Many people, upon learning that millions of sites they have never heard of are constantly tracking their every online move, are justifiably creeped out. Online tracking has been a hotly debated issue, especially with the advent and collapse of the “Do Not Track” movement. Therefore, it is worthwhile to analyze the specific problems and potential solutions associated to this issue.

First, the problems: why is it so bad that Facebook knows all of your personality traits, relationships, and tendencies? The easiest answer is that it is not just large, reputable companies such as Facebook and Google which track your online activity and seek to profit by mining large databases of big data. Due to increased amounts of legal scrutiny and a special interest in maintaining good public relations with users, these companies will almost certainly make sure that your data is properly cared for. Certainly the risk that something goes badly is important to keep in mind, but government, the market, norms, and secure technological architecture decrease the probability of this risk. So who else is in the business of tracking online activity? Companies such as scorecardresearch.com, quantserve.com, and doubleclick.net, which most Internet users have never even heard of. We now have an entirely different issue on our hand, in which reputable first-party websites use cookies from several (upwards of 50 in some cases) third-party companies whose sole job is to track your online activity. This is a significant problem for many reasons. Firstly, these companies operate in an entirely different sphere than Facebook and Google; government regulation is near-impossible, and the companies have no market incentive to be careful with data. In fact, they have every incentive to profit from your data by selling it to advertisers, who could then go on to do such things as using price discrimination by bracketing Internet users by supposed income, or compiling databases of sensitive information such as medical records. Secondly, neither legislation nor architecture has been updated so as to provide users with meaningful technical controls over the way in which their information is shared over the web. Lastly, there are so many third-party tracking sites that even if we had the tools with which to protect our privacy, we wouldn’t be able to do it. In fact, even sites such as ghostery.com, whose applications are intended to give users more control over such matters, cannot possibly tell you about tracking hidden cookies.

It is now very clear that given these problems, which have indeed manifested themselves, users’ fear of online tracking is indeed a rational one. We must therefore consider the tools in our arsenal, given succinctly by Lessig’s four forces: those of government, the market, norms, and technology. It was explained above why the market will fail: those playing loose with peoples’ information have no incentive whatsoever to respect privacy rights. Additionally, the “Do-Not-Track” movement, which attempted to implement a technical tool which really didn’t do anything (and was thoroughly rejected by the tracking industry), is an empirical example of the failure of norms: telling tracking sites you do not want to be tracked will not accomplish anything. Therefore, it is my position that the two remaining forces, government and technology, should work in concert to provide a solution: technology to architect more sophisticated user controls, and government to provide the nudge for the Internet industry as a whole to do so. There will need to be a substantive legislative debate about what these controls might look like. Until then, users have two choices: accept the insecurity of their information, or completely opt out of Cyberspace.