W3C home > Mailing lists > Public > www-p3p-policy@w3.org > January 2008

Re: EPIC complaint against ask.com to FTC

From: Lorrie Cranor <lorrie+@cs.cmu.edu>
Date: Wed, 23 Jan 2008 13:57:48 -0500
Cc: www-p3p-policy@w3.org, public-pling@w3.org, tns <t-and-s@w3.org>
Message-Id: <EAB07154-5B56-4D54-946B-DF61CB203034@cs.cmu.edu>
To: Rigo Wenning <rigo@w3.org>

> January 22, 2008 11:00 PM PST
> Whoops! Ask.com complaint to FTC is an EPIC mistake
> Posted by Declan McCullagh
> http://www.news.com/8301-13578_3-9855935-38.html?tag=nefd.blgs
> A zealous band of pro-regulation privacy groups made a valiant  
> effort a few days ago to convince the Feds to forcibly pull the plug  
> on a new feature on the Ask.com search engine.
> The groups, which include the Electronic Privacy Information Center  
> and the Center for Digital Democracy, told the Federal Trade  
> Commission on Saturday that that a formal injunction was necessary  
> to halt some supposedly pernicious practices on the part of Ask.com.
> The only problem? Those supposedly pernicious practices don't  
> actually exist.
> Ask.com already had voluntarily changed the way it handled its new  
> privacy feature weeks earlier. This self-appointed posse of liberal  
> nonprofits, which also includes Consumer Action, was riding to bring  
> to justice a problem that had long since vanished (and that's  
> assuming it existed in the first place).
> Now, I admit that anyone can err. And in fact I've known the folks  
> at EPIC to be careful, honest, and principled, even if I may  
> disagree with them from time to time. I think this is an honest  
> mistake.
> But this episode is useful to note because it exposes how the  
> Washington practice of advocacy groups using federal agencies to  
> sabotage political enemies can be bereft of facts and logic. (From  
> EPIC's perspective, this was supposed to be a no-lose situation:  
> it's a win if AskEraser is taken off the market, and if the  
> Republican-led FTC refuses to do so, the FTC and the Republican  
> appointees can be slammed as insufficiently sensitive to "privacy  
> interests.")
> For his part, Ask.com spokesman Nicholas Graham told me on Tuesday:
> EPIC's weekend filing regarding AskEraser is both flawed and  
> unfortunate. It's unfortunate in the sense that Ask.com tried to  
> engage in a constructive dialogue with the group last week, and was  
> rebuffed. Privacy is an issue that demands collaboration and  
> partnership between online companies and advocates, for the benefit  
> of all consumers. Ask.com's relationship with the Center for  
> Democracy & Technology is proof-positive of that.
> EPIC's filing is flawed in the sense that the document they filed is  
> factually inaccurate, and simply shows a fundamental  
> misunderstanding of the functionality of our product. In addition,  
> many of the issues they raise are outdated, while others are  
> completely misguided from the outset, and others deal with changes  
> that Ask.com already made to AskEraser weeks ago, and were  
> subsequently posted publicly on our website.
> EPIC Executive Director Marc Rotenberg replied to me in e-mail on  
> Tuesday evening:
> If Ask has now fixed the problem, (1) that means we were right, (2)  
> they should have responded to our letter. But that doesn't solve the  
> problem with opt-out cookies, which I think you will agree is a  
> nutty approach that does not scale, i.e. it requires users to keep  
> cookies for all the companies they don't want to be tracked by. Even  
> the FTC should be able to see the problem.
> Rotenberg is right that using opt-out cookies may not be the  
> cleanest design technique. If I were coding it, I'd have created a  
> special "ask.com/eraser" site--the same way Google set up its  
> google.com/unclesam government search -- or a private.ask.com  
> subdomain. No cookies would be needed.
> Then again, I'm not privy to how Ask.com's software is designed and  
> the trade-offs that would be involved. More to the point, probably,  
> companies should have flexibility in how they try to offer new  
> privacy features--and it's hardly clear that a bunch of permanent  
> Washington insiders or FTC bureaucrats know more about scalable  
> software engineering than, well, actual software engineers. As long  
> as Ask.com is honest about what it's doing, and it seems to be in  
> its FAQ, it should be allowed to keep on offering new features.
> There's one more question worth asking: if EPIC and CDD and their  
> ideological allies believed they had such a strong case, why not  
> file an actual lawsuit instead of asking the FTC to undertake an  
> investigation that would likely take half a year or more to complete?
> After all, EPIC is staffed by attorneys, and their complaint to the  
> FTC alleges that AskEraser is, beyond any doubt, "an unfair business  
> practice." If true, that would violate state consumer protection  
> laws, including California's section 17200, which says private  
> attorneys may sue a company engaging in "unfair" business practices.
> I think I know what the answer is. Judges have little patience for  
> plaintiffs that waste their time. If this had been a lawsuit, a  
> judge might well have fined EPIC et al. for wasting his time with  
> frivolous claims, and its staff attorneys might even have been  
> subject to individual sanctions.
> Lawsuits, in other words, have risks. Firing off an inaccurate  
> letter to the federal bureaucracy, on the other hand, merely results  
> in the sender looking a little silly. The next time you see them  
> complaining to the FTC about some alleged wrongdoing, remember these  
> attorneys' odd reluctance to litigate.
> ________________________
> Ask.com's statement on the complaint:
>    http://www.news.com/5208-13578_3-0.html?forumID=1&threadID=34575&messageID=370477&start=-1
> Ryan Singel's coverage:
>    http://blog.wired.com/27bstroke6/2008/01/askcoms-privacy.html
Received on Wednesday, 23 January 2008 18:58:28 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:10 UTC