Soltani, who starts in November, will replace Harvard's Latanya Sweeney -- who became famous for research that cast doubt on anonymization techniques. Soltani's appointment is seen as signaling the FTC's continued interest in online companies' privacy and data practices.
“Ashkan is going to bring a tremendous amount of expertise to the Commission and should cause every data company to review their approach,” Jeff Chester, executive director of the advocacy group Center for Digital Democracy, tells MediaPost. “Ashkan knows where the data bodies are buried. You can't fool him.”
The high-profile Soltani recently contributed to the Washington Post's prize-winning articles about former National Security Agency contractor Edward Snowden's surveillance revelations. Soltani also consulted with The Wall Street Journal for a series of pieces about tracking by online ad companies.
In addition, he has consulted with state regulators engaged in privacy investigations. For instance, he helped the New Jersey Attorney General build a case against PulsePoint, which allegedly circumvented Safari users' privacy settings. PulsePoint (formed by a 2011 merger of Datran Media and ContextWeb), agreed to pay $1 million and to implement a comprehensive five-year privacy program as a result of the probe.
That settlement grew out of allegations that PulsePoint “hacked” Safari's privacy defaults, which automatically block cookies by ad networks and exchanges. State officials said in court papers that PulsePoint served an estimated 215 million ads to Safari users in New Jersey from June of 2009 through February of 2012. (PulsePoint said the cookies were set by predecessor company ContextWeb, and that PulsePoint executives were not aware of the practice until last February, at which time they stopped employing the workaround.)
In 2011, Soltani reported that the analytics company KISSmetrics tracked people using ETags, which store information in users' browser caches. If those users erased their cookies, they could be recreated with information from the ETags.
KISSmetrics' technology caused concern because the company assigned the same random identifier to users across more than one site. Soltani pointed out that doing so enabled companies to compare information about the same user, regardless of that person's attempts to avoid tracking and online profiling. (The company's CEO said at the time that KISSmetrics never linked data about users' activities across sites.)
Within one week of Soltani's report, KISSmetrics not only stopped using ETags, but said it would allow people to opt out of tracking.
Not everyone was enthusiastic about the FTC's move. Interactive Advertising Bureau general counsel Mike Zaneis says it's “curious” that the FTC taps “privacy advocates” like Soltani to serve as technology officers.
He adds that some previous FTC hires engaged in “a lot of wasted effort, tilting at these privacy windmills, like do-not-track.” Princeton professor Ed Felten, the FTC's first chief technology officer, worked on the World Wide Web Consortium's effort to develop standards to interpret browser-based do-not-track signals. That initiative is still underway.