The Center for Democracy and Technology's April 2000 statement on P3P acknowledges some facts about P3P that we can all agree on:
The fact is, however, that the purchase situation above is not the main interaction that is being addressed by P3P. Nor is it the primary way that data about is being gathered on the Web by sites that you visit. "Visit" is the key phrase here: most data is being gathered about you when you visit web sites, not when you make purchases or engage in any activity other than merely looking at the site. The current revenue model on the Net is the same advertising model that applies to commercial television, commercial radio, and magazine publishing: these products exist to deliver advertising to what in e-commerce is chillingly referred to as "eyeballs."
This reference to Web users as disembodied orbs, millions of virtual Santa Lucias, stands in contrast to the warm invitations to "join" a site's inner group of members or to personalize a site as your own online home. Users are not explicitly asked to give up their data for the purposes of marketing, they are offered "services" that were often devised purely as a way to get users to reveal information about themselves. Those personal services exist not because online users asked for them nor are they the only possible options for providing shortcuts to frequently visited sites; they exist solely as a way to gather data for marketing.
The personalization that a typical portal site allows is really a disguised selection between sponsors. The site allows you to choose among its shopping services or its news categories (e.g. stocks, sports); this establishes a basic profile of interests. Then you type in your zip code so that your local weather will appear on the page; now they have your geographical location. You can also type in your date of birth so that your daily horoscope will be included on the page; now they have your age as well as a data element that, combined with other information, can at times be used to identify you in other databases. You may also be able to add your own links the page but it is possible that the randomness of these links makes them virtually useless for the marketing function. All that matters is the selection that you make from within the advertising profile that the site supports.
That some users may find these personalized sites convenient or appealing does not make them necessary, nor does it justify the invasion of privacy that this personalization makes possible. Is the gathering of personal information necessary to the function? Not at all. Any Web user with a certain amount of technical skill can create a page for herself that links to news, local weather, and other information resources of interest. And any site on the Net could provide personalized pages but not use the information for anything other than delivering those sites to users. The use of the profiles of these pages for commercial purposes has nothing to do with the technology of the Internet and everything to do with economic models.
Note that should P3P come into use the sites will have to reveal that the information about profiled members is used "to customize the site" and for "research and development." Yes, the gathering of data about customers for the full range of marketing and product development is called "research and development."
This statement in the CDT document is hopeful but entirely unfounded. It makes the assumption that there are equivalent services on the Web that differ only in their privacy policies. There are two reasons why this is unlikely to be true. The first is that if the revenue model of the sites is that of being supported by advertisers, no site will be able to afford a significant amount of privacy compared to another. Even for sites that are mainly used for purchases, the sites that gather data for advertisers will be able to offer the lower prices. In the P3P model, choosing to give up more personal data for a lower price on goods is the definition of an "informed choice," and this is the kind of choice that we can expect people to be given. None of the choices will be to maintain ones privacy. As a matter of fact, if there is no great variation in the choices offered by sites, the impact of a protocol like P3P will be nil.
The other reason that choices are and will be limited on the Web is that information services tend to be unique. Because of the nature of intellectual property and copyright, there is generally only one outlet for an information resource. This is something that is often missed even by economists when they discuss the market model in an information environment. If I want to read the New York Times online but don't like their privacy practices, it doesn't do me any good to read another newspaper instead. My choice is simply to give up my personal data or to not get the product. In the case of the Times it is fortunately available off-line through newsstands where I can purchase it and read the articles anonymously. In the case of information resources that are only available electronically, I have no alternative format.
CDT is right that reaction of consumers about the most egregious of privacy invasions does have an impact on industry. But the day-to-day trickle of our data into the banks of direct marketers is the basis for the economy of the Net. If we rebel against that we have to develop some other model for supporting the Net infrastructure. Companies are pouring millions of dollars each year into their web sites, most of which are bringing in no revenue other than that provided by advertising. We can perhaps haggle about some of the details but it has been well-established that the connection between our virtual selves and our potential as consumers is the economic basis of the current version of the Internet. The question for us, therefore, is whether this is the Net we want and if we can create other options.
While it may seem overly idealistic to suggest that we could reinvent the Web with a different revenue model, there are good reasons to do so. There are reasons why the advertising revenue model is not the best one for our communications and information systems. Advertising works well for some products and for entertainment because these are promulgated appropriately through popularity, and advertising is entirely about making things popular. Information does not lend itself to the popularity contest model. Because it is hard to judge what information will be useful in the future we don't want only today's best-selling information to survive. Ideas don't kill each other off the way that "winning" products eliminate their rivals. A successful idea needs the unsuccessful ones to explain itself and continue its existence. And in our liberal world we expect the unpopular ideas to remain in circulation at least in libraries and academic environments where they can be constantly reassessed for validity.
If you need a popular product, information and ideas are not what you should be pushing. It's easy to see why the Web has become more of an entertainment center over the years since the privatization of the Internet, as compared to the information intense resources that were available when the Internet was non-profit and publicly funded. We can't expect the current model to support non-entertaining information services yet our information resources are increasingly digital and therefore need the Internet (or something very similar) as their delivery vehicle. We are in a bit of a pickle, no question about that, but the privatized Internet does not seem to be the answer to these particular needs. Since my field and my interest is in information services not entertainment, I am not content with this aspect of today's Web.
What P3P does represent is a tacit acceptance of the great increase in the tracking and monitoring of our minor activities that takes place over the Web. I say that it is an acceptance of this monitoring because it is designed to allow Web users interact within that environment, rather than trying to change the environment into one where the monitoring would not take place.
There is concern about the privacy implications of these offline interactions but we perceive something different about the privacy invasions that take place over the Web. Part of the difference is that the requests for our personal data are not part of essential services, so there is very little justification for our loss of privacy on the Web. We might understand that property ownership requires us to identify ourselves to the community, but we are less willing to give up our privacy in order to see a weather report on our screens or listen to music over the Internet. It's not just that we are losing our privacy but that we can see no social justification for the information that is being gathered. It is notable that the same Net community that went wild over the idea that Lotus would market a CD ROM with personal data for marketing purposes did not take up the rallying cry against the giving their information to the 2000 U.S. Census. For all that the Net has a reputation of being a haven for privacy absolutists, there does seem to be some discernment that takes place.
Because much of the tracking of site visitors is done through cookies, control of cookies is a vital part of maintaining privacy. The main Web browser programs, Netscape and Internet Explorer, have limited cookie controls built into them: they allow users to accept all cookies, reject all cookies, or be asked to make a decision for each cookie. None of these options works well, however. If you reject all cookies there are some sites that you will not be allowed to access; if you examine each cookie before accepting it you will be so bombarded with pop-up windows that it will be nearly impossible to surf the Web at all (some sites will attempt to send as many as thirty cookies before giving up). The best solution is to install one of the many "cookie cutter" programs that allows you to profile what cookies you do and don't accept and to easily delete any cookies that you have received in the past. This allows you to accept cookies from site you do trust and where you wish to maintain a relationship, such as a technical support site that keeps track of open problem reports through a cookie identity, and to automatically reject cookies from marketing companies like DoubleClick.
Educating Web users to these two very simple methods of maintaining their privacy would not only mean privacy gains for users but it might even begin to change the nature of the Web by giving users some real choices.