Personal financial information, which consumers key in to Intuit's popular Quicken Web site, has been leaked out to advertisers, although the company has moved swiftly to address the problem.
A design quirk in some e-commerce Web sites allows sensitive consumer information -- including personal habits, tastes or finances -- to be attached to Web page location codes used by third parties, such as ad-placement companies. In the case of Intuit, both a mortgage calculator and a credit assessment feature on its Quicken site collect information from customers regarding their income, assets and debt. However, it then sends the data to DoubleClick, a company that sells and places advertising on Web sites. DoubleClick says it doesn't keep any of the data it receives.
The "data spillage" problem, discovered by Richard M Smith, an Internet security consultant, appears to be widespread, and isn't limited to personal finance sites. Among others, e-tailer Buy.com appears to be sending DoubleClick the titles of videos its customers are searching for on the site.
Intuit, a leader in personal finance services, wasn't aware of the problem when it was initially contacted on Wednesday. After company officials analysed the electronic traffic, Intuit vice president, Brooks Fisher, said, "We believe it is a leakage, and it is a problem." Fisher said the firm immediately began a "stop action". Two hours later, the company said it decided to remove the DoubleClick ad from its Quicken loans site.
Intuit said it conducted a broad review to see if similar occurences were hidden in its calculators and other interactive features, but concluded that the problem was isolated to its loans site. "As a strong privacy company, anything like this we take very seriously," Fisher said.
DoubleClick's chief executive, Kevin O'Connor, said his New York firm is also looking into the matter. "We are actively looking at all the sites to find out if this quirk is happening, and when and if we discover this, we will immediately tell our clients," he said.
The problem was traced to a so-called GET procedure, a programming method for entering data into a Web site in which the information also "spills" into the field at the top of the Web page containing the Web address. When a home page communicates with an outside ad-placement company, such as DoubleClick, it sends out the location to which the ad should be sent, which is called a referral URL. In pages composed with the GET procedure, the referral URL is loaded with all the data a user has entered into an interactive site. On the Quicken mortgage calculator site, if a customer checks to see what kind of mortgage is available for someone with $100,000 (£62,000) in income and $50,000 (£31,000) in assets, a string of data is transmitted that includes the pieces "income-100000" and "cash-50000".
The GET method is one of two primary ways to program interactive forms, such as mortgage calculators, so the data leaks are believed to be widespread. "Anybody who writes a GET procedure, this has been happening to on the Net," Fisher said.
O'Connor of DoubleClick said the problem is even broader than that, and is actually endemic to the Internet generally. Anytime you go from one site to another, he noted, URL information is exchanged. But Smith, the computer consultant who identified the problem, noted most URLs don't contain personal data.
O'Connor emphasised that DoubleClick doesn't have any of the information it was sent by Intuit or any other clients. "We do not use or collect any referral field information," he said. In general, he added that the company can't use such information. "It is our clients' data, and we are contractually not allowed to use that data," he said.
Smith said other sites, such as RealNetworks and AltaVista, have had similar problems, but have already addressed them. In the case of Buy.com, the information about movie titles is intentionally being sent to DoubleClick. Buy.com vice president Tony McAllister said customers who search for The Sixth Sense are piped an ad for The Bone Collector. However, the titles can't be linked with actual customer names.
Bo Andersen, president of the Video Software Dealers Association, said the Video Privacy Protection Act prohibits most sharing of customers' preferences. "Even for purposes of marketing back to the consumer, at most, very broad categories of works may be disclosed, and specific titles may not," he said.