American ISPs already sharing data with outside ad firmsMultiple American ISPs are sharing customer data with outside firms
that deal in so-called behavioral ad targeting, and according to one of
these firms, the Silicon Valley-based
NebuAd, roughly 10 per cent of all US web surfers are affected.These ad companies, which also include the Sonora, California-based
Front Porch, won't say which ISPs have adopted their services. But two internet service providers, the Georgia-based
Knology and the Sprint-spin-off
Embarq, admit to using such platforms on a test basis, and according to multiple users who've posted their stories to
Broadband Reports, NebuAd is tracking data on
WOW!, an ISP serving the Chicago area.Using deep-packet inspection hardware - similar to technologies used
by anti-virus vendors - NebuAd tracks the search and browsing activity
of net surfers. But it says this data is never matched to personally
identifiable information."With a one-way hash, we turn your IP address and other data into an
anonymous profile, and we use that to see if you qualify for innocuous
categories," NebuAd CEO Bob Dykes told us. "We can track someone
looking for a luxury car, not just a car - someone searching not just
for travel but travel to the south of France or Las Vegas." NebuAd then
uses this information as a means of targeting ads. And naturally, the
ISPs take a cut of its profits.Dykes - once chief financial officer at Symantec - also says that
ISP customers are clearly notified before NebuAd begins tracking their
behavior.
Ten per cent of all US net surfers
As reported by
The Washington Post,
NebuAd is tracking data from roughly 10 per cent of all US net surfers
- though the company has already signed contracts that would broaden
this scope. "We cover about 10 per cent today," Dykes told us. "But our contract could reach more than that."
Front Porch offers ISPs a service similar to NebuAd's, but it
reaches little more than 100,000 US net surfers. Other operations that
appear to be working on similar services include
Adzilla and
Project Rialto, a "stealth company" created by Alcatel-Lucent, but these firms did not respond to our interview requests. Yes,
Front Porch and NebuAd are also doing something similar to
Phorm
- the behavioral advertising firm with controversial ties to three
British ISPs: BT, Virgin Media, and Carphone Warehouse. And like Phorm,
they're quick to play down the controversy. "Many customers are uneasy with the current status-quo," Front Porch
CEO Zach Britton told us. "Our challenge, as an industry, is to
communicate what is, and isn't transpiring. If successful, we will show
that ISP-based behavioral targeting offers greater benefits and is less
privacy invasive than typical Google searches. If not, the industry
will be stillborn."
Ari Schwartz is the Vice President and Chief Operating Officer of
the Center for Democracy and Technology (CDT). Schwartz's work focuses
on increasing individual control over personal and public information.
He promotes privacy protections in the digital age and expanding access
to government information via the Internet. He regularly testifies
before Congress and Executive Branch Agencies on these issues.
Schwartz also leads the Anti-Spyware Coalition (ASC)
, anti-spyware software companies, academics, and public interest
groups dedicated to defeating spyware. In 2006, Schwartz won the RSA award for Excellence in Public Policy for his work building the ASC and other efforts against spyware. He was also named one of the Top 5 influential IT security thinkers of 2007 by Secure Computing Magazine.
Schwartz currently serves as a member of the Department of Commerce National Institute of Standards and Technology Information Security and Privacy Advisory Board and the State of Ohio Chief Privacy Officer Advisory Committee.
If these companies steer clear of personally identifiable
information - and they insist they do - their services are perfectly
legal in US. But, says Ari Schwartz, chief operating officer of the
Center for Democracy and Technology, the services may be "pushing the
boundaries of what consumers expect". It all depends on whether these
companies - and their ISP partners - are open about what they're doing.
"[These firms] are going to say they're not transferring any
personal information, and all the US laws are based on personal
information," Schwartz told us. "But there are some questions as to
whether they're properly notifying people. "There has to be an unavoidable notice for consumers," he continued.
"We think that burying the information in the terms of service is
clearly not enough." And he would prefer that these companies use an
opt-in model - rather than an opt-out. Like NebuAd, Front Porch insists that it properly notifies ISP
customers. In the US, it has deployed its service on both residential
ISPs and wireless hotspots. On the residential side, it says that users
are notified via its very own browser-based "messaging system." "We mandate that all our ISP partners ensure that 100 per cent of
users understand what's going on and, secondly, that 100 per cent of
users get the choice about whether they want to participate or not."
The company's notification screen looks something like this:
Front Porch notification screen
Supplied by the company, this is a generic version of the screen -
with 'insert logo here' used to indicate where the name of the
participating ISP is posted. When it appears in a browser, users can
bypass the screen by clicking on a link just above it, but the company
says that if a user doesn't check 'yes' or 'no,' the screen will
reappear at a later time.
Britton does acknowledge that the language on this screen changes
from time to time - the 'yes' and the 'no' boxes might be reversed, for
instance - but he insists that every user sees a screen like this.
On the hotspot side, things work a bit differently. The messaging
service is not used. Instead, users are only notified from a lengthy
terms of service that appears when they sign up - and there's no
opt-out.
"If you're traveling through one of our airports or hotel chains or
whatever, and it's offering free internet access, in that first page
there's a clear part that says we will give you targeted advertising
while you're on this network.
"This is a free service, so if you don't want targeted advertising, you just say no to the free access."
Meanwhile, NebuAd sent us a copy of its standard contract, where
ISPs are required to "directly" notify customers. But Knology seems to
contradict the company's definition of "directly." And although other
ISPs, including WOW! and the Kansas-based Embarq, have added language
to their terms of service indicating they're using a service like
NebuAd's, it's unclear if they provide more direct notification.
Gov advisors: Phorm is illegal
The Foundation for Information Policy Research (FIPR), a leading
government advisory group on internet issues, has written to the
Information Commissioner arguing that Phorm's ad targeting system is
illegal.
The accompanying announcement (pdf) explained how it envisaged its relationship with ISPs and their customers:
The company's business model revolves around distributing
its PageSense technology to as many users as possible and showing users
as many advertisements as possible, without causing negative reaction,
to maximise response.
121Media currently acquires most of its users by integrating its
PageSense Desktop technology with consumer software products known as
distribution applications, which are offered free of charge to internet
users in exchange for their permission to display advertisements.
PageSense Javascript can be embedded by a variety of partners, such
as Internet Service Providers, serving pages to those connecting to the
internet through them.
Sounds quite familiar, doesn't it? The difference between
121Media/Phorm and PeopleOnPage is that the newer company buys its
targets direct from ISPs, rather than persuading people to download
spyware.
Phorm is run by Kent Ertegrul, a serial entrepreneur whose past
ventures include selling joyrides on Russian fighter jets. Previously,
his most notable foray online was as the founder of PeopleOnPage, an ad
network that operated earlier in the decade and which was blacklisted
as spyware by the likes of Symantec and F-Secure.
Security firm F-Secure describes PeopleOnPage's software here.
It says: "The spyware collects a user's browsing habits and system
information and sends it back to the ContextPlus servers. Targeted
pop-up advertisements are displayed while browsing the web.
"Each installation is given a unique ID, which is sent to the
ContextPlus server to request a pop-up advertisement." ContextPlus was
the rootkit that PeopleOnPage used to harvest data and hide its
presence.The similarities between this business model and that which will be kicked off by Phorm in the coming months are striking.
Congress spotlights another American data pimperCongressman Ed Markey - chair of the House Subcommittee on
Telecommunications and the Internet - has called out another American
ISP for pimping user data to NebuAd, the
Phorm-like behavioral ad targeter.
Yesterday, Markey and fellow Congressional big-wigs John D. Dingell
(chairman of the House Committee on Energy and Commerce) and Joe Barton
(ranking member of the House Committee on Energy and Commerce) lobbed an
open letter at the Kansas-based Embarq Corporation, questioning the NebuAd
tests it ran this spring.
Using deep packet inspection, NebuAd tracks the search and browsing
activity of ISP users in an effort to target online advertisements. The
system is opt-out-based, and though Embarq updated its privacy policy to
reflect the tracking of user data during the trials, it's unclear whether
customers were provided with more direct notification.
"Surreptitiously tracking individual users' Internet activity cuts to the
heart of consumer privacy," reads a canned statement from Congressman
Markey. "The information collected through NebuAd's technology can be
highly personal and sensitive information. Embarq's apparent use of this
technology without directly notifying affected customers that their
activity was being tracked, collected, and analyzed raises serious privacy
red flags."
snip
With their open letter, the Congressmen toss nine pointed questions at the
Sprint-spin-off, hoping to understand how those NebuAd trials were
conducted. Embarq has not said where the trials took place or how many
users were affected.
Markey and crew can't help but wonder whether those trials ran afoul of
the Communications Act of 1934, the Cable Act of 1984, the Electronic
Communications Privacy Act, and other wiretapping-related US statutes.
In May, Markey and Barton sent a
similar letter
to the midwestern ISP Charter Communications, and early tomorrow
morning, Markey's Subcommittee on Telecommunications and the Internet
will convene for a hearing entitled "What Your Broadband Provider Knows
About Your Web Use: Deep Packet Inspection and Communications Laws and
Policies."
snip
Another ISP Suspends NebuAD TrialsCenturytel suspends trials in face of Congressional inquiry...
On the heels of Charter's decision last week to
suspend their use
of NebuAD user tracking ad technology, I'm seeing hints that CenturyTel
may be doing the same thing. In addition to reworking their privacy
page, the company is
e-mailing customers who ask
to inform them that plans to implement the gear have been "delayed."
Carriers are concerned after Congress showed hints they could be
investigating the technology because it potentially violates several
Federal wiretap and privacy laws. From an e-mail to a subscriber:CenturyTel
is not currently using online behavioral advertising tools in any of
its markets, and we are delaying our plans to move forward with the
deployment of online behavioral advertising services - either through
NebuAd or any other vendor - at this time. CenturyTel is delaying its
implementation plans so that Congress can spend additional time
addressing the privacy issues and policies associated with online
behavioral advertising.
Of course, an employee at one ISP tells me
NebuAD is promising ISPs that they're developing a new opt-out system
that is IP-address based. The current cookie-based system only stops
targeted ad delivery; it doesn't opt the user out of browsing tracking
(potentially running afoul of
three laws).
Should NebuAD's new opt-out mechanism please Congress (something I'm
sure lobbyists are already working on), you will see these plans
revisited.
Related:
Swiss Bank, CA Court Censor Whistleblower WebsiteEmbarq, WOW Bury Snooping In Terms Of ServiceCongressmen Want To Chat With Charter Over PrivacyBehavioral Advertising Could Be IllegalConsumer Groups Want Charter, NebuAD InvestigatedCharter NebuAD Trials DelayedCharter User Monitoring Plans SuspendedAfter Charter's Decision To Drop NebuAD, Will Other ISPs Follow?Congress asks Embarq about selling customer info (AP)biz.yahoo.com
Congress
asks Embarq about selling customer info. - KANSAS CITY, Mo. (AP) --
Congress has asked Embarq Corp. about its work with a company that
tracks online subscribers' Web traffic for advertising purposes, part
of growing concern about Internet privacy.
Congress
has asked Embarq Corp. about its work with a company that tracks online
subscribers' Web traffic for advertising purposes, part of growing
concern about Internet privacy.Overland Park, Kan.-based Embarq is the
nation's fourth-largest traditional telephone company with 1.34 million
source The Missouri Public Service Commission will let Embarq Corp. set its own telephone rates for certain Missouri cities.
The PSC said in a Tuesday release that it had granted Embarq's June
3 request for competitive classification. The classification, which
allows Embarq to control rates rather than the PSC, applies to business
services in Buckner, Odessa, Oak Grove, Pleasant Hill and Salem, as
well as residential services in Salem.
The change does not apply to exchange access service.
For competitive classification, at least two other nonaffiliated
entities must offer local telecommunications service. One may be a
wireless provider and the other a wireline company that offers local
voice service using facilities it owns fully or partially.
Local phone companies are regulated, but others that also provide
local phone service, such as cable companies, are not, Embarq spokesman
Tom Matthews said in a June 6 interview.
| Jul 16, 2008Less
than one week after NebuAd CEO Bob Dykes assured the Senate Commerce
Committee that the company respects consumers' privacy, lawmakers are
raising new questions about its platform.
Embarq Corporation
- Company Profile Snapshot
CompanyProfile:Embarq Corporation
Ticker:EQ
Exchanges:NYSE
2007 Sales:6,365,000,000
Major Industry:Utilities
Sub Industry:TelecommunicationsCountry:
UNITED STATES
Employees:18000
Business Description Embarq Corporation
The Group's principal activities are to provide local and long distance
voice, data, high speed Internet, wireless and satellite video services
to consumer. The Group also provides access to local network and other
wholesale communications services for other carriers, communications
equipment for business markets and other communications-related
services. The Group operates through two segments: Telecommunications
segment and Logistics segment. Telecommunications segment provides
regulated local communications services as an incumbent local exchange
carrier to U.S. households. Logistics segment provides wholesale
product distribution, logistics and configuration services. In May
2006, the Group completed the spin-offf from Sprint Nextel.