We’ve moved! As of today, the Yahoo! Policy official blog has moved to yahoopolicy.tumblr.com. Come on over and check out the new digs!
Archive for the ‘General’ Category
Yahoo Joins with Polaris Project to Provide Users with Resources on Reporting Instances of Human TraffickingThursday, June 14th, 2012
Yahoo! has been a longtime industry leader in online safety. Fostering safer online experiences continues to be one of Yahoo!’s primary concerns, particularly as the Internet plays a larger role in the everyday life of children. As kids spend more and more time online, searching for help with schoolwork or just staying in touch with friends, parents and educators are also looking for new tools and resources to protect children from online harm. As part of Yahoo!’s commitment to protecting children online, we collaborate with child safety advocates and law enforcement, including an on-going, multi-faceted partnership with the National Center for Missing & Exploited Children (NCMEC). Ten years ago Yahoo! collaborated with NCMEC to help disseminate AMBER alerts to Yahoo!’s powerful network of millions of people around the world. The AMBER Alert program has been credited with the safe recovery of 525 children nationwide.
Recently, we announced our latest initiative in providing our users with additional online safety resources. Working with the Polaris Project and the Office of the California Attorneys General, we now provide information directing users to the National Human Trafficking Resource Center (NHTRC) when users search for certain terms associated with human trafficking. Users will be given contact information for NHTRC which is operated by the Polaris Project. The NHTRC hotline is the single most effective national resource to identify and support victims of trafficking. This national, toll-free, victim-centered hotline is available to answer calls from anywhere in the U.S., 24 hours a day, seven days a week, and in more than 170 languages. Trained call specialists are on constant standby to link human trafficking victims to shelter and other resources that provide safety and protection. The hotline also fields tips of suspected human trafficking cases and provides information, training and technical assistance to diverse audiences. THE NHRTC has been extremely successful in helping victims and law enforcement:
- The national human trafficking hotline has received more than 53,000 calls nationwide and 5,650 calls from California, since Polaris Project began operating it in December 2007.
- The hotline has connected almost 6,200 trafficking victims to services across the country.
- The hotline receives more calls from California than any other state.
- In 2011, almost 20% of callers nationwide who reported potential human trafficking cases found the hotline number through an Internet search.
Unfortunately, the Internet is not immune from crime that has traditionally occurred in the offline world. But at Yahoo! we will continue to take steps to address online crime by providing information and resources to our users, and by coordinating with law enforcement and groups like Polaris to help bring predators to justice.
We are pleased the White House is holding a privacy event today. It is encouraging to see such high level attention from the Administration as it helpfully looks to elevate the U.S. voice and perspective within the broader global discussion of privacy frameworks. It is critically important that modern privacy protection frameworks recognize that innovation in our global information economy will require thoughtful and responsible collection and use of data. It is also critical that self-regulatory structures play a large and growing role within these frameworks.
Let’s focus on self-regulation for a moment. Industry has made incredible strides in just a few years – implementing a code to give users contextual notice and controls over online behavioral advertising. This effort requires advertisers, publishers, ad networks and many other players to take responsibility and to accept a role in presenting consumers with an Ad Choices icon which, when clicked, tells them more about what is going on behind the scenes in ad delivery and gives them an opportunity to opt out of the use of their data for this kind of customized advertising. With a single click, the opt-out can apply to the vast majority of systems serving such ads today. No more need to opt out from every website individually or ad serving entity. This is a huge improvement for consumers uncomfortable with this practice. These icons are now nearly ubiquitous across the web, and certainly across Yahoo.com.
But industry players did not stop there. We have clearly and demonstrably answered the call from policymakers to bring more certainty to an understanding of the use of Do Not Track technology while providing consumers the services and innovation they expect and demand.
The Digital Advertising Alliance has introduced a new code on the collection and use of Multisite Data (http://www.aboutads.info/msdprinciples) which addresses these issues. This code has strict prohibitions on the collection, use or transfer of such data to determine adverse terms or ineligibility for employment, credit, housing or insurance. It further touches on sensitive data including the personal information of children, health records, and financial account records. It acknowledges there are some operational or systems management purposes for which companies will always need to collect data like fraud prevention, billing, or consumer safety. Yahoo! is proud to have been a key advocate for many of the provisions of this new code. Once again, industry’s proactive efforts on privacy have raised the bar.
As industry moves forward to address new issues in the marketplace through codes of practice, consumers benefit from timely implementation of broad-based changes that can be readily enforced by the FTC. We are gratified to see Administration and FTC statements embracing these self-regulatory efforts as an important step in protecting consumers’ privacy online, which signals that we are on the right track. While there is a lot to be worked out and the devil is always in the details, we appreciate the work they’ve done and the recognition that self-regulation has been working.
We understand the online landscape is constantly evolving. As an innovator in the online space, Yahoo! will continue to be at the forefront of industry best practices and self-regulatory initiatives. It is the best and quickest way to introduce protections into the marketplace without sacrificing innovation and value creation for consumers. We commend the Administration for its understanding that such codes are a key ingredient in a successful privacy framework for the information age. Yahoo! will continue to be at the very front of efforts to give consumers the transparency and choices they want while continuing to create innovative, free products every day.
vp, privacy, policy and trust at Yahoo!
Tomorrow January 28 and in the coming weeks many countries will be celebrating International Data Privacy Day. To celebrate this day and honor the spirit of promoting awareness about privacy and best practices in this area, this year we chose to put the focus on the Spanish speaking Americas, due to the attention and momentum that privacy keeps gaining in this side of the world. Not only the right to “Habeas Data” has been widely recognized across the region but countries like Argentina, Mexico, Uruguay, Colombia, Peru and Costa Rica have take a step further in developing and enacting comprehensive data protection laws. It is therefore not by coincidence that the International Conference of Data Protection and Privacy Commissioners took place in Mexico in 2011 and will take place in Uruguay in 2012.
At Yahoo! we have always taken privacy very seriously. Privacy is a core element in building our users’ trust, which is in turn core to us. We build our world-class products with privacy and trust in mind, and in order to succeed we strongly believe that the very first targets of education and awareness should be within the very inside of our company. This is why on February 1st the Yahoo! Miami office will host an invitation-only discussion on the latest global and regional developments in privacy. We will share perspective on how Yahoo! has maintained the hard earned role as a leader in building and maintaining user trust, how Yahoo! innovates with privacy in mind to give users transparency and choice in their online experiences, and what the landscape looks like for the online industry, as well as an overview of legislation affecting user privacy especially those affecting Latin America. There will be a Q&A session and the event will be videotaped – all in Spanish – for audiences unable to attend.
director, international privacy for Yahoo!
On May 10, 2011, a jury in the United States District Court for the Eastern District of Texas returned a verdict in favor of Yahoo!. Back in June 2009, Bedrock Computer Technologies sued Yahoo! for patent infringement, alleging that Yahoo!’s use of certain versions of the Linux operating system infringed the claims of Bedrock’s United States Patent No.5,893,120. However, after a four day trial, the case was submitted to the jury, and the jury found that the versions of the Linux operating system used by Yahoo! do not infringe.
“Yahoo! is extremely pleased with the verdict. We thank the court for the opportunity to be heard, and we thank the jury for their time and attention to the case, particularly given the split schedule for trial” said Kevin Kramer, Yahoo!’s Vice President for IP Litigation. The court conducted trial on April 27-29, then took a break and resumed trial on May 9, 2011. “Despite the split schedule, all 8 jurors faithfully attended trial every day, and Yahoo! is grateful for their dedicated service,” Kramer explained.
“This is an important win in our ongoing efforts to protect Yahoo!’s business and its freedom to operate on the Internet,” said Jeanine Hayes, Yahoo!’s Head of Global IP. “Yahoo! respects intellectual property rights, but we need to defend ourselves when we determine that patent infringement claims made against us are unfounded.”
This is not the first time Yahoo! has successfully defended itself in the Eastern District of Texas. Last August, Yahoo! prevailed in a patent infringement action brought by Bright Response, LLC. In that case, Bright Response accused Yahoo!’s Sponsored Search of infringing patent claims related to the processing of electronic messages, but the jury returned a verdict that the patent was both not infringed and invalid.
A number of media outlets have recently reported on our data retention policy change. We’ve noticed a few inaccuracies and have received some questions. So we wanted to clarify a few things for the record.
- Both Microsoft and Google apply a multistep process to de-identify search log file data. However, neither of these companies completes their respective de-identification processes for search log files until the 18 month mark.
- In Yahoo!’s upcoming policy change for search log files, we will be applying the same method we use today for de-identification. We are simply going to apply it 18 months once the policy goes into effect.
Yahoo! takes a 4-step approach to de-identifying search log file data.
- Step 1: Delete IP address for most search log files and apply a one-way secret hash to the limited IP addresses that are needed to help our systems detect and defend against fraudulent activity.
- Step 2: One-way secret hash (a form of encryption) unique identifiers from browser cookies.
- Step 3: Same as above but we additionally delete half of each identifier associated with a Yahoo! ID. We take this extra step for registration IDs because, unlike browser cookies that only identify a unique browser, we do associate these with personal information like names and email address.
- Step 4: Look for patterns common to personally identifying information such as credit card number formats, Social Security number format, telephone numbers, street addresses and non-famous names that often appear in search log files – and then replace those values so it’s no longer identifying to anyone. We would know that a telephone number was searched, for example, but don’t keep the number that was entered.
This process above is what we use today and will remain the same for search log files going forward – only now we will be using a timeframe consistent with what others industry players have been using since at least 2008.
Chief Trust Officer
Shane’s outstanding contribution on CLEAR Ad shows how Yahoo! walks the talk on privacy.
The leader of Yahoo!’s privacy and data governance team was recognized on Sunday at the Interactive Advertising Bureau’s (IAB) Annual Leadership Meeting for outstanding work in creating a new industry standard.
Shane Wiley, senior director of Privacy and Data Governance, received the IAB Service Excellence Award for his work on the CLEAR Ad Notice that promotes high standards of transparency and consumer protection for the industry, showcasing Yahoo!’s leading role in online privacy discussions.
The IAB has nearly 500 member companies whose employees work in a volunteer capacity to shape standards, guidelines and best practices. To create the CLEAR Ad Notice — now the industry standard — Shane had to bring together different companies and industry groups including the Ad Ops Council and the Public Policy Council to create a set of guidelines that everyone could support – not an easy task!
“Shane has taken CLEAR Ad Notice from concept to reality here at Yahoo! and driven the standard across the industry when many thought it would be impossible to do so,” said Anne Toth, Yahoo!’s chief trust officer. “Not only has Shane been essential in making Y! a standout in walking the talk on privacy through numerous proof points, he’s driven real change across our industry in a relatively short amount of time. It’s no small task to develop an industry standard, bring others into alignment and then execute it among many, many players – all of whom fiercely compete against each other every day.”
Echoing Anne’s praise, Leslie Dunlap, senior director of Federal Relations, congratulated Shane on the award and thanked him for his contribution to Yahoo!.
“This is well deserved recognition – the industry wouldn’t be half as far along if Shane hadn’t stepped in and driven folks to get to a standard,” she said. “Yahoo! has been able to clearly show we were leading the way, and we’ve gotten a lot of credit for doing so on this project.”
Last Friday, Yahoo! submitted comments on the Federal Trade Commission’s (FTC) recently distributed staff paper titled, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policymakers. We provided the FTC our thoughts and recommendations on the policy positions outlined in the staff paper as well as highlighted areas that need further consideration and evaluation by the FTC.
Privacy has been part of Yahoo!’s DNA since our founding. We have been at the forefront of protecting our users online for almost two decades and addressing privacy concerns is an issue that we have always taken seriously. We believe that our comprehensive approach to customization across a variety of platforms and our efforts to integrate privacy protections directly into our offerings help provide the best experiences for users in the new digital world, a world that exists beyond traditional geographic boundaries.
Privacy is an extremely complex issue with many dimensions and layers that are context and user specific. There is rarely a one size fits all approach because consumers have different attitudes and different preferences. What is critical is to offer transparency, privacy tools and education to consumers while still allowing businesses the flexibility to offer the kinds of products that consumers demand and to do so in a way that preserves the consumer benefits of free online content and services. Our comments highlight the complexity of the debate and the finer nuances of the issues at hand, particularly about concepts like Do Not Track and Privacy By Design.
‘Do Not Track’ (DNT) has been in the news and on the minds of legislators, media and online companies. In fact, the three major browser companies have recently introduced proposals for DNT. Simplified choice for consumers is the goal of DNT proposals and Yahoo! agrees with this objective. However, a key concern for online companies is that some DNT proposals eliminate the basic collection of user data; a scenario that creates barriers not only to routine Internet operations, but also to basic fraud detection and prevention processes.
Aside from browser provided controls, there are well-developed Web-based tools that offer strong protections that should not be ignored. The Digital Advertising Alliance’s Advertising Option Icon program is the strongest approach to DNT available today, and least likely to undermine the benefits of Online Behavioral Advertising, which the FTC indicates is also one of their goals for DNT. The Advertising Option Icon program already covers the vast majority of the advertising marketplace that uses behavioral targeting tools, and the implementation is growing in size and scope. In this program, ad markers take users to information and choices about advertising – an unprecedented effort to allow users to make choices on an industry-wide basis. As the program continues to roll out, additional educational efforts will help users better understand the meaning of the symbols they see in or around online ads. Yahoo! will be doing its part; we have displayed an advertising label and icon over one-trillion times on the Yahoo! networks of sites alone. Yahoo! believes this effort is a strong answer to calls for DNT through enforceable self-regulation and should be further encouraged by the FTC.
Our thoughts on the concept of Privacy by Design (PBD) are also outlined in our comments. PBD is illustrated by applying privacy considerations throughout the entire life cycle of technologies and procedures. We support this idea of PBD and consider it to already be a fundamental component of how our products and services are developed. Yahoo! considers the privacy of our users when innovating and providing online experiences, and we have always believed that PBD allows us to address privacy concerns when we build protections into the product architecture.
Consumer education remains at the heart of these issues, and is an important part of the privacy conversation as well. Many choices are available to consumers through Web tools, browser tools, and contextual features in existing products and services. Yahoo! helps empower consumers to use these simple to use and easy to access tools by making available additional supporting information – providing the education and background many users desire. These efforts are fundamental to our continuing efforts to build trust with our users.
Yahoo!’s full comments can be accessed at http://www.ftc.gov/os/comments/privacyreportframework/00444.html.
Anne Toth, Chief Trust Officer, Yahoo! Inc.
In December 2010, the Department of Commerce’s Internet Policy Task Force distributed a Green Paper called, “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework” which details ‘initial policy recommendations aimed at promoting consumer privacy online while ensuring the Internet remains a platform that spurs innovation, job creation and economic growth.’
We applaud the DoC and the paper as a whole, and Yahoo! appreciates having the opportunity to offer our filed comments to ensure that considerations from all interested parties, including Internet companies like Yahoo! are heard.
While I won’t go through every aspect of the comments we filed today, I will give you a general sense of the overall themes seen throughout our submission:
- Self regulation backed by strong enforcement will play an important role in industry and policy decisions as we move forward.
- The creation of voluntary, enforceable codes of conduct is the best way to balance a host of different and sometimes competing interests implicated by the privacy debate.
- Although the “Do Not Call” registry has been successful, replicating that in the form of a “Do Not Track” mechanism is much more complex and has the potential to significantly disrupt users’ online experiences.
- The continuation of a Fair Information Practices and Principles (FIPPs) based approach to Internet privacy will help us move forward, but we must recognize that not all information is the same and therefore cannot be treated as such.
As one of the Internet’s first successful companies, Yahoo! has been a driving force in balancing innovation and personalized online services with built-in privacy protections. For more than 15 years, we have embraced privacy by design — working to integrate transparency and control into our products from their inception. Yahoo! continues to pride itself on being a leader in online privacy.
Providing our consumers with an enjoyable and personally relevant online experience, while simultaneously empowering them to protect their privacy with tools and security settings at the point of action, is a constant focus for Yahoo! For a look at some of our privacy innovations, check out our Data Privacy Day post.
I look forward to being an active and vocal part of the consultative process as the Task Force moves ahead with its final policy considerations.
Yahoo!, Chief Trust Officer