The Web of Web Lobbying

The Wall Street Journal reported on a battle developing between privacy advocates and internet companies concerning AB 1291, a transparency measure that is in part based upon some of my privacy research:

The industry backlash is against the “Right to Know Act,” a bill introduced in February by Bonnie Lowenthal, a Democratic assemblywoman from Long Beach. It would make Internet companies, upon request, share with Californians personal information they have collected—including buying habits, physical location and sexual orientation—and what they have passed on to third parties such as marketing companies, app makers and other companies that collect and sell data.

Instead of discussing the merits of the bill, here I want to show an aspect of industry association lobbying. As noted previously, these groups are useful to companies for several reasons: they can be used to “launder” policy, they can air controversial views without attribution to any one company, they can help hide companies advocacy when it appears to conflict with previous commitments, and they defray critical reporting. They also amplify power, because they place legislators in a house of mirrors–trade groups allow companies to mask the provenance of their advocacy and to multiply it. This creates a kind of echo chamber for companies.
The Journal’s Vauhini Vara and Geoffrey Fowler reported:

The coalition includes such trade groups as the Internet Alliance, TechNet and TechAmerica, all of which represent major Internet companies
This past week, Will Gonzalez, a Facebook lobbyist based in Sacramento, aired concerns in a meeting about how the bill would hurt Facebook’s business, according to a legislative aide. Mr. Gonzalez didn’t respond to requests for comment.
Representatives for Facebook and Google declined to comment on the bill.

Vara and Fowler are on the right path–break through these groups and talk to their principals about their stance on the bill. Facebook and Google won’t comment to the Journal, I imagine, because AB 1291 is fundamentally a transparency measure. Opposition to it creates some dissonance with these companies’ rational choice/transparency/openness rhetoric.
But back to my point–the trade groups help companies hide their advocacy positions, and amplify them. Check out my poor man’s version of the web of web advocacy below.

This is the letterhead of the opposition letter submitted by tech companies against California's AB 1291.
This is the letterhead of the opposition letter submitted by tech companies against California’s AB 1291.

$15 To Turn off "Special Offers" Bravo!

With the announcement of the Kindle Fire HD, some users were upset to learn that Amazon was going to stuff “special offers” on the device. But the company quickly retreated, and now is offering the option to turn of the ads for a mere $15.
This is a good development for consumers. We should have the choice to move away from ad-supported business models. As I explain with my co-author Jan Whittington, there is a cost to free business models. “Free,” ad-supported services are packed with hidden costs to privacy and other consumer interests.
While the ads are gone, there is still no word on whether Amazon will reduce tracking of Kindle users. Without backing off on tracking, this is not a pure privacy play.
And an interesting data point–how is it that Amazon is willing to give up these special offers for only $15, given that “customers love our special offers“?

How Did You Get My Facebook?

Facebook watchers are reporting that the service is about to launch a new feature for merchants that will allow merchants to target ads to users based upon users’ email and phone numbers. That’s a little confusing. Let me explain with a hypo–
As I understand it, it might work like this: ABC Corp. has an extensive database of consumer email addresses, but is concerned that no one is reading the company’s spam. So ABC uploads its consumer email database to Facebook, which identifies Facebook members who are customers of ABC. ABC Corp can then send its marketing through Facebook so that it lands in the Facebook Feeds of its existing customers.
The service has some privacy safeguards, because some hashing will be in place to stop Facebook from just copying the customer databases held by merchants (too bad they don’t do this for address book scanning!), and because the targeting will be based upon phone numbers and email addresses already in possession of the merchant. Thus, the idea is that this is marketing only to people with a business relationship with the advertiser.
This is a great model for businesses trying to communicate with their existing customers. It lets them reach customers through a new channel (Facebook) that is very popular. It avoids the hassle of telemarketing and possibly the regulatory regime associated with email marketing.
The Enhancement Problem
But here’s the catch–two core privacy assumptions are flawed. Merchants have difficulty getting phone numbers and email addresses from customers. Sometimes, instead of asking customers for personal information, they find ways to trick consumers into providing it, or they simply buy emails/phones/home address about a customer based upon whatever data they already possess. This practice is known as data enhancement, it happens where a company links more information about consumers to an existing database.
A recent case explored this practice at Williams-Sonoma: “After acquiring this information [zip code from Jessica Pineda at the register], the Store used customized computer software to perform reverse searches from databases that contain millions of names, e-mail addresses, residential telephone numbers and residential addresses, and are indexed in a manner that resembles a reverse telephone book. The Store’s software then matched Pineda’s now-known name, zip code or other personal information with her previously unknown address, thereby giving the Store access to her name and address.” That’s how you end up with dead trees in your mailbox.
The whole point of data enhancement is to get information about the consumer that she is otherwise unwilling to provide. It’s really sneaky and it contravenes transparency and fairness principles. Enhancement obviates many attempts to protect privacy through selective revelation.
How Did They Get My Facebook?
There’s a second problem here. Many people do not want to be contacted by the companies that they frequent. In a recent survey, I found with colleagues that 74 percent of Americans thought that a merchant should not be able to call them, even if they gave their phone number to the merchant! Consumers want specific permission controls over direct marketing.
Finding a new channel to contact people may be great for advertisers, but for users, contact through some new, unexpected channel, can be a bit unwelcome.
A Fix?
Perhaps Facebook could correct this problem by requiring merchants using this new service to guarantee that they collected email addresses and phone numbers directly from the consumer, with their consent that the information be used for marketing. Otherwise, this new service will create incentives for companies to engage in more enhancement, and it will further junk up Facebook. and the Free Problem

Have you heard of If not, check it out. The basic premise is to create a social media platform that is aligned with users’ interest. And so, gasp, it costs money! The CEO, Dalton Caldwell, has a neat video explaining the inception of the project and the philosophy of the venture. Critics have said Caldwell’s proposal is misunderstood, and that users are projecting their own ideals onto the platform. They have said that there are too many men on They have said that it’s just another gated community, and segmenting away users is a bad thing.
I joined and still think it is a good idea to join, based upon arguments started in a series of posts concerning Chris Anderson’s book, “Free.”
There are two reasons to avoid free products and start paying for things. First, free is a force for mediocrity, both online and off. It displaces better products, because no one can compete with free things, and because free things are usually just good enough to do the job we need them to do.
Second, as Jan Whittington and I explain in our work on social network services that are advertised as free, “free” services have costs. A sample of food at a mall’s food court is free to the recipient. You get it and walk away. Online services are different, because you do not walk away whole. The service keeps personal information about you and you forever have to monitor how it deals with that data. In our first paper, we describe the depredations of C Everett Koop’s, a free social network for medical issues. went bankrupt, and its member database was sold to a Florida-based “nutritional supplement” company. The best part of the story was the reaction of the buyer. He said, “Three years ago, would not have given us the time of day…Now we own them.” Shifting policies represent a monitoring cost, a real investment of your time and a risk to your privacy.
At the end of the day, services like Facebook and Twitter must adhere to what advertisers want, and so paeans to “making the world more open” and real identity requirements are masks for serving advertisers’ wishes. If we want to escape that trap, we’re going to have to actually start paying for things with money.

The Privacy Competition Myth

In his non-book-review of Garret Keizer’s new book, Privacy, “Reason” Magazine correspondent includes this ill-informed quip on privacy:

With regard to modern commerce, Mr. Keizer grumps: “We would do well to ask if the capitalist economy and its obsessions with smart marketing and technological innovation cannot become as intrusive as any authoritarian state.” Actually, no. If consumers become sufficiently annoyed with mercantile snooping and excessive marketing, they can take their business to competitors who are more respectful of privacy. Not so with the citizens of an intrusive state.

There is almost no market for privacy among merchants. Companies learned long ago that raising privacy as an issue backfires–it causes consumers to worry about it rather than feel safe about an alternative product. Whether online or offline, going to a competitor doesn’t increase your privacy, in real or perceived terms. It’s simply too easy to hide invasive practices from consumers.
Our work at Berkeley shows the folly of simply going to a different site in order to have more privacy. Here’s just one example, in our Web Privacy Census, we did a large-scale survey of popular websites in order to assess mercantile snooping and excessive tracking. Of the most popular 1,000 websites, Google trackers are present on 712 of them. Good luck finding a competitor who is more respectful of your privacy.

Hark! A New Trade Group is Born

BNA reports on the formation of the Internet Association, a new trade group that will represent Google, Facebook, eBay, and Amazon. The group introduces itself as, “the unified voice of the Internet economy, representing the interests of America’s leading Internet companies and their global community of users. The Internet Association is dedicated to advancing public policy solutions to strengthen and protect an open, innovative and free Internet. ”
I do not know what the Internet Association will do nor do I discuss its merits here (as it has no track record yet). I wish to use this as an opportunity to discuss some of the issues in trade group lobbying. Consumer groups have problems too, but unlike companies, consumers have no direct representation in most regulatory matters, and consumer groups are completely outgunned in money, influence, and manpower in DC.
The creation of a new lobbying group for tech interests is a notable thing. These organizations are always created for some strategic reason. It could be that the many existing trade organizations are too closely aligned with other tech companies with dissimilar interests. Here, the Internet Association makes a big deal about being the first group to explicitly represent the interests of the Internet, whatever that means. Or perhaps it was created because other organizations have become too discredited to be believed anymore. When firms’ sock puppets are discredited, they can simply be abandoned, and rise again (sometimes with the exact same employees) in new form. This is a lot like Unbranding.
There are already tons of tech lobby groups. Companies find them useful because they can launder policy through them. The groups can say controversial things, or engage in sock puppetry with reasonable deniability. So when you read a news article about some controversy, and see a trade organization quoted instead of a company directly involved in the tussle, chances are that the company decided to participate in the fray through its proxy and avoid the risk of direct exposure to critical reporting. Reporters do not kick the tires too hard on these groups to see who is actually behind them.
The Lobbying Clone Wars
Generally speaking, we too easily recognize these groups as legitimate. Federal agencies, for instance, recognize them and take them as seriously as ordinary principals in debates. This is problematic, because firms use these groups to amplify their interests. So, for instance, on Congressional hearings or FTC events, sometimes you’ll see company representatives appearing on a panel along with witnesses from trade organizations that the company underwrites. Similarly, in the current debate at the Department of Commerce over privacy, the agency is going to try to develop a “consensus.” Those wanting to influence that consensus will be far more effective if they multiply their presence in the room with additional lobbyists who appear to be independent but really are fully backed by specific companies.
“The Internet must have a voice in Washington.”
Turning back to the Internet Association, a few things to note for future reference. First, their PR firm is HDMK. That’s important to know because closely related groups often share the same PR firm. If you see two groups with the same PR firm, chances are they have coordinated their messages, or they are really just the same interest broadcasting through two different speakers.
Second, the Internet Association is interesting because it explicitly claims to represent users. It will represent, “the interests of America’s leading Internet companies and their global community of users.”
This could be a great source of legitimacy problems for this group, because user interests so often diverge from the interests of Google, Facebook, Amazon, eBay, and the like. These companies tend to think that user interests align with their own because consumers would simply choose other services if they were in misalignment. It’s a form of circular reasoning that many businesses suffer from.
Of course, consumers use what is available to them, and the market often obscures or blocks options that users are likely to take. For instance, in Douglas Edwards’ recent book [FN1] about working at Google, he discussed the company’s first-party cookie policy:

What if we [Google] let users opt out of accepting our cookies altogether? I liked that idea, but Marissa [Mayer] raised an interesting point. We would clearly want to set the default as “accept Google’s cookies.” If we fully explained what that meant to most users, however, they would probably prefer not to accept our cookie. So our default setting would go against users’ wishes. Some people might call that evil, and evil made Marissa uncomfortable. She was disturbed that our current cookie-setting practices made the argument a reasonable one. She agreed that at the very least we should have a page telling users how they could delete their cookies, whether set by Google or by some other website.

Even when companies know that consumers want more privacy, firms can have incentives to code in privacy-invasive options by default. Firms may also have incentives to hide the tussle among these options. Google could have implemented compromise approaches that preserved some privacy, by using session cookies or by choosing cookies that expired after some short amount of time, but it did not.
A similar theme appears in Katherine Losse’s tale of employment at Facebook. According to Losse, when Facebook made major changes to users’ privacy settings, there was no internal debate at the company about how users would feel about the changes. Losse was charged to write blog posts on behalf of Zuckerberg explaining the need of users to become more open.
It will be interesting to see how the Internet Association will represent user interests and the interests of companies such as Google and Facebook, when we know that these companies themselves make strategic decisions to shape, deny, or flat out commandeer users’ choices.
FN1: Douglas Edwards, I’m Feeling Lucky: The Confessions of Google Employee Number 59, at 341 (HMH 2011).

Disinformation about Disinformation: L. Gordon Crovitz's Information Age

When one spouts disinformation about disinformation, does it make it information? No, it’s L. Gordon Crovitz’s “Information Age,” the weekly poorly informed and poorly reasoned blather about information policy in the Wall Street Journal.
Recall that Crovitz recently wrote about the invention of the Internet and online privacy. I wrote about these last two columns, and this week in the Journal Crovitz tries to backpedal, with the standard trope that his “Who Really Invented the Internet?” article was controversial—”It [became] for a time the most read, emailed and commented upon article on the Journal’s website, with more than 1,000 comments.” It was popular in the same way that reality stars enjoy popularity.
Crovitz tries to explain that he was reacting to President Obama’s recent speech about government and business. Crovitz responds that:

• Government alone didn’t create the Internet.
• Government didn’t help build the Internet in order to create commercial opportunities.
• Companies that succeed on the Internet do not succeed because of government.

Of course, this is not what Crovitz said last week. He said:

If the government didn’t invent the Internet, who did? Vinton Cerf developed the TCP/IP protocol, the Internet’s backbone, and Tim Berners-Lee gets credit for hyperlinks.
But full credit goes to the company where Mr. Taylor worked after leaving ARPA: Xerox.

Full credit. Not shared credit.
To Crovitz’s second point, government builds a lot of things that have secondary uses in the commercial market. The many inventions of NASA, for instance, were first developed to execute space travel, and these technologies find their way into the commercial sector.
To Crovitz’s third point, companies do succeed on the Internet because of government. There is plenty of interaction and cooperation between high tech companies and government, and that is why high tech companies are not libertarian. If high tech companies were severed from the government gravy train, innovation would suffer. We’d have fewer drones and other wonderful technologies.
More fundamentally, so many internet entrepreneurs came from America’s college and university system, where big government funding helps develop leaders like Sergey Brin, Larry Page, Steve Wozniak and others.
This tech libertarian “I am an island” meme is fully debunked by Paulina Borsook’s Cyberselfish. In that book, Borsook lampoons arguments of Crovitz’s sort: “The most virulent form of philosophical technolibertarianism is a kind of scary, psychologically brittle, prepolitical autism. It bespeaks a lack of human connection and a discomfort with the core of what many of us consider it means to be human. It’s an inability to reconcile the demands of being individual with the demands of participating in society, which coincides beautifully with a preference for, and glorification of, being the solo commander of one’s computer in lieu of any other economically viable behavior…”
But back to Crovitz:

Supporters of big government don’t want to hear about the private-sector contributions to the Internet…

What is Crovitz’s basis for this crazy talk? This is an unhinged straw man argument. Any sensible person recognizes that private-sector contributions are critical to all sorts of ventures.

…but today the Internet is defined by individuals using it for their own purposes—communicating, accessing social media—and critiquing opinion columns. Many innovations are via free, open-source software. Perhaps we can all at least agree that the Internet boom began in the mid-1990s when the government shut down its remaining role, leaving the Internet to the power of the people.

The government never shut down its role in the internet. Has this guy ever heard of the Department of Commerce and ICANN? Or the NSF?
How did this guy get this column and is there no one at the Journal that recognizes it for what it is, or is this a case of crank magnetism?

Louis Gordon Crovitz’s Disinformation Age

Imagine a newspaper oped with half a dozen fallacies. Such a thing could appear in any newspaper in the US. But now imagine that the author is a Rhodes Scholar and you’re left with the Wall Street Journal’s L. Gordon Crovitz.
For years I’ve followed the bizarre arguments of L. Gordon Crovitz, who has a weekly column on information policy in the Wall Street Journal. It’s part of my daily routine of reading the Journal, which is great for business news but something else for everything else.
Last week, Crovitz wrote a real howler, arguing that the Internet was really created by Xerox, not the government, because among Xerox’s many great inventions was Ethernet. Of course, the Internet is the world’s biggest copying machine, but Xerox itself doesn’t claim to have invented the Internet. A chorus of more well informed people attempted to correct Crovitz, including the author of the book Crovitz relied upon to support his argument, but the damage is already done. The libertarian claque is parroting Crovitz as part of its mission to undermine any of the good deeds done by the government.
Perhaps Crovitz was attempting to cure the largest source of cognitive dissonance for the libertarians: that the libertarians’ favorite invention, the Internet, was funded by the source of all evil, our federal government. This single unfortunate fact may be enough to cure the Manichean mind of the libertarian, and thus it must be attacked.
One column does not completely undermine one’s claim to be an expert in information issues. But Crovitz has a track record of reactionary, inaccurate, and incoherent essays on issues of importance. For example, just the week before, Crovitz made a series of disconnected arguments and inaccurate observations about privacy. Dear reader, let me guide you through the sad times of the Disinformation Age.

The Way the Digital Cookie Crumbles
If regulators and lawyers limit the use of data, advertising online will become less efficient.

Typically, editors write headlines, so we have to give Gordon a pass on this assertion.

For a measure of how technology is changing human expectations, consider the “cookies” on your computers. These invisible text files are how websites track activity, delivering to marketers detailed information about individual behavior and preferences. In exchange for data, we get highly personalized online services.

I’m not sure what an “invisible” text file is. One that is empty? One that your operating system does not allow you to see? In any case, cookies are not invisible to marketers, who are attempting to track our every move online. This fact has been detailed by Crovitz’s own paper in the What They Know series.
Crovitz also engages in a false analogy here, which is more fully developed later. Yes, cookies enable tracking, but what websites choose to do with that data is different based the business model of the site. Some tracking, such as when one shops on Amazon and receives product recommendations, are an example of a personalized service that individuals can choose to enjoy. Most tracking does not deliver personalized services—it attempts to deliver advertising of all sorts. My work shows that when asked, Internet users overwhelmingly reject the value proposition that Crovitz lionizes.
Crovitz goes on to describe an example of differential pricing on the web, where for instance, certain consumers were presented with more expensive products or services because they were Apple users.

When Orbitz used these data to feature higher-priced hotels more prominently in Apple users’ search results, privacy lobbyists claimed outrage. But even in the analog era, readers of this newspaper saw advertisements for different products and services than readers of less high-end papers.

Of course the analog and digital eras are completely different. Contextual advertising (the idea that one places ads consistent with the publication, such as ads for golf balls in a golf magazine) is not privacy invasive at all. In fact, in the analog era, the Journal could not tell whether you even read the newspaper at all—only that you were a subscriber or not. In the digital era, newspapers are designed specifically to encourage the user to click more, so that precise interests can be mapped and advertising dollars maximized. A change to a more information-rich medium may justify a change in privacy rules.

These uses of personal data can seem a bit creepy, but the evidence also shows how quickly consumers have gotten used to being tracked. When given the choice, few consumers opt out of cookies. People accept the benefits of more relevant ads and more personalized websites in exchange for letting marketers track their interests.

This single paragraph demonstrates a complete lack of familiarity with the research that has been done in privacy and is descriptively inaccurate. Marketers complain bitterly about consumers deleting cookies, and research has shown that even popular websites have resorted to hidden and nearly-impossible to avoid tracking to address this consumer rejection.
Crovitz’s larger point, that people do not opt out, is backwards as well. Consumers can get used to a lot of things if those things are hidden from them, and they are offered no real choice about the matter. In reality, consumers think that they are protected by strong privacy laws. My research has shown that consumers mistakenly believe that privacy policies impose strong, legally-enforceable limits on the use of data.

…Consumers are loyal to Amazon in part because of its recommendation tools—if you liked that book, you may like this one—which mine user data to determine relevancy…

Here again, Crovitz does not present an important wrinkle in the privacy debate: first party tracking may be a “feature” that consumers desire. Consumers may use specifically for its recommendations. Research shows that most cookies on popular websites are delivered by third parties, typically companies that track individuals for advertising purposes.

Left alone, people would continue to make their own evolving judgments about how much data to share. Instead, regulators issue edicts. The Federal Trade Commission has extracted 20-year consent decrees from Google, Facebook, Twitter and Myspace, giving regulators broad review over their privacy and data practices. This would be fine if the purpose were to ensure that companies comply with disclosures about how they use data, but the FTC wants to define privacy standards.

And here, the libertarian paranoia emerges in full–regulators have nothing better to do but issue edicts, which are fully untethered from consumers’ desires. Here again the Manichean nature of the libertarian is exposed—regulation is so evil that it has to be spawned by evil people with evil motives.
In reality, American consumers strongly support some definition of privacy standards. No Congressperson has ever lost office for passing a privacy law. The FTC, under Republican leadership, was in fact the progenitor of the most successful privacy edict of all—the Telemarketing Do-Not-Call Registry. The FTC predicted that only about 60 million numbers would be enrolled. Last I checked, over 200 million numbers were enrolled.
The FTC’s consent decrees all flowed from situations where companies made promises that were false or reneged upon. And in each case, the company agreed to the decree—making it a “consent decree.” If these were real edicts, these companies could have litigated them. They don’t litigate them because in the course of a typical investigation triggered by a misrepresentation, the FTC finds lots of other privacy problems.

One result of FTC meddling is that plaintiff lawyers have open invitations to file nuisance suits on behalf of supposed privacy victims. A federal judge is considering a $20 million settlement offer by Facebook, which has agreed to make its disclosures clearer that when users click “Like” to promote a product on Facebook, their names and photos can be used.

The paranoia continues. Plaintiff lawyers file suits regardless of what the government does or doesn’t do. And these cases often result in cy pres remedies, given to organizations (such as Berkeley Law) that work on privacy and information policy.

If regulators and lawyers push too hard to limit the use of cookie data, advertising online will become less efficient. This in turn will reduce the amount of free, advertising-supported services enjoyed by consumers, such as social media, entertainment and email.

I think this argument hints at a core problem in the cookie debate—a false dilemma between a completely unregulated and fully tracked world, and regulation, any of which would kill the golden goose. Of course, there are middle-way approaches.
Crovitz’s argument assumes that online advertising in its current form is the most efficient, but in fact, more privacy-friendly systems may be more efficient. For instance, the DMA claims that telemarketing is now more efficient, perhaps this is because those who didn’t want to buy can opt out.
Crovitz’s false dilemma also shows that he is committed to a certain business model. There are alternative methods for highly-tailored advertising that could be completely private. But these alternatives require more work, and the industry has settled on a lazy approach that prioritizes tracking everyone (even those who opt out) all the time.

…Each consumer should be able to decide how to make this trade-off between sharing data and getting advertising-supported services.

I wonder if Crovitz really means this, because the FTC is considering “Do-Not-Track,” a method that would allow each individual consumer to decide whether or not to be tracked online. So perhaps the FTC is good after all. The industry currently offers no way to take this decision (even if you opt out, they track you).

The privacy debate shows how naive Silicon Valley firms were to sign 20-year agreements granting Washington regulators broad authority over how they operate. Digital entrepreneurs should be allowed to innovate freely, with consumers also free to choose their individual trade-off between how their data are used and the benefits they get in return. Overregulation is the way the digital cookie crumbles.

In other words, Silicon Valley firms were naïve to agree to consent decrees on the advice of the most sophisticated, well-trained lawyers in the world. If they only had Louis Gordon Crovitz, they would have decided differently, and the market would be free at last.