Those who have closely followed recent revelations about U.S. government inquiries into online user data could be excused for thinking all internet tracking perpetrates an inexcusable breach of trust. Last summer's leaks, alleging the National Security Agency had been granted direct access to the servers of Google, Facebook, YouTube, and other internet companies, have understandably caused alarm among consumer and privacy advocates.
The large web portals have leapt to their own defenses, releasing official but generally banal statements touting the sanctity of user data and reassuring these same users that the information, when revealed to the government, is done so only to comply with subpoenas and legal orders. In the words of Facebook's chief security officer, "Protecting the privacy of our users and their data is a top priority." But protect them from whom?
Almost lost in the debate is the justification for user data being recorded and retained in the first place. The libertarian tone appropriated by internet companies may convince patrons their personal data aren't being catalogued and mined by Uncle Sam. However, it still fails to address the implicit bargain they're making with the very companies sworn to protect their information. Our services, in exchange for your information. Quid pro quo.
Unauthorized prying into online data can, and should, be regulated. But what if the entities engaged in the prying are the same ones to whom we've willingly turned over our personal information? Do searchers on Google or posters on Facebook hold a legitimate expectation of privacy when they use these services?
Expectations of privacy
Much of the future of online advertising may hinge on that phrase, "expectation of privacy." It first cropped up in 1967, in a Supreme Court opinion establishing boundaries around unconstitutional government searches; then again, notably, in a 1979 decision, in which the Supreme Court found the phone company does not violate a "legitimate expectation of privacy" when it uses devices to record dialed phone numbers.
More recently, in a motion last fall to dismiss a class action suit claiming its Gmail service violates the Federal Wiretap Act, Google lawyers rejected the "legitimate expectation of privacy" claim. Instead, they took the stance that automatic processing of email content is implicitly accepted by anybody who uses Gmail or sends a message to a Gmail account.
Never mind the infelicity of publicly stating that user privacy is a core tenet of its services while relying on a legal argument to assert that privacy doesn't always apply to its services. What's more troubling is that sites like Google and Facebook have allowed themselves to become swept up in debates about government spying and citizen mistrust. Despite arguments to the contrary, profiling for marketing purposes and profiling for government purposes are distinct activities. Advertisers, for the most part, don't want to know who you are -- they're only interested in whether you might buy their product. Advertising should not be a primary concern in consumer-advocacy discussions, but it's become one.
The perversity of Google's position is that, to satiate its advertisers, it must collect more specific and nuanced data, but doing so necessarily butts up against basic concerns about controlling and sharing personal information. Equally confounding to the online ad giants are indications that members of the online populace are more willing than ever to disclose information about themselves -- and, in fact, that they demand a similarly personalized experience from the sites they frequent.
A Pew Internet and American Life poll taken last fall confirms this conflicting position. In the survey, 68 percent of internet users said it is very important that they control access to the content of their emails, but only 44 percent felt as strongly about others accessing search content without authorization. And only 33 percent told Pew it was very important that they authorize access to the times of day they are online.
On one hand, this seems to indicate a diminishing resistance to information sharing based on the perception of the information's individuality. It also suggests an expectation of privacy does exist -- or at least an expectation that our information will not be used in a manner different from how we intend it to be used.
Most internet users share concerns about online privacy, but these concerns do not primarily center on large advertisers. The Pew study found that of those who have tried to hide their online behaviors, the majority have done so to protect themselves from hackers and criminals. And internet users between 18 and 29 are just as likely to want to mask their online actions from friends and other acquaintances as they are from marketers.
For the most part, consumers are oblivious about which details of their online profiles are shared with advertisers. It's become abundantly clear that this confusion has not served digital publishers well. While in the past it may have been beneficial to suppress the details of privacy disclosures in favor of feel-good generalities, companies now face unpleasant associations if they don't get in front of their messages. In the public's mind, secrecy is the playground of government agencies and thieves. But transparency is just one part of the challenge.
A cookieless internet
Last May, Apple announced its app store had registered more than 50 billion downloads since opening just four years earlier, and total Google Play app downloads were on pace in 2013 to surpass this total. If nothing else, these staggering numbers affirm the deep level of trust consumers have in the mobile software Apple and Google make available. It also represents an unprecedented trove of user information for marketers.
For its part, Apple has made strides toward anonymizing phone data, though not without prodding. Last year, largely in response to pressures following shady data collection practices by a few app developers, the company announced it would no longer allow apps to access a device's universal device ID. Google has followed suit by requiring Android app developers to ditch Android ID for its new advertising ID by August.
These new mobile ad-tracking schemes allow device users to opt out of interest-based advertising and reset their identifiers at will. They also provide a way to circumvent an increasing norm among web browsers of blocking third-party cookies.
Rumbles of an in-development Google ad-tracking technology dubbed AdID herald a further evolution. The new ad identifier would reportedly anonymize personally identifiable data across devices and give users greater control over what information is collected from them.
On the surface, this news should be welcomed by consumer and privacy advocates. For the vast majority of advertisers, personally identifiable information is neither accessible nor an expected part of their marketing plan. In a survey conducted by Enliken, a company that allows consumers to sell their personal data in exchange for content, internet users deemed three-quarters of the information being recorded and sold by some of the largest data aggregators harmless. Further, only 9 percent of the information was considered sensitive (it's also worth noting that the survey takers found only 52 percent of this personal information accurate).
The implication of potential cross-device technologies like AdID is that behavioral tracking won't be limited to a discrete user-initiated action, but instead will become persistent. The difficult problems facing marketers in the mobile age pose a very real threat to the advertising profits of large publishers. For example, how can we account for a consumer who conducts research from a smartphone, then completes a purchase on a laptop? Or, an even thornier scenario: an online searcher who leaves his browser altogether and spends his money in a physical store.
Yet, persistent data collection is at stark odds with how internet users are used to interacting with search engines, or with other computers, for that matter -- an explicit request for information, which is duly returned as quickly and accurately as possible. We want to believe our information is being collected only when we provide it.
Also obfuscated is the idea that behind the mass of data collected are experiences. What online marketing -- and multi-device marketing, more explicitly -- offers is a greater understanding of how people interact with technology and their world simultaneously. Subliminal-seeming advertising that relies on data points to persuade is creepy and depersonalizing.
Yet the ideal of advertising technology seems to be the perfectly targeted ad, which would show without any apparent prompting. In this resides a paradox: Data glut simultaneously moves us closer to, and further away from, the individual -- a troubling prospect at a time when we're more alarmed than ever at being reduced to bytes on a remote server.
Expectations of security
Speaking at a Federal Trade Commission workshop in November, Vint Cerf, one of the founders of the modern web and now Google's chief internet evangelist, suggested that privacy is a modern construct. As population centers expanded following the Industrial Revolution, so too did the belief we could hide in plain sight. By comparison, then, the internet is urban sprawl, and our sense of anonymity online is just the result of the sheer size of the community. "The technology that we use today has far outraced our social intuition," he said, on the way to arguing that we'll need to continue overstepping acceptable bounds of privacy before identifying them.
As such, all of the current outrage over data mining could prove to be a watershed moment for online marketing. Acknowledging user data concerns and being transparent about what personal information is collected and how it's used is a good start. But if publishers truly want to make online advertising useful, they'll allow people to create and vet their own data profiles. If our privacy truly is in their best interests, then what's there to be concerned about? And even if companies ultimately reject assumed expectations of privacy when collecting data, certainly they can't deny that the security of user data and how it's shared with others remains a fundamental concern.
For marketers, the internet should not represent an opportunity to read the minds of its denizens and gain a mathematical advantage on competitors, but an approach to tapping into the greatest community in history. Data should inform marketing decisions, not dictate them, especially when the integrity of a brand and the protection of its patrons is at stake.
A renewed focus on experiential advertising places a human face on digital marketing, creates a sense of shared respect with consumers, and may very well usher in a new advertising renaissance.
We've become undeniably more comfortable sharing our information online. Our data are the currency of an exploding digital social and commercial economy. But we need meaningful assurances of security. It's only our trust in online providers that keeps us willing participants.
On Twitter? Follow iMedia Connection at @iMediaTweet.
"Portrait of a sexy woman" image via Shutterstock.