Jonathan Mayer of Stanford’s Center for Internet and Society unveiled the Center’s latest research report, “Tracking the Trackers: Where Everybody Knows Your Username,” at the National Press Club Tuesday morning. The event also featured remarks from Federal Trade Commission Chairman Jon Leibowitz and Senior Counsel to the U.S. Senate Committee on Commerce, Science and Transportation Christian Fjeld and a panel discussion on potential harms facing users from data collection.
In the study, Mayer and his fellow researchers looked at whether data collected and shared by major websites remained anonymous. The team specifically looked for evidence of “leakage,” that is, the sharing of identifying information that can connect browsing activity with a user account or discrete individual. Where such a connection can be made, Mayer says, the information collected is no longer anonymous, or solely indicative of browsing activity in a particular moment in time. It is instead “pseudonymous,” because it is connected in a “clickstream” to past and future browsing activity.
The team opened user accounts with 185 websites to analyze the data provided by those websites to third parties (for example, advertising and data collection partners). The team found that 113 websites, or 61%, shared a username or user ID when sharing browsing data. Mayer noted that this sharing may be in conflict with some of the websites’ privacy policies, which disclaim the sharing of user information linked to “personally identifiable information.”
Mayer emphasized that there was no indication any of the sharing uncovered was intentional; in fact, he said it was “reasonable to infer that in the majority of cases it wasn’t intentional.” The study’s take away, Mayer said, is that “the web is suffused with identity,” and industry and consumers should recognize that this sort of sharing occurs.
Before Mayer’s presentation, FTC Chairman Jon Leibowitz spoke about the FTC’s efforts in the consumer privacy arena. He emphasized the FTC’s commitment to three principles: privacy by design, or encouraging industry members to consider data collection and privacy issues at the earliest stages of enterprise; transparency, disclosing to consumers what practices are occurring; and choice, permitting users to make decisions about the collection and use of their data.
Chairman Leibowitz praised many industry members for affirmatively embracing the privacy by design principle “long before [the FTC] issued its draft report” on the topic.
Chairman Leibowitz also stated that the FTC hoped the choice principle would be implemented through self-regulation rather than government intervention, noting that leading industry members have already instituted procedures that permit users to opt out of behavioral tracking. He emphasized that the FTC supports industry “standards that provide persistent and effective choices but do not interfere with the normal data flows necessary for a thriving Internet.”
Senior Counsel to the U.S. Senate Committee on Commerce, Science, and Transportation Christian Fjeld spoke about the current state of privacy legislation in Congress. He warned that he would not “count” on the current Congress passing any privacy legislation, but he also noted that many Members of Congress are committed to working on some form of industry regulation.
A webcast of the National Press Club event is available for viewing.