Privacy 2014: NSA Use of Commercial Tracking Tech Reignites DNT Debate

If you haven’t had a chance to read it yet, you really should pore through all of this Washington Post investigative piece on the National Security Administration’s tracking through Internet cookies and device identifiers. Namely, the agency has been using some of digital media’s favorite tools to track and target suspects; in addition, it’s been raking in location data shared by mobile apps during ad calls.

As a digital revenue specialist, you may not find it shocking – indeed, it might just confirm your suspicions. But here’s the chief takeaway: “The revelation that the NSA is piggybacking on these commercial technologies could shift that debate, handing privacy advocates a new argument for reining in commercial surveillance.”

Since the initial Snowden leaks began to show the breadth of the NSA’s digital surveillance, all of us in the ecosystem have pondered what the effect of this news would be on digital ad tracking and targeting. Initially I thought the news might actually be good for our industry. I’ve long told friends and family they have much less to fear from advertisers tracking and targeting you based on cookies than government entities. 

Advertisers and publishers are growing more and more upfront with consumers about how they use targeting and tracking technologies. Personally identifiable information for the most part makes them squeamish; it’s better if targets are anonymous profiles or collections of cookies that algorithms can optimize against. Government entities, on the other hand, want all the PII they can get while staying clandestine. 

The news that the NSA is using commercial tracking technologies could bring back regulatory clamor. In particular, it may re-awaken the specter of Do Not Track; many of us in the industry have written off the W3C’s efforts to assemble a DNT standard as dead in the water. (The privacy advocates quoted in the WaPo article put the blame squarely on industry groups, but I know there were no compromises made on their side either.) 

This hasn’t stopped Microsoft Internet Explorer from placing DNT on as default or other browsers from offering such functionality. In turn, because the DNT standard has not been agreed upon, some digital advertisers have no problem ignoring preference-bearing HTML headers when they appear.

Such behavior would have dire consequences in an environment where DNT is regulated. That notion presents an even larger threat considering the tracking technology shift from cookies to device identifiers, which offer greater opportunity on a cross-platform basis.

Device IDs include mobile operating systems like Apple’s IDFA, as well as probabilistic identifiers. Digital technology firms such as Google are also working on proprietary identifiers. Beyond that, Internet Protocol version 6 (IPv6) is (slowly) replacing IPv4 and will enable unique, semi-static addresses for devices connecting to the Internet (though privacy extensions have been developed).

Close to the first round of NSA surveillance revelations, Digital Net Agency Chief Strategy Officer Skip Graham made an interesting point – that the digital media business paved the road for consumer acceptance of government digital spying capabilities. How? By offering them “free” stuff – email, social networking, content, etc.

Well, this whole “free” notion is part of the problem. The claim that you get free stuff in exchange for allowing some cookies on your browser is a fallacy. No, you are paying for that stuff with your browsing data and enabling advertisers to target said cookies. This is what I’ve long referred to as the “unspoken agreement,” but times – and technology – are changing.

Perhaps the threat of DNT is actually what’s needed to empower consumers in regards to their data. Yes, data is currency, but the industry needs mechanisms to allow for data transactions that give the consumer agency. Publishers have taken the first step to getting here by announcing their privacy policies on first visit; next requires giving consumers the option to pay for content with money or data.

We’re not there yet, but the combination of ID-related tracking and targeting plus heightened privacy concerns following NSA disclosures are certainly pushing us in this direction. It’s time to suit up – the digital privacy debate looks likely to flare up in 2014.