Updated with response from Adobe (NSDQ: ADBE). So-called Flash cookies-chunks of data embedded in the Adobe Flash Player on internet users’ browsers that can’t be eliminated with standard privacy controls-have been on the radar of privacy advocates since last year. But the FTC made it clear today that it’s now starting to take a more active role in addressing what it referred to as the “Flash problem.”
In response to a question from a reporter about whether the FTC was looking into ways to implement a “Do Not Track” system not within web browsers, FTC Chairman Jon Leibowitz said that the commission hopes to explore other options as it receives public comment over the next two months. Then he added: “There’s an Adobe Flash problem that needs to be solved… We’ve been talking to Adobe.”
Later in the press conference, the FTC’s incoming chief technologist, Ed Felten, clarified that the “problem” Leibowitz referred to is in fact the “Flash cookies,” which Adobe refers to as “local shared objects.” Felten said: “The issues have to do with uses of Flash for tracking, Flash cookies for example. As of today, when you use the privacy controls in your browser, they don’t directly affect the treatment of Flash local shared objects… There are some other issues with Flash, which I suppose we could address at another time.”
An Adobe spokesperson pointed out that Flash’s local shared objects were never designed to be used for tracking purposes, and noted that the company “has repeatedly stated publicly that we condemn such practices because they clearly circumvent the user’s expressed choice.” The company would also support “any industry initiative to foster clear, meaningful and persistent choice regarding online tracking.” And new versions of Flash Player have better privacy controls, which are better integrated with web browsers. At least one browser, Google Chrome, now allows users to control the Flash cookies from within their browser’s privacy controls.
Privacy advocates have been especially concerned with Flash cookies since a UC Berkeley study came out in 2009 regarding little-known online tracking technologies. Adobe’s Flash software is embedded in 98 percent of computers, and is necessary to watch online video at sites like YouTube (NSDQ: GOOG). While a browser can remove “normal” HTTP cookies, the privacy controls in a web browser like Mozilla Firefox or Microsoft (NSDQ: MSFT) Internet Explorer can’t remove Flash cookies, which can only be removed by using two separate services available on Adobe’s web site.
The conversations with Adobe may well be a result of Felten’s recent hiring. Felten was a board member of digital rights group Electronic Frontier Foundation, which praised the FTC’s choice. Felten has a long-standing concern with privacy and tracking issues such as those raised by Flash cookies.