Privacy as product differentiation. Is it time?

One of the big problems standing in the way of getting anything that remotely resembles a concern among Internet companies for the privacy rights of their customers is that there has been no business reason for any such concern. That may be changing, but don't bet big on the possibility.

Other than some spotty, but quite good, efforts by the Federal Trade Commission (FTC), there is little interest in Washington to force Internet companies to develop a concern for customer privacy. The FTC did come down on Facebook last fall following "charges that Facebook deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public." The resulting settlement does have some teeth, requiring for example that Facebook retain an independent third party to review its privacy practices every two years for 20 years and provide a copy of the review to the FTC within 10 days of the report being finished. But such efforts are few and far between.

[ RELATED: Google privacy chief blasts Microsoft's "Scroogled" campaign at RSA Conference ]

It would be far more effective if Internet companies saw privacy protection as a competitive advantage, and there are minor signs that some do. Microsoft has been blasting Google in its "Scroogled" ad campaign over privacy invasions in Gmail. The Scroogled website says, "Google goes through every Gmail that's sent or received, looking for keywords so they can target Gmail users with paid ads. And there's no way to opt out of this invasion of your privacy. is different -- we don't go through your email to sell ads."

I will note that the Scroogled website's privacy link points to a 4,000-plus word Microsoft privacy policy. If a company actually had customer privacy as a primary concern it should be able to explain that in far less than 4,000 words.

Google, as one might expect, is not thrilled with this Microsoft ad campaign. During a panel session at the recent RSA Conference the chief privacy officers of Microsoft, Facebook and Mozilla, as well as the senior privacy counsel for Google, talked about Internet privacy. Google's Keith Enright described the Microsoft Scroogled effort as "misleading and intellectually dishonest," and added that Google had been working at simplifying its privacy policies. The current base policy is about half the length of Microsoft's but, while clearly written, is still far from terse. But, having the big Internet players arguing over who protects their customers' privacy better is a very positive, but small, step.

Another topic discussed by the privacy officers at the RSA Conference panel was the Do Not Track option in most current Web browsers. This once looked like a good way for Internet users to tell websites that they did not want their Internet usage to be tracked. But this has turned out to be, at best, a false hope. First, a number of big ad companies maintained that "do not track" actually meant "track but do not use the information to serve ads." A strange way to read the English language. Then Microsoft decided to turn on the flag by default in IE. That sounds good, unless one spends more than three nanoseconds thinking about it. If the flag is turned on without the user making the decision to turn it on, then the ad companies can rightly say that the user is not expressing an opinion and be justified in ignoring the flag. Apparently many are silently doing so now. Some sites are quite in your face about ignoring user desires. Somehow the Information Technology & Innovation Foundation approach does not, to me, match its slogan of "smart ideas for the innovation economy."

Actual concern for the privacy of Internet users may possibly come at some point, but there is little evidence of any at this point.

Disclaimer: Harvard has a comparatively terse privacy statement, but I had nothing to do with creating it nor have I heard the university express any view on Internet privacy. So the above lament is mine alone.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Microsoft scroogledFederal Trade CommissionGoogleMicrosoftsecurityGoogle scroogledMicrosoft privacy vs Google privacyFacebook

More about FacebookFederal Trade CommissionFTCGoogleMicrosoftMozillaRSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Scott Bradner

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts