Putting Web monitoring service NebuAd under the legal microscope
As the chief executive of controversial online ad company NebuAd prepares to be grilled by senators Wednesday, the Center for Democracy and Technology today raised new legal questions about the company's snooping on Web surfers.
NebuAd, a Silicon Valley startup, helps Internet service providers track their customers on the Web in order to send them highly targeted advertisements. Privacy and public interest advocates have complained loudly about the company's technology, which they say is too intrusive. The ties of some NebuAd employees to spyware company Claria, which we noted last month, add to the concern.
The outcry, along with questions by two key members of Congress about the legality of such tracking by ISPs, led Charter Communications to announce last month it was indefinitely delaying using NebuAd's service.
Reps. Edward J. Markey, a Massachusetts Democrat, and Joe Barton, a Texas Republican, wrote to Charter in May (PDF download here) saying they believed that ISPs using NebuAd's technology might violate federal laws designed to protect the privacy of personal information collected by cable companies about their subscribers.
This morning, the Center for Democracy and Technology pointed to other laws that NebuAd could be breaking. The group released a 13-page memo arguing ...
... that ISPs also might violate federal wiretap laws, as well as wiretap laws in California and 11 other states (PDF download here). It might sound odd to compare old-fashioned wiretapping with data packets zipping across the Internet. But the federal law was updated by the Electronic Communications Privacy Act in 1986, and state laws have been modernized as well.
Here's part of the legal case that Center for Democracy and Technology Vice President Ari Schwartz made to reporters this morning about the federal law:
Service providers cannot intercept or divulge the contents of a subscriber's communications except pursuant to limited exceptions. We think that it's clear that the website communications in this case are electronic communications and that copying of Internet content for disclosure to advertising networks constitutes an interception under the law, and that divulging it to NebuAd should be considered divulging under the law.
The group's president, Leslie Harris, will raise this issue when she testifies tomorrow before the Senate Commerce Committee on the "Privacy Implications of Online Advertising." The hearing has the potential to produce some fireworks. Other witnesses include NebuAd Chief Executive Robert R. Dykes and Lydia B. Parnes, director of the Consumer Protection Bureau of the Federal Trade Commission, which has proposed privacy principles for online behavioral advertising.
For additional pyrotechnics, senators also might dive into the contentious Google/Yahoo online ad deal, with executives from Google and spurned Yahoo suitor Microsoft scheduled to testify as well.
Dykes was unavailable to comment, a company spokeswoman said. But NebuAd appeared to be trying to blunt criticism ahead of the hearing by announcing new privacy protections today, including notifying consumers online that their web-surfing was being tracked, and giving people a better way to opt out of the service.
But Schwartz said those changes weren't enough: The system should only track people who opt in, rather than forcing them to opt out. Harris said her group will push senators to develop stronger privacy laws to prevent what she called "technological chicanery" as targeted advertising becomes increasingly important in providing free Web content.
"As uncomfortable as people are with the collection of their data, they're probably pretty happy with getting free services," she said. "If we're going to have that trade-off, then we've got to wrap a sensible privacy regime around it."
-- Jim Puzzanghera
Puzzanghera, a Times staff writer, covers tech and media policy from Washington, D.C.
Photo credit: Mikey G. Ottawa, via Flickr