WEBINAR REPORT: Blueprinting the Way for Journalism and Privacy: Identity, network, trust | March 4, 2021
- READ FULL TRANSCRIPT
- WATCH VIDEO
- MORE ABOUT THE SERIES
- VIEW JAN. 7 PARTICIPANTS
- VIEW JAN. 21 PARTICIPANTS
- VIEW MARCH 4 PARTICIPANTS
Rules for privacy-safe exchange of user data, overseen by an independent third party rather than the big internet platforms or ad-tech companies, and the emergence of personal “information fiduciaries” could help restore public trust in the Internet, webinar participants were told last week.
Such scenarios were raised during a moderated virtual discussion hosted by the Information Trust Exchange Governing Association (ITEGA) among a half-dozen invited participants and the public entitled, “Blueprinting the Way for Journalism and Privacy,” part of a three-webinar series, “Identity, Advertising and the Future of Journalism.”
“I think we’ve seen that digital identity poses a lot of issues around privacy,” said Jo Ellen Kaiser, ITEGA’s board chair and the March 4 discussion moderator. “But it also opens up a tremendous opportunity, not just for the revenue side, but also for us to really help people, use the internet more effectively — be able to kind of make their own pathways through the internet in a way that they feel is a lot more reassuring than what they have now.”
Joining the discussion were a top executive of a digital-advertising technology company, The Trade Desk Inc., a leading web researcher for Consumer Reports, and a software engineer and former lawyer who specializes in developing “open-source” networks. Also included were heads of two small companies which help news organizations manage subscriptions and user data. The three webinars were organized by ITEGA with assistance from the Donald W. Reynolds Journalism Institute and Craig Newmark Philanthropies.
“I would like to think that the technology that we’re developing would allow publishers to to allow ad tech to provide some level of targeted ads without exposing identity,” said Richard Lerner, CEO of Clickshare Service Corp, one of the two small companies, adding: “In a way that they can tell their consumers: ‘Look you you don’t need to worry about it, we’re not allowing advertisers to track you across any sites outside of our network.’ “
KEY POINTS RAISED
- How to explore the impacts of trust, identity, privacy and revenue on diversity, equity and inclusion and on continuing to make sure the web benefits multiple publics broadly and globally.
- Whether the targeted-to-individuals advertising system dominating the Web for two decades is incompatible with privacy, and a form of “direct marketing” which should be de-emphasized or made illegal — without the user’s explicit agreement to participate.
- Whether emerging U.S. state or federal privacy laws should ban outright certain uses of consumer data without the user’s explicit permission. Outside of Europe, current laws default to allowing data use unless the consumer makes the effort to “opt-out.” Consumer Reports favors a ban.
- The Trade Desk is building a distributed-identity system for the open web’s digital advertising industry, which it calls Unified ID 2.0 (UID2) — and will cede operation of it to a nonprofit, ad-industry-controlled trade group, PreBid, Inc. At least two speakers said an independent third party should govern such a system.
COMPETING WITH “WALLED GARDENS”
Today, Google, Facebook, Apple and Amazon all offer “single-sign-on” identity services to their users, the effect of which is to allow them to track consumer behavior across wide swaths of the Internet and within what experts term their “walled gardens.”
Without a similar capability for independent advertising-technology services on the open web, news websites will wither, argued Bill Michels, general manager, product, at The Trade Desk, because brands want access to user preference data to serve “interested-based advertising.” He argued that the “walled garden” platforms would, without something like UID2, increase their already dominant share of web advertising.
“And if there’s not identity, and a safe way to do that, on the open Internet, all of those [advertiser] funds are just going to move to where it’s easiest to do it,” said Michels. “From a practical matter, if there is no identity on the open Internet, those sites will just go away. like there will be no newspapers.”
One public participant in the webinar, former ad-agency executive and current privacy advocate “Doc” Searls, countered that he thought Michel’s prediction was potentially inaccurate. That’s because quality-brand advertisers will want to find editorial “context” for their messages, Searls believes, rather than adopt what Searls called a “direct-marketing” approach of targeting ads with knowledge of an individual consumer’s behavior.
HOW UID2 WOULD WORK FOR ADVERTISERS
Michels explained that UID2 will work by asking publishers to provide PreBid Inc. with email addresses of their subscribers, in what he characterized as “an explicit permission to use data.” The UID2 system will then encrypt the emails with a “hashing and salting” protocol so that, while participants in the system can track a unique individual across the web, they wouldn’t have any personal identifying information (PII) linking a real person — at least not via the UID2 system. Michels said authorized ad-industry participants in the system would be supplied with a decryption key allowing them to discover the embedded email address.
“So now, once it goes into there – and there are lots of other companies like The Trade Desk which are buying on those pipes – companies can then have the decryption key to look at it and say, oh, cool, this is, firstname.lastname@example.org,” Michels said. “And we have thousands of advertisers that are looking at all these opportunities, and they say, ‘Yep, based on what I know about him, I think I can make some informed decisions around which personalized ad to show.’ “
SOMEWHAT PERSISTENT IDENTITY —
UDEX CLOUD COHORTS
If the identity can be shared and persists, how long before someone identifies it with a person using data from outside the UID2 system? Michels said the “hash” function is expected to rotate about every six months, meaning identity matching would have to be restarted after each change.
In another approach, Clickshare’s Lerner outlined a user-data-exchange (UDEX.ORG) service that his company designed in 2016-2017 during his participation in ITEGA’s technology task-group meetings. Under it, a publisher could share (with a user’s permission) data about the user’s interests into a cloud-based service. The UDEX protocol description has been posted publicly for more than five years by ITEGA. (ITEGA’s founder, Bill Densmore, was a founder of Clickshare).
First the publisher would encrypt the user ID, the interest data would be used to assign the now-anonymized user to one or more “interest cohorts”. An advertiser could then query if a user is in a relevant interest cohort in the instant before deciding whether to serve a particular ad. The advertising networks would never learn the identity of the user, but they would receive a unique code when a user sees a particular ad so they can “frequency cap” and sequence subsequent views logically. The unique code would differ for each ad served and would be good for about a week.
GOOGLE WOULD CONTROL COHORTS IN BROWSER
Google Inc. has announced its intention to test a “cohort”-based ad-targeting service, but the matching would occur inside the Chrome browser, which is owned and controlled by Google. The UDEX.org proposal would be governed by a public nonprofit such as ITEGA.
“With the UDEX, the notion is that each ad tech group gets a different identity ID for a person, largely those are different for different ad tech groups, and certainly would be different for different networks. And they would be short lived,” Lerner explained, adding: “Doing some level of targeting of ads — ad tech tells us is important. And, maybe it is, but it certainly was the case that when you used to open up a magazine, you’d see ads without any expectation that those advertisers would know who you are.”
NEED FOR WATCHDOG IS ASSERTED
The need for a watchdog to make sure companies working with consumer privacy and identity are living up to ethical and business promises was emphasized by James Vasile, a former lawyer and board member of the Electronic Frontier Foundation, who now co-heads a technology-development firm, Open Tech Strategies.
Open source as table stakes for trust, said Vasile. But there is a problem with knowing whether everyone is running the same technology on the server side. He said: “If you want to make promises, you have to offer something that is inspectable. Because as we’ve seen time and time again, every time somebody makes promises, but we don’t have third-party inspection, it always turns out that they were lying.”
In an apparent reference to UID2, Vasile added: “And more to the point, no amount of open-source transparency, goodness is going to reassure people [when] you’ve given them some sort of tracking number that is going to follow them from website to website and allow anybody to build profiles of all their surfing activity. I don’t know anyone that would hear: ‘Build a profile of me it can get shared here, it can get shared there — but you have a lot of control over it. And we’ll use it to target advertising toward you.’ That is not the start of a conversation people want to have. That is the start of a conversation people want to escape from.
Michaels, from The Trade Desk, responded that once browser makers stop supporting “third-party cookies” publishers are going to be in a “dire situation” unless they can have a conversation with their readers/viewers about tracking their activity to improve ad targeting. He said The Trade Desk was using a “flavor” of open source “that puts ownership out into the industry.” He said anyone will be able to transparently suggest changes.
Vasile agreed that an open-source approach was a piece of the puzzle, but that technology alone couldn’t assure that privacy and identity promises to the public are met. “It’s a piece of the puzzle,” said Vasile. “But not without the oversight, without the governing authority or third-party auditing of who knows what.”
PRIVACY VS. PLATFORM COMPETITION
Michels was respectful and supportive of privacy-protecting measures, but worried about the competition. If publishers and ad-tech companies operating on the “open web” can continue to target users inside the “walled gardens” — but no longer do so outside on the open web. If that’s the case, he said, advertisers will spend more of their money in the walled gardens.
“Nike’s not gonna go, ‘Good for you. We’re still gonna give you half,’ said Michels. “They’re going to be: ‘Well that’s fascinating. Good luck.’ And they’re just gonna give all their money to three companies. And so the open web will think, ‘Yes. We did a bunch of things to make sure there’s absolutely no data sharing.’ And to what end? Because there will be nothing left. So . . . the money flows relative to where it can see the best return. And right now, it is a better experience to buy on Amazon, through Google, Facebook and a couple of other things. They will take that email data, they’ll load it up in Facebook and they will find you there . . . and that’s where the majority of their money will go – if there’s not an equivalent way to do that on the open web.”
HOLDING A KEY TO SHARED SUBSCRIPTIONS
The other small company in the webinar discussion, Creative Circle Media Solutions, is launching an effort to get news publishers to join a shared-user network in which a subscription account at one news site would provide access to many other news sites as well.
“We’ve been working to try to get interest developed for the existing payload vendors in the newspaper industry, to create a single sign on — something that would probably query, when you log in, you would tell them what you were logging in with,” said Creative Circle’s CEO, Bill Ostendorf. “And then it would query that database and let you in.”
He said he was attracted to ITEGA “because someone would have to hold the key to this shared sign on. And so I have some hope here that we can advance this further . . . we have to have paywalls, and we have to have the ability to carry them around, it really would be a big deal . . . . “
” . . . I want them to be able to take that login, and use it anywhere and have the Washington Post or the Pawtucket [R.I.] Times — somehow this person through — maybe a key that we supply with their login — to say: ‘Oh, this is a Creative Circle, person’ — and route the login to us and we’ll authenticate. So that’s pretty different than anything that’s out there right now and doesn’t really require us to share any information. It just requires somebody to look at that login as it’s happening, and pass it to the right vendor. And that way to the user, it’s transparent.”
THE NETWORK ‘TICKET’ — AND SUPERFUND
The shared-user subscription and a proposal for government-backed payments to fund journalism were presented as additional methods to support journalism beyond advertising technology.
Kaiser, the ITEGA board chair, remarked that in her consulting with the Tiny News Collective and small digital news sites across the United States, some of them nonprofits, there is a desire to have a method to share and get credit for each other’s content. “You could have back-end exchanges that are invisible to consumers, but that allow them to get all kinds of content with a login that they trust,” Kaiser suggested.
The idea of providing some sort of government subsidy to U.S. news publishers was raised by Consumer Reports’ Digital Labs director Ben Moskowitz. Loss of advertising has put current publishers under “terrific pressure” he said. He noted a proposal by the nonprofit think-tank Public Knowledge for a “superfund” for journalism.
REGISTRATION FOR PAYMENT — NOT JUST AD TARGETTING
“I love the idea of the ticket — you can buy into a network of sites.” said Moskowitz. “I love the idea of micropayments, I think. Just to speak for Consumer Reports for a second, we were one of the first sites to put up a paywall — it probably saved Consumer Reports, to be honest. . . . subscription businesses on the whole are really doing well.”
Moskowitz said saving quality journalism and making free content monetize better (through targeted advertising) may be separate discussions, and agreeing to give up personal data shouldn’t be the only way to be informed, although it can certainly be one way.
“But that said, as publishers do look at their options going forward, such as UID2 and hashed email, authentication-based systems, those registration-based systems are definitely one way of maintaining addressability,” he said. “And that is not just like for cross-site data sharing. But it’s also for the scenarios that get payment.”
Brendan Riordan-Butterworth, a technical advisor to ITEGA who formerly worked for the IAB Tech Lab and Microsoft, joined the discussion to offer a summary of what he called four elements of a “cocktail” of options available to news publishers”
The hashed-email base, like UID 2.0.
Google’s put-personal-data-in the web browser solution
User data solicited by publishers directly from their own users
Selling advertising merely based on adjacency to quality content — so-called “contextual” ads.
This prompted ITEGA board member Linda Miller, a former newspaper and public-radio editor and executive, to remark: “There is still quite a bit of trust in local news. And it’s not quite being leveraged — or maybe the truth is, it’s more accurate to say it is not able to be leveraged because of the way the advertising system is now set up, and the way identity and data plays into that . . . But one of the carrots we have is trust. What if our users really trusted us with their identifying data . . . there are mission-based opportunities we could have.”
FINAL IDEA — THE CONSUMER DATA-TRUST AGENT
A final key idea of the session came from Moskovitz, the Consumer Reports researcher. He acknowledged that there will be “some surveillance-based content underwriting through advertising” which he said would not be a bad thing unless it were the only option for the public. He suggested the emergence of “trusted intermediaries” for the public could give the public the ability to bargain over data. CR is taking “baby steps” into the idea of becoming an intermediary, or “authorized agent” for consumers under the California Privacy Rights Act.
A consumer might say to such an agent, according to Moskowitz: “I’m going to trust you to go out and opt me out of the data, that’s not good for me, or to delete my data for data brokers basically take the actions, I don’t have the time or the wherewithal to do, but I implicitly trust you to do it for me.”
Concluded Moskowitz: “It does seem like we’re about to enter a new moment where intermediaries is going to be part of the next wave of innovation, so to speak.”
- READ FULL TRANSCRIPT
- WATCH VIDEO
- MORE ABOUT THE SERIES
- VIEW JAN. 7 PARTICIPANTS
- VIEW JAN. 21 PARTICIPANTS
(Webinar report summary written by Bill Densmore)