Carter 1 Chris Carter Professor Dietel-McLaughlin Multimedia Writing & Rhetoric 7 April, 2014 Internet Cookies: beneficial or malicious?

As the technological world has transformed, certain advancements in the Internet have deteriorated Internet privacy. One of, if not the biggest tool used by websites to track web users without their knowledge is Internet tracking files, known as cookies. Cookies are small files of text placed on computers that are able to track information about its users. Cookies have grown from harmless pieces of text into notorious privacy invaders. Since the development of cookies, marketing companies have been tracking consumers to learn about target markets, shopping habits and consumer interests. When businesses realized they could learn a lot of information about their consumers for free, they exploited on he opportunity. Since the implementation of cookies, they have become ubiquitous across all web browsers and Internet sites. In a study performed by the Wall Street Journal in 2010, the up and coming business of spying on Internet users is becoming one of the fastestgrowing businesses on the Internet. Although cookies can be used beneficially to improve Internet users online experience, they are more often than not used to obtain personal information about users without their knowledge or consent. Internet cookies have been one of the leading causes in consumers loss of trust in

Carter 2 the Internet and Internet businesses. With the development of cookies in 1994, two things happened: the Internet became more efficient and users, although they didnt know it at the time, lost all hope of privacy. Prior to 1994, Netscape Web designers Lou Montulli and John Giannandrea worked on developing cookies in order to find a way/place to store user data more efficiently than the current method of storage in the URL. Once Montulli and Giannandrea had developed the cookies, Netscape incorporated them into their browsers; however, the public was not informed of the implementation of cookies. This was likely due to the fact that cookies were only initially used by Netscape to determine if visitors to Netscapes website were repeat visitors or first time users, without storing any personal user information. Two years later, in 1996, The Financial Times reported to the public that cookies have been tracking and invading privacy on everyones computerscausing an uproar. John Schwartz describes the effects of the implementation of cookies: Cookies fundamentally altered the nature of surfing the web from being a relatively anonymous activity, like wandering the streets of a large city, to the kind of environment where records of ones transactions, movements and even desires could be stored, sorted, mined and sold. (George 4)) Before cookies, the Internet had no way to track users. In the article, Deconstructing Code, the authors Rajiv Shah and Jay Kesan, articulate the analogy of a pre-cookie Internet to a vending machine: In early web browsers, the Internet was a stateless place. A stateless web is analogous to a vending machine. It has little regard for who you are, what product you are asking for, or how many purchases you make. It has

Carter 3 no memory. Statelessness on the web made commerce difficult. Without a state mechanism, buying goods is analogous to using a vending machine. (298). Before cookies, the process of ordering through an online retailer such as Amazon entailed filling out all billing, shipping and other various forms each time you visited the site to make a purchase. Now, with cookies, users can quickly press checkout and be taken to a page simply confirming all their previously entered data is up to date. From that page, a quick click on a confirmation purchases all items in your shopping cart without users ever needing to open their wallet. Before diving into the ethical aspects of cookies, let us first define what they technically are. The Internet is full of thousands of complex definitions; however, Max Oppenheimer explains cookies in his article in the Nebraska Law Review as files stored on a user's computer (the client) on instruction from a second computer (the server) when the client's web browser software (browser) communicates with the server's website (Oppenheimer 385). They are generally used by web browsers to improve websites and by companies to track individuals movements on the Internet. There are two main types of cookies, transient and stored (persistent). Transient cookies, also known as session cookies, are placed in the computers memory for the duration of a users browsing session and are automatically deleted from the computer when the browser is closed. Transient cookies are usually used by commercial websites

Carter 4 to keep track of items placed in the consumers shopping cart. With transient cookies, users dont have to worry about information being written on their hard drive or any information being collected from the users computer. Stored cookies retain user preferences, identify individual users, analyze users web browsing within a website, collect info on the number of visitors to a site and the average time spent on particular pages by storing information on the users computer. Stored cookies, also called persistent cookies, allow third party companies to place a cookie on a users computer. Cookies were initially developed to benefit websites and their users. To this day, cookies serve as a largely beneficial part of the Internet. For users, cookies have made the Internet much more efficient, streamlined, personable and convenient. By remembering a users items in their shopping carts, log in name and passwords, preferences and game scores, users experience an enhanced internet. Cookies have allowed websites to access information which can serve to enhance the website for consumers. Websites collecting non-intrusive data can determine how many visitors arrive, whether these visitors are new versus repeat visitors, and determine the frequency of the users visits. Most websites use this data for internal purposes such as improving their site. Some websites even make this information available to the public for various reasons. Public information on site visitation data is not only used to show transparency in what a websites cookies are tracking, but also to market how popular a website is. One website in particular, www.drudgereport.com, an aggregate news website, posts the numerical value of visits in the last 24 hours, 31 days, and past year. For news sites, cookies are immensely beneficial in finding out how many people actually visit the site, and comparing those numbers to the numbers of other news sites.

Carter 5 Cookies have helped businesses operating on the internet come a long way by helping with efficiency, however, cookies have also been detrimental to businesses operating on the internet as they have caused consumers to lose trust. The privacy and trust of Internet users has been compromised because cookies neglect to ask users for consent. The definition of consent, according to Merriam-Webster is: to agree to do or allow something: to give permission for something to happen or be done. The typical form of consent comes on an 8.5 x 11 inches size paper that must be signed before a person does some activity that might include death such as skydiving. While the internet would require a different version of consent, there has yet to be one designed for internet websites to use. A cookies job is to track and collect data on users; most people would believe that this would require the users consent. While required, this does not seem to be what is happening with the use of cookies. When the previously mentioned Netscape Web designers Montulli and Giannandrea implemented cookies into the Netscape browser in 1994, there was no notice informing the public that cookies were being placed on users computer,; albeit these first cookies were only used by Netscape to determine if visitors were first timers or repeats. In 1996, the New York Times published an article informing the public for the first time about cookies and privacy. The public, according to Rajiv C. Shah and Jay P. Kesans article, Deconstructing Code, were outraged. The public had every right to be angry; Netscape had implemented the new technology into their browsers and neglected to inform users what cookies were or of their existence. Users felt that their privacy had been invaded. What they had previously believed of the Internetthat it was like using a vending machine in that no information about the user is collectedwas false. This was

Carter 6 the first public incidence that caused consumers to lose trust in the Internet. In Richard Georges book, Ethics, Business and the Internet, George states that the privacy issue arrives when internet users do not know that they are being tracked and identified, and they unknowingly become the subjects of an individual and personalized database. If users give some personal information on one site, that does not mean that they give that site the right to sell or use the information as it wishes (6). Third party cookies are cookies from third parties (not the website you intended to visit) that obtain your information by getting permission from the first party website (website you intended to visit) to embed cookies into their site to track your information. Ironically, first party websites must give consent to third party websites to allow them to embed cookies to track its users, yet first party websites do not ask for users consent to be tracked in the first place. In return for embedded cookies, the third party will generally pay first party websites. Third party websites are not widely known advertising websites. They collect your data, monitor what your click on, what you search for, and what you shop for. Once they compile this information, they show you specific targeted advertisements based on your user profile. One such company, DoubleClick, has created over 100 million profiles. Richard George explains that third party cookies enable one-on-one marketing, in which products are advertised only to those likely to want them (9). The issue lies in the fact that websites never obtained consent from users to have their information tracked. Most of these advertising websites claim they are online ad network devoted exclusively to the visual arts. (Nectar Ad, nectarads.com), however, that is really just a disguised way of saying theyre tracking you and advertising to you based on your history.

Carter 7 When I began writing this essay, my computer had 3,225 websites stored cookies or other data (found by going to Safari, Preferences, Privacy, Cookies). According to Keynote systems, an Internet performance tester, 86% of websites have 3rd party trackers. The cookies and cache stored on my computer came from many sites I use such as Facebook and Khan Academy, but the majority of stored data was from sites I had never heard of such as adjug.com, adlooxtracking.com, admeta.com, eqworks.com, lanistaads.com, nectarads.com, nuggad.net, martiniadadnetwork.com, mlnadvertising.com and picadmedia.com. With so many URLs being listed that I had never heard of, I began to investigate. I searched all of the aforementioned websites and the results intrigued me even more. Four of the ten websites took me to an almost blank page with only a few words on it that at first seemed like a dead end. Further investigation (searching the URL or part of the text on the dead end page in Google) yielded the main page for all four websites with fake or dead end addresses. About half of the websites appeared to be very cheesy and rudimentary, while the other half looked as professional as Notre Dames homepage. NuggAd, for instance, markets to potential users (first party websites and businesses) by showing case studies on their current clients. Their client list ranges from companies I have never heard of to companies we see or use on a day-to-day basis: Kodak, Chevrolet, HP, LOreal, Adidas, National Geographic and Burger King. NuggAds advertising campaign for Burger king shows that their targeted advertisements caused brand awareness to uplift over 23% and purchase intention among users who know of the King Savers menu is 245% higher than among users who dont (nuggad.com). To the general public, this seems like a very effective marketing firm. To those who know how these firms operate will know that the

Carter 8 firm gathered data from cookies to deliver 2.7 million ad impressions to a premium site popular with students and/or 16-24 year olds (nuggad.com). Richard George weighs in his on the ethical aspect of third party advertising: What is unethical is the use of third party cookies and the gathering, collating and using of personal information without the subjects informed consent. (9) The ethical issue in play not only involves not obtaining consent before third partys track users but also when these third party sites make profits from creating a profile about you. Tracking sites are able to essentially view your entire browsing history, giving them the access to create a profile about all of your habits and shopping preferences. At no point in a users experience on a webpage are they informed that they will be tracked for any purposes. This again is a losing consumers trust as websites are violating individuals privacy. The website also has no right to make money for selling advertisement space when the advertisements are collecting information on users of the website. If the website would like to make a profit from contracting outside sites to put advertisements on their site then users should either be compensated or users must give consent to be tracked. A study by TrustE found that 80% of people are aware of targeted advertising and over 50% of people do not like it(TrustE Privacy Index, 2013 consumer confidence edition). It is important to remember that it is up to the discretion of the website whether they chose to contract their banner advertising to advertising companies which would involve embedding third party cookies into their website. With online businesses manipulating information and selling users information, its easy to understand why 89% of the public is avoiding business with companies they do not believe protect their privacy. The exchange of installing tracking cookies in return for finances, the failure to obtain consent

Carter 9 from users, and manipulation of data has caused consumers to lose trust in the Internet and Internet businesses. There has been huge controversy in the last couple of years over what is called price discrimination. Price discrimination is the action of selling the same product at different prices to different buyers, in order to maximize sales and profits. (New Oxford American Dictionary). Recently, cookies have been used to employ price discrimination on Internet businesses. Online pricing strategy, employed by many ecommerce sites, uses a persons location, their browsing history, and their web browser to determine pricing. Consumers are furious over the fact that trusted businesses are tracking this data and that these businesses are discriminating. In 2010, Capital One Financial was utilizing technology to determine which credit card to show to online visitors (WSJ). Capital One had been gathering data from consumers and then made an educated guess on their demographics, showing them credit cards that fit their demographic. Consumers feel as if there has been a much bigger breach of privacy when websites are changing prices based on consumers demographic. Consumers also feel that companies are being unethical when they manipulate data to gain customers and advertise. Unfortunately for U.S. Internet users, very little has been done to protect their online privacy. Web browsers still set up their default settings to allow cookies, many companies make the choice to track users and allow third party sites to track their users as well, and some companies participate in price discrimination. . The only progress that has been made thus far regarding Internet privacy has happened in the European Union. The EU passed the cookie law, a privacy law adopted by all European Union states in 2011.

Carter 10 The law aims to provide online privacy protection to individuals by making them aware of cookies, giving them the option to consent to their functions and controlling how much information they can gather. The law essentially states that if cookies are used in a site, the user must be informed in some way and give their consent. The implementation of this law means that websites cannot store information or gain access to the information stored on computers of an Internet user unless is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information" and "has given his or her consent" (aboutcookies.org). The only exception to the rule is cookies that are used throughout the transaction of a purchase (some transient cookies). The cookie law provides transparency between users and Internet businesses. With the implementation of the law in 2011, the EU gave a 12-month grace period for websites to accommodate the new law. The law has been highly regarded in terms of protecting users Internet privacy. With the U.S. government failing to hop on the bandwagon and join the EU in making a cookie law I think that businesses in the U.S. should take the initiative. For businesses looking to gain back consumer trust, a smart move would be to implement a consent feature telling all users that its website uses cookies and be transparent about what cookies its using along with what information those cookies are tracking, storing and sharing. Essentially copying the EU outline of the cookie law, U.S. businesses could potentially gain back consumer trust and new customers who respect a company that respects their privacy.

Carter 11 Although the EU provides privacy security for users, businesses will be losing a lot of potential buyers. The EU law limits tracking, hindering a companys ability to learn about their target market. Without the ability to learn about their market, companies advertising and business plan may not be as efficient as it could have been with more information. Before cookies were developed and used to track consumers habits and interests, people often purchased products through brick-and-mortar stores and through received catalogues from companies in the mail. Although it was much more tedious, databases and profiles about consumers were easily constructed by recording addresses of consumers who requested catalogues, information about consumer interests from purchases and overall shopping habits of consumers, all of which is collected without the consent of consumers. Cookies provide the same database for all of the same information obtained through catalogues and in store purchases plus several other factors. There is still a privacy issue that no consent is given for companies to profile them based on their interests on the webpage and there is a huge ethical and privacy issue when companies sell internet users information to third party websites. It may seem inevitable that information is stored as the private world transitions to being public due to the Internet. However, as the Internet continues to advance, it is important that both websites and their users compromise blind convenience in order to ensure Internet safety in all future advancements. Internet users in the United States are facing a tough uphill battle with Internet privacy. Cookies are being used without consent of Internet users to gather data for internal purposes, marketing purposes, and profit purposes. The online businesses using

Carter 12 cookies in an unethical way are losing business and trust from customers as 89% of U.S. Internet consumers are concerned about their Internet privacy.

Carter 13 Works Cited De George, Richard,T. Ethics, Business and the Internet. Bloomington, IN : Poynter Center, Indiana University, 2002. Dhanendran, Anthony. "The New Rules on Internet Cookies." Computer Act!ve (2011). Harding, William, et al. "Cookies and Web Bugs: What they are and how they Work Together." Information Systems Management 18.3 (2001): 17-24. Lu, Long-Chuan, Hsiu-Hua Lu, and Shih-Ting Chang. The Role of Individualism and Collectivism in Consumer Perceptions Toward e-Retailers' Ethics. Vol. 2., 2011. Mayerschonberger, Viktor, and Mayer-Schnberger. "The Internet and Privacy Legislation: Cookies for a Treat?" Computer Law Security Review: the international journal of technology law and practice 14.3 (1998): 166-74. Oppenheimer, M. S. "Internet Cookies: When is Permission Consent." Nebraska law review 85 (2006): 383. Papacharissi, Zizi, and Jan Papacharissi. "Online Privacy and Consumer Protection: An Analysis of Portal Privacy Statements." Journal of broadcasting electronic media 49.3 (2005): 259-81. Queiroz, Anderson, and Ruy J. G. B. de Queiroz. Breach of Internet Privacy through the use of Cookies. ACM, 2010. Sipior, Janice, Burke Sipior, and Ruben Ward. "Online Privacy Concerns Associated with Cookies, Flash Cookies, and Web Beacons." Journal of Internet commerce 10.1 (2011): 1-16. Sreenivasan, S. "Taking in the Sites Finding Business Ethics on and about the Internet.(Business/Financial Desk)." The New York times (1998). Zimmerman, R. "The Way the "Cookies' Crumble: Internet Privacy and Data Protection in the Twenty-First Century." New York University journal of legislation and public policy 4.2 (2001): 439. Zimmerman, Rachel. "The Way the "Cookies' Crumble: Internet Privacy and Data Protection in the Twenty-First Century." New York University journal of legislation and public policy 4.2 (2001): 439. "Burger King Campaign on IGN Increases Awareness for King Savers Menu." Nugg.ad. N.p., n.d. Web. 5 Apr. 2014.

Carter 14 Brain, Marshall. "How Internet Cookies Work." howstuffworks. com, printed Apr 21 (2003): 1998-2003. "2013 US Consumer Data Privacy Study: Advertising Edition." 2013 US Consumer Data Privacy Study: Advertising Edition. N.p., n.d. Web. 26 Mar. 2014. "How to Comply with the EU Cookie Law." How to Comply with the EU Cookie Law. N.p., n.d. Web. 23 Mar. 2014. "2013 TRUSTe US Consumer Confidence Index." 2013 TRUSTe US Consumer Confidence Index. Harris Interactive, n.d. Web. 25 Mar. 2014. Soltani, Ashkan, Jennifer Valentino-Devries, and Jeremy Singer-Vine. "Websites Vary Prices, Deals Based on Users' Information." The Wall Street Journal. Dow Jones & Company, n.d. Web. 29 Mar. 2014. Shpanya, Arie. "Online Price Discrimination: A Surprising Reality in Ecommerce." Econsultancy. N.p., n.d. Web. 01 Apr. 2014. Solon, Olivia. "A Simple Guide to Cookies and How to Comply with EU Cookie Law." Wired UK. N.p., n.d. Web. 02 Apr. 2014. "Consent." Merriam-Webster. Merriam-Webster, n.d. Web. 07 Apr. 2014. "Nectar Ads." Nectar Ads RSS. N.p., n.d. Web. 07 Apr. 2014. "Cookie Law." Cookie Law. N.p., n.d. Web. 03 Apr. 2014. Sessler, J. B. 1997. Computer cookie control: Transaction generated information and privacy regulation on the Internet. Journal of Law and Policy 5:627677. Withrow, Ian. "Web Privacy Matters." 'Web Privacy Matters' N.p., n.d. Web. 03 Apr. 2014.