October 17, 2017

The Battle Begins


A few weeks ago, in a blog post entitled "The Battle Of The Century, " I wrote about the lobbying battle that is brewing over the EU's proposed ePrivacy Regulation.

If adopted the ePrivacy Regulation, along with the GDPR (General Data Protection Regulation) will make it much harder for online marketers and media in the European Union to collect personal private information about users without prior consent. In other words, it will make it hard for them to track us all over the web and collect, exploit, and sell the information they are harvesting without our explicit consent or knowledge. 


Last week, another shot in this battle was fired. A consortium of advertising, marketing and media companies sent a misleading and disingenuous letter to the members of the European Parliament attacking one of the core points of the ePrivacy Regulation. I have posted the letter here if you'd like to read it. The lead sentence of the letter reads...

    "ePrivacy Regulation threatens data-driven advertising business model of European press publishers and other online media and services."

Before we talk about what's wrong with this assertion, let's talk about what the letter gets right. The letter claims that most of the stuff we like about the web, including news, is made possible by the revenue publishers get from advertising.

This is true. Publishers could not exist solely on the payments they get from users. They also need income from advertisers. However, the letter then goes on to put forward two deceptive arguments.

First they imply that without "data-driven" advertising the revenue to publishers will dry up. This is nonsense. First of all, all advertising is "data-driven." Advertisers have used data for decades to make media decisions about TV, radio, print and every other advertising medium. If this regulation is enacted they will still use data to make decisions about online advertising.
 

It is not "data" that will be regulated, it is the means by which certain data is collected - involuntary tracking, or spyware. What they won't be able to do is track us without our permission and use data derived from spying on us.

The second assertion has to do with a publisher's right to block users who won't agree to be tracked. The ePrivacy Regulation states that a publisher is prohibited... 

"...from denying access to their advertising-funded offerings if users do not consent to data collection needed for data-driven advertising."
In other words, publishers will not be allowed to block you from reading the content of their website if you refuse to be tracked. The letter claims...
    "...the ePrivacy Regulation puts into question the ability of publishers and other online services to continue offering a value exchange that affords Europeans access to content and services at little or no cost supported by advertising revenue."
This may not be true at all. As far as I have been able to determine, publishers can still block people who block ads, as they can do now. But they will not be able to block people who refuse to be tracked. The difference is enormous.

Publishers are entitled to some value for their work and efforts. None of us works for nothing, why should publishers? I believe it is a fair exchange for publishers to require users to allow ads in exchange for access to the content or news they publish. It doesn't mean we have to pay attention to the advertising, but we ought to allow it on the page. 


When we agree to be exposed to advertising we know what we are agreeing to. But if we are forced to agree to be tracked we do not know what we are agreeing to. We don't know what personal private information is being collected, how it is going to be used, who is going to have access to it, who it may be sold to, or how it will be protected, if at all.

Agreeing to receiving advertising is impersonal. Agreeing to be tracked is wholly personal. 

I want to repeat that I am not certain that the ePrivacy Regulation will allow publishers to block people who block ads. But I think it should.

Having to agree to be tracked, however, creates an unfair value exchange in which the publisher knows exactly what he is getting but the consumer has no idea what he is giving up.

In summary, for us to get what we enjoy from from the web we must understand that a great deal of the value is supported by advertising. But the advertising industry must understand that their desire to monetize data about us does not supersede our right to privacy.

The online advertising industry does not need to spy on us in order to thrive. Every other advertising medium has done quite well, thank you, without trampling on democratic principles of privacy and security.

Tracking, surveillance marketing, and the current model of ad tech are affronts to the values of free societies. The ePrivacy Regulation is a sound and reasonable reaction to our industry's inability to exercise a mature degree of restraint or self-control.


October 09, 2017

When Data Is Dangerous


It has become an article of faith in the marketing business that the future of marketing is about data.
 "Data are to this century what oil was to the last one: a driver of growth and change," says The Economist.
Scientific American says, "The digital revolution is in full swing...in 2016 we produced as much data as in the entire history of humankind..."
The primacy of data in marketing has been beaten into us for the past 10 years. In fact, it has become such a platitude that we no longer even stop to think about what it means.

Data sounds very scientific, impersonal and hygienic. But it is not.

When marketers talk about data what they usually mean is personal private information about us that is collected, traded, sold and exploited without our knowledge or consent.

To marketers, data is not all numbers and algorithms. It is your sexual preferences, your religious beliefs or lack thereof, your banking details, your medical and psychological diagnoses, your work history and political preferences. It is thousands of facts about you that you never suspected anyone knew or collected.

It has the potential to be used in a myriad of dangerous ways by any incompetent, irresponsible organization that has the wherewithal to collect it or buy it.

Data is just a bland, emotionless word for some highly sensitive information. It makes the collection of personal private information about us seem to be an inoffensive remote branch of mathematics.

Next time some cliché-spewing marketing-droid  blithely repeats the mantra that the future of marketing is all about data, remember this -- data isn't neutral. Data, in the wrong hands, is dangerous.

And we have every reason to believe that the marketing industry is the wrong hands.


October 05, 2017

Yahoo: Incompetent, Irresponsible, And Dangerous


If you would like an example of how the online ad industry's insatiable lust for "data" - usually just a pleasanter term for personal private information about us - has defiled our society and undermined our right to privacy, look no further than Yahoo.

In my new book, BadMen, I tell the story of how in 2014 Yahoo demonstrated utter disregard for the privacy and security of its users.

Their security chief warned them that their platform was woefully insecure and easily hacked. He recommended a system of end-to-end encryption to protect their users.

The ceo and the board rejected his recommendation because implementing the proper security measures would mean they could no longer scan the emails and text messages of their users and use this information to create targeting opportunities for their advertising clients.

Soon thereafter, half a billion Yahoo accounts were hacked.

But that ain't nothing.

It was revealed yesterday that a year earlier, in 2013, every single Yahoo account -- 3 billion of them -- were hacked. Somehow Yahoo never bothered to fully investigate the extent of the hack.

Earlier, Yahoo had reported that the 2013 hack affected 1 billion accounts - which is bad enough. But an investigation by their new owners - Verizon - revealed that the hack was actually three times larger than Yahoo reported. And, in fact, was the biggest known hack in history.

If I ran the world, Yahoo's ceo and board would be fined $1 per hack and dragged off to jail. But, then again, if I ran the world Yahoo would have been put to sleep years ago.





.