To Track or Not to Track?

There was an interesting article in the New York Times this weekend about the brewing fight around “do not track” features of internet browsers (such as Firefox or Internet Explorer) that are meant to tell websites visited by the user who has enabled the features not to collect information about the user’s activity for the purposes of online advertising. Here’s a concrete example that makes sense of the jargon. A friend recently asked me to look at a camera she was considering buying, so I checked it out on Amazon. Thereafter, for days on end, I was being served with ads for this and similar cameras on any number of websites I visited. Amazon had recorded my visit, concluded (wrongly, as it happens) that I was considering buying the camera in question, transmitted the information to advertisers, and their algorithms targeted me for camera ads. I found the experience a bit creepy, and I’m not the only one. Hence the appearance of the “do not track” functionalities: if I had been using a browser with a “do not track feature”, this would presumably not have happened.

Advertisers, of course, are not happy about “do not track.” Tracking our online activities allows them to target very specific ads at us, ads for stuff we have some likelihood of being actually interested in. As the Times explains,

[t]he advent of Do Not Track threatens the barter system wherein consumers allow sites and third-party ad networks to collect information about their online activities in exchange for open access to maps, e-mail, games, music, social networks and whatnot. Marketers have been fighting to preserve this arrangement, saying that collecting consumer data powers effective advertising tailored to a user’s tastes. In turn, according to this argument, those tailored ads enable smaller sites to thrive and provide rich content.

The Times reports that advertisers have been fighting the attempts of an NGO called the W3C (for “World Wide Web Consortium”) to develop standards for “do not track” features. They have also publicly attacked Microsoft for its plans to make “do not track” a default (albeit changeable) setting on the next version of Internet Explorer. And members of the U.S. Senate are getting into the fight as well. Some are questioning the involvement of an agency of the US government, the Federal Trade Commission, with W3C’s efforts, while others seem to side against the advertisers.

The reason I am writing about this is that this may be another example of the development of new rules happening before our eyes, and it gives us another opportunity to reflect on the various mechanisms by which social and legal rules emerge and interact, as well as on the way our normative systems assimilate technological development. (Some of my previous posts on these topics are here, here, and here.)

W3C wants to develop rules―not legally binding rules of course, but a sort of social norm which it hopes will be widely adopted―regulating the use of “do not track” features. But as with any would-be rule-makers, a number of questions arise. The two big ones are ‘what legitimacy does it have?’ and ‘is it competent?’ As the Times reports, some advertisers are, in fact raising the question of W3C’s competence, claiming the matter is “entirely outside their area of expertise.” This is self-serving of course.  W3C asserts that it “bring[s] diverse stake-holders together, under a clear and effective consensus-based process,” but that’s self-serving too, not to mention wishy-washy. And of course a claim can be both self-serving and true.

If not W3C, who should be making rules about “do not track”? Surely not advertisers’ trade groups? What about legislatures? In theory, legislatures possess democratic legitimacy, and also have the resources to find out a great deal about social problems and the best ways to solve them. But in practice, it is not clear that they are really able and, especially, willing to put these resources to good use. Especially on a somewhat technical problem like this, where the interests on one side (that of the advertisers) are concentrated while those on the other (the privacy of consumers) are diffused, legislatures are vulnerable to capture by interest groups. But even quite apart from that problem, technology moves faster than the legislative process, so legislation is likely to come too late, and not to be adapted to the (rapidly evolving) needs of the internet universe. And as for legitimacy, given the global impact of the rules at issue, what is, actually, the legitimacy of the U.S. Congress―or, say, the European Parliament―as a rule-maker?

If legislatures do not act, there are still other possibilities. One is that the courts will somehow get involved. I’m not sure what form lawsuits related to “do not track” might take―what cause of action anyone involved might have against anyone else. Perhaps “do not track” users might sue websites that refuse to comply with their preferences. Perhaps websites will make the use of tracking a condition of visiting them, and sue those who try to avoid it. I’m not sure how that might work, but I am pretty confident that lawyers more creative than I will think of something, and force the courts to step in. But, as Lon Fuller argued, courts aren’t good at managing complex policy problems which concern the interests of multiple parties, not all of them involved in litigation. And as I wrote before, courts might be especially bad at dealing with emerging technologies.

A final possibility is that nobody makes any rules at all, and we just wait until some rules evolve because behaviours converge on them. F.A. Hayek would probably say that this is the way to go, and sometimes it is. As I hope my discussion of the severe limitations of various rule-making fora shows, making rules is a fraught enterprise, which is likely to go badly wrong due to lack of knowledge if not capture by special interests. But sometimes it doesn’t make sense to wait for rules to grow―there are cases where having a rule is much more important than having a good rule (what side of the road to drive on is a classic example). The danger in the case of “do not track” might be an arms race between browser-makers striving to give users the ability to avoid targeted ads, or indeed any ads at all, and advertisers (and content providers) striving to throw them at users.  Pace the president of the Federal Trade Commission, whom the Times quotes as being rather optimistic about this prospect, it might actually be a bad thing, if the “barter system” that sustains the Internet as we know it is be caught in the crossfire.

Once again, I have no answers, only questions. Indeed my knowledge of the internet is too rudimentary for me to have answers. But I think what I know of legal philosophy allows me to ask some important questions.

I apologize, however, for doing it at such length.

Author: Leonid Sirota

Law nerd. I teach constitutional law at the Auckland University of Technology Law School, in New Zealand. I studied law at McGill, clerked at the Federal Court of Canada, and then did graduate work at the NYU School of Law.

2 thoughts on “To Track or Not to Track?”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s