Senate, Web ad titans joust over behavioral targeting

A U.S. Senate panel on Wednesday picked apart behavioral Web advertising as executives from the likes of Google, NebuAd and Facebook touted their privacy controls and even went as far as noting that ads are good for you.

The hearing before the Senate Committee on Senate Committee on Commerce, Science & Transportation went something like this:

• Declan McCullagh reports that the latest technique surrounding targeted ads, which rely on intercepting Internet packets to build anonymous profiles, was likened to "wiretapping" by Sen. Byron Dorgan, D-N.D. Sen. Daniel K. Inouye said:

"I am troubled by the current state of affairs. I fear that our existing patchwork of sector-specific privacy laws provides American consumers with virtually no protection. At the same time consumers in other countries are treated with more respect and concern by the very same companies who so freely collect our most private information without warning."

• Obviously, the panelists begged to differ while the Federal Trade Commission noted that it was on the case. Google, NebuAd and others stepped up to the plate to defend themselves and note that targeted ads can be useful.

• And as in true Washington, D.C. fashion there are more hearings planned.

It seems fairly obvious to me that Tom Steintert-Threlkeld's privacy proposal is the way to go. Tom writes:

Require upfront notices to Web surfers that appear on their screen the first time they visit any site that issues a cookie or uses any other technology to keep a record of their activity on that site. This would apply to any site, not just search sites. Tom also adds that privacy disclosures should be in English (good luck with that one).

But before we get anywhere near Tom's proposal we're going to get (you guessed it) more hearings. Among the sound bites worth noting from the latest round of testimony:

In the online ads are good for you department, Google's senior privacy counsel Jane Horvath said (full testimony):

Online advertising also promotes freer, more robust, and more diverse speech. It’s no coincidence that blogs have proliferated over the past few years. Our AdSense product enables bloggers and other publishers to generate revenue from ads that we place on their websites. Without online advertising, the individuals who run these sites would not be able to dedicate as much time and attention to their publications as they do today.

In the make privacy laws uniform department, Horvath noted:

Google supports the passage of a comprehensive federal privacy law that would accomplish several goals such as building consumer trust and protections; establishing a uniform framework for privacy, which would create consistent levels of privacy from one jurisdiction to another; and putting penalties in place to punish and dissuade bad actors.

In the we're under fire, but I'm going to convince you that the concerns are unnecessary department, Bob Dykes, CEO of NebuAd, said (see testimony):

Let me explain our privacy motivation more fully. I come from a security background, serving for many years as Executive Vice President of Symantec Corporation, a global leader in providing security solutions for computers and computer networks. When we launched NebuAd several years ago, it was at a time when many people had particularly heightened concerns about data security.

And.

As a result, NebuAd's service is designed so that no one - not even the government - can determine the identity of our users. That means our service for ISP users, including the ad optimization and serving system, does not collect or use any PII (personally identifiable information). In addition, NebuAd requires its Internet service provider ("ISP") partners to provide robust, advance notice about our operations and our privacy protections to their subscribers, who at any time can exercise their choice not to participate. And, finally, we have located our servers in highly secure data centers.

In the we're not going there department, Facebook privacy officer Chris Kelly said:

Advertising products that sell personally identifiable information to advertisers without user permission, that rely on transforming non-personally identifiable information into personally identifiable information without robust notice and choice to users, or that rely on data collection that a user has scant notice of and no control over, raise fundamentally different privacy concerns. Facebook does not offer such products today and has no intention of doing so.

In the "since I'm here I might as well attack Google department," Microsoft privacy czar Mike Hintze said in a whopping 63 page PDF:

And in the we have a big honking problem here department, Leslie Harris CEO of the Center for Democracy & Technology said:

The recent spate of acquisitions of the online advertising industry’s largest players by major Internet companies is powerful evidence that the online advertising marketplace is headed toward more data aggregation tied to a single profile – and one that may be more readily tied to a person’s identity.  And while we have yet to see evidence that this new advertising model will reap the promised rewards, it is already migrating from individual Web sites to the infrastructure of the Internet itself: In the last year, Internet Service Providers (“ISPs”) have begun to form partnerships with ad networks to mine information from individual Web data streams for behavioral advertising. Ad networks that partner with ISPs could potentially collect and record every aspect of a consumer’s Web browsing, including every Web page visited, the content of those pages, how long each page is viewed, and what links are clicked. Emails, chats, file transfers and many other kinds of data could all be collected and recorded. The ISP model raises particularly serious questions. Thus far, implementations appear to defy reasonable consumer expectations, could interfere with Internet functionality, and may violate communications privacy laws.