I Want More Cookies

November 4, 2010

My latest musing on privacy and the Internet is inspired by MPs, though ‘inspired may be completely the wrong word – ‘expired’ comes closer to my reaction. On 28 October, the new Backbench Business Committee met in Westminster Hall and discussed the Internet and Privacy. I intended to write a short account of the debate (which lasted for 155 minutes). Of course that meant reading the debate in full, but I was impressed by the very fact that MPs (and Robert Halfon, the Conservative MP for Harlow in particular) had chosen to debate the topic and expected to be further impressed by the insights of the MPs (as I genuinely have often been when reading Hansard in the past). After all, Robert Halfon revealed in the debate that he has 1,400 Facebook friends – clearly a guru. I strongly suggest that you all read the debate ({here: http://www.publications.parliament.uk/pa/cm201011/cmhansrd/cm101028/halltext/101028h0001.htm#10102828000002}) – I don’t see why I should suffer alone.

The truth is that, as I read on, I became more and more discouraged by the quality of the debate and found that the faint strains of CSI Miami were drawing me away into another room. I don’t get any more bored than that. Given the choice of picking fluff off a jumper and watching CSI Miami, I’d usually pick the jumper.

Are all the SCL members and other lawyers with a grasp of IT, privacy and law too busy to be MPs? Perhaps you are all put off by the lack of money – I understand the expenses are less generous than they were. But you could at least find time to talk to them and put them straight about a few things. Surely there must be somebody, other than a strongly briefed Government minister, who has noticed that most of the topics they were discussing are governed by EU Directive and that a self-regulatory industry model is not likely to cut it with an EU Commission that considers that the ICO has insufficient teeth? Do they realise that the European Commission is expected, probably today, to outline its strategy for bringing the Data Protection Directive up to date? And surely someone has noticed that, unless you are behind a national firewall (and God forbid we get one for the UK), the Internet is no respecter of borders. Perhaps they do know all that – and their recognition of the pointlessness of the debate affected its quality.

Ed Vaizey, the Parliamentary Under-Secretary of State for Culture, Media and Sport, had to cut his speech short by 20 minutes, but he had time (43 minutes to be exact) to recount all the elements of the legal framework that protect Internet privacy. If you had stripped away the parts of his contribution that amount to ‘we have done and will continue to do what Brussels tells us’, you are left with little more than chat to the Information Commissioner about Street View and what I regard as a wholly unrealistic proposal for a Nominet-like body to help people complain about online breaches of their privacy.

But I don’t regard all my time as having been wasted. Not only did I confirm that CSI Miami is bad (in fact it’s so bad, it’s still bad when you try and watch it for laughs) but I also got some fluff off a jumper (and I admit that the brief ‘systematic mendacity’ intervention from David Davis MP was {i}almost{/i} worth the price of admission). But above all I found myself wondering about cookies and why are there so often just two flavours. You usually have to choose between the invading your privacy bluebottle cookie or the malfunctioning web site with double chocolate chip cookie. The limitation of choice is emphasised by the strong hint from the Government that consent to the use of cookies, as required by the amendments to the ePrivacy Directive, will be capable of being given by browser settings. While I think it is perfectly possible for browsers to be set so as to decide whether I want cookies or not, no browser is yet sophisticated enough to determine if I would prefer the gluten-free ginger cookie to the extra-large muffin with caramel chips.

In plainer words (quickly before I am forced to drive to the bakers): why aren’t we demanding that web sites that need cookies offer a range of options with (or without) privacy settings that allow the user a real choice? Why do we so often have to choose between accessing a web site that works well below its optimum level or welcoming in a cookie that feeds back all sorts of information that we might like to keep private? So often we have only the illusion of choice – Hobson’s Choice cubed. We need to be presented with choices that have meaning – and that can only be possible if the requirements insist that web site operators offer a range: the cookie that is strictly necessary for operation, the cookie that eases your experience but transmits only minimal information and the full-fat marketing cookie that makes the web site’s bells ring – and maybe a few more unusual flavours for the discerning palate. Many would choose the full-fat option – after all many do tick the box to hear about ‘carefully selected’ offers from ‘partners’ of a store on paper forms – and many would not. Why are we not aiming for more choice at a technical level? A full range of options seems to become magically available only when, as with Facebook, a major stink has been caused about privacy encroachment.

I think I hear a chant coming on: ‘We want more cookies, we want more cookies’.

I think I might have to go and get some.