Lawmakers call on NebuAd to change privacy notification

IDG News Service - WASHINGTON -- Several U.S. lawmakers called on behavioral advertising vendor NebuAd Inc. to change its privacy notification procedures so that customers have to opt in for the company to track their Web habits instead of opting out.

Several members of the House of Representatives Telecommunications and Internet Subcommittee questioned NebuAd's business practice of working with Internet service providers to track subscribers' Web activities in an effort to deliver targeted advertising to them.

NebuAd uses a method called "deep-packet inspection" to examine subscribers' traffic across the Web, and it requires them to opt out if they want to avoid being monitored. That practice raises serious privacy concerns, said Rep. Edward Markey (D-Mass.), chairman of the subcommittee.

Deep-packet inspection is a method that ISPs and other companies use to examine the contents of packets traveling across the Web.

At a hearing today on ISPs' use of deep-packet inspection, Markey pressured NebuAd Chairman and CEO Robert Dykes to switch to an opt-in model. "Should you get permission from the consumer first?" Markey asked. "Will you give them opt-in?"

Dykes wouldn't commit to changing his service to opt-in, although he said NebuAd will work with the Center for Democracy and Technology address the concerns that the privacy group has voiced. Earlier this month, NebuAd also announced plans to provide notification of the Web tracking online, in addition to notifying users via e-mail or in notes on the bills ISPs send to customers, he said.

Instead of giving Internet users the opportunity to opt in rather than requiring them to opt out, "it's much more important that the consumer is well informed," he said.

Several lawmakers disagreed. "Why do I have to opt out?" asked Rep. Bart Stupak (D-Mich.). "Why should the burden have to be on the American consumer?"

NebuAd doesn't collect personal or sensitive information and removes identifying information from the data it collects, Dykes said. Other Web companies that collect information in a similar way don't have to get opt-in permission from consumers, he said.

"The science exists today -- and NebuAd is using it -- to create truly anonymous profiles that cannot be hacked or reverse-engineered," Dykes added.

Privacy advocates started raising concerns about NebuAd's service after Charter Communications Inc., one of the largest providers of cable broadband service in the U.S., announced in May it would test the NebuAd product. In June, Charter suspended the trials because of privacy concerns raised by customers.

But several other U.S. ISPs are using or testing NebuAd's service in attempts to get a piece of the Internet advertising pie. This week, Markey and two other lawmakers sent a letter to Embarq Corp., a Kansas ISP, questioning its use of NebuAd Web tracking, apparently without notifying its customers.

While some lawmakers at the hearing questioned whether NebuAd's service violates state wiretapping laws, as the privacy group has suggested, other lawmakers said Congress is targeting a small category of businesses even though there are other Internet-based businesses that collect huge amounts of data.

Google Inc., Yahoo Inc. and Microsoft Corp. deliver targeted ads, said Rep. Cliff Stearns (R-Fla.). "Consumers don't care whether you're a search engine or a broadband provider," he said. "They want to ensure you are not violating their privacy either way."

Stearns also questioned whether there was any demonstrated consumer harm from the NebuAd model of collecting data. "It's imperative that there be some evidence of harm if we're going to regulate this practice, or we run the risk of prematurely restricting the latest technological advancements," he said. "As the overall economy continues to take a significant downturn, the government should not be contemplating how to make it harder for small businesses to succeed."

But Markey and David Reed, an MIT professor and a pioneer in the development of the Internet, suggested that an ISP has much more power to track Internet users' habits than an individual Web site or an ad network. "You've got Google times 100," Markey said.

Reed compared ISPs using NebuAd to a package delivery company looking inside every box it handles.

Deep-packet inspection methods "violate long-agreed standards and principles of Internet design," Reed said. Such services put the Internet at risk, he said, by "normalizing nonstandard and risky technical activity on behalf of telecom operators and broadband operators who may choose to exploit their captive customers rather than transparently delivering the communications services for which their customers have paid."

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.