Ad-Targeting Companies and Critics Prepare for Senate Scrutiny - Bits - Technology - New York Times Blog
Ad-Targeting Companies and Critics Prepare for Senate Scrutiny
By Stephanie Clifford
The Senate Commerce Committee will hold a hearing Wednesday to look at the policy issues raised by advertising that is targeted to the online behavior of Internet users. Some of the participants are trying to bolster their positions in advance.
The hottest topic will be proposed systems by which Internet service providers can watch users and sell information about their surfing habits to advertising companies. The Center for Democracy and Technology — whose chief executive, Leslie Harris, will testify — issued a report suggesting that these systems may violate federal law.
On the other side NebuAd, the most active ad-targeting company working with Internet providers in the United States, has introduced two new features to try to tamp down the controversy over its technology. One feature will allow Internet service providers to more prominently disclose to customers that their activities are being tracked. The other will give users a new method to opt out of tracking.
NebuAd “definitely creates some privacy concerns, so we have bent over backwards to make sure we address all those consumers’ privacy concerns,” said Robert Dykes, the company’s chief executive, in an interview. Mr. Dykes will also testify at the hearing Wednesday.
Privacy advocates worry that NebuAd’s business model relies on tracking Web surfers without the surfers being aware of it. NebuAd partners with Internet service providers, uses information from their customers’ surfing to amass profiles and then shows the customers ads based on their interests.
“Advertising per se is not the evil here,” Ms. Harris said in a conference call with reporters Tuesday. “It’s the collection of individuals’ information, usually without their knowledge, always without their consent, creation of profiles and the complete inability of people to make choices about that.”
NebuAd says its profiles are interest-based, and not personally identifiable. The company says it can create profiles as broad as “someone interested in autos” or as granular as “someone interested in a used German luxury car” in order to serve relevant ads. (My colleague Saul Hansell has written in detail about NebuAd’s tracking system.)
“What’s important is we don’t have the raw data. They’re anonymous profiles,” Mr. Dykes said.
The two updates to NebuAd’s privacy standards include an online alert that Internet providers can use to tell subscribers that they are being tracked by NebuAd, and a way that people can opt out of NebuAd tracking even when they are also deleting their cookies.
Mr. Dykes said it was up to the Internet providers to choose whether and when they wanted to display the online notice. Currently, the Internet providers have told users about their use of NebuAd through an e-mail message or a notice in their billing statements.
As for the cookie-based opt-out, he said, “people are looking for other means to ensure that once they’re opted out, there is really a network-based approach to ensure they stay opted out. While we’re not revealing technology details, we are saying we’ll be offering users a choice. They’ll have the opportunity if they want cookie-based opt-out, but also another choice to use a network-based opt-out.”
The changes come as parts of NebuAd’s business have stalled over privacy concerns. Charter Communications said last month that it would suspend a trial of NebuAd due to customer concerns about privacy. Other companies testing the software, including Wide Open West and CenturyTel, have also halted their tests of NebuAd.
Mr. Dykes said the Internet service providers want to make sure the users and public understand how NebuAd’s system benefits the Internet by driving advertising dollars to the more general-purpose Web sites while also operating under very strict privacy rules.
Asked how many ISPs the company was currently working with, Mr. Dykes did not specify the number. “We are deployed with some Internet service providers, but we are perfectly O.K. for some of our partners to wait until we have a better, more informed education of the public and folks in Washington before they resume their rollout,” he said.
The C.D.T. noted in a press release “that Federal law would allow the practice with the consent of the subscriber.” However, CDT added, “that consent should not be obtained through a notice buried in a ‘terms of service’ agreement or inserted in a billing statement.”
The C.D.T. representatives at the press conference said they had not examined NebuAd’s new privacy standards in depth. “I think it’s important to say that they’re still going with an opt-out model,” said Ari Schwartz, vice president at C.D.T. What is still unclear, he said: “Are they stopping collection of information when people actually do opt out?”
Mr. Dykes argued that because NebuAd was not collecting personal or sensitive information, the opt-out procedure (as opposed to opt-in) was appropriate. “If you do collect personally identifiable information, or if you do collect sensitive information, it should be opt-in,” he said. “We have designed our entire company to make sure that we stay on the opt-out side of those laws and policies.”
What do you guys think about this? I suspect the libertarian response is well, you signed up to use their network, they can do with the information they have about your usage what they want with it. If you don't like it, don't use the service
But I don't think that's a realistic response, since in many areas your choices for broadband are extremely limited, and it's likely if its allowed, all companies would be taking advantage of the gold mine offered by sifting through their customers viewing habits in order to make more money.
I certainly think they should be forced to require users to opt in
to the service, rather than opt out, so anyone wanting to do it would know full well what they're getting themselves into, rather than having to sift through a bunch of legal jargon to find it embedded somewhere in their EULA or whatever they have..
And I don't particularly care that the data is supposed to be anonymous, there's no guarantees that that data remains safely in the hands of someone without the ability to connect the dots