Internet Says: 'Me Want Cookie'
The last time cookies became a matter of public debate was when the "Sesame Street" character Cookie Monster was accused of encouraging poor eating habits among toddlers. Today's controversial cookies are the small text files that track where people go online. Web sites do a poor job of explaining how and why this information is used, even as details about our lives are increasingly knowable online. Risks to privacy make this a race between smarter self-regulation on the Web and threatened new regulation by the Federal Trade Commission.
Most privacy advocates understand that advertising pays for the otherwise free Web, but worry that cookies can be used for more than matching advertising to individual interests. Some want a "do not track" approach on the Web, similar to the "do not call" rules that block unwanted marketing phone calls. This sounds attractive but could undercut much of the marketing power of the Web.
Even those of us who are enthusiastic about using the Web for what it does best, including access to highly customized information, agree there's something potentially creepy about cookies. How are personal data used? Are our names, addresses and financial and health records really secret? Is anonymity permanent? These questions come just as what technology can do is changing our expectations about what information remains personal. We worry about cookies despite many of us voluntarily becoming open books via sites like MySpace, Facebook and LinkedIn, which are designed to share personal information that until recently would have been considered confidential.
The cookie debate reflects the tension between what technology will allow and what privacy we expect. One problem is that Web sites and marketers have failed to explain why cookies are harmless. Cookies simply indicate where users have been and do not include sensitive information like credit cards or Social Security numbers. When data about Internet usage are tracked, it's in an anonymous, aggregated way. Cookies mean people see personally relevant advertisements. Web sites use cookies automatically to localize news, weather and sports for users, and designers mine tracked data to improve user experiences. Cookies helpfully remember registration and other personalization.
A group called the Center for Digital Democracy urges more privacy protections by arguing that "Our 'virtual' identities may be composed of discrete and disassembled bits of information about ourselves." The group objects that the Web's purpose is "to get individual consumers to behave or act in ways that favor or reflect the marketer's goal."
For some, that's the point. "To paraphrase the famous New Yorker magazine cartoon, when you're surfing the Internet, it's still true that nobody knows you're a dog. But providers can learn that you like dog biscuits, and serve you content and ads accordingly," argues Randall Rothenberg, president of the Interactive Advertising Bureau. "If politicians restrict it unthinkingly, advertising relevance will diminish, and spam will have a renaissance."
Information that is aggregated offline usually is not seen as threatening. We don't object when marketers track us by ZIP Code, age or sex, or when our cars are counted by traffic surveyors, or when we get benefits once tagged as good customers. And there's at least an implicit bargain in the case of the Web: In exchange for seeing targeted advertising, we get access to Web sites, usually free. Internet advertising was more than $20 billion last year. Some 500 million people around the world got free email, and some 200 million Americans accessed free search engines.
There are efforts to break down cookies into less potentially personally identifiable details – "crumbled cookies" – but this is technically complex. As Google CEO Eric Schmidt put it, "What we've discovered about cookies is that every question leads to a one-hour conversation." What is clear is that intentionally releasing personally identifiable information is unacceptable. When Facebook alerted people about purchases by other members, it quickly had to drop the feature.
Scholar Joseph Turow has identified a "culture of suspicion." People don't understand how the Web works, so fear they are being spied on and manipulated. Many Web sites, however they actually use cookies, contribute to the skepticism by burying disclosure deep inside privacy statements. For a counterexample of full disclosure, take a look at the All Things Digital Web site, from the Journal's Walt Mossberg and Kara Swisher (http://allthingsd.com/trackingcookies/).
People involved in building the Web are rightly proud of the openness of the digital culture. Most consider that cookies cause no harm and are key to the growth of the Internet, but many Web users feel left in the dark about how information about them is used and not used. Unless people can be reassured, there is a real risk that some day soon we'll find the untested hands of regulators in the cookie jar.
By: L. Gordon Crovitz
Wall Street Journal; May 5, 2008
