Public-interest groups like the Electronic Privacy Information Center (EPIC) and the Center for Digital Democracy (CDD) are a vital safeguard for consumers in the digital age. They keep vigilant watch over the Internet, fight the tough fight against large companies and hack through arcane government bureaucracies. Their dedicated staffs work long hours to promote the causes of consumer protection and corporate transparency. These principles are beyond reproach.
But there might come a point when even the champions of the good fight go too far.
EPIC and several other groups filed a complaint with the Federal Trade Commission on Saturday requesting that the agency order Ask.com to pull its AskEraser product from the market. AskEraser is a privacy feature that promises to delete users’ browsing histories from Ask’s servers. The product was introduced in December.
In the complaint, EPIC et al charge Ask with deceptive trade practices, claiming that the product creates a unique persistent identifier that could still be used to track consumers, that the information trail of users who enabled AskEraser is still available to Ask’s business partners, like Google, and that the mechanism of the opt-out cookie is not a viable privacy safeguard because it does not scale.
The complaint also takes issue with the two-year lifespan of the AskEraser cookie. The groups are not right on this one. Ask changed the application earlier this month, extending the life of the askeraser cookie to 30 years. This information is available on Ask’s Frequently Asked Questions page.
The point about consumer data being tracked by Ask’s business partners is true enough. Google serves ads on Ask’s search pages, and, by the terms of its agreement Ask has no control over what information is stored on the servers of Google. Ask readily admitted this limitation when it rolled out AskEraser, and virtually ever media outlet that covered the announcement included that important point in the story. That important point also appears in Ask’s FAQ section.
The groups also object to the unique persistent identifier that is created in the form of a time stamp when a user turns on AskEraser. This is certainly the case, but Ask rebuts the charge with the claim that, with its search logs expunged, there is nothing to track, so the persistent identifier is a non-issue.
Finally, EPIC et al take issue with Ask’s warning that it will turn AskEraser off if ordered to do so by a court or other legal authority. The FTC complaint calls this a deceptive trade practice; Ask says that it, like any legitimate business, is obligated to comply with the law.
Nicholas Graham, Ask’s vice president of corporate communications, freely admits that AskEraser is not perfect, that it has limitations and room for improvement. The roll-out of AskEraser grabbed headlines because it was the first time a major search engine had offered a feature that gave customers the chance to erase their browsing histories. The CDD, one of the groups that signed the complaint, greeted the announcement in December with an upbeat tone of cautious optimism. It was a good first step.
Now, after EPIC and Ask have been unable to connect to discuss the concerns on a technical level, the groups are taking their case to the FTC, calling for the product to be pulled from the market. The debatable merits of the complaint notwithstanding, by appealing to the feds to shut the service down, they give scant incentive to other search companies to develop similar features that start taking privacy more seriously. And that is, after all, what they want. Isn’t it?