Why an FTC 'Do Not Track' list is a bad idea

WASHINGTON--A first principle of Internet regulation is that what's routinely done in the offline world should be OK when done online. A second principle is that if a company discloses that it's going to do something like review your search history when displaying ads, and then follows through, that should be permitted.

Keep these principles in mind when evaluating some of the overheated proposals bubbling up during the Federal Trade Commission's two-day meeting this week about online privacy.

Here are two ideas that have been floated:

Creating a "Do Not Track" list. The proposal from groups agitating for more government regulation (click for PDF of the proposal) says that Congress should create a committee (that these same groups would be members of). They want the FTC to create a national Do Not Track list, and advertising companies that set cookies would be "required" by law to give the FTC the addresses of their servers. Browser plug-ins--perhaps to be created by the feds--would block ad servers on that list.

A formal investigation. The Center for Digital Democracy and the U.S. Public Interest Research Group are lobbying the FTC to investigate Google, Microsoft, AOL, and Yahoo's data collection practices. They want a new FTC task force created (PDF), an inquiry into target marketing by Facebook and MySpace.com, and a look at "the role of behavioral targeting and online advertising in the promotion and sales of sub-prime mortgages."

But is asking for new Internet advertising regulations truly wise--or even necessary?

The pro-regulation lobbyists and activists are most upset about behavioral advertising, meaning computer-generated ads that are based on pages a visitor previously viewed. Someone who spends a lot of time reading a newspaper's Asia travel articles may see ads for trips to China even when perusing sports scores. Quelle horreur!

Yes, this is the unmitigated privacy Chernobyl that the U.S. government is being asked to protect America from.

Let's go back to these first principles. Although the term is new, storefront businesses have used behavioral advertising for thousands of years. If you went to your neighborhood butcher a century ago, he'd know what cuts of meat your behavior indicated you like and offer relevant suggestions. If a nearby bookstore owner knew your behavioral profile meant you prefer a certain type of fiction, you'd probably be delighted if he offered a relevant suggestion.

That type of real-world behavioral marketing can even be more intrusive than its Internet counterpart. Humans gossip; ad servers don't.

But let's say for the sake of argument that Web sites may collect more information about you than a traditional bookstore owner does. Clicks can be recorded, shopping cart additions and deletions can be noted, and so on.

That brings me back to the second principle of Internet regulation: Privacy practices that are disclosed should be permitted. Take a look at Amazon.com's policy, which is far more clear than it was years ago. Yahoo's privacy policy is also perfectly straightforward:

When you register we ask for information such as your name, email address, birth date, gender, ZIP code, occupation, industry, and personal interests... Yahoo! uses information for the following general purposes: to customize the advertising and content you see, fulfill your requests for products and services, improve our services, contact you, conduct research, and provide anonymous reporting for internal and external clients.

Nobody's holding a gun to Internet users' heads and forcing them to visit Amazon or Yahoo. They do it because they trust those companies to take reasonable steps to protect their privacy. To insist that the feds must step in because a few vocal lobbyists and activists don't like those steps should be insulting to Americans: it suggests that they're too simpleminded to make their own decisions about what's best for them and their families. (It's similar in principle to price regulation, when special-interest lobbyists insist that prices are too high or too low and must be altered by legislative fiat.)

What makes this an even sillier debate is that there already are a wealth of ways to accomplish "Do Not Track" without the feds. This is the third principle of Internet regulation: If technology exists to solve a perceived problem, it's probably better to encourage its use rather than ask federal agencies for more regulations or demand that the techno half-wits in Congress draft a new law. (Remember, Ted "Tubes" Stevens was for years the senator in charge of writing Internet regulations. And he's still the senior Republican on that committee.)

If you don't want 24/7 Real Media or Doubleclick to be able to identify when you visit one Web site and then another, it takes only a few seconds to block their cookies. Firefox offers an excellent way to refuse cookies from individual sites. The Adblock Plus plug-in even lets you avoid ads. AOL now lets you opt out of "tracking cookies" and the Network Advertising Initiative has long allowed users to opt-out of targeted advertising from companies including 24/7 and DoubleClick.

If the lobbyists and activists behind the "Do Not Track" list--including the Consumer Federation of America, the Center for Democracy and Technology, and the World Privacy Forum--want to create a browser plug-in that tracks advertising-related servers and automatically blocks them, they should. They don't need to beg the FTC or Congress to do it for them. And it would likely be far faster (and the outcome better) than asking Sen. Stevens and the rest of official Washington to regulate companies doing business on the Internet.

[Full disclosure: I'm speaking at the FTC's event on Thursday and Friday in Washington.]