You are browsing the archive for online privacy.

California DMV’s Autonomous Vehicle Regulations Must Protect Users’ Privacy

3:48 pm in Uncategorized by Consumer Watchdog

Driverless CarI was up in Sacramento today to call on the Department of Motor Vehicles to ensure that the regulations that they are developing to govern the use of autonomous vehicles – popularly known as driverless cars – will protect the operators’ privacy.

The company that will be most directly affected by the new autonomous vehicle regulations is Google, which is pioneering development of the robot-driven cars. The Internet giant was the driving force behind SB 1298, which charged the DMV with the task of developing the regulations and also rebuffed attempts to require privacy protections in the law.

However, it is not too late to implement privacy safeguards in this rulemaking and Consumer Watchdog called on the DMV to do so. Failure to act will mean substantial privacy risks from the manufacturers’ driverless car technology if there are not protections from what Google is best known for: the collection and use of voluminous personal information about us and our movements.

The DMV regulations must give the user control over what data is gathered and how the information will be used. Merely stating what data is gathered with no explanation of its use is woefully inadequate. The DMV’s autonomous vehicle regulations must provide that driverless cars gather only the data necessary to operate the vehicle and retain that data only as long as necessary for the vehicle’s operation. The regulations should provide that the data must not be used for any additional purpose such as marketing or advertising without the consumer’s explicit opt-in consent.

Without appropriate regulations, autonomous vehicles will be able to gather unprecedented amounts of information about the use of those vehicles. How will it be used? Just as we are now tracked around the Internet, will Google and other purveyors of driverless car technology now be looking over our shoulders on every highway and byway? Will the data be provided to insurance companies for underwriting purposes or to third parties that develop some kind of a driving score related to where and when individuals travel? Will it be used to serve in-car advertisements or advertisements through other venues in the Google suite of products? Will it be used to track our movements and those of surrounding cars and mobile devices so that Google’s advertisers can better locate us?

Google is the aforementioned leader in driverless car research and is attempting to steer regulatory efforts in various states, especially California. That’s why our concerns are so focused on the company. So I ask: Why won’t Google endorse simple privacy safeguards for its self-driving cars? I think there are two reasons.

First, Google’s entire business model is based on building digital dossiers about our personal behavior and using them to sell the most personal advertising to us. You’re not Google’s customer; you are its product – the one it sells to corporations willing to pay any price to reach you. Will the driverless technology be just about getting us from point to point or more about tracking how we got there and what we did along the way?

Second, computer engineers, who believe that more data is always better, are in charge at Google. They may not know what they would use data for today, but they think they may someday find a use for it and don’t want any restrictions on them now.

Google is first and foremost an advertising company; 98 percent of its $38 billion in revenue comes from advertising, and the more personalized the marketing the better. Indeed, Executive Chairman Eric Schmidt has said, “We don’t need you to type at all. We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.”

Read the rest of this entry →

Now Even Google Says Don’t Be A “Glasshole”

4:49 pm in Uncategorized by Consumer Watchdog

Looks like even Google is finally figuring out the innate privacy invasive properties of its wearable computing device, Google Glass. The Internet giant has posted a list of do’s and don’t's on its Glass website that tells “Explorers” — the first group of people to get access to Glass for $1,500 — how not to be “Glassholes.”

You’ll recall that Chairman Eric Schmidt once said it was Google’s policy to get right up to the “creepy line,” but not to cross it. It seems pretty clear that some Googlers have figured out that Glass has crossed the line and are attempting a rowback.

From the list of Do’s:

Ask for permission.
Standing alone in the corner of a room staring at people while recording them through Glass is not going to win you any friends (see Don’ts #4). The Glass camera function is no different from a cell phone so behave as you would with your phone and ask permission before taking photos or videos of others.

And here’s Google’s final point on the list of Don’t's:

Be creepy or rude (aka, a ‘Glasshole’).
Respect others and if they have questions about Glass don’t get snappy. Be polite and explain what Glass does and remember, a quick demo can go a long way. In places where cell phone cameras aren’t allowed, the same rules will apply to Glass. If you’re asked to turn your phone off, turn Glass off as well. Breaking the rules or being rude will not get businesses excited about Glass and will ruin it for other Explorers.

You may have seen that Virgin Atlantic staff who greet “Upper Class” passengers — the airline’s name for First Class– as they arrive at Heathrow Airport are now sporting Glass purportedly to offer them information on such things as the weather at their destination.

How long do you think it will be before they are recording and videoing arriving passengers and maybe even linking it to facial recognition technology? Just, what we need, right? First Class “Glassholes.”

Posted by John Simpson, Privacy Project Director at Consumer Watchdog.

Target Needs to Pay for Targeting Our Privacy

8:04 pm in Uncategorized by Consumer Watchdog

Target ShirtTarget is targeting our privacy. There’s a big red bullseye, a target – like the one on the shirt I’m wearing today – that Target and Neiman Marcus, who chose not to show up to answer questions today, have put on us because they haven’t done enough to protect our private financial data. And the reason is that there’s no financial incentive to do so.

110 million Americans had their personal financial information breached. That ‘s one out of two adult Americans. I was in Sacramento today to testify in front of a joint California Assembly committee hearing investigating the breach. And yet Target did not send a single representative to Sacramento today to answer questions about the largest data breach in American history?

The fact that Target didn’t show up today tells us all we need to know about how sorry Target is and how committed it is to our privacy.

If you are as offended by this as I am, I have a t-shirt for you to wear too.

The reason Target won’t face legislative questions today is the same reason that our personal financial information and data is at such grave risk: there is no price to pay. There are few financial penalties to companies like Target when our personal data is taken.

Beyond public embarrassment, Target has little financial incentive to care.

We, the consumers, pay the consequences but we have no remedies.

According to the Committees’ own staff research, 1 in 4 consumers whose personal information that is taken becomes a victim of identity theft. 1 in 4 victims of a data breach is also a victim of identity theft. If these numbers apply to Target, that would potentially create more than 25 million identity theft victims.

There’s a harm. The retailers had a role in creating that harm. And yet they have no liability under California law for what they have or have not done to safeguard the sanctity of our personal information.

The problem with privacy violations is that unlike thefts of money or property the law does not recognize a harm and does not provide a remedy.

As the Committees’ staff research states: consumers have no remedy under the law for the loss of financial privacy suffered through these data breaches, and the 1 in 4 risk of id theft they face. Zero remedies.

So why would retailers invest in greater security, or meet voluntary industry standards, or move away from risky magnetic strip technology?

If they don’t have to pay a price they don’t have an incentive to change. And that leaves our private financial information with a big bullseye on it.

What can we do?

We need a California financial information act that mirrors our Medical Information Privacy Act.

When there is a data breach of our medical information, the drug company, hospital or medical center is liable to the consumer for $1,000 per violation.

Guess what? Medical data breaches are fewer and farther between. When they occur companies pay a big price.

The same should be true for our financial data. We need a California Financial Information Privacy Act.

It would:

  • Change notification standards to be immediate.
  • Write minimum-security standards into the law so that they are no longer voluntary.
  • Set limits on the time data can be retained. And limits on what information can be collected and retained
  • Most importantly: create a private right of action. Put a price tag on retailers’ mistreatment of our private financial information.

Until there is a price to pay, Target and other retailers will continue to make us targets.

If you are as offended as I am by Target’s absence today in Sacramento, please share our Target design online to show your displeasure.

When a company as big as Target won’t provide a single representative to answer questions about the largest data breach in American history, it is time for California to step up and deliver on the promise in Article 1 Section 1 of our state constitution: Privacy is an inalienable right.

Posted by Jamie Court, President of Consumer Watchdog.

Google Glass Won’t Allow Facial Recognition Apps For Now

8:28 pm in Uncategorized by Consumer Watchdog

Google GlassGoogle is apparently reacting to widespread concerns about one of the most privacy invasive and Orwellian potential applications for its computerized eyeglasses known as Google Glass. Late Friday the Internet giant said it won’t — for now — allow facial recognition software on the device.

Facial recognition software has pretty much been developed to the stage where if such an app were allowed on Glass, a user could scan a crowd, select a face and rapidly discover the person’s identity and all the myriad details about them available on the Internet.

It would be Big Brother at his best. (Or is that worst?) However, from what I can see Google’s announcement is little more than a PR move. Google is not making any long-term promises. Indeed, the Internet giant is very much keeping the door open for including facial recognition software in the future. Google offered this post of explantion on its Google+ Glass page:

When we started the Explorer Program nearly a year ago our goal was simple: we wanted to make people active participants in shaping the future of this technology ahead of a broader consumer launch. We’ve been listening closely to you, and many have expressed both interest and concern around the possibilities of facial recognition in Glass. As Google has said for several years, we won’t add facial recognition features to our products without having strong privacy protections in place. With that in mind, we won’t be approving any facial recognition Glassware at this time.

We’ve learned a lot from you in just a few weeks and we’ll continue to learn more as we update the software and evolve our policies in the weeks and months ahead.

John SimpsonYou’ll recall that Google Executive Chairman Eric Schmidt has said that the company’s policy on privacy is to go right up to the “creepy line,” but not to cross it. So, for now facial recognition is beyond the creepy line. The question is: How long will be before the “creepy line” is pushed further down the road so that facial recognition software is OK?

Meanwhile, Computerworld reports that apps developers are scrambling to write software for Glass. Already in the mix are apps from Twitter, Facebook, CNN and Elle. And, it’s not only mainstream apps that are focusing on Glass. Mikandi just announced it has developed a porn App for the computerized eyeglasses.

Posted by John M. Simpson, Director of Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog online on Facebook and Twitter.

Bipartisan Privacy Caucus Asks Important Privacy Questions About Google Glass

1:33 pm in Uncategorized by Consumer Watchdog

Sergey Brin Wearing Google Glass Eight members of Congress have sent a letter to Google CEO Larry Page asking tough and necessary questions about the Internet giant’s new wearable computing device, Google Glass.

The letter from members of the Bipartisan Privacy Caucus, whose Co-chair is conservative Joe Barton, (R-TX), says, “As members of the Congressional Bipartisan Privacy Caucus, we are curious whether this new technology could infringe on the privacy of the average American.”

It’s great to see that in a largely dysfunctional Congress some members can reach across the aisle and demonstrate that privacy is not a partisan issue. Besides Barton others signing the letter are Rep. John Barrow (D-GA), Rep. Steve Chabot (R-OH), Rep. Henry C. “Hank” Johnson Jr. (D-GA), Rep. Walter Jones (R-NC), Rep. Richard Nugent (R-FL), Rep. Bobby Rush (D-IL) and Rep. Loretta Sanchez (D-CA).

The letter also poses several questions intended to make sure consumers’ rights are protected. They include:

  • When using Google Glass, is it true that this product would be able to use Facial Recognition Technology to unveil personal information about whomever and even some inanimate objects that the user is viewing? Would a user be able to request such information? Can a non-user or human subject opt out of this collection of personal data? If so, how? If not, why not?
  • In Google’s privacy policy, it states that the company “may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number).” Would Google Glass collect any data about the user without the user’s knowledge and consent? If so, why? If not, please explain.
  • Will Google Glass have the capacity to store any data on the device itself? If so, will Google Glass implement some sort of user authentication system to safeguard stored data? If not, why not? If so, please explain.

Read a copy of the Bipartisan Privacy Caucus letter here.

John M. SimpsonThe Representatives want answers to their questions by June 14. I’m betting that Google stalls. Ultimately I think the Representatives will need a Congressional hearing where CEO Page has to answer queries under oath.

As word of the Privacy Caucus’s letter was being reported, Google was holding its annual meeting with developers. Google Glass product director Steve Lee claimed in a “fireside chat” that the Glass team takes privacy seriously.

What a joke! The fact is that Google has become a serial privacy violator. It’s executives just don’t understand what privacy means and there is no reason to expect that they will. For instance, asked about whether Glass will offer facial recognition technology, Lee said, “We’ve definitely experimented with it but it is not in the product today. I can imagine that existing…”

Posted by John M. Simpson, Director of Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog online on Facebook and Twitter.

Trifecta — Patient Safety, Pollution Prevention & Privacy

6:10 pm in Uncategorized by Consumer Watchdog

Patient Safety Advocates What a week! Three big victories in California will keep us safer from dangerous doctors, toxic polluters and privacy invasions, but we only got there thanks to your support.

State Senator Curren Price and Assemblyman Richard Gordon proposed yesterday to strip the California Medical Board of its authority over physician discipline. The physician-run Board has let dangerous doctors keep practicing as investigations take years to complete. You joined us, and families who lost loved ones to reckless prescribing, when we called for a transfer of doctor investigations to impartial prosecutors at the Department of Justice.

Senator Price said it all when he told the LA Times he proposed cutting the Board’s power because, “I don’t want anybody else to die.” With your help we’ll keep the pressure on in Sacramento to make this reform a reality.

On Wednesday, the state’s top toxics regulator shut down the state’s largest battery recycler, Exide, for leaking lead, arsenic and other toxins into the surrounding community for more than two decades. The action came only after Consumer Watchdog exposed endemic failures at the Department of Toxic Substances Control to prevent pollution and punish serial polluters in our report, Golden Wasteland. Nevertheless, Californians could be on the hook for millions in clean-up costs because the DTSC never required the company to put money away for cleanup.

Carmen BalberRounding out this week’s trifecta was a rare reversal by Google on the privacy front: The internet giant quietly stopped sharing consumers’ private emails and addresses with app developers that use its Google Play store. The reversal came after a Consumer Watchdog complaint to the Federal Trade Commission and California Attorney General Kamala Harris that Google was not only violating consumers’ privacy, but violating its own agreement with the FTC not to share information without consumers’ permission.

And this breaking news: This morning, the Court of Appeal sided with us to reject Mercury Insurance’s attempt to throw out a case the company has delayed for nearly a decade. The suit would hold Mercury accountable for charging illegal broker fees to consumers. We are fighting that battle on a second front before an administrative judge in San Francisco right now.

So that’s really four big wins this week. Thanks for sharing them with us.
__________________________________________________________________
Posted by Carmen Balber, Executive Director of Consumer Watchdog. Follow Consumer Watchdog on Facebook and on Twitter.

Google Ending Privacy Breach Consumer Watchdog Targeted in FTC Complaint

12:40 pm in Uncategorized by Consumer Watchdog

Google PlayGoogle apparently is ending an egregious privacy breach involving people who buy apps from its Google Play store using Google Wallet to pay. Consumer Watchdog filed a complaint to the Federal Trade Commission with a copy to California Attorney General Kamala Harris about what Google was doing. The complaint alleged that the Internet giant was violating its privacy policies and its “Buzz” consent agreement with the FTC.

Rep. Hank Johnson, D-GA, also questioned Google about what it was doing. Google was sending to apps developers the name, email address and address of people who bought apps on Google play. It tried to claim that the the information was necessary for the transaction, but that’s clearly not the case when talking about downloading an app from its app store. Neither Apple nor Microsoft provide such personal information about people who buy apps from their stores. Google’s response to Rep. Johnson, confirmed what Google was doing and actually showed it was unnecessary. Consumer Watchdog sent a second letter to the FTC with a copy to California Attorney General Harris when Google answered Rep. Johnson’s letter.

On Tuesday WebProNews and DroidLife reported Google was addressing the concerns on a new Wallet Merchant Center it is rolling out and no longer sending the personal information about apps buyers.

I’m glad the change is coming, but I’ve got questions.

What role did the Federal Trade Commission or the California Attorney General’s office play in this change? Why did Google only act when formal complaints were filed? Will there be fines?

John M. SimpsonGoogle has become a serial privacy violator. You’ll remember that new sooner was the ink dry on the “Buzz” consent agreement than it was caught hacking around the privacy settings on the Safari browser used on iPhones, iPads and other Apple devices. It ultimately cost Google a fine of $22.5 million, which is pocket change to a company that has annual revenue of around $50 billion. It’s like giving a $25 parking ticket to a person who makes $50,000 a year.

Google is simply figuring that fines are a cost — and a minor one at that — of doing business. In case you missed it, on Monday Germany hit Google with a $189,225 for the Wi-Spy incident where its Street View Cars sucked up emails, URLs, passwords, account numbers as they snapped photos around the world.

In describing the fine The New York Times‘ Claire Cain Miller wrote:

Regulators in Germany, one of the most privacy-sensitive countries in the world, unleashed their wrath on Google on Monday for scooping up sensitive personal information in the Street View mapping project, and imposed the largest fine ever assessed by European regulators over a privacy violation.

The penalty? $189,225.

Put another way, that’s how much Google made every two minutes last year, or roughly 0.002 percent of its $10.7 billion in net profit.
It is the latest example of regulators’ meager arsenal of fines and punishments for corporations in the wrong. Academics, activists and even regulators themselves say fines that are pocket change for companies do little to deter them from misbehaving again, and are merely baked into the cost of doing business.

The fact Google is changing Google Wallet’s practices makes it clear Google violated the Buzz Agreement. Google claims that it is taking privacy seriously now that it is operating for 20 years under the Buzz Agreement. It isn’t and the regulators aren’t holding Google’s feet to the fire.

The company’s executives need to be held to account in a meaningful way. I’ve always argued the way to get corporate executives’ attention is to hit them with jail time when they flout the law. It’s not going to happen here, but a meaningful fine for the second Buzz violation sure would be nice.

Posted by John M. Simpson, Director of Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog online on Facebook and on Twitter.

EU’s Google Antitrust Deal Beats FTC, But Still Doesn’t Do Enough

4:26 pm in Uncategorized by Consumer Watchdog

European Union

Details of Google’s proposed settlement with the European Union to avoid antitrust charges have been leaking out of Brussels over the weekend. And while EU competition authorities appear to have accomplished more that the gentle tap on the wrist meted out by the U.S. Federal Trade Commission, the deal as so far revealed doesn’t do enough to end Google’s anti-competitive practices.

The provisions of the EU agreement still have to be publicly released, but based on what’s emerged so far, here’s the good news: Unlike the deal with the FTC, which wasn’t even a consent agreement, the EU is demanding that the settlement would be legally binding for five years. A third party would ensure compliance and Google would face fines of 10 percent of its global annual sales if it fails to keep its promises.
The bad news is that instead of requiring Google to change its algorithm and treat all services the same, the deal will apparently allow Google to continue favoring its own services in search results so long as it labels them as its own.

Google essentially has been using its dominant position as gatekeeper of the Internet to unfairly promote its own service at the expense of competitors and consumers. In Europe it has about 90 percent of the search market. In the U.S. it’s around 70 percent. About all this agreement appears to do is require Google to be transparent about the way it unfairly abuses its market position.

Indeed, labeling could actually leave the impression with some consumers that the Google-branded result was a better one, rather than one that received a better position because Google had its thumb on the scale.

Another problem with the deal is that it doesn’t seem to do anything to rectify the damage to the market that Google has already wreaked. I’d have thought some sort of disgorgement of the Internet giant’s ill-gotten gains would have been appropriate.

John SimpsonThe next step in the EU process is for the Google deal to be “market tested.” The competition authorities will make the settlement public and receive comments on whether it solves the problems or not. I suppose it’s possible there may ultimately be stronger sanctions than currently appear to be the case in what’s been leaked or that the authorities will do more after the “market testing,” but frankly I doubt it.

Bottom line: Google has had its wings clipped a little bit. Google will be legally bound to follow labeling rules in Europe for five years and have a third-party enforcer to ensure that happens. It also means that European search results will look different than in the U.S. unless Google decides to take the same approach here or someone forces the company to do so. That could happen. Several state attorneys general led by the Texas attorney general have an open antitrust probe. I’d hope that they would settle for nothing less than what the Europeans got.

And further down the road? Fairsearch Europe has recently filed another antitrust complaint with the EU accusing Google of using Android software “as a deceptive way to build advantages for key Google apps in 70 percent of the smartphones shipped today.” Now that mobile is becoming more important than the wired Internet, Google is flexing its muscles there. The more things change, the more they stay the same…

Posted by John M. Simpson, head of Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog on Facebook and Twitter.

Google May Face More Fines for Privacy Violations in Europe

3:32 pm in Uncategorized by Consumer Watchdog

Serial privacy violator Google may face fines in the millions of dollars in Europe as six countries Tuesday opened formal investigations into how Google combined its privacy and data policies last year without bothering to seek users’ consent.

The actions by France, Britain, Germany, the Netherlands, Italy and Spain came as Google refused to make changes in privacy policies requested by a group of European data protection authorities.

For the Internet giant, such fines are rapidly becoming a cost of doing business — and a rather trivial one at that. As the Associated Press pointed out, the French privacy watchdog CNIL can fine a company a maximum of 300,000 euros ($385,000). Based on a projected revenue of $61 billion this year, it earns 300,000 euros in about three minutes. The Brits could impose a fine of up to 500,000 pounds ($750,000).

Maybe with this constant drip, drip of privacy violations Google executives will come to their senses and realize the company runs the risk of losing users’ trust with a seriously negative impact on business.  For now that doesn’t seem to be the case.  “Our privacy policy respects European law and allows us to create simpler, more effective services,” said Google spokesman Al Verney after the investigations were announced.

In other words Google knows what’s right and it’s whatever the company decides to do. After all, their motto is “Don’t be evil,” so how could anything they do be wrong?

Let’s review what’s happened.  A year ago Google announced that it would combine data and privacy policies across its many services.  Google said this would make the user experience simpler and more intuitive.  Google didn’t  point out that it would make the data gathered about users more valuable and fatten its bottom line.  Those digital dossiers it compiles about us is how we are sold to Google’s advertisers.  Remember you’re Google’s product, not it’s customer.

Noting that Google didn’t ask permission before combing users’ information, Europe’s Data Commissioners launched a joint investigation, led by France.  In October they said the new policy is a “high risk” to privacy, but didn’t declare it illegal. They gave Google until February to make changes.  Responding with its usual arrogant manner, Google refused.

John Simpson

“Regulators in six states have begun the process of looking at penalties, and each must now act based on national law,” Isabelle Falque-Pierrotin, CNIL’s president, told Bloomberg News. “We have put in place a countdown for Google now. Promises to change will no longer be enough.”

Technically the six data authorities could block Google from operating in their respective countries, but I doubt that will happen.  I fear this is the most likely outcome: Simply put, Google is arrogant.  They have become a serial privacy violator and see the relatively minuscule fines they have faced as a mere cost of doing business. They violate your privacy, say it was a mistake, claim they care about privacy, occasionally pay a token fine and carry on with business as usual until the next violation when they cycle begins anew.

Maybe the Europeans can break the cycle, but I’m not optimistic

John M. Simpson is director of Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog online on Facebook and Twitter.

Google’s Privacy Chief Is Stepping Down

1:16 pm in Uncategorized by Consumer Watchdog

Google's WatchingGoogle’s privacy chief, Alma Whitten, is stepping down the Internet giant confirmed Monday. Since word of her departure came out on April Fools’ Day many folks probably thought this was part of the company’s annual elaborate pranks like its “announcement” of a new service called “Google Nose.”

I mean how many of you actually thought Google even had a privacy chief?

Whitten, an engineer based in London (now that’s a location convenient to its Mountain View Headquarters) took the position in 2010 about six months after the Wi-Spy scandal was uncovered and as Google was reaching a consent agreement with the Federal Trade Commission for invading users’ privacy when it launched the ill-fated Buzz social network.

Well, about all that happened on Whitten’s watch was that Google became a confirmed serial privacy violator. No sooner was the ink dry on the Buzz Consent Decree with the FTC, than Google was caught hacking around privacy settings on Apple’s Safari browser, which is on iPads and iPhones, and lying about its practices on the Google website. Google was fined $22.5 million by the FTC, pocket change to the Internet giant.

John SimpsonAlso on Whitten’s watch Google was fined $25,000 for obstructing the Federal Communications Commission’s investigation of Wi-Spy and just settled for a paltry $7 million with 38 states attorney general who were investigating. They’ve also got to make a YouTube video telling people how to improve Wi-Fi network security and have a Privacy Day for employees. That’s like asking the fox teach the chickens about how to make the coop safe.

It was also on Whitten’s watch that Google combined its privacy and data collection policies across its services without asking users’ consent first. European data protection officials led by the French are still investigating and action is likely this spring.
Whitten intends to stay on the job through June — not that it makes much difference to users — until her successor Lawrence You takes over.

I guess it makes sense a certain amount of sense that this got announced on April Fools’ Day. Privacy at Google is a joke. Google’s executives view the taps on the wrist the Internet giant has received for privacy violations as nothing more than the cost of doing business.

John M. Simpson is director of Consumer Watchdog’s Privacy Project. Follow Consumer Watchdog online on Facebook and Twitter.