What is SEM?

SEM (search engine marketing) is a new form of marketing, and as such, is not yet standardized. SEM methods are continuously evolving, along with the changing perceptions of optimization. There are two distinct concerns regarding SEM practices, which can be classified into investors’ concerns and users’ concerns.

Major investors’ concerns are as follows:

• Placing paid search campaigns on search engine results pages have been to topic of significant controversy. In 2002, the Federal Trade Commission (FTC) mandated disclosure of paid advertisements on search engines.
• Private interest groups are reducing the definition of SEM and rendering it synonymous with “pay-per-click” campaigns. This means that search engine optimization (SEO) would fall outside of the SEM definition.
• Trademark infringement by third-party bidding has also been an area of concern.

From a user’s point of view, major privacy and security concerns are as follows:

• Certain advertisements contain external applications, which can often affect users’ browser settings, or show pop-ups in non-affiliated pages. Such applications might also be spyware.
• Third-party cookies can seriously compromise the user’s privacy or anonymity. Such cookies can enable advertisers to trace the address of the browser.

Google Analytics

In June 2010, a controversy arose around new additions to Google Analytics and the privacy issues that it touched upon. With these new additions, it became possible for website operations to use the search engine optimization suite to sift through Facebook profiles and Twitter posts. The software allowed individuals to conduct search engine marketing campaigns to find Facebook and Twitter profiles of individuals who have visited their websites, including a certain amount of personal information about these individuals.

Google’s privacy practices have often been criticized. Privacy professionals have often warned users to be aware of ways to protect their personal information. Regarding this particular Google controversy, the blogger Antoine Pace stated,

“The capacity for linking from Google or Twitter is quite well known and popular. There should probably be a warning saying that, by doing this, you are potentially disclosing you information, or something similar. If you are concerned about the use of your personal information, then you need to protect it. If you are scared about someone stealing your wallet, you don’t put it on the fence outside. Make sure your information is protected from the public.”

Scroogle

In response to search engine privacy concerns, certain web users have begun to use a search engine nicknamed the “Anti-Google.” Scroogle, developed by David Brandt in 2005, is a search engine that has no advertising, rather relies on small donations from its users. Scroogle ensures user privacy by masking the IP address of users who want to use Google search capabilities anonymously. It also offers an option for SSL encryption (256-bit AES key) of all communication between their computer and the search page.

Scroogle functions as a proxy for Google searches, which means that search terms, IP addresses and other search information that Google typically records is anonymized. The service then deletes all logs and cookies on their services within 48 hours, for additional privacy protection.

The increasing use of Scroogle and other similar proxy search engines remains a concern for Google advertisers and other search engine marketers. Although it is only a relatively small percentage of users who are currently using these services, the number is bound to increase, unless user privacy is taken seriously by the big players.

Summary

This post takes a look at search engine marketing (SEM) and search engine optimization (SEO), and how these relatively new ways of marketing can impact the security and privacy of users. The article takes a look at some of the major concerns from an investor’s and user’s perspective. The article also sites a recent SEM controversy, with new features offered by Google Analytics. Finally, the article introduces Scroogle, a search engine that allows users to mask their IP addresses in order to use Google search capabilities anonymously.

CIPP Exam Preparation

In preparation for the Certified Foundation Examination (Foundations), a privacy professional should be comfortable with topics related to this post, including:

• Search Engine Marketing (SEM) (III.B.j.i.)

What is online tracking?

Online tracking is an advertising method which develops tailored ads based on information that has been gathered about the consumer. Tracking allows advertisers to accurately match consumers to products, thus increasing the effectiveness of the ads. This means that companies to charge a premium for such precisely-targeted ads. According to EMarketer Inc., a New York-based research company, the US market for targeted advertising may grow 21% in 2011, to $1.35 billion, from $1.12 billion in 2010.

In December 2010, the Federal Trade Commission (FTC) issued a report endorsing “Do Not Track” initiatives that would offer users a way to opt out of personalized advertising. While advertising companies that are part of the Network Advertising Initiative (NAI) allow users to opt out of online tracking, once customers clear browser cookies, any settings that have been customized are lost.

Firefox: Do-Not-Track Header

In January 2011, Mozilla proposed a Do-Not-Track feature in Firefox which allows users to inform websites that they would like to opt-out of third party tracking. This is done through the transmission of a Do-Not-Track HTTP header whenever user data is requested from the web. The header can be enabled or disabled when the user wishes, supposedly providing granular control over which websites are allowed to collect data. While any browser can be configured to send a Do-Not-Track header, every website must be modified in order to accept it.

Alex Fowler, Mozilla’s technology and privacy officer commented that the challenge of the Do-Not-Track header “is that it requires both browsers and sites to implement it to be fully effective. Mozilla recognizes the chicken and egg problem and we are taking the step of proposing that this feature be considered for upcoming releases of Firefox.”

Chrome: Online Tracking Tool

On January 24, 2011, Google announced the release of a new tool known as Keep My Opt-Outs, which allows users to opt out of online tracking. The Keep My Opt-Outs browser extension applies to all companies and online ad networks which offer opt-outs as a result of industry self-regulation programs. Currently, over 50 companies are members of such associations that offer opt-outs through such programs. Basically, Google’s extension determines if a cookie originates from a blacklisted targeted advertising provider and either blocks or allows it.

Google’s product managers claim, “We’ve designed the [Keep My Opt-Outs] extension so that it should not otherwise interfere with your web browsing experience or website functionality. This new feature gives you significant control without compromising the revenue that fuels the web content that we all consume every day.”

Internet Explorer: Tracking Protection

Some observers are convinced that Microsoft’s Internet Explorer Tracking Protection is perhaps the most user-friendly method for preventing online tracking. This security feature is planned for the first release candidate of Internet Explorer 9, currently available in beta version. The Tracking Protection feature uses a list to determine which third party page elements can/cannot be blocked from tracking.

In December 2010, Dean Hachamovitch, the head of Internet Explorer development, described how Tracking Protection would work:

“A Tracking Protection List (TPL) contains Web addresses (like msdn.com) that the browser will visit (or “call”) only if the consumer visits them directly by clicking on a link or typing their address. By limiting the calls to these Web sites and resources from other Web pages, the TPL limits the information these other sites can collect.

You can look at this as a translation of the “Do Not Call” list from the telephone to the browser and web. It complements many of the other approaches being discussed for browser controls of Do Not Track.”

Other ways to resist online tracking…

While the FTC assesses the efficacy and usability of tracking-minimizing tools, privacy experts have a number of other recommendations for reducing and resisting online tracking.

• Advertising companies use cookies to track users’ online activity. Remove and block these ad-related cookies.
• Remove Flash cookies, which are a type of supercookie that can contain more information, web beacons and web bugs. Such cookies must be removed through Adobe’s online Flash Player page.
• Use specialized software to remove and prevent tracking programs. Recommended titles include: Taco by Abine; Better Privacy for Firefox; Ghostery for Firefox; CCleaner; and NoScript for Firefox and Chrome.
• InPrivate Filtering, a feature for Internet Explorer 8, prevents data from traveling between users’ computers and third parties who frequently request data.
• Users should be cautious when giving personal information online (e.g. registration forms, social networking sites, surveys). Such information will most likely be used to customize online ads.
• Users can use several search engines to conduct online searches. Users may want to consider using different companies for searching and web-based email services.
• Certain search engines, such as Scroogle.org, enables users to search using Google, without the risk of being tracked and without the inconvenience of viewing ads.
• Use a dynamic IP address, or periodically reset the IP address by disconnecting and connecting the modem.

Summary

This article focuses on online tracking, an advertising practice in which advertising companies use information about users to more accurately match consumers with products. In late 2010, the Federal Trade Commission released a report encouraging the development of do-not-track mechanisms. Three major internet browser providers – Mozilla, Google and Microsoft – have recently responded with their solutions to the problem of online tracking. The article introduces Mozilla’s Firefox do-not-track header, Google’s Chrome online tracking tool and Microsoft’s Internet Explorer Tracking Protection feature, as well as other practices users may consider in order to reduce online tracking.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT) exam, a privacy professional should be comfortable with topics related to this post, including:

• Sensitive Personal Information (I.A.b.)
• Privacy Concerns – The Consumer Perspective (II.A.a.)
• Unsolicited Marketing (II.A.e.)
• Privacy Protection – Notice and Choice (III.A.a.)
• Web Cookies (III.B.c.i.)
• Web Browser Controls (III.B.c.v.)
• Explicit and Implicit Consent – Opt-In vs. Opt-Out (IV.B.i.1.; IV.B.i.2.)

“To enhance the management and promotion of electronic Government services and processes by establishing a Federal Chief Information Officer within the Office of Management and Budget, and by establishing a broad framework of measures that require using Internet-based information technology to enhance citizen access to Government information and services, and for other purposes.”

Section 208 of the E-Government Act is devoted specifically to privacy concerns. It  placed four specific requirements on Government agencies:

• Conduct Privacy Impact Assessments for electronic information systems and records and make them available to the public
• Post privacy policies to all agency websites
• Implement P3P (machine-readable) privacy policies on agency websites
• Submit annual reports to the Office of Management and Budget regarding compliance with the Act

Website Privacy

All government agencies are required to post privacy policies on their general websites as of December 15, 2003. The privacy policy rule does not apply to: information not considered “government information”; intranet websites only used by authorized government users; national security systems.

All Privacy Policies:

• Require consent from the individual for information collection and sharing. Website visitors must be told whether the information requested is voluntary or mandatory as well as how to grant consent for the collection of both voluntarily and mandatorily provided information.
• Must notify individuals of their rights under the Privacy Act and other privacy laws such as HIPAA, the IRS Restructuring and Reform Act of the Family Educational Rights and Privacy Act. Notification must be placed in the body of the website’s privacy policy, linking to the official text of the legislation or the official summary of statutory rights.
• Must implement machine readable (P3P) privacy policies into their websites.
• Must comply with the relevant Office and Management and Budget Memorandums which concern the content and use of privacy policies:
  • Memorandum-99-18 Requires the inclusion of two content areas: Consent to collection and sharing; Rights under the Privacy Act or other privacy laws (as outlined above) OMB M-99-18 also requires the posting of privacy polices on the main web site, any major entry points to the site and on every page that collects personally identifiable information. Further it requires privacy policies to be clear, conspicuous, accessible and easy to understand.
  • Memorandum-99-05 Deals with the administrative side of privacy protection.  M-99-05 requires all employees and contractors to be educated in their responsibility towards privacy protection. All individuals that may have day to day responsibility for implementing section 208 must be identified. A senior official or officials must be appointed to oversee privacy matters in the agency, serve as the principle information technology contact and review the agency’s Privacy Impact Assessments.
  • Memorandum-00-13 Prohibits the use of persistent cookies or web beacons to track visitor traffic at their website unless authorized by a senior official due to compelling need. If tracking cookies are used, the privacy policy on the agency’s website must include the type of information collected, how and why it is collected and used, whether the information is disclosed to third parties and how the information will be protected by privacy safeguards. All agencies must submit reports for the use of persistent tracking cookies. OMB M-00-13 does allow the use of session cookies to track activity during a single session
• Must continue to implement the privacy protections enforced by other regulations. Privacy policies should assure visitors that the information technologies used protect data during all phases of its life cycle. They should assure compliance with the Privacy Act of 1974 regarding how information is handled and complete regular evaluations to ensure compliance. Furthermore, the agency must fully adhere to their stated privacy policies.

Privacy Impact Assessments

The E-Government Act requires agencies to conduct Privacy Impact Assessments to achieve three main goals:

• Ensure that information handling complies with all applicable laws, regulations and policies regarding privacy.
• Assess the risks and effects to the individual of collection, maintaining, using and disclosing personally identifiable information
• Evaluate current protections, their effectiveness and consider possible alternatives better protect data from privacy violations.

When must a PIA be conducted?

All PIA should be conducted to the collection, use or disclosure of information in identifiable form. A PIA is required:

• Prior to developing or obtaining and IT system or process which collects, stores or discloses personally identifiable information
• Prior to instituting a new electronic means of collecting identifiable information from 10 or more individuals
• When converting paper records to electronic records
• When anonymized data in an information system is changed into identifiable form
• Prior to significant changes of an existing IT system when such changes effect how identifiable information is managed in the system
• Prior to the merging of information (most often completed through matching programs with other agencies)
• When a new user authentication technology is used to allow public access to government information
• Before information purchased from commercial or public sources is merged into existing information systems maintaining personally identifiable information
• When two or more agencies work together to share function or uses of personally identifiable information, the lead agency should prepare the PIA
• When internal business process result in significant changes of the use, disclosure or collection of identifiable information.
• When additional data elements containing information in identifiable form are added to an information system and increase the risk to personal privacy.

There are a few exceptions to the Privacy Impact Assessment rule. A PIA is not required:

• When the information relates to internal government operations
• A previous evaluation has been conducted in an assessment  similar to a PIA
• When privacy issues remain unchanged. Examples of such situations include:
  • Government information systems that do not maintain information in identifiable form or about members of the general public
  • When the government-run public website is only used to collect limited information from individuals for the purpose of providing feedback to their inquiries or requesting additional information
  • National security systems
  • When privacy protection is addressed in a matching agreement as pursuant to the Privacy Act
  • When privacy protection is addressed in an interagency agreement allowing the merging of data only for statistical purposes and PII remains private pursuant to Title V of the E-Government Act
  • If the IT systems collects information in non identifiable form for purposes other than the matching or merging of that data with other databases

What does a Privacy Impact Assessment contain?

Each PIA must contain the following information:

• The nature, source of collected information
• The reasons behind the collection of information
• The intended uses and disclosures of collected information and how the individual can provide their consent
• The technical and administrative safeguards used to protect the information
• Whether the information system falls under the definition of system of records under the Privacy Act
• An analysis of the PIA and the steps taken by the agency to remedy and problems or weaknesses

What is the Significance of Privacy Impact Assessments?

Privacy Impact Assessments are public documents that allow ongoing monitoring and assessment of privacy protection implementation and effectiveness. All PIAs must be evaluated by the Chief Information Officer in the Office of Management and Budget. The CIO’s job is to evaluate all PIAs for compliance and ensure implementation of the necessary procedures.

Further more, they provide the public with insight into how the Federal Government collects, uses, maintains and protects personally identifiable information. Under Section 208B, Privacy Impact Assessments should be made available to the public through publication on the agency’s website or publication in the Federal Register, though this requirement may be waived for security purposes.

PIAs are similar to the Systems of Records Notice (SORN) required under the Privacy Act of 1974 which created a Federal Register documenting all information systems which use personally identifiable information to retrieve records. Privacy Impact Assessments allow for stronger privacy protections by requiring greater detail and by applying to some records systems which are exempt from filing SORNs.

Summary:

With the integration of new technology into record keeping systems, the U.S. Government recognized the need for new legislation regulating the use of such technologies by the Federal Government. Section 208 is particularly important in privacy legislation because it increases the protections granted under other privacy legislations such as the Freedom of Information Act and the Privacy Act of 1974. Furthermore, it regulates the collection, use and disclosure of personally identifiable information over the Internet, requires regular enforcement through the use of Privacy Impact Assessments and provides public access to government activities through regular reporting and publication of those assessments.

CIPP/G Candidate Preparation

In preparation for the Certified Information Privacy Professional Government exam, a privacy professional should be comfortable with topics related to this post including:

• The E-Government Act of 2002 including website privacy policy and Privacy Impact Assessments (I.C.c.i.-ii.)

How do cookies work?

When an Internet user attempts to view a website, either by clicking on a hyperlink or typing its URL, the user’s web browser sends a request to the server hosting the files of the website for the information. The web server then sends the required information back. Often this information contains a text file–the cookie–which is placed on the user’s hard drive.

A cookie is a simple text file containing name-value pairs. For example the name might be “User ID” and the value is “ABC123,”– the string of characters representing the user’s unique ID assigned to them when they first visited the website. They also usually include an expiration date set to sometimes in the future. Cookie preferences can be controlled by a user’s web browser. They can be viewed and deleted by the user at will. A user can prevent cookies from being placed on their machine, however, many websites now require the use of cookies in order to view the site.

The use of cookies should be mentioned in a website’s privacy policy, which states how information about a user is collected as well as how it is used.

Types of Cookies

Persistent Cookies–are set, by the web server, to expire some time in the future (days, weeks, months, years) and will remain on the user’s computer even after they have navigated away from the website. They are the most common type of cookie used by websites.

Session Cookie–used most often with ecommerce websites that allow the purchasing of products. Session cookies are stored on the user’s computer only when they are connected to the specific web server. It allows the server to store information regarding cart contents. It also used by other types of sites to  manage online chat sessions and allow for interactive opinion surveys.

How are cookies used?

Cookies serve a variety of function which can improve the browsing experience of users and help web servers track visitors.

Personalization

Many international or multilingual websites use cookies to set language and location preferences, so the user does not need to specify their preference every time they visit the site. Sites like My Yahoo! also use cookies to store information such as the widgets, articles, and elements a user wishes to view when they visit their personalized Yahoo homepage. A cookie may also store the viewing preferences of the user such as the appearance of a website or how many search results to return to the page.

Session Management

Most websites that sell products use cookies to keep track of a user’s activity during each shopping session. Each session is usually given a cookie with a unique session ID. This allows websites such as Amazon to display to the user information such as recently visited products as well as how many items are in the current cart and their subtotal, while the user continues to shop.

Cookies are also used frequently for websites that require the user to log in with a username and password before accessing all features of the site. A cookie placed on the user’s computer will allow the website to customize content and sometimes automatically input the user’s log in information when the user next returns to the site.

Tracking

Cookies are often used to track an Internet user’s activity. Every time a user visits a website, the site’s server checks their machine to see if a cookie exists. If none exists one is created and they are counted as a first-time visitor. If one does exist, they are counted as a repeat visitor.  This allows websites to keep an accurate count of their traffic.

How do cookies affect privacy?

There are common misconceptions about what cookies can and cannot do. However, just because they may not be capable of the more malicious things they are accused of doesn’t mean that they are harmless.

Cookies cannot:

• Install viruses on a computer
• Increase the amount of pop-ups a computer experiences
• Increase the amount of spam received
• Erase or read files from the user’s computer

Cookies can perform actions that are questionable invasions of privacy.

When visiting a website, usually if the site makes use of web-advertising, a third-party cookie may be placed on the user’s computer. The web advertiser that created that cookie can then track their activity as they visit other websites in which the advertiser places content, creating a unique  profile of the user’s browsing preferences. This allows advertiser’s to display ad content based on the user’s profile. Many web users are concerned that their internet activity may be tracked and recorded by third-parties without even being aware of such activity. Further more, personal information may be stored in a cookie, if the user first inputs such information into a web form on a site. With the use of third party cookies, personal information may be shared with other parties all without the user’s consent or knowledge.

A new type of cookie called a Flash Cookie may not be deleted when a user’s delete their cookie files. These cookies make use of the capabilities in the Adobe Flash plug-in installed on most web browsers and are not stored with other cookie files. Flash Cookies may even replace the cookie files that have been deleted with new ones. Most websites do not even mention the use of such technology in their privacy policies or provide users with a way to opt-out of the service, violating the Fair Information Practice Principles.

Web users should also be aware of the potential for cookie tampering. Session cookies may often include sensitive information that has been inputed by the user into a web form. Such cookies are necessary for carrying out particular types of transactions. However, while login cookies may make use of encryption technology, many session cookies do not, leaving personally identifiable information vulnerable to hijacking.

Managing Cookies as a Web User

A web user concerned about their privacy has a few options.

Manage your Browser Preferences– All web browsers offer several different options for the management of cookies. These include options to automatically accept or reject all cookies, an option to reject cookies from specific websites and reject third-party cookies. Be aware that many sites require the use of cookies to function properly.

Opt-out of third-party cookies– Many advertisers offer an opt-out option by allowing users to download an opt-out cookie. However there are several major advertisers for which cookies may have to be downloaded to prevent tracking activities. If a user makes use of multiple browsers, the process must be completed for each one.

Managing Cookies and Privacy Preferences as a Website Owner

As a website owner that makes use of cookies, there are several things to do in order to maintain client trust and follow the fair information practice principles.

State use of cookies in the privacy policy– Privacy policies deal with the Fair Information Practice Principle of Notice, which requires that data subjects be informed what, how, and why information is collected about them, and how it might be shared. Any sharing of information with third-parties and the use of third-party cookies should be disclosed in the privacy policy.

Allow users to opt-out of third-party cookies– The Fair Information Practice Principle of Consent deals with a user’s right to decide how and where their information is used. Providing an opt-out option complies with this principle.

Encryption–Use encryption technology for all cookies, which includes session cookies. This prevents a user’s sensitive information from unauthorized access by hijackers. As the collector and maintainer of an individual’s personal data, an entity is responsible for the protection of their information.

In Conclusion

Cookies have become an essential part of web browsing. While the reasons behind the use of the cookie (user preferences, session management, maintaining accurate web traffic records) are not inherently problematic in terms of privacy, the ability of a cookie to track user activity can be considered invasive. Making sure users are aware of the use of first and third party cookies as well as providing options for managing and opting out of such cookies puts some of the control back in the consumer’s hands. Web users should be continually aware of how and where their information is being used and take preventive measures to avoid any unnecessary disclosures.

CIPP Candidate Preparation

In preparation for the Certified Information Privacy Professional exam, a privacy professional should be comfortable with topics related to this post including:

• Online Privacy:  “Online identification Mechanisms” (Foundations: III.B.g.i)