InsideSources

DuckDuck Go, an alternative search engine known by the tagline “Privacy, simplified” wants you to use its search engine instead of Google’s. After all, Google tracks, stores and shares your personal data — so why not use DuckDuck Go, which doesn’t?

In comments filed with the National Telecommunications and Information Administration (NTIA) regarding a federal privacy law, DuckDuck Go told the federal government that instead of bothering with a legislative solution, the feds should simply stop using Google.

“The federal government should not be Google’s product and playpen,” the company says in the filing.

By switching to a search engine like DuckDuck Go, the Pennsylvania-based company claims, federal employees can preserve their privacy.

“The federal government should support online privacy by practicing what it preaches,” the company states. “Millions of federal workers use Internet-connected computers and government issued smart phones. When issued, those devices should be configured in a privacy promoting manner, with the default search engine selected as DuckDuckGo or any other search engine that does not operate under a surveillance business model.

But it isn’t that simple — and it all boils down to default settings on smartphones and computers.

In an interview with Axios this weekend, Apple CEO Tim Cook said Google pays Apple billions to be the default search engine on the iPhone because, quite simply, Google “is the best.”

Cook defended Apple’s relationship with Google by adding, “Look at what we’ve done with the controls we’ve built in. We have private web browsing. We have an intelligent tracker prevention. What we’ve tried to do is come up with ways to help our users through their course of the day. It’s not a perfect thing. I’d be the very first person to say that. But it goes a long way to helping.”

On the consumer side, research shows that the promise of tighter privacy might not be enough to convince them to switch search engines from, say, Google to DuckDuck Go.

“Consumers often are willing to exchange less privacy for the resulting benefits,” said Thomas M. Lenard, senior fellow and president emeritus of the Technology Policy Institute (TPI) in a filing of his comments to the NTIA. “A recent paper by Athey, Catalani, and Tucker supports this observation. Their work highlights the ‘privacy paradox: [w]hereas people say they care about privacy, they are willing to relinquish private data quite easily when incentivized to do so.’ Their results suggest, ‘[w]hen expressing a preference for privacy is essentially costless as it is in surveys, consumers are eager to express such a preference, but when faced with small costs this taste for privacy quickly dissipates.'”

Daniel Castro, vice president of the Information Technology and Innovation Foundation (ITIF), told InsideSources he thinks DuckDuck Go’s comments are a “marketing ploy.”

Castro said the default settings for a smartphone or computer often end up saving the federal government a lot of money — so it isn’t just about using the best search engine, it’s also about cutting procurement costs.

“The tech ecosystem, the way it works is, you have providers paying to be listed — Google paying to be the default system — and that lowers some of the cost of the hardware the federal government is buying,” he said. “Most federal agencies will buy [smartphones and computers] in large scale, a thousand work stations or mobile devices for their employees, and that will go through a standard procurement process.”

For example, on the federal government’s procurement website, the U.S. Army listed a request for Dell computers. Dell has an agreement with Google to use Windows as the default operating system, McAfee as the default antivirus and Google as the default search engine.

“Most companies pay for that privilege of being the default, and that money then goes to Dell and is part of the cost the federal government pays,” Castro said. “Without that, you’d have a higher cost on the supply side and those would have to be reflected downstream and come back to the federal government.”

If DuckDuck Go wants to replace Google as the default setting on smartphones and computers — for consumers and federal employees alike — it needs to be the best.

Part of the reason why Google is the best is because of its data collection and data sharing.

As Lenard points out, “Consumers benefit because of the content they receive — e.g., access to a search engine. Production of this content is possible because the marketers are able to collect data and deliver advertising messages to consumers when they are spending time on (i.e., devoting attention to) the platform. Better data produce better targeted advertising, which yields better information to consumers and increases the revenues available to platforms to invest in content that is often provided to consumers free of charge.”

In other words, Big Tech’s ability to harvest and share vast amounts of personal data — while often a gross invasion of privacy and often handled badly, as evidenced by recent scandals involving both Google and Facebook — also drives innovation and improved products.

That’s one reason why other search engines can’t compete with Google.

Follow Kate on Twitter

No one in the tech industry wants to deal with a patchwork of state privacy laws regulating their industry, but companies that don’t collect large amounts of consumer information and sell or share it — the “good actors” — also don’t want a want a new federal privacy law that lumps them in with “bad actors” like Google and Facebook.

The Wikimedia Foundation, for example, filed comments with the National Telecommunications and Information Administration (NTIA) asking for a privacy law that is “reasonable” and “proportional.”

The foundation — a nonprofit that hosts information websites like Wikipedia, Wikimedia Commons, Wiktionary, Wikibooks, Wikisource and others —  collects very little information on its users and requires its editors to use pseudonyms to protect their personal identity and information.

Unlike Google, “these important protections mean that we hold a unique place as one of the few large internet platforms that do not rely on tracking or sale of user data to generate revenue,” the foundation stated in its filing.

The foundation believes it is important for a federal privacy law to preempt a patchwork of state laws because dealing with 50 different privacy laws is exceedingly difficult for a smaller companies and nonprofits.

The foundation also wants any new NTIA regulations to be both “flexible” and “proportional,” and has expressed concerns that the former might trump the latter.

“Flexibility in a regulation ensures that everyone has the ability to address privacy concerns in a way that is most intuitive to them,” the foundation states. “This is an important goal and should remain in the NTIA’s framework. However, proportionality in a regulation ensures that the burdens are not equally placed on every actor, despite vast differences in their operations.”

The Wikimedia Foundation’s priority is a federal privacy law that is reasonable and proportional so that it doesn’t burden tech companies of different types and sizes.

“We strongly believe that the goal should not only be ‘reasonable’ minimization [of data collected], but simply ‘minimization,'” the foundation states. “After all, minimization does not mean that no data must be collected, but that what is collected is as little as possible. At the Wikimedia Foundation, we intentionally minimize the data we collect on users in order to encourage free and open participation on our projects.”

The foundation’s point is that what is a “minimization” of data collection for the Wikimedia Foundation may look very different from what is a “minimization” of data collection for Google.

“I think it comes down to context,” SiteLock’s Research Security Analyst Jessica Ortega told InsideSources. “Transparency could mean something really different for Google. For a company like Wikimedia, transparency could mean an email or a public link to all their records sent out to all their customers.”

One way to fulfill the foundation’s wish for proportionality is to create a privacy law with purposefully vague language, Ortega said.

But a vague law could let the bad actors off the hook and fail to adequately protect consumers. While a more specific law could better protect consumers, it could also stifle innovation and hurt companies like the Wikimedia Foundation.

“It’s not inherently bad for consumers, because it could mean stronger security measures, but it could also become weaker security measures,” Ortega said. “So there’s definitely a case for being more specific, but when you make it more specific you lose innovation.”

Roslyn Layton, a visiting scholar at the American Enterprise Institute (AEI) specializing in tech policy, told InsideSources that there are ways to ensure the kind of proportionality the Wikimedia Foundation wants in a privacy law while still cracking down on the bad actors like Google and Facebook.

“One way is a safe harbor,” Layton said. “If you have a checklist and do a certain set of things, then you shouldn’t worry about the law coming after you. A safe harbor could address that proportionality issue. When they do enforcements and look at antitrust issues, the Federal Trade Commission (FTC) takes this perspective: if you are 0.001% of the marketplace, they’re not going to look at you. You need to have a sizable impact on the market.”

Because bad actors like Google and Facebook are the reason for privacy talks, formulating a law to address their vices while being fair to good actors will be a substantial challenge for Congress.

“On the one hand you want a comprehensive approach but not comprehensive enforcement,” Layton said. “If in fact you only want to go after the big players, then why do you want comprehensive legislation?”

Follow Kate on Twitter