The FCC will not require websites to protect users' privacy and security in response to "do not track" requests. Since such a mandate could not be enforced anyway, this decision is best for users in the long run.
The FCC has refused to order websites to protect users' privacy in response to "do not track" requests -- and that's actually a good thing for people who want to stay anonymous online. Here's why.
A few days ago, the Federal Communications Commission, or FCC, dismissed a petition that called on the agency to give legal teeth to "do not track" requests in Web browsers. Browsers send "do not track" requests to websites when users configure them to do so. Most modern browsers let users enable a "do not track" feature in the preferences or configuration dialog.
In theory, "do not track" features are a good way for people to make clear to websites that they do not want their personal information or browsing history to be tracked via cookies or other means. Unfortunately, the requests are quite meaningless in practice, because websites can ignore them with impunity.
The FCC petitioners hoped to change that by convincing the agency to create a policy that required websites to respect "do not track" settings in users' browsers. The idea was to create something similar to the "National Do Not Call Registry," which would have allowed users to opt out of being tracked by Web companies in the same way that they can choose not to be contacted by telemarketers.
The Problem with Do Not Track
At first glance, the FCC's decision not to act on the "do not track" petition may seem like bad news for Internet privacy advocates. But it's actually a good thing.
That's because "do not track" requests can create a false sense of security. Even if websites were required by law not to track users upon request, such a mandate would be very difficult to enforce since -- unlike people who receive telephone calls from telemarketers -- Internet users who are being tracked don't usually have a good way to know about it.
In addition, the FCC can't regulate the global Internet in the way that the government can control telephone infrastructure inside the United States. If a telemarketer based in America makes a call to someone on the Do Not Call Registry, it's easy enough to identify the caller and enforce the Do Not Call regulations. The same can't be said for a website that is hosted outside of the United States, or a Web company that has offices abroad, which tracks users despite requests not to.
For both of these reasons, actually enforcing a "do not track" mandate would be essentially impossible. But because FCC's endorsement of the feature would have encouraged users to believe that they are safer when they configure their browsers not to be tracked, many users would be left with a false sense of security. They would think that protecting their online privacy was as simple as checking a box in the browser and placing their faith in the FCC, when in reality many websites could still be tracking them.
None of the above factored into the FCC's explanation for why it would not act on the petition. The agency instead said that regulating online content, as opposed to Internet communications, was not part of its purview.
Still, it's positive news that users won't be led astray by promises about Internet privacy that an agency like the FCC would not be able to keep. It creates stronger motivation for privacy-minded users to invest in other solutions, like Tor, that give users the power to protect their own identities, rather than merely asking websites to do it for them.