Web firms face increased federal scrutiny over Internet privacy
By Cecilia Kang,
As LinkedIn prepares to sell its stock to the public, the social network for professionals is warning of a potential threat to its business: Internet privacy laws.
In a filing with the Securities and Exchange Commission this month, the start-up said a push by federal regulators to create privacy rules “could deter or prevent us from providing our current products and solutions to our members and customers, thereby harming our business.”
Silicon Valley is on alert. As federal officials move closer to creating Internet privacy laws, companies that have enjoyed the freewheeling nature of the Internet find themselves under increased scrutiny.
Google, Facebook and marketer Epsilon are among the world’s biggest repositories of digital information, and the giants have long lobbied against privacy laws that would curb their ability to collect and share data. To do so would limit their business prospects, they say, and they argue that consumers want advertisers to slice and dice data to serve up more relevant ads.
Now those concerns are rippling across the entire Internet industry.
“No matter what size the company, they are seeing how a government inquiry can shut down a business or affect the future of others,” said Hemanshu Nigam, founder of the privacy consulting firm SSP Blue and former privacy head for MySpace. “Privacy is now a line item in business plans.”
That’s a change of pace for Web entrepreneurs, who are typically given a long leash by regulators to plug away at new technologies without the distraction of politics and policy in Washington.
But in the past year, Silicon Valley firms have seen a bevy of Web companies swept into federal investigations of alleged consumer protection violations and fraud.
This week, Internet radio site Pandora revealed that it was called into a broad federal grand jury investigation into the alleged illegal sharing of user data by a number of firms that create apps for the iPhone and Android devices. Days earlier, Google settled with the Federal Trade Commission on charges it exposed data through its Buzz social networking application without the permission of users. Last year, Twitter settled with the agency after an investigation found the micro-blogging site’s loose security allowed hackers to access user information.
The damage from those investigations comes in the form of legal costs and, in the case of Google, the mandate of regular privacy audits. But the bigger worry is how those inquiries hurt reputation, said venture capital investor Raj Kapoor of the $2.8 billion Mayfield Fund.
These days, he said, privacy policies have become integral to his decisions about new tech investments. He’s seeing start-ups with just a handful of employees appoint a privacy officer to ensure new products and services are designed with data protection in mind.
Google said last June it had appointed a director of privacy. Yahoo and Microsoft also have chief privacy officers.
“It’s just good business because it engenders customer loyalty,” Kapoor said. “If we don’t make these efforts. the government will enforce regulation, and as much as the private sector can do on our own, the better.”
The FTC wants to create a “Do Not Track” requirement for Web sites. That would allow users to block advertisers from following their movements online.
The idea “could significantly hinder our ability to collect and use data relating to listeners,” Pandora warned in its filing with the SEC.
But companies fighting new rules face a difficult battle as more privacy breaches are found.
This week, Sen. Richard Blumenthal (D-Conn.) asked U.S. Attorney General Eric H. Holder Jr. to investigate a data leak by Epsilon, an e-mail marketing firm, that exposed information about millions of consumers. The Federal Communications Commission is investigating Google for vacuuming up Wi-Fi user data by cars used to take photos for its Street Views mapping application.
The incidents, privacy advocates say, underscore the need for basic Internet privacy rules. They want the FTC to take a stronger hand in enforcement and are seeking to prevent companies from tracking users online, particularly through location-based services. They want companies to purge the information they collect within months and not share that data with advertisers and apps developers.
But the buying habits, music preferences, demographics and location of users are the kinds of rich details advertisers hunger for as they seek to increase the likelihood an ad for Weight Watchers or Mercedes-Benz will reach the right demographic and turn into real purchases.
Naveen Selvadurai, a founder of Foursquare, said he’s concerned new rules would not take into consideration technologies being developed to help solve security and privacy concerns.
He said keys have been developed in place of passwords for added security. Browser companies such as Mozilla and Microsoft have implemented their own “Do Not Track” technologies that block Web sites from following user activity.
On Foursquare, users’ locations are identified only when a user actively “checks in” to a location, unlike other services that constantly follow users through global positioning services.
“My main concern is that I don’t want people to misunderstand what they are applying rules to,” said Selvadurai. “Many interesting things can be done without over-reaching laws that aren’t fully thought out on the technology side.”