[Before we start, a note to everyone expecting a column about the Social Security Guess Mess: Something's come up re the topic and I'm going to hold off for a bit while I figure out if it's an interesting "something." Thanks for your interest and stay tuned.]

The paper titled "Self-Regulatory Program for Online Behavioral Advertising," brought to you by the four largest online advertising trade associations, is 15 pages long and includes sentences such as "The Principles apply to online behavioral advertising, defined as the collection of data online from a particular computer or device regarding Web viewing behaviors over time and across non-affiliate Web sites for the purpose of using such data to predict user preferences or interests to deliver advertising to that computer or device based on the preferences or interests inferred from such Web viewing behaviors."

Translation: Oh god oh god oh god please don't regulate us. We promise to behave.

I've been reading through the advertising industry's recent white paper on protecting user PII and the privacy thereof, (PDF available here), and it's freakin' coma-inducing. (And I say this as someone who reads GAO reports and governance documents for fun.) What is amusing is the fire that was lit under the American Association of Advertising Agencies (4As), the Association of National Advertisers (ANA), the Direct Marketing Association (DMA), and the Interactive Advertising Bureau (IAB) that resulted in getting this document out the door.

Again, the crackling of that fire sounds like: Oh god oh god oh god please don't regulate us. We promise to behave.

Who held the gasoline can for this? Why, the FTC, which issued its own "Self-Regulatory Principles for Online Behavioral Advertising" (note sucking-up-type- similarity of the two report names) back in February, after casting a gimlet eye on the behavioral-advertising space back in 2007. Contextual advertising we can all handle, the prospect of Google or some-such popping an ad for birthday-party supplies next to the results of your search on "cake and candles." Behavioral advertising, however -- letting Site A tell Site B what we've been doing for the sake of more specific ad targeting -- that makes people nervous.

And which nervous people are holding the matches? Rep. Rick Boucher (D -Va.), for one. Rep. Boucher heads the House Communications, Technology and the Internet Subcommittee, and he has been holding hearings in anticipation of perhaps introducing a bill to make consumer protections the law.

So yes, gasoline and matches are check. But no one really wants a major e-commerce conflagration right now -- this isn't the economic landscape for that -- and so the players are moving slowly into sync.

The seven principles outlines in the report (education, transparency, consumer control, data security, material changes, sensitive-data handling, and accountability) are by definition quite broad, but they're saying the right things: Tell the consumer what behavioral advertising is and how their surfing habits are used to make it work. Give them the power to choose if their own data will be collected and/or transferred to another site or database. If you gather data, secure the data, and don't over-gather. Tell people if you change your policies. Be especially careful with data from kids or data about health issues. Make your policies sturdy and make them stick.

Drilling down into the Data Security guidelines, some of those are also pretty general stuff: Maintain appropriate physical, electronic and admin safeguards for data, and don't keep data any longer than you for business purposes or by law. (That "for business purposes" language looks a lot like a loophole to me, but again, broad principles.)

There's a bit more meat on the bones of the section about how precisely one treats data, mainly enjoining gathers to alter, anonymize, or randomize anything they gather in such a way as to not permit third parties to reconstruct it, and -- this is the part I genuinely like and think could go as far as anything to cleaning up advertisers' collective act -- take steps to make sure that any other downstream recipient of the data also abides by the rules.

Accountability, what a concept! If no other concrete measure is pursued in this process, putting in place a system of accountability for data as it's sold and resold would be a beautiful, long-overdue thing. As a consumer, I understand (or should understand) that my activities on Site A are probably known to Site A. I may even understand that Site A and Site B may do some business with that information. But, taking my earlier birthday-party analogy, I have a right to be hostile if my search, combined with other data gathered about me, somehow causes me to be deluged with too-personal pitches from the National Association of People Not Getting Any Younger -- especially if Site A and Site B disavow responsibility for what's become of the data they originally gathered and said they'd treat properly.

Though the Better Business Bureau and the Direct Marketing Association aren't signatory to these policies, both groups say they'll be using these principles in their own programs. More intriguing from the beleaguered-consumer standpoint, it sounds as if there's some well-developed thinking about how data about what's collected will be made available to consumers -- either sites must post a list of entities collecting data on that site for behavioral advertising (with links to each site's consumer notice and opt-out tools), or we might have an industry-developed site through which consumers can manage their permissions. Sounds ambitious; can't wait to try it out.

And now for something almost completely different: Can't think what it was I was reading earlier today -- some piece of overwrought prose by an OS partisan, I'm pretty sure -- but it oddly reminded me of the Pete Hoekstra Is A Meme blog, your source for the kind of dramatic overstatement that would embarrass Scarlett O'Hara. In a week where many security folk are looking to maintain composure in the face of genuine Big Deal Occurrences, it's pleasant to have a laugh at people exhibiting no sense of perspective.