance costs were high and the benefits low: Some people get better notification than others. That's neither fair for the consumers nor ideal for the company.

The reaction to the Commerce Department report, like the one to the FTC report, has been mixed. Privacy advocates have been critical of it, especially the sections that support self-regulation, but other groups and government officials have commended the Department for taking on a tough issue. For its part, the Department said it plans to incorporate the feedback into its final report, to be released later this year.

NEW COMMITTEE TO CARRY THE PRIVACY FLAG

It's also worth mentioning that in late October, the National Science and Technology Council launched a Subcommittee on Privacy and Internet Policy. Chaired by Cameron Kerry, general counsel of the Commerce Department, and Christopher Schroeder, assistant U.S. attorney general, the subcommittee's job is to monitor global privacy-policy challenges and to address how to meet those challenges.

The charter [PDF file] says the subcommittee will do three things: 1) it will produce a white paper on information privacy in the digital age, building on the work of the FTC and the Commerce Department; 2) it will develop a set of general principles that define a regulatory framework for Internet privacy, one that would apply in the U.S. and globally; and 3) it will coordinate White House statements on privacy and Internet policy, striking a balance between the expectations of consumers and the needs of industry and law enforcement.

LOOKING AHEAD

Online privacy is on the government's brain, no doubt, but it's hard to say what effect, if any, the reports will have. They strike a chord with privacy advocates concerned about the way companies use the information that consumers reveal about themselves. They show sensitivity to the needs of both consumers and businesses. And they don't contain, possibly with the exception of the "do not track" mechanism, any kind of poison pill that would make the reports in their entirety look undesirable to major stakeholders.

Still, many companies already do what the reports recommend, and many of the recommendations to a great degree reflect existing law. So it's fair to wonder how much would change even if lawmakers used the reports to draft legislation. Lots of macro-micro questions remain unanswered, too.

Would all types of businesses be subject to the new framework? What about one that collects only non-sensitive consumer data? How long would businesses be required to retain consumer data? Is there a principled way to come up with a time period? Should companies be allowed to charge a fee to consumers for them to access information that the company maintains about them? If so, how much?

That's just a small sample of the questions that the FTC and Commerce Department need to answer before moving ahead, and they've requested help from interested parties. Readers should feel free to weigh in by contacting the agencies directly; otherwise, drop a comment in the box below.

Jonathan Peters is a lawyer and the Frank Martin Fellow at the Missouri School of Journalism, where he's working on his Ph.D. and specializing in the First Amendment. An award-winning freelancer, he has written on legal issues for a variety of newspapers and magazines. He can be reached at jonathan.w.peters@gmail.com.

This is a summary. Visit our site for the full post ».

December 17 2010

17:48

Books in Browsers? Google, Amazon Bring E-Books to the Masses

For authors and publishers already overwhelmed, last week's news about the Google eBooks store and Amazon's Kindle for web only added to the waterfall of controversy pouring into an already raging river of e-book and publishing hype. The big takeaway from these two announcements, and a recent "Books in Browsers" event that I attended, is that the web browser is an important player in e-books.

Self-publishers can benefit from adding browser-based e-book options to the services they should already be using to sell their books, such as Smashwords, Scribd, and Amazon DTP. This best-of-breed group will get their books in all the dedicated e-book readers, mobile, and multi-use devices, and now, delivered in the browser.

Now here's why browsers are so important, and how to get your books in them.

Browsers: The Forgotten Platform

In the frenzy of formats, platforms, and devices, awareness of the web's importance as a e-publishing platform simply faded into the background. But the Books in Browsers conference in October brought the browser to the attention of many publishing insiders. BIB10 was an astonishingly high-level gathering of 120 people from nine countries, including publishers, librarians, and toolmakers (many of whom were notable and even famous names), for a two-day working meeting. It was hosted by Brewster Kahle, founder of the Internet Archive, who is largely concerned with building a digital library and providing universal access to books, music, movies and, via the WayBackMachine, its billions and billions of archived web pages.

One of the advantages of the web

birdbook.pngbrowser is that it does not constrain text inside a container. With proper formatting, HTML can provide a beautiful reading experience on a 19-inch flat-screen or a three-inch mobile device. The browser even gracefully delivers transmedia books with embedded audio, video, images, and graphics -- something today's e-book readers are hard pressed to do. Even if a book is enclosed in a container (providing discovery, sales, and downloads), the browser delivery system lets book buyers access their downloads from the cloud -- using any device they happen to be near that has an Internet connection, as long as it has an HTML5-compatible browser. It's worth noting that computers and smartphones are able to take advantage of books in browsers, but many dedicated e-readers can't.

Rise and Fall of Dedicated E-Readers

ereaders.pngWith over a billion browser-friendly, web-enabled devices worldwide we are suddenly back to the future with e-book publishing. One has to wonder, why did all the device and e-book publishers feel like they had to create e-book readers?

One answer is because multi-use devices are simply not as light and comfortable as a book. That's going to change, and when it does, your Kobo, Kindle, Nook and Sony Reader will become inconvenient and redundant -- or get smarter and lighter and do more things. Today's versions are pretty dumb and are considered "transitional devices" by people who gaze into tech's crystal ball. For example, Craig Morgan of Publishers Weekly and Kevin Kelly, the co-founder of Wired, talk about this in an interview about Kelly's book, What Technology Wants.

Big Name Game Changers

sony-ebook-store-google-books.jpgThe launch of Google eBooks last week has put books in browsers in the headlines. Hours after the announcement, Amazon announced Kindle for Web, making browsers even more relevant. Kahle saw this coming a long time ago.

"Google's promised Google Editions [rebranded Google eBooks] are going to be available in browsers," he predicted in his Books in Browsers 2010 keynote speech back in October.

Kahle also told us, "Amazon is putting its toe in the books-in-browser world with its recent beta. Then there's Starbucks and LibreDigital's recent announcement that they will make bestsellers readable in browsers while at a Starbucks. Ibis Reader, Book Glutton, rePublish, sBooks, and the Internet Archive BookReader are other emerging technologies for reading in browsers."

Readers can now buy hundreds of thousands of e-books from Google, or download over two million public domain titles for free. They can access their downloaded books on any device with an HTML5-enabled browser from their computers or via apps for iPhones, iPads, and Android-powered smartphones. Buyers can access the books they purchased on any e-reader based on an open platform, like EPUB, which includes the Sony Reader and the B&N Nook. (The Sony Reader Store is the search, purchase, and download engine for Google eBooks.)

Self-Publishing Strategy

If you're self-publishing, you should add Google eBooks to your list of places to sell books. This will get your book into the largest number of e-tailers and devices, not to mention brick-and-mortar bookstores like Books Inc. and Diesel, who are helping their customers buy digital. In order to make this happen, here are your tasks:

Upload your book to Google eBooks and promote it through their partner program.


• Upload your book to the Amazon store through Amazon DTP. (If you publish your POD book through CreateSpace they'll give you a DTP formatted version.)


• Upload your book to Smashwords for sale in their store. Distribute in their catalogs: Their Premium Catalog aggregates your book to major retailers and their Atom/OPDS Catalog gets your book in major mobile app platforms. They also provide HTML and text formats easily read in browsers.


• Upload your book to Scribd for social media attention, previews, sale, and distribution to the customer's device or for display in their browser-based reader.

If formatting is not your forte, or you just don't have the time, you can throw about $250 at a service like eBook Architects who will do it for you.

Ignore the Hype

The above covers the vast majority of sales outlets, but that doesn't mean that other products, services, and programs aren't also begging for attention. I try them out as they come along, but mostly give up in frustration due to their difficult, buggy, and largely beta interfaces.

This is a profitable marketplace -- self-publishing is seeing three-digit growth! -- so there is lots of activity and the hype is not likely to die down anytime soon. Meantime, best practices for self-publishers include sticking with the above best-of-breed products and services, and focusing on quality. Participate in membership organizations and communities (like the Small Publishers Association of North America) that can help separate hype from truth, and concentrate on getting your book to (virtual) press, which means paying attention to writing, editing, design, and marketing.

Carla King is an author, a publishing and social media strategist, and co-founder of the "Self-Publishing Boot Camp" program providing books, lectures and workshops for prospective self-publishers. She has self-published non-fiction travel and how-to books since 1994 and has worked in multimedia since 1996. Her series of dispatches from motorcycle misadventures around the world are available as print books, e-books and as diaries on her website.

This is a summary. Visit our site for the full post ».

June 22 2010

03:39

How many browsers do you test in?

And how do you do it?

This is rather haphazard for me. I have four browsers on my computer between OS X and XP on Parallels, so I test in those. Other editors and reporters involved in each project have different browsers so they report back any issues in them.

It's sporadic though and inconsistent. The last project I worked on, we discovered a javascript bug that only manifested itself in Firefox version 3.0.19 (and possibly others) and completely broke the graphic. Took quite a while to fix it.

Do people have like a set of computers with a whole bunch of different browsers installed as test computers or something?

Browser shots works well for layouts, but what about javascript interactions?

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl