[Senate Hearing 106-1117]
[From the U.S. Government Publishing Office]
S. Hrg. 106-1117
ONLINE PROFILING AND PRIVACY
=======================================================================
HEARING
before the
COMMITTEE ON COMMERCE,
SCIENCE, AND TRANSPORTATION
UNITED STATES SENATE
ONE HUNDRED SIXTH CONGRESS
SECOND SESSION
__________
JUNE 13, 2000
__________
Printed for the use of the Committee on Commerce, Science, and
Transportation
82-146 U.S. GOVERNMENT PRINTING OFFICE
WASHINGTON : 2003
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001
SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION
ONE HUNDRED SIXTH CONGRESS
SECOND SESSION
JOHN McCAIN, Arizona, Chairman
TED STEVENS, Alaska ERNEST F. HOLLINGS, South Carolina
CONRAD BURNS, Montana DANIEL K. INOUYE, Hawaii
SLADE GORTON, Washington JOHN D. ROCKEFELLER IV, West
TRENT LOTT, Mississippi Virginia
KAY BAILEY HUTCHISON, Texas JOHN F. KERRY, Massachusetts
OLYMPIA J. SNOWE, Maine JOHN B. BREAUX, Louisiana
JOHN ASHCROFT, Missouri RICHARD H. BRYAN, Nevada
BILL FRIST, Tennessee BYRON L. DORGAN, North Dakota
SPENCER ABRAHAM, Michigan RON WYDEN, Oregon
SAM BROWNBACK, Kansas MAX CLELAND, Georgia
Mark Buse, Republican Staff Director
Martha P. Allbright, Republican General Counsel
Kevin D. Kayes, Democratic Staff Director
Moses Boyd, Democratic Chief Counsel
C O N T E N T S
----------
Page
Hearing held on June 13, 2000.................................... 1
Statement of Senator Bryan....................................... 5
Statement of Senator Burns....................................... 2
Statement of Senator Cleland..................................... 40
Prepared statement........................................... 43
Statement of Senator Hollings.................................... 3
Prepared statement........................................... 4
Statement of Senator Kerry....................................... 44
Statement of Senator McCain...................................... 1
Prepared statement........................................... 2
Statement of Senator Wyden....................................... 5
Witnesses
Bernstein, Jodie, Director, Bureau of Consumer Protection,
Federal Trade Commission, (Accompanied by David Medine,
Associate Director for Financial Practices, Bureau of Consumer
Protection, Federal Trade Commission and Dawne Holz, Federal
Trade Commission).............................................. 6
Prepared statement of Jodie Bernstein........................ 9
Polonetsky, Jules, Chief Privacy Officer, Doubleclick............ 47
Prepared statement........................................... 49
Jaye, Daniel, Chief Technology Officer, Engage Technologies...... 50
Prepared statement........................................... 52
Rotenberg, Marc, Director, Electronic Privacy Information Center. 55
Prepared statement........................................... 57
Smith, Richard, Internet Consultant.............................. 71
Prepared statement........................................... 73
Appendix
Markowitz, Steve, Chairman and CEO, MyPoints.com, Inc., prepared
statement...................................................... 97
Smith, Richard, Internet Consultant, additional testimony........ 98
ONLINE PROFILING AND PRIVACY
----------
TUESDAY, JUNE 13, 2000
U.S. Senate,
Committee on Commerce, Science, and Transportation,
Washington, DC.
The Committee met, pursuant to notice, at 10:03 a.m. in
room SR-253, Russell Senate Office Building, Hon. John McCain,
Chairman of the Committee, presiding.
OPENING STATEMENT OF HON. JOHN McCAIN,
U.S. SENATOR FROM ARIZONA
The Chairman. Good morning. This morning the Committee will
hear testimony on online profiling done by Internet network
advertisers and how it impacts consumers' privacy. I welcome
and thank all the witnesses we will hear from today. Your
testimony will help the Committee gain a better understanding
of the issues involved and the appropriate action the Committee
should take.
As has been said so often, the Internet continues to
transform our lives and our economy. Each day more and more
Americans access the web to shop, read the news, find a job, or
for a variety of other reasons. The Internet continues to offer
great opportunities to consumers, but it also raises concerns
about individual privacy.
Online profiling, and specifically profiling done by
network advertisers, raises serious privacy concerns among many
consumers. Through the use of cookies and other technologies,
network advertisers have the ability to collect and store a
great deal of information about individual consumers. They can
track the websites we visit, the pages we view on websites, the
time and duration of our visits, terms entered into search
engines, purchases, responses to advertisements, and the page
we visited before coming to a site.
All of this information can be collected without clicking
on an advertisement. In fact, often this information is
collected without the consumer's knowledge or consent. The FTC
noted in its May report on online privacy that just 22 percent
of websites that allow the placement of third party cookies
provide notice to customers. Recently, USA Today noted in a May
1st article that, even when consumers are aware of this
practice, it can be extremely difficult to opt out of the
collection of this data.
While online profiling raises serious privacy concerns,
some consumers desire this service and benefit by receiving
targeted advertisements that appeal to them. What we need to
find is the delicate balance between benefiting consumers and
invading their privacy, and I am hopeful that today's witnesses
will help us eventually find that balance. I look forward to
the testimony presented today.
Senator Burns, thank you for being here.
[The prepared statement of Senator McCain follows:]
Prepared Statement of Hon. John McCain,
U.S. Senator from Arizona
This morning, the Committee will hear testimony on online profiling
done by Internet network advertisers and how it impacts consumers'
privacy. I welcome and thank all of the witnesses we will hear from
today. Your testimony will help the Committee gain a better
understanding of the issues involved and the appropriate action the
Committee should take.
As has been said so often, the Internet continues to transform our
lives and our economy. Each day more and more Americans access the web
to shop, read the news, find a job or for a variety of other reasons.
The Internet continues to offer great opportunities to consumers, but
it also raises concerns about individual privacy.
Online profiling and specifically profiling done by network
advertisers raises serious privacy concerns among many consumers.
Through the use of cookies and other technologies, network advertisers
have the ability to collect and store a great deal of information about
individual consumers. They can track the websites we visit; the pages
we view in websites; the time and duration of our visits; terms entered
into search engines; purchases; responses to advertisements and the
page we visited before coming to a site. All of this information can be
collected without clicking on an advertisement.
In fact, often this information is collected without the consumer's
knowledge or consent. The FTC noted in its May report on online privacy
that just 22% of websites that allow the placement of third party
cookies provide notice to consumers. Recently, USA Today noted in a May
1st article that, even when consumers are aware of this practice, it
can be extremely difficult to opt out of the collection of this data.
While online profiling raises serious privacy concerns, some
consumers desire this service and benefit by receiving targeted
advertisements that appeal to them. What we must find is the delicate
balance between benefiting consumers and invading their privacy. I am
hopeful that today's witnesses will help us eventually find that
balance.
I look forward to your testimony and to working with all of you to
address this vital issue.
STATEMENT OF HON. CONRAD BURNS,
U.S. SENATOR FROM MONTANA
Senator Burns. Thank you, Mr. Chairman, and I thank you for
holding this hearing. It's very timely, too, because it does
concern something of vital importance to today's digital era,
so to speak, the protection of online privacy.
While the Internet is growing at an amazing rate and it
offers educational and commercial opportunities to millions of
Americans, new information technologies have allowed the
collection of personal information on an unprecedented scale.
Many times this information is collected without the knowledge
of consumers. Online profiling poses particular concerns,
especially when these profiles are merged with offline
information to create massive individualized databases on
consumers.
Given the continuing erosion of Americans' privacy, I am
more convinced than ever that legislation is necessary to
protect and empower consumers in the online world. Privacy is
not a partisan issue, but a deeply held American principle.
I would like to thank Senator Wyden for his hard work on
this and many other related issues, including spamming and
encryption, when we start dealing with the Internet. Over year
ago, Senator Wyden and I introduced the Online Privacy
Protection Act, which was based on our shared view that, while
self-regulation should be encouraged, we also need to provide
strong enforcement mechanisms to punish bad actors. In short,
the approach should be trust but verify.
I have grown increasingly frustrated with the industry's
continuing stance that no legislation is necessary, even in the
face of overwhelming public concern. Just last week, during his
address to the Internet Caucus, Bill Gates claimed that the
Burns-Wyden bill goes too far and that the time is still not
right for privacy legislation. Unfortunately, his view is
nearly unanimous among the technology industry.
Senator Wyden has been engaging in the discussions with
industry for well over a year and we continue to hear nothing
more than how self-regulation is working. The need for privacy
legislation has increased over the last year, not decreased. I
want to reiterate my commitment to moving strong privacy
legislation to protect consumers whether industry agrees or
not.
I commend the Federal Trade Commission for recognizing the
industry has failed to produce progress and finally calling for
legislation itself. The Commission's recent report to Congress
revealed the extent of the stunning lack of consumer privacy on
the Internet. Even among the 100 most popular websites, only 42
percent have implemented fair information practices to ensure
consumer privacy. Among a broader random sample of all
commercial websites, the number drops dramatically to 20
percent compliance.
Several industry representatives have argued that the
increase in privacy policies being posted by websites reveals
that no privacy legislation is necessary. While the majority of
commercial websites now post privacy policies, the difference
between posting a privacy policy and actually providing real
privacy to users can be huge. While I applaud the increase in
posting of those privacy policies, many of them are overly
complex and they are technical. I never cease to be amazed when
you click one and then 20 pages of legalese comes up. I have
never been hinged with the title ``lawyer,'' so I don't even
try to work my way through the thing. I find it interesting
that the Commission itself had to use teams of lawyers to
decipher the privacy policies of many websites in the
preparation of its report.
So, Mr. Chairman, I want to thank you for holding this
hearing. Also, I remain open to working with Senator Wyden and
the rest of my colleagues on this Committee. I am more
committed than ever that we should move a privacy bill forward.
And I thank the Chairman.
The Chairman. Senator Hollings.
STATEMENT OF HON. ERNEST F. HOLLINGS,
U.S. SENATOR FROM SOUTH CAROLINA
Senator Hollings. I thank you, Mr. Chairman. I will file my
statement for the record. Thank you.
[The prepared statement of Senator Hollings follows:]
Prepared Statement of Hon. Ernest F. Hollings,
U.S. Senator from South Carolina
I want to thank Chairman McCain for holding this hearing, the third
this Committee has conducted in this Congress on the important issue of
Internet privacy. Today we examine the troubling privacy implications
raised by the practice of ``online profiling.'' While many commercial
entities collect data about individuals on the Internet, the practice
of profiling, particularly as it is conducted by network advertisers,
threatens individual privacy in a manner that raises serious concerns,
and warrants special consideration by this Committee.
On the Internet, individuals knowingly initiate relationships with
Internet service providers or commercial websites. For example, they
join AOL or subscribe to The New York Times online, or visit the search
portal Yahoo. Third party network advertisers, however, collect and use
individuals' personal information but almost never possess a direct
relationship with those individuals. Instead, these advertisers reach
through the site and collect information about individuals--most likely
without notice or consent--by placing ``cookies'' on users' computers
that then track their every move on the Internet. The advertisers then
examine the contents of these ``cookies'' so as to collect and analyze
the results of this surreptitious monitoring.
For the most part, Internet users are completely unaware that this
surveillance is occurring. And yet this surveillance allows the
advertisers to collect and compile incredibly detailed profiles of
individual's tastes, preferences, and research habits as observed
throughout the Internet. To make matters worse, these same companies
may use the actual information they have collected to develop so called
``psycographic'' profiles that reflect the companies' inferences and
conclusions about the individual's interests, habits, associations, and
traits. Such a profile by its very nature includes predictive
information about an individual that the individual has not, in fact,
personally provided, and which may not be an accurate characterization
of that individual at all. And all this is going on without any real
informed notice or consent on the part of the individual who is being
monitored.
If I purchased a pair of shoes, and a computer chip in the sole
monitored every place I walked, and then others collected used that
information to target me with ``personalized'' advertisements, I would
be outraged. If a phone company tape recorded my conversations and then
used my statements to market products to me I would be irate. And yet
such obviously unacceptable practices in the traditional marketplace
are appropriate analogies to the activities practiced by network
advertisers on the Internet. The fact that individuals often use the
Internet in the quiet seclusion of their homes only exacerbates the
sense of trespass occasioned by these activities.
Of course, not all sharing of information is bad. Some people
probably desire targeted, personalized advertisements. The magic of the
Internet makes that possible to a degree we never before experienced.
However, the use of individuals' personal information to purportedly
improve their Internet experience is only appropriate if the individual
has been informed, and has made a conscious decision to consent to that
practice. As we will learn today, that is not currently the case in the
marketplace.
Moreover, there are no sensible limits in place to ensure that
individuals' personal information is, in fact, only used for relatively
benign purposes, such as commercial advertisements. As The New York
Times reported on February 2, 2000, 19 out of the top 21 health sites
on the Internet had privacy policies but had unwittingly shared users'
personal information with third parties through ``cookies'' that had
been placed on the sites by network advertisers. Simply put, we need
federal legislation to ensure that these violations do not occur.
Some network advertisers do not collect personal information and
instead target their marketing only to computers or Internet protocol
addresses about which they have developed an anonymous profile.
Although this practice demonstrates that these entities can function
without collecting personal information, we must examine this activity,
as well, to determine any possible risk it poses to individuals on the
Internet.
Again, I thank the Chairman for calling this hearing and look
forward to the testimony of the witnesses.
The Chairman. Thank you, sir.
Senator Wyden.
STATEMENT OF HON. RON WYDEN,
U.S. SENATOR FROM OREGON
Senator Wyden. Mr. Chairman, I will be very brief. First
let me say that I share Senator Burns' view that it is time to
move on with a bipartisan bill to address these privacy issues.
He and I have worked for more than a year with a variety of
groups, business and others, toward that effort.
I happen to think Senator Hollings and Senator Rockefeller
have made an excellent contribution, have constructive ideas.
Senator Kerry has ideas on this matter. The clock is ticking
down on this session, and I think we ought to go forward with a
bipartisan privacy bill.
Now, today's session it seems to me is particularly
important. Most of what we have looked at is personal data that
a consumer provides to websites he or she visits--such as name,
address, and personal information supplied in order to purchase
a product or register for a service online. The practice that
we are looking at today is different in that it frequently
involves the collection and compilation of information by third
parties, companies whose websites the consumer has never
visited, but who are nonetheless constructing profiles of the
consumer's Internet habits.
I am of the view that online profiling does raise difficult
and troublesome issues. The mere fact that consumers often are
not aware of the profiling is troubling enough, but even more
serious is the prospect that a company might try to merge
online profile data with personally identifiable data,
producing detailed sets of information about specific
individuals. We have already seen that represented in the
debate about DoubleClick.
Finally, Mr. Chairman, it seems to me that there is a role
for self-regulation. All of the bills try to give a wide berth
for self-regulation, and I believe that programs like TRUSTe
have made a difference. But I continue to believe that, absent
legislation, meaningful enforcement, and air-tight coverage, we
will continue to vitiate a lot of the constructive work that is
being done by the privacy sector. That is why I think we ought
to go forward with bipartisan legislation.
Mr. Chairman, I look forward particularly to working with
you and Senator Hollings as the leadership of this Committee to
get it done, and I yield back.
The Chairman. Senator Bryan.
STATEMENT OF HON. RICHARD H. BRYAN,
U.S. SENATOR FROM NEVADA
Senator Bryan. Mr. President, let me commend you for
holding this important hearing. Undeniably, the Internet and e-
commerce provide enormous opportunities for Americans. I think
on balance it has been an extraordinary and remarkable
development. But there is also a dark side to it and that is
the loss of privacy.
I think most Americans, if they were thinking about this in
the context of their local shopping center or their local mall,
that somebody was following them around taking notes as to
which store they went into, how long they were there, which
items they looked at, and then at the end of that shopping
session all of this was compiled and this information was sold
to a third-party marketer. People would be absolutely offended
and outraged.
In a real sense, that is what is happening today in the
world of cyberspace. Now, I know, Mr. Chairman, some of our
colleagues take the position that this industry is so
sacrosanct that it is sacrilegious to even suggest that there
be some type of regulatory review. It seems to me, as my
colleague Senator Wyden pointed out, there is opportunity for
some self-regulation involved. But, in my sense, the time is
now for us to appropriately take a look at what kind of basic
protections we can provide for American consumers. I think the
hearing that you have convened is extraordinarily important,
and I am delighted to be here and hope to work in a bipartisan
fashion with our colleagues to develop an appropriate response.
The Chairman. I thank you, Senator Bryan.
Before we turn to our witness, Senator Wyden, I believe
that our first witness will comment that there are some
negotiations going on now between her organization, the
Department of Commerce, and some of the online advertisers as
to some agreement that may be made on self-regulation. I hope
our witness will illuminate us on that aspect of this issue.
Welcome, Ms. Bernstein. You are our first witness. For the
record, Ms. Jodie Bernstein is the Director of the Bureau of
Consumer Protection of the Federal Trade Commission. Welcome.
STATEMENT OF JODIE BERNSTEIN, DIRECTOR, BUREAU OF CONSUMER
PROTECTION, FEDERAL TRADE COMMISSION, (ACCOMPANIED BY DAVID
MEDINE, ASSOCIATE DIRECTOR FOR FINANCIAL PRACTICES, BUREAU OF
CONSUMER
PROTECTION, FEDERAL TRADE COMMISSION, AND DAWNE HOLZ, FEDERAL
TRADE COMMISSION)
Ms. Bernstein. Thank you, Mr. Chairman and members of the
Committee. With me this morning is David Medine, who works
closely with me on Internet privacy issues particularly, and
Dawne Holz, who is our guru of information technology, who is
at her desk over there.
We very much appreciate the opportunity to discuss the
Commission's report on online profiling. The report describes
the nature of profiling, consumer privacy concerns about these
practices, and the Commission's efforts so far to address the
concerns. As the Commission has in other areas, the Commission,
along with the Department of Commerce, as you indicated, Mr.
Chairman, we have encouraged effective industry self-
regulation, and the network advertising industry has
cooperatively responded with working drafts of principles for
our consideration.
All parties agree that there are real challenges to
creating an effective self-regulatory program, including how
network advertisers disclose practices to consumers and how
consumers should exercise choice. As a result, there has been a
serious effort by this industry group to craft a program. After
the Commission has had an opportunity to consider the final
proposal, it will make a recommendation to Congress.
With the remarkable growth of e-commerce has come increased
consumer awareness as well as increased consumer concern about
the online collection and use of personal data. One of the
areas that has generated most public concern and about which,
as several of you have mentioned, there is relatively little
public knowledge or understanding is online profiling by
network advertising companies.
In my testimony, I thought the most useful thing to do
would be to try to illustrate how profiling works. So, if I
may, I would like to show you an example of profiling. First,
we will see what the consumer sees as he surfs the web. Then I
would like to take you behind the scenes and explain what the
consumer does not see.
Our online consumer, Joe Smith, logs onto the Internet and
goes first to Webdragonsports. That is a site we made up that
sells sporting goods. He is looking for a new golf bag and so
he clicks on the link for golf and then he browses for golf
bags. Then Joe says, I am going to go to TraveltheUS. He and
his wife are considering taking a vacation, so he decides to go
to search for information--about where? Let us go to Arizona,
he says.
A week later Joe visits his favorite online news site,
which is also SenateCommerceNews. He immediately notices an ad
for a golf vacation package in Arizona. Well, he is delighted.
He clicks on the ad.
Only later, Joe begins to wonder, how did that ad come to
appear on my computer? Now let us look at what is going on
behind the scenes and what Joe does not see. Joe's first stop
was the wagon--I keep saying ``wagon''--Webdragonsports site.
Hidden in the computer code was an invisible link to USAads.
Now, USAads is what we talked about before. It is a network
advertising company--we also made it up--that delivers ads in
the banner space on the Webdragonsite.
Joe's computer automatically sent a message to USAads
asking for an ad. It also sent information about Joe's
computer, as well as the fact that he was at Webdragonsports.
USAads immediately placed a file, known to all of us as a
cookie, with a unique ID number on Joe's hard drive, unknown to
Joe.
Meanwhile, back at USAads a profile associated with that
cookie was also created showing Joe's interest in sports. Now,
it does not take a lot of studies to know--and they do know
this--that an interest in sports is often related to an
interest in sports cars. Therefore, USAads quickly sends Joe an
add for Motorworks sports cars. When Joe clicked on the golf
page, this information was transferred, transmitted to USAads
and his profile was immediately updated to reflect an interest
in golf.
When Joe went to TraveltheUS, a similar process occurred.
An invisible link to USAads produced yet another ad. Because
they knew the site was travel-related, USAads sent an ad for
rental cars. When Joe entered a search for Arizona, his search
term was transmitted again to USAads. As a result, travel and
Arizona were added to the profile associated with the cookie on
Joe's computer.
When Joe then went to his favorite online news site, that
was also served by USAads. The cookie on his computer was read
and he was presented with an ad targeted to his profile, a golf
vacation package in Arizona.
Now, some consumers would be delighted to receive an ad
targeted to their specific interest. Others, however, would be
troubled by having been tracked through prior website browsing
without their knowledge.
Now let us suppose it occurred to Joe, and it did occur to
him, that somebody had some information about him, that maybe
he got the golfing vacation in Tucson ad because of a cookie
placed on his computer. One way for Joe to see at least a small
part of the process, the placement of the cookie on his
machine, is for him to set the browser to notify him before
accepting cookies. Now, you decide whether or not this is an
easy thing for Joe or anyone to do.
There is a capability to do it. Let's look and see how easy
it is. What would Joe do to change the cookie settings on his
browser? Now, nothing up there says ``cookies,'' but maybe he
would say, try the edit menu, and that would be a good one to
try. Then maybe he'd decide to try ``Preferences.'' Now what?
Would the smart choice be ``Smart browsing,'' that category
under ``Navigator''? No.
Maybe Joe needs a lifeline here. Maybe he will try to even
poll the Committee members who might help him out. Try clicking
on ``Advance,'' and then someone would say, ``Is that your
final answer?'' Now you would see a checkbox that says ``Warn
me before accepting cookies.'' Well, that sounds right. That
sounds intuitive almost.
So let us see what Joe, what he accomplished after he
clicked on ``Warn me before accepting cookies.'' What does the
notification or warning from the browser look like? This is
what it tells you. It tells you that someone named ``USAads''
wants to put a cookie on your computer with a particular ID
number on it and the cookie will stay there until the year
2010.
With the way computers, personal computers, change, it'll
probably outlast any number of computers that you have. But the
cookie will be there twice as long. Notice, however, that this
warning from your browser does not tell you who USAads is or
what their cookie does. In other words, you have to choose to
accept or reject this cookie without knowing very much at all.
You know, if it is that hard to deal with one cookie, we
wanted to see what it would be like and how many cookies were
likely to come up soon that you would have to deal with. Here
is a sample cookie file that we constructed. We did it by
deleting all the cookies from an FTC computer and we had a law
clerk spend about 15 minutes only surfing some of the popular
sites, the most popular sites on the web.
In just 15 minutes, 124 cookies were deposited on the
computer, some of which are shown. The highlighted cookies were
placed by third party advertising networks, in other words
``profilers.''
One other interesting thing to note is that the message--I
really like this--that appears at the top of this file says
``This is a generated file. Do not edit.'' That reminds me of
the label that you all have seen, and I have too, on the
mattress that says ``Under penalty of law, do not remove this
label.'' Well, the reason for this--the suggestion is that the
user cannot selectively edit the cookie file to keep really
helpful cookies and get rid of the unwanted cookies.
That is not true. The user can edit cookie files, but you
might end up as confused as we were as we tried to work through
the cookie files.
Let me conclude, and I do thank the Committee for allowing
us this amount of time. As the Commission's report details,
targeted advertising can provide benefits to both consumers and
business. Nonetheless, current profiling practices raise a
number of serious concerns. The most serious concern, which I
hope this presentation illustrated, is that profiling is
largely invisible to consumers.
Another concern is, because network advertisers can monitor
consumers across numerous unrelated websites over time, the
profiles they create can be extremely detailed and many would
say extremely intrusive.
The Commission looks forward to working with the Committee
to address the many privacy issues raised by online profiling
and would be pleased to answer your questions. Thank you again,
Mr. Chairman, for the opportunity to present the Commission's
report.
[The prepared statement of Ms. Bernstein follows:]
Prepared Statement of Jodie Bernstein, Director, Bureau of Consumer
Protection, Federal Trade Commission (Accompanied by David Medine,
Associate Director for Financial Practices, Bureau of Consumer
Protection, Federal Trade Commission, and Dawne Holz, Federal Trade
Commission)
The Federal Trade Commission on
``Online Profiling: Benefits and Concerns''
Mr. Chairman and Members of the Committee, I am Jodie Bernstein,
Director of the Bureau of Consumer Protection of the Federal Trade
Commission.\1\ I appreciate this opportunity to discuss the
Commission's report on profiling issued today.\2\ The report describes
the nature of online profiling, consumer privacy concerns about these
practices, and the Commission's efforts to date to address these
concerns. The Commission is not making any recommendations at this
time.
As it has in other areas, the Commission has encouraged effective
industry self-regulation, and the network advertising industry has
responded with drafts of self-regulatory principles for our
consideration. As discussed further in this testimony, there are real
challenges to creating an effective self-regulatory regime for this
complex and dynamic industry, and this process is not yet complete. The
Commission will supplement this report with specific recommendations to
Congress after it has an opportunity to fully consider the self-
regulatory proposals and how they interrelate with the Commission's
previous views and recommendations in the online privacy area.
I. Introduction and Background
A. FTC Law Enforcement Authority
The FTC's mission is to promote the efficient functioning of the
marketplace by protecting consumers from unfair or deceptive acts or
practices and to increase consumer choice by promoting vigorous
competition. As you know, the Commission's responsibilities are far-
reaching. The Commission's primary legislative mandate is to enforce
the Federal Trade Commission Act (``FTCA''), which prohibits unfair
methods of competition and unfair or deceptive acts or practices in or
affecting commerce.\3\ With the exception of certain industries and
activities, the FTCA provides the Commission with broad investigative
and law enforcement authority over entities engaged in or whose
business affects commerce.\4\ Commerce on the Internet falls within the
scope of this statutory mandate.
B. Privacy Concerns in the Online Marketplace
Since its inception in the mid-1990's, the online consumer
marketplace has grown at an exponential rate. Recent figures suggest
that as many as 90 million Americans now use the Internet on a regular
basis.\5\ Of these, 69%, or over 60 million people, shopped online in
the third quarter of 1999.\6\ In addition, the Census Bureau estimates
that retail e-commerce sales were $5.2 billion for the fourth quarter
of 1999, and increased to $5.3 billion for the first quarter of
2000.\7\
At the same time, technology has enhanced the capacity of online
companies to collect, store, transfer, and analyze vast amounts of data
from and about the consumers who visit their Web sites. This increase
in the collection and use of data, along with the myriad subsequent
uses of this information that interactive technology makes possible,
has raised public awareness and consumer concerns about online
privacy.\8\ Recent survey data demonstrate that 92% of consumers are
concerned (67% are ``very concerned'') about the misuse of their
personal information online.\9\ The level of consumer unease is also
indicated by a recent study in which 92% of respondents from online
households stated that they do not trust online companies to keep their
personal information confidential.\10\ To ensure consumer confidence in
this new marketplace and its continued growth, consumer concerns about
privacy must be addressed.\11\
C. The Commission's Approach to Online Privacy--Initiatives Since 1995
Since 1995, the Commission has been at the forefront of the public
debate concerning online privacy.\12\ The Commission has held public
workshops; examined Web site information practices and disclosures
regarding the collection, use, and transfer of personal information;
and commented on self-regulatory efforts and technological developments
intended to enhance consumer privacy. The Commission's goals have been
to understand this new marketplace and its information practices, and
to assess the costs and benefits to businesses and consumers.\13\
In June 1998 the Commission issued Privacy Online: A Report to
Congress (``1998 Report''), an examination of the information practices
of commercial sites on the World Wide Web and of industry's efforts to
implement self-regulatory programs to protect consumers' online
privacy.\14\ The Commission described the widely-accepted fair
information practice principles of Notice, Choice, Access and Security.
The Commission also identified Enforcement--the use of a reliable
mechanism to provide sanctions for noncompliance--as a critical
component of any governmental or self-regulatory program to protect
privacy online.\15\ In addition, the 1998 Report presented the results
of the Commission's first online privacy survey of commercial Web
sites. While almost all Web sites (92% of the comprehensive random
sample) were collecting great amounts of personal information from
consumers, few (14%) disclosed anything at all about their information
practices.\16\
Based on survey data showing that the vast majority of sites
directed at children also collected personal information, the
Commission recommended that Congress enact legislation setting forth
standards for the online collection of personal information from
children.\17\ The Commission deferred its recommendations with respect
to the collection of personal information from online consumers
generally. In subsequent Congressional testimony, the Commission
referenced promising self-regulatory efforts suggesting that industry
should be given more time to address online privacy issues. The
Commission urged the online industry to expand these efforts by
adopting effective, widespread self-regulation based upon the long-
standing fair information practice principles of Notice, Choice,
Access, and Security, and by putting enforcement mechanisms in place to
assure adherence to these principles.\18\ In a 1999 report to Congress,
Self-Regulation and Privacy Online, a majority of the Commission again
recommended that self-regulation be given more time.\19\
On May 22, 2000, the Commission issued its third report to Congress
examining the state of online privacy and the efficacy of industry
self-regulation. Privacy Online: Fair Information Practices in the
Electronic Marketplace (``2000 Report'') presented the results of the
Commission's 2000 Online Privacy Survey, which reviewed the nature and
substance of U.S. commercial Web sites' privacy disclosures, and
assessed the effectiveness of self-regulation. In that Report, a
majority of the Commission concluded that legislation is necessary to
ensure further implementation of fair information practices online and
recommended a framework for such legislation.\20\
II. Online Profiling
On November 8, 1999, the Commission and the United States
Department of Commerce jointly sponsored a Public Workshop on Online
Profiling.\21\ As a result of the Workshop and public comment, the
Commission learned a great deal about what online profiling is, how it
can benefit both businesses and consumers, and the privacy concerns
that it raises.
A. What is Online Profiling?
More than half of all online advertising is in the form of ``banner
ads'' displayed on Web pages--small graphic advertisements that appear
in boxes above or to the side of the primary site content.\22\ Often,
these ads are not selected and delivered by the Web site visited by a
consumer, but by a network advertising company that manages and
provides advertising for numerous unrelated Web sites.
In general, these network advertising companies do not merely
supply banner ads; they also gather data about the consumers who view
their ads. This is accomplished primarily by the use of ``cookies''
\23\ which track the individual's actions on the Web.\24\ The
information gathered by network advertisers is often, but not always,
anonymous, that is, the profiles are frequently linked to the
identification number of the advertising network's cookie on the
consumer's computer rather than the name of a specific person. In some
circumstances, however, the profiles derived from tracking consumers'
activities on the Web are linked or merged with personally identifiable
information.\25\
Once collected, consumer data is analyzed and can be combined with
demographic and ``psychographic'' \26\ data from third-party sources,
data on the consumer's offline purchases, or information collected
directly from consumers through surveys and registration forms. This
enhanced data allows the advertising networks to make a variety of
inferences about each consumer's interests and preferences. The result
is a detailed profile that attempts to predict the individual
consumer's tastes, needs, and purchasing habits and enables the
advertising companies' computers to make split-second decisions about
how to deliver ads directly targeted to the consumer's specific
interests.
The profiles created by the advertising networks can be extremely
detailed. A cookie placed by a network advertising company can track a
consumer on any Web site served by that company, thereby allowing data
collection across disparate and unrelated sites on the Web. Also,
because the cookies used by ad networks are generally persistent, their
tracking occurs over an extended period of time, resuming each time the
individual logs on to the Internet. When this ``clickstream''
information is combined with third-party data, these profiles can
include hundreds of distinct data fields.\27\
Although network advertisers and their profiling activities are
nearly ubiquitous,\28\ they are most often invisible to consumers. All
that consumers see are the Web sites they visit; banner ads appear as a
seamless, integral part of the Web page on which they appear and
cookies are placed without any notice to consumers.\29\ Unless the Web
sites visited by consumers provide notice of the ad network's presence
and data collection, consumers may be totally unaware that their
activities online are being monitored.\30\
B. Profiling Benefits and Privacy Concerns
Network advertisers' use of cookies \31\ and other technologies to
create targeted marketing programs can benefit both consumers and
businesses. As noted by commenters at the Public Workshop, targeted
advertising allows customers to receive offers and information about
goods and services in which they are actually interested.\32\
Businesses clearly benefit as well from the ability to target
advertising because they avoid wasting advertising dollars marketing
themselves to consumers who have no interest in their products.\33\
Additionally, a number of commenters stated that targeted advertising
helps to subsidize free content on the Internet.\34\
Despite the benefits of targeted advertising, there is widespread
concern about current profiling practices. The most consistent and
significant concern expressed about profiling is that it is conducted
without consumers' knowledge.\35\ The presence and identity of a
network advertiser on a particular site, the placement of a cookie on
the consumer's computer, the tracking of the consumer's movements, and
the targeting of ads are simply invisible in most cases.
The second most persistent concern expressed by commenters was the
extensive and sustained scope of the monitoring that occurs.
Unbeknownst to most consumers, advertising networks monitor individuals
across a multitude of seemingly unrelated Web sites and over an
indefinite period of time. The result is a profile far more
comprehensive than any individual Web site could gather. Although much
of the information that goes into a profile is fairly innocuous when
viewed in isolation, the cumulation over time of vast numbers of
seemingly minor details about an individual produces a portrait that is
quite comprehensive and, to many, inherently intrusive.\36\
For many of those who expressed concerns about profiling, the
privacy implications of profiling are not ameliorated in cases where
the profile contains no personally identifiable information.\37\ First,
commenters feared that companies could unilaterally change their
operating procedures and begin associating personally identifiable
information with non-personally identifiable data previously
collected.\38\ Second, these commenters objected to the use of
profiles--regardless of whether they contain personally identifiable
information--to make decisions about the information individuals see
and the offers they receive. Commenters expressed concern that
companies could use profiles to determine the prices and terms upon
which goods and services, including important services like life
insurance, are offered to individuals.\39\
C. Online Profiling and Self Regulation: the NAI Effort
The November 8th workshop provided an opportunity for consumer
advocates, government, and industry members not only to educate the
public about the practice of online profiling, but to explore self-
regulation as a means of addressing the privacy concerns raised by this
practice. In the Spring of 1999, in anticipation of the Workshop,
network advertising companies were invited to meet with FTC and
Department of Commerce staff to discuss their business practices and
the possibility of self-regulation. As a result, industry members
announced at the Workshop the formation of the Network Advertising
Initiative (NAI), an organization comprised of the leading Internet
Network Advertisers--24/7 Media, AdForce, AdKnowledge, Avenue A, Burst!
Media, DoubleClick, Engage, and MatchLogic--to develop a framework for
self-regulation of the online profiling industry.
In announcing their intention to implement a self-regulatory
scheme, the NAI companies acknowledged that they face unique challenges
as a result of their indirect and invisible relationship with consumers
as they surf the Internet. The companies also discussed the fundamental
question of how fair information practices, including choice, should be
applied to the collection and use of data that is unique to a consumer
but is not necessarily personally identifiable, such as clickstream
data generated by the user's browsing activities and tied only to a
cookie identification number.\40\
Following the workshop, the NAI companies submitted working drafts
of self-regulatory principles for consideration by FTC and Department
of Commerce staff. Although efforts have been made to reach a consensus
on basic standards for applying fair information practices to the
business model used by the network advertisers, this process is not yet
complete. The Commission will supplement this report with specific
recommendations to Congress after it has an opportunity to fully
consider the self-regulatory proposals and how they interrelate with
the Commission's previous views and recommendations in the online
privacy area.
III. Conclusion
The Commission is committed to the goal of ensuring privacy online
for consumers and will continue working to address the unique issues
presented by online profiling. I would be pleased to answer any
questions you may have.
Endnotes
1. The Commission vote to issue this testimony was 5-0, with
Commissioner Swindle concurring in part and dissenting in part.
Commissioner Swindle's separate statement is attached to the testimony.
2. My oral testimony and responses to questions you may have
reflect my own views and are not necessarily the views of the
Commission or any individual Commissioner.
3. 15 U.S.C. Sec. 45(a).
4. The Commission also has responsibility under 45 additional
statutes governing specific industries and practices. These include,
for example, the Truth in Lending Act, 15 U.S.C. Sec. Sec. 1601 et
seq., which mandates disclosures of credit terms, and the Fair Credit
Billing Act, 15 U.S.C. Sec. Sec. 1666 et seq., which provides for the
correction of billing errors on credit accounts. The Commission also
enforces over 30 rules governing specific industries and practices,
e.g., the Used Car Rule, 16 C.F.R. Part 455, which requires used car
dealers to disclose warranty terms via a window sticker; the Franchise
Rule, 16 C.F.R. Part 436, which requires the provision of information
to prospective franchisees; the Telemarketing Sales Rule, 16 C.F.R.
Part 310, which defines and prohibits deceptive telemarketing practices
and other abusive telemarketing practices; and the Children's Online
Privacy Protection Rule, 16 C.F.R. Part 312.
In addition, on May 12, 2000, the Commission issued a final rule
implementing the privacy provisions of the Gramm-Leach-Bliley Act, 15
U.S.C. Sec. Sec. 6801 et seq. The rule requires a wide range of
financial institutions to provide notice to their customers about their
privacy policies and practices. The rule also describes the conditions
under which those financial institutions may disclose personal
financial information about consumers to nonaffiliated third parties,
and provides a method by which consumers can prevent financial
institutions from sharing their personal financial information with
nonaffiliated third parties by opting out of that disclosure, subject
to certain exceptions. The rule is available on the Commission's Web
site at . See Privacy of
Consumer Financial Information, to be codified at 16 C.F.R. pt. 313.
The Commission does not, however, have criminal law enforcement
authority. Further, under the FTCA, certain entities, such as banks,
savings and loan associations, and common carriers, as well as the
business of insurance, are wholly or partially exempt from Commission
jurisdiction. See Section 5(a)(2) and (6)a of the FTC Act, 15 U.S.C.
Sec. 45(a)(2) and 46(a). See also The McCarran-Ferguson Act, 15 U.S.C.
Sec. 1012(b).
5. The Intelliquest Technology Panel, Panel News, available at
[hereinafter ``Technology
Panel''] (90 million adult online users as of third-quarter 1999).
Other sources place the number in the 70-75 million user range. See
Cyber Dialogue, Internet Users, available at (69 million users);
Cyberstats, Internet Access and Usage, Percent of Adults 18+, available
at (75 million
users).
6. Technology Panel. This represents an increase of over 15 million
online shoppers in one year. See id.
7. United States Department of Commerce News, Retail E-commerce
Sales Are $5.3 Billion In First Quarter 2000, Census Bureau Reports
(May 31, 2000), available at .
8. Survey data is an important component in the Commission's
evaluation of consumer concerns, as is actual consumer behavior.
Nonetheless, the Commission recognizes that the interpretation of
survey results is complex and must be undertaken with care.
9. Alan F. Westin, Personalized Marketing and Privacy on the Net:
What Consumers Want, Privacy and American Business at 11 (Nov. 1999)
[hereinafter ``Westin/PAB 1999'']. See also IBM Multi-National Consumer
Privacy Survey at 72 (Oct. 1999), prepared by Louis Harris & Associates
Inc. [hereinafter ``IBM Privacy Survey''] (72% of Internet users very
concerned and 20% somewhat concerned about threats to personal privacy
when using the Internet); Forrester Research, Inc., Online Consumers
Fearful of Privacy Violations (Oct. 1999), available at (two-thirds of
American and Canadian online shoppers feel insecure about exchanging
personal information over the Internet).
10. Survey Shows Few Trust Promises on Online Privacy, Apr. 17,
2000, available at (citing recent Odyssey survey).
11. The Commission, of course, recognizes that other consumer
concerns also may hinder the development of e-commerce. As a result,
the agency has pursued other initiatives such as combating online fraud
through law enforcement efforts. See FTC Staff Report: The FTC's First
Five Years Protecting Consumers Online (Dec. 1999). The Commission,
with the Department of Commerce, recently held a public workshop and
soliciting comment on the potential issues associated with the use of
alternative dispute resolution for online consumer transactions. See
Initial Notice Requesting Public Comment and Announcing Public
Workshop, 65 Fed. Reg. 7,831 (Feb. 16, 2000); Notice Announcing Dates
and Location of Workshop and Extending Deadline for Public Comments, 65
Fed. Reg. 18,032 (Apr. 6, 2000). The workshop was held on June 6 and 7,
2000. Information about the workshop, including the federal register
notices and public comments received, is available at .
12. The Commission's review of privacy has mainly focused on online
issues because the Commission believes privacy is a critical component
in the development of electronic commerce. However, the FTC Act and
most other statutes enforced by the Commission apply equally in the
offline and online worlds. As described infra, n.11, the agency has
examined privacy issues affecting both arenas, such as those implicated
by the Individual Reference Services Group, and in the areas of
financial and medical privacy. It also has pursued law enforcement,
where appropriate, to address offline privacy concerns. See FTC v.
Rapp, No. 99-WM-783 (D. Colo. filed Apr. 21, 1999); In re Trans Union,
Docket No. 9255 (Feb. 10, 2000), appeal docketed, No. 00-1141 (D.C.
Cir. Apr. 4, 2000). These activities--as well as recent concerns about
the merging of online and offline databases, the blurring of
distinctions between online and offline merchants, and the fact that a
vast amount of personal identifying information is collected and used
offline--make clear that significant attention to offline privacy
issues is warranted.
13. The Commission held its first public workshop on privacy in
April 1995. In a series of hearings held in October and November 1995,
the Commission examined the implications of globalization and
technological innovation for competition and consumer protection
issues, including privacy concerns. At a public workshop held in June
1996, the Commission examined Web site practices regarding the
collection, use, and transfer of consumers' personal information; self-
regulatory efforts and technological developments to enhance consumer
privacy; consumer and business education efforts; the role of
government in protecting online information privacy; and special issues
raised by the online collection and use of information from and about
children. The Commission held a second workshop in June 1997 to explore
issues raised by individual reference services, as well as issues
relating to unsolicited commercial e-mail, online privacy generally,
and children's online privacy.
The Commission and its staff have also issued reports describing
various privacy concerns in the electronic marketplace. See, e.g., FTC
Staff Report: The FTC's First Five Years Protecting Consumers Online
(Dec. 1999); Individual Reference Services: A Federal Trade Commission
Report to Congress (Dec. 1997); FTC Staff Report: Public Workshop on
Consumer Privacy on the Global Information Infrastructure (Dec. 1996);
FTC Staff Report: Anticipating the 21st Century: Consumer Protection
Policy in the New High-Tech, Global Marketplace (May 1996). Recently,
at the request of the Department of Health and Human Services
(``HHS''), the Commission submitted comments on HHS' proposed Standards
for Privacy of Individually Identifiable Health Information (required
by the Health Insurance Portability and Accountability Act of 1996).
The Commission strongly supported HHS' proposed ``individual
authorization'' or ``opt-in'' approach to health providers' ancillary
use of personally identifiable health information for purposes other
than those for which the information was collected. The Commission also
offered HHS suggestions it may wish to consider to improve disclosure
requirements in two proposed forms that would be required by the
regulations. The Commission's comments are available at .
The Commission also has brought law enforcement actions to protect
privacy online pursuant to its general mandate to fight unfair and
deceptive practices. See FTC v. ReverseAuction.com, Inc., No. 00-0032
(D.D.C. Jan. 6, 2000) (consent decree) (settling charges that an online
auction site obtained consumers' personal identifying information from
a competitor site and then sent deceptive, unsolicited e-mail messages
to those consumers seeking their business); Liberty Financial
Companies, Inc., FTC Dkt. No. C-3891 (Aug. 12, 1999) (consent order)
(challenging the allegedly false representations by the operator of a
``Young Investors'' Web site that information collected from children
in an online survey would be maintained anonymously); GeoCities, FTC
Dkt. No. C-3849 (Feb. 12, 1999) (consent order) (settling charges that
Web site misrepresented the purposes for which it was collecting
personal identifying information from children and adults).
14. The Report is available on the Commission's Web site at http://
www.ftc.gov/reports/privacy3/index.htm.
15. 1998 Report at 11-14.
16. Id. at 23, 27.
17. Id. at 42-43. In October 1998, Congress enacted the Children's
Online Privacy Protection Act of 1998 (``COPPA''), which authorized the
Commission to issue regulations implementing the Act's privacy
protections for children under the age of 13. 15 U.S.C. Sec. Sec. 6501
et seq. In October 1999, as required by COPPA, the Commission issued
its Children's Online Privacy Protection Rule, which became effective
last month. 16 C.F.R. Part 312.
18. See Prepared Statement of the Federal Trade Commission on
``Consumer Privacy on the World Wide Web'' before the Subcommittee on
Telecommunications, Trade and Consumer Protection of the House
Committee on Commerce, U.S. House of Representatives (July 21, 1998),
available at .
19. Self-Regulation and Privacy Online (July 1999) at 12-14
(available at ).
20. The 2000 Report is available at . The Commission's vote to issue the report was 3-2, with
Commissioner Swindle dissenting and Commissioner Leary concurring in
part and dissenting in part.
21. A transcript of the Workshop is available at and will be cited as ``Tr. [page],
[speaker].'' Public comments received in connection with the Workshop
can be viewed on the Federal Trade Commission's Web site at and will be cited as
``Comments of [organization or name] at [page].''
22. In 1999, 56% of all online advertising revenue was attributable
to banner advertising. Online advertising has grown exponentially in
tandem with the World Wide Web: online advertising revenues in the U.S.
grew from $301 million in 1996 to $4.62 billion in 1999. See Press
Release: Internet Advertising Revenues Soar to $4.6 billion in 1999
(available at ).
Advertising revenues are projected to reach $11.5 billion by 2003. See
Jupiter Communications, Inc., Online Advertising Through 2003 (July
1999) (summary available at ).
23. A cookie is a small text file placed on a consumer's computer
by a Web server that transmits information back to the server that
placed it. As a rule, a cookie can be read only by the server that
placed it.
24. In addition to cookies, which are largely invisible to
consumers, other hidden methods of monitoring consumers' activities on
the Web may also be used. One such method is through the use of ``Web
bugs,'' also known as ``clear GIFs'' or ``1-by-1 GIFs.'' Web bugs are
tiny graphic image files embedded in a Web page, generally the same
color as the background on which they are displayed. They are one pixel
in height by one pixel in length--the smallest image capable of being
displayed on a monitor--and are invisible to the naked eye. The Web bug
sends back to its home server (which can belong to the host site, a
network advertiser or some other third party): the IP (Internet
Protocol) address of the computer that downloaded the page on which the
bug appears; the URL (Uniform Resource Locator) of the page on which
the Web bug appears; the URL of the Web bug image; the time the page
containing the Web bug was viewed; the type of browser that fetched the
Web bug; and the identification number of any cookie on the consumer's
computer previously placed by that server. Web bugs can be detected
only by looking at the source code of a Web page and searching in the
code for 1-by-1 IMG tags that load images from a server different than
the rest of the Web page. At least one expert claims that, in addition
to disclosing who visits the particular Web page or reads the
particular e-mail in which the bug has been placed, in some
circumstances, Web bugs can also be used to place a cookie on a
computer or to synchronize a particular e-mail address with a cookie
identification number, making an otherwise anonymous profile personally
identifiable. See generally Comments of Richard M. Smith; see also Big
Browser is Watching You!, Consumer Reports, May 2000, at 46; USA Today,
A new wrinkle in surfing the Net: Dot-coms' mighty dot-size bugs track
your every move, Mar. 21, 2000 (available at ).
25. Personally identifiable data is data that can be linked to
specific individuals and includes, but is not limited to such
information as name, postal address, phone number, e-mail address,
social security number, and driver's license number. The linkage of
personally identifiable information with non-personally identifiable
information generally occurs in one of two ways when consumers identify
themselves to a Web site on which the network advertiser places banner
ads. First, the Web site to whom personal information is provided may,
in turn, provide that information to the network advertiser. Second,
depending upon how the personal information is retrieved and processed
by the Web site, the personally identifying information may be
incorporated into a URL string that is automatically transmitted to the
network advertiser through its cookie. In addition, network advertising
companies can and do link personally identifiable information to non-
personally identifiable information at their own Web sites by asking
consumers to provide personal information (for example, to enter a
sweepstakes) and then linking that information to the cookie previously
placed on the consumer's computer; the linkage of personally
identifying information to a cookie makes all of the data collected
through that cookie personally identifiable.
26. Psychographic data links objective demographic characteristics
like age and gender with more abstract characteristics related to
ideas, opinions and interests. Data mining specialists analyze
demographic, media, survey, purchasing and psychographic data to
determine the exact groups that are most likely to buy specific
products and services. See Comments of the Center for Democracy and
Technology (CDT) at 5 n.5. Psychographic profiling is also referred to
in the industry as ``behavioral profiling.''
27. For example, the Web site for Engage states repeatedly that its
profiles contain 800 ``interest categories.'' See, e.g., .
28. DoubleClick has approximately 100 million consumer profiles,
see Heather Green, Privacy: Outrage on the Web, Business Week, Feb 14,
2000, at 38; Engage has 52 million consumer profiles, see ; and 24/7 Media has 60
million profiles, see .
29. Most Internet browsers can be configured to notify users that a
cookie is being sent to their computer and to give users the option of
rejecting the cookie. The browsers' default setting, however, is to
permit placement of cookies without any notification.
30. Not all profiles are constructed by network advertising
companies. Some Web sites create profiles of their own customers based
on their interactions. Other companies create profiles as part of a
service--for example, offering discounts on products of interest to
consumers or providing references to useful Web sites on the same topic
as those already visited by the consumer. See, e.g., Megan Barnett, The
Profilers: Invisible Friends, The Industry Standard, Mar. 13, 2000, at
220; Ben Hammer, Bargain Hunting, The Industry Standard, Mar. 13, 2000,
at 232. These profiles are generally created by companies that have a
known, consensual relationship with the consumer and are not addressed
in this report. This report uses the term ``profiling'' to refer only
to the activities of third-party network advertising companies.
31. Cookies are used for many purposes other than profiling by
third-party advertisers, many of which significantly benefit consumers.
For example, Web sites often ask for user names and passwords when
purchases are made or before certain kinds of content are provided.
Cookies can store these names and passwords so that consumers do not
need to sign in each time they visit the site. In addition, many sites
allow consumers to set items aside in an electronic shopping cart while
they decide whether or not to purchase them; cookies allow a Web site
to remember what is in a consumer's shopping cart from prior visits.
Cookies also can be used by Web sites to offer personalized home pages
or other customized content with local news and weather, favorite stock
quotes, and other material of interest to individual consumers.
Individual online merchants can use cookies to track consumers'
purchases in order to offer recommendations about new products or sales
that may be of interest to their established customers. Finally, by
enabling businesses to monitor traffic on their Web sites, cookies
allow businesses to constantly revise the design and layout of their
sites to make them more interesting and efficient. The privacy issues
raised by these uses of cookies are beyond the scope of this report.
32. See, e.g., Comments of the Magazine Publishers of America (MPA)
at 1; Comments of the Direct Marketing Association (DMA) at 2; Comments
of the Association of National Advertisers (ANA) at 2; Tr. 30, Smith;
Tr. 120, Jaffe.
33. See, e.g., Comments of the Association of National Advertisers
(ANA) at 2.
34. See, e.g., Comments of the Magazine Publishers of America (MPA)
at 1; Comments of Solveig Singleton at 3-4; Tr. 20, Jaye; Tr. 124,
Aronson.
35. See, e.g., Comments of the Center for Democracy and Technology
(CDT) at 2, 16; Reply Comments of the Electronic Information Privacy
Center (EPIC) at 1; Comments of TRUSTe at 2; Tr. 113, Mulligan.
36. See, e.g., Comments of the Center for Democracy and Technology
(CDT) at 2; Reply Comments of Electronic Information Privacy Center
(EPIC) at 1-2.
37. See, e.g., Comments of the Center for Democracy and Technology
(CDT) at 2-3; Tr. 112, Steele; Tr. 128, Smith.
38. See Comments of the Center for Democracy and Technology (CDT)
at 2-3; Comments of Christopher K. Ridder (Nov. 30, 1999) at 6 (listing
examples of sites whose privacy policies explicitly reserve the right
of the site to change privacy policies without notice to the consumer);
Tr. 158, Mulligan. These commenters also felt that the comprehensive
nature of the profiles and the technology used to create them make it
reasonably easy to associate previously anonymous profiles with
particular individuals.
39. See Comments of the Center for Democracy and Technology (CDT)
at 3; Comments of the Electronic Frontier Foundation (EFF) Session II
at 2; Rebuttal Comments of the Electronic Frontier Foundation (EFF) at
4; Tr. 81, Feena; Tr. 114, Hill; Tr. 146-7, Steele; see also John
Simons, The Coming Privacy Divide, The Standard, Feb. 21, 2000, . For
example, products might be offered at higher prices to consumers whose
profiles indicate that they are wealthy, or insurance might be offered
at higher prices to consumers whose profiles indicate possible health
risks. This practice, known as ``web-lining,'' raises many of the same
concerns that ``redlining'' and ``reverse redlining'' do in offline
financial markets. See, e.g., Rebuttal Comments of the Electronic
Frontier Foundation (EFF) at 4 (expressing concern about ``electronic
redlining''); Tr. 81, Feena (describing technology's potential use for
``red-lining'' [sic]); Tr. 146-7, Steele (describing risk of
``electronic redlining and price discrimination'').
40. Tr. 186, Jaye; Tr. 192-193, Zinman.
______
Statement of Commissioner Orson Swindle Concurring in Part and
Dissenting in Part to Prepared Statement of the Federal Trade
Commission on ``Online Profiling: Benefits and Concerns''
I concur in the issuance of the Prepared Statement of the Federal
Trade Commission on ``Online Profiling: Benefits and Concerns'' before
the Committee on Commerce, Science, and Transportation, United States
Senate (June 13, 2000) (``Commission Statement''), but I dissent from
how certain consumer opinion surveys are used in the Commission
Statement.
First, consumer opinion surveys like the ones used in the
Commission Statement often are not reliable predictors of consumer
behavior. For several reasons, and as the Commission Statement
acknowledges in footnote 8, survey results should be examined with
scrupulous care. Surveys are one-time snapshots of consumer opinion,
are easily biased by design, and must be examined for methodological
integrity.
Ideally, consumer opinion surveys should complement, but not be a
substitute for, empirical evidence of consumer behavior relating to
privacy. They should not serve as the substantive basis for policy.\1\
---------------------------------------------------------------------------
\1\ A portion of my dissent from the Commission's 2000 Privacy
Report addressed the Commission's dubious reliance on consumer opinion
surveys. See Dissenting Statement of Commissioner Orson Swindle,
Federal Trade Commission, ``Privacy Online: Fair Information Practices
in the Electronic Marketplace: A Report to Congress'' (May 22, 2000) at
12-16.
---------------------------------------------------------------------------
Second, when the Commission reports to or testifies before
Congress, it owes the Congress a certain degree of thoroughness. A
statistic included in a Commission report likely will be given
credibility beyond what might attach to the use of that same number in
a brief news story or an advertisement. Because of the added degree of
credibility attached to a Commission report, the Commission should not
uncritically repeat estimates, projections, or other statistics unless
it knows how the numbers were derived, including the assumptions on
which they may have been based. This requires going directly to the
source of a number. If that standard of analysis cannot be met, then
the Commission either should not use the number or should explicitly
qualify its use of the number by the uncertainties attached to it.
For example, both the Online Profiling Report and this testimony
contain an estimate of future advertising revenue drawn from an
overview of a July 1999 report by a management consulting firm. (see
``Online Profiling: A Report to Congress'' at 2, n.7; Commission
Statement at n.22). The Commission has no basis for assessing what
assumptions went into that projection, nor does the Report or the
testimony highlight that the July 1999 date of the projection alone
likely means it is less accurate in light of the tremendous growth in
online commerce since then. In my dissent from the Commission's 2000
Privacy Report, I criticized the Commission's use of a lost sales
projection by the same management consulting firm based on the
repetition of that projection in a news article and the information
available from an online overview of the study. An examination of the
full study revealed that the lost sales projection was based on
assumptions that completely invalidated the Privacy Report's reliance
on that lost sales projection. See 2000 Privacy Report, Dissenting
Statement of Commissioner Orson Swindle at 13-14.
Another example of relying on numbers without assessing their
validity is the testimony's reference to an Odyssey study in which 92%
of respondents from online households stated that they do not trust
online companies to keep their personal information confidential.
(Commission Statement at 5-6 n.10). This figure comes from the same
Odyssey Study cited by the majority in the Privacy Report and appears
to be subject to the same flaws that I discussed in my dissent from the
Privacy Report. Unfortunately, the Odyssey Study does not reveal the
specific questions used to derive the 92% that either agree or strongly
agree with the proposition repeated in the Commission Statement. If the
Odyssey Study uses the same methodology as for other questions, it
likely biases the responses to ``agree'' categories by not allowing a
choice to ``somewhat disagree.'' (See 2000 Privacy Report, Dissenting
Statement of Commissioner Orson Swindle at 11.)
I respectfully ask that Congress keep these limitations in the data
in mind as it considers the Commission's Online Profiling Report and
the Commission Statement.
______
Online Profiling: A Report to Congress
Federal Trade Commission*
---------------------------------------------------------------------------
* The Commission vote to issue this Report was 5-0, with
Commissioner Swindle concurring in part and dissenting in part.
Commissioner Swindle's separate statement is attached to the Report.
---------------------------------------------------------------------------
Robert Pitofsky, Chairman
Sheila F. Anthony, Commissioner
Mozelle W. Thompson, Commissioner
Orson Swindle, Commissioner
Thomas B. Leary, Commissioner
Bureau of Consumer Protection, Division of Financial Practices
I. Introduction
On November 8, 1999, the Federal Trade Commission (hereinafter
``FTC'' or ``Commission'') and the United States Department of Commerce
jointly sponsored a Public Workshop on Online Profiling.\1\ The goals
of the Workshop were to educate government officials and the public
about online profiling and its implications for consumer privacy, and
to examine efforts of the profiling industry to implement fair
information practices.\2\ The Commission also sought public comment on
any issues of fact, law or policy that might inform its consideration
of the practice of online profiling.\3\
In keeping with its longstanding support of industry self-
regulation, the Commission has encouraged the network advertising
industry in its efforts to craft an industry-wide program. The industry
has responded with working drafts of self-regulatory principles for our
consideration. In examining the practice of online profiling, as well
as our work in online privacy, we nonetheless recognize there are real
challenges to creating an effective self-regulatory regime for this
complex and dynamic industry, and this process is not yet complete.
This report describes the current practice of online profiling by
the network advertisers \4\ and the benefits and concerns it presents
for consumers. It also discusses the ongoing effort of the industry to
develop self-regulatory principles. The Commission expects to
supplement this report with specific recommendations to Congress after
it has an opportunity to fully consider the self-regulatory proposals
and how they interrelate with the Commission's previous views and
recommendations in the online privacy area.
II. What is Online Profiling?
A. Overview
Over the past few years, online advertising has grown exponentially
in tandem with the World Wide Web. Online advertising revenues in the
U.S. grew from $301 million in 1996 \5\ to $4.62 billion in 1999,\6\
and were projected to reach $11.5 billion by 2003.\7\ A large portion
of that online advertising is in the form of ``banner ads'' displayed
on Web pages--small graphic advertisements that appear in boxes above
or to the side of the primary site content.\8\ Currently, tens of
billions of banner ads are delivered to consumers each month as they
surf the World Wide Web.\9\ Often, these ads are not selected and
delivered by the Web site visited by a consumer, but by a network
advertising company that manages and provides advertising for numerous
unrelated Web sites. DoubleClick, Engage, and 24/7 Media, three of the
largest Internet advertising networks, all estimate that over half of
all online consumers have seen an ad that they delivered.\10\
In general, these network advertising companies do not merely
supply banner ads; they also gather data about the consumers who view
their ads. This is accomplished primarily by the use of ``cookies''
\11\ and ``Web bugs'' which track the individual's actions on the
Web.\12\ Among the types of information that can be collected by
network advertisers are: information on the Web sites and pages within
those sites visited by consumers; the time and duration of the visits;
query terms entered into search engines; purchases; ``click-through''
responses to advertisements;\13\ and the Web page a consumer came from
before landing on the site monitored by the particular ad network (the
referring page). All of this information is gathered even if the
consumer never clicks on a single ad.
The information gathered by network advertisers is often, but not
always, anonymous, i.e., the profiles are frequently linked to the
identification number of the advertising network's cookie on the
consumer's computer rather than the name of a specific person. This
data is generally referred to as non-personally identifiable
information (``non-PII''). In some circumstances, however, the profiles
derived from tracking consumers' activities on the Web are linked or
merged with personally identifiable information (``PII'').\14\ This
generally occurs in one of two ways when consumers identify themselves
to a Web site on which the network advertiser places banner ads.\15\
First, the Web site to whom personal information is provided may, in
turn, provide that information to the network advertiser. Second,
depending upon how the personal information is retrieved and processed
by the Web site, the personally identifying information may be
incorporated into a URL string \16\ that is automatically transmitted
to the network advertiser through its cookie.\17\
Once collected, consumer data can be analyzed and combined with
demographic and ``psychographic'' \18\ data from third-party sources,
data on the consumer's offline purchases, or information collected
directly from consumers through surveys and registration forms. This
enhanced data allows the advertising networks to make a variety of
inferences about each consumer's interests and preferences. The result
is a detailed profile that attempts to predict the individual
consumer's tastes, needs, and purchasing habits and enables the
advertising companies' computers to make splitsecond decisions about
how to deliver ads directly targeted to the consumer's specific
interests.
The profiles created by the advertising networks can be extremely
detailed. A cookie placed by a network advertising company can track a
consumer on any Web site served by that company, thereby allowing data
collection across disparate and unrelated sites on the Web. Also,
because the cookies used by ad networks are generally persistent, their
tracking occurs over an extended period of time, resuming each time the
individual logs on to the Internet. When this ``clickstream''
information is combined with third-party data, these profiles can
include hundreds of distinct data fields.\19\
Although network advertisers and their profiling activities are
nearly ubiquitous,\20\ they are most often invisible to consumers. All
that consumers see are the Web sites they visit; banner ads appear as a
seamless, integral part of the Web page on which they appear and
cookies are placed without any notice to consumers.\21\ Unless the Web
sites visited by consumers provide notice of the ad network's presence
and data collection, consumers may be totally unaware that their
activities online are being monitored.
B. An Illustration of How Network Profiling Works
Online consumer Joe Smith goes to a Web site that sells sporting
goods. He clicks on the page for golf bags. While there, he sees a
banner ad, which he ignores as it does not interest him. The ad was
placed by USAad Network. He then goes to a travel site and enters a
search on ``Hawaii.'' USAad Network also serves ads on this site, and
Joe sees an ad for rental cars there. Joe then visits an online
bookstore and browses through books about the world's best golf
courses. USAad Network serves ads there, as well. A week later, Joe
visits his favorite online news site, and notices an ad for golf
vacation packages in Hawaii. Delighted, he clicks on the ad, which was
served by the USAad Network. Later, Joe begins to wonder whether it was
a coincidence that this particular ad appeared and, if not, how it
happened.
At Joe's first stop on the Web, the sporting goods site, his
browser will automatically send certain information to the site that
the site needs in order to communicate with Joe's computer: his browser
type \22\ and operating system;\23\ the language(s) accepted by the
browser; and the computer's Internet address. The server hosting the
sporting goods site answers by transmitting the HTTP \24\ header and
HTML \25\ source code for the site's home page, which allows Joe's
computer to display the page.
Embedded in the HTML code that Joe's browser receives from the
sporting goods site is an invisible link to the USAad Network site
which delivers ads in the banner space on the sporting goods Web site.
Joe's browser is automatically triggered to send an HTTP request to
USAad which reveals the following information: his browser type and
operating system; the language(s) accepted by the browser; the address
of the referring Web page (in this case, the home page of the sporting
goods site); and the identification number and information stored in
any USAad cookies already on Joe's computer. Based on this information,
USAad will place an ad in the pre-set banner space on the sporting
goods site's home page. The ad will appear as an integral part of the
page. If an USAad cookie is not already present on Joe's computer,
USAad will place a cookie with a unique identifier on Joe's hard drive.
Unless he has set his browser to notify him before accepting cookies,
Joe has no way to know that a cookie is being placed on his
computer.\26\ When Joe clicks on the page for golf bags, the URL
address of that page, which discloses its content, is also transmitted
to USAad by its cookie.
When Joe leaves the sporting goods site and goes to the travel
site, also serviced by USAad, a similar process occurs. The HTML source
code for the travel site will contain an invisible link to USAad that
requests delivery of an ad as part of the travel site's page. Because
the request reveals that the referring site is travel related, USAad
sends an advertisement for rental cars. USAad will also know the
identification number of its cookie on Joe's machine. As Joe moves
around the travel site, USAad checks his cookie and modifies the
profile associated with it, adding elements based on Joe's activities.
When Joe enters a search for ``Hawaii,'' his search term is transmitted
to USAad through the URL used by the travel site to locate the
information Joe wants and the search term is associated with the other
data collected by the cookie on Joe's machine. USAad will also record
what advertisements it has shown Joe and whether he has clicked on
them.
This process is repeated when Joe goes to the online bookstore.
Because USAad serves banner ads on this site as well, it will recognize
Joe by his cookie identification number. USAad can track what books Joe
looks at, even though he does not buy anything. The fact that Joe
browsed for books about golf courses around the world is added to his
profile.
Based on Joe's activities, USAad infers that Joe is a golfer, that
he is interested in traveling to Hawaii someday, and that he might be
interested in a golf vacation. Thus, a week later, when Joe goes to his
favorite online news site, also served by USAad, the cookie on his
computer is recognized and he is presented with an ad for golf vacation
packages in Hawaii. The ad grabs his attention and appeals to his
interests, so he clicks on it.
III. Profiling Benefits and Privacy Concerns
A. Benefits
Cookies are used for many purposes other than profiling by third-
party advertisers, many of which significantly benefit consumers. For
example, Web sites often ask for user names and passwords when
purchases are made or before certain kinds of content are provided.
Cookies can store these names and passwords so that consumers do not
need to sign in each time they visit the site. In addition, many sites
allow consumers to set items aside in an electronic shopping cart while
they decide whether or not to purchase them; cookies allow a Web site
to remember what is in a consumer's shopping cart from prior visits.
Cookies also can be used by Web sites to offer personalized home pages
or other customized content with local news and weather, favorite stock
quotes, and other material of interest to individual consumers.
Individual online merchants can use cookies to track consumers'
purchases in order to offer recommendations about new products or sales
that may be of interest to their established customers. Finally, by
enabling businesses to monitor traffic on their Web sites, cookies
allow businesses to constantly revise the design and layout of their
sites to make them more interesting and efficient.\27\
Network advertisers' use of cookies and other technologies to
create targeted marketing programs also benefits both consumers and
businesses. As noted by commenters at the Public Workshop, targeted
advertising allows customers to receive offers and information about
goods and services in which they are actually interested.\28\ Targeted
advertising can also improve a consumer's Web experience simply by
ensuring that she is not repeatedly bombarded by the same ads.\29\
Businesses clearly benefit as well from the ability to target
advertising because they avoid wasting advertising dollars marketing
themselves to consumers who have no interest in their products.\30\
Additionally, a number of commenters stated that targeted
advertising helps to subsidize free content on the Internet. By making
advertising more effective, profiling allows Web sites to charge more
for advertising. This advertising revenue helps to subsidize their
operations, making it possible to offer free content rather than
charging fees for access.\31\
Finally, one commenter suggested that profiles can also be used to
create new products and services. First, entrepreneurs could use
consumer profiles to identify and assess the demand for particular
products or services. Second, targeted advertising could help small
companies to more effectively break into the market by advertising only
to consumers who have an interest in their products or services.\32\
In sum, targeted advertising can provide numerous benefits to both
business and consumers.
B. Concerns
Despite the benefits of targeted advertising, there is widespread
concern about current profiling practices.\33\ Many commenters at the
Workshop objected to network advertisers' hidden monitoring of
consumers and collection of extensive personal data without consumers'
knowledge or consent; they also noted that network advertisers offer
consumers few, if any, choices about the use and dissemination of their
individual information obtained in this manner. As one of the
commenters put it, current profiling practices ``undermine[]
individuals' expectations of privacy by fundamentally changing the Web
experience from one where consumers can browse and seek out information
anonymously, to one where an individual's every move is recorded.''
\34\
The most consistent and significant concern expressed about
profiling is that it is conducted without consumers' knowledge.\35\ The
presence and identity of a network advertiser on a particular site, the
placement of a cookie on the consumer's computer, the tracking of the
consumer's movements, and the targeting of ads are simply invisible in
most cases. This is true because, as a practical matter, there are only
two ways for consumers to find out about profiling at a particular site
before it occurs.\36\ The first is for Web sites that use the services
of network advertisers to disclose that fact in their privacy policies.
Unfortunately, this does not typically occur. As the Commission's
recent privacy survey discovered, although 57% of a random sample of
the busiest Web sites allowed third parties to place cookies, only 22%
of those sites mentioned third-party cookies or data collection in
their privacy policies; of the top 100 sites on the Web, 78% allowed
third-party cookie placement, but only 51% of those sites disclosed
that fact.\37\ The second way for consumers to detect profiling is to
configure their browsers to notify them before accepting cookies.\38\
One recent survey indicates, however, that only 40% of computer users
have even heard of cookies and, of those, only 75% have a basic
understanding of what they are.\39\
The second most persistent concern expressed by commenters was the
extensive and sustained scope of the monitoring that occurs.
Unbeknownst to most consumers, advertising networks monitor individuals
across a multitude of seemingly unrelated Web sites and over an
indefinite period of time. The result is a profile far more
comprehensive than any individual Web site could gather. Although much
of the information that goes into a profile is fairly innocuous when
viewed in isolation, the cumulation over time of vast numbers of
seemingly minor details about an individual produces a portrait that is
quite comprehensive and, to many, inherently intrusive.\40\
For many of those who expressed concerns about profiling, the
privacy implications of profiling are not ameliorated in cases where
the profile contains no personally identifiable information.\41\ First,
these commenters felt that the comprehensive nature of the profiles and
the technology used to create them make it reasonably easy to associate
previously anonymous profiles with particular individuals.\42\ This
means that anyone who obtains access to ostensibly anonymous data--
either by purchasing the data or hacking into it--might be able to mine
the data and link it to identifiable individuals. Second, commenters
feared that companies could unilaterally change their operating
procedures and begin associating personally identifiable information
with non-personally identifiable data previously collected.\43\ Third,
commenters noted that, regardless of whether they contain personally
identifiable information, profiles are used to make decisions about the
information individuals see and the offers they receive. These
commenters expressed concern that companies could use profiles to
determine the prices and terms upon which goods and services, including
important services like life insurance, are offered to individuals (for
example, products might be offered at higher prices to consumers whose
profiles indicate that they are wealthy, or insurance might be offered
at higher prices to consumers whose profiles indicate possible health
risks).\44\ This practice, known as ``weblining,'' raises many of the
same concerns that ``redlining'' and ``reverse redlining'' do in
offline financial markets.\45\
Another concern expressed by commenters is that, as consumers begin
to learn more about companies' monitoring activities, fear of online
monitoring will discourage valuable uses of the Internet that are
fostered by its perceived anonymity. As one commenter noted:
The anonymity that the Internet affords individuals has made it
an incredible resource for those seeking out information.
Particularly where the information sought is on controversial
topics such as sex, sexuality, or health issues such as HIV,
depression, and abortion; [sic] the ability to access
information without risking identification has been
critical.\46\
Indeed, in support of this point, this commenter cites studies that it
believes suggest that, in both the online and offline world, the
perceived anonymity of computer research facilitates access to these
kinds of sensitive information.\47\ By chilling use of the Internet for
such inquiries, several commenters asserted, profiling may ultimately
prevent access to important kinds of information.\48\
Finally, some commenters expressed the opinion that targeted
advertising is inherently unfair and deceptive. They argued that
targeted advertising is manipulative and preys on consumers' weaknesses
to create consumer demand that otherwise would not exist, and that, as
a result, targeted advertising undermines consumers' autonomy.\49\
Recent consumer surveys indicate that consumers are troubled by the
monitoring of their online activities. First, as a general matter,
surveys consistently show that Americans are worried about online
privacy. Ninety-two percent say they are concerned about threats to
their personal privacy when they use the Internet and seventy-two
percent say they are very concerned.\50\ Eighty percent of Americans
believe that consumers have lost all control over how personal
information is collected and used by companies.\51\
In particular, surveys show that consumers are not comfortable with
profiling. A Business Week survey conducted in March of this year found
that 89% of consumers are not comfortable having their browsing habits
and shopping patterns merged into a profile that is linked to their
real name and identity.\52\ If that profile also includes additional
personal information such as income, driver's license, credit data and
medical status, 95% of consumers express discomfort.\53\ Consistent
with the comments received in connection with the Public Workshop,
consumers are also opposed to profiling even when data are not
personally identifiable: sixty-three percent of consumers say they are
not comfortable having their online movements tracked even if the data
is not linked to their name or real-world identity.\54\ An overwhelming
91% of consumers say that they are not comfortable with Web sites
sharing information so that they can be tracked across multiple Web
sites.\55\
Many consumers indicate that their concerns about the collection of
personal information for online profiling would be diminished if they
were given clear notice of what data would be collected about them and
what it would be used for, and were given a choice to opt-out of data
collection or of particular uses of their personal data. A recent
survey by Privacy & American Business explained to Internet users that,
in order to offer consumers personalized advertising, companies would
need information about the consumer.\56\ Internet users were then asked
about their willingness to provide that information by: (1) describing
their interests; (2) allowing the use of information on their Web site
visits; (3) allowing the use of information on their Internet
purchases; (4) allowing the use of information on their offline
purchases; and (5) allowing the combination of online and offline
purchasing information. When told that the company providing tailored
ads would spell out how they would use the consumer's information and
the consumer would be given a chance to opt-out of any uses that he did
not approve, a majority of consumers indicated willingness to provide
personal information. With notice and choice, 68% were willing to
describe their interests; 58% were willing to allow site visit data to
be used; 51% were willing to allow use of online purchasing
information; 53% were willing to allow use of offline purchasing data;
and 52% were willing to allow the use of combined online and offline
purchasing information.\57\
Although this survey indicates that, with appropriate notice and
choice, many consumers would be willing to allow companies to use their
personal information in order to deliver advertising targeted to the
consumer's individual needs and interests, the statistics also
demonstrate that many consumers are not willing to allow this kind of
profiling regardless of whether notice and choice are given. A
substantial minority of Internet users--between 32% and 49%--indicated
that they would not be willing to participate in personalization
programs even if they were told what would be done with their
information and were given the choice to opt-out of uses that they did
not approve.\58\
Internet users are also overwhelmingly opposed to the wholesale
dissemination of their personal information. Ninety-two percent say
that they are not comfortable with Web sites sharing their personal
information with other organizations and 93% are uncomfortable with
their information being sold.\59\ Eighty-eight percent of consumers say
they would like a Web site to ask their permission every time it wants
to share their personal information with others.\60\
Ultimately, consumers' privacy concerns are businesses' concerns;
the electronic marketplace will not reach its full potential unless
consumers become more comfortable browsing and purchasing online. That
comfort is unlikely to come unless consumers are confident (1) that
they are notified at the time and place information is collected who is
collecting information about them, what information is being collected,
and how it will be used and (2) that they can choose whether their
personal information is gathered, how it is used, and to whom it is
disseminated.\61\
IV. The FTC'S Role in Addressing Online Privacy Issues and Self-
Regulation
A. Legal Authority
The FTC's mission is to promote the efficient functioning of the
marketplace by protecting consumers from unfair or deceptive acts or
practices and to increase consumer choice by promoting vigorous
competition. The Commission's primary legislative mandate is to enforce
the Federal Trade Commission Act (``FTCA''), which prohibits unfair
methods of competition and unfair or deceptive acts or practices in or
affecting commerce.\62\ With the exception of certain industries and
activities, the FTCA provides the Commission with broad investigative
and law enforcement authority over entities engaged in or whose
business affects commerce.\63\ Commerce on the Internet falls within
the scope of this statutory mandate.
B. Online Privacy
As noted in Section III.B., the online collection and use of
consumers' information, including the tracking of individual browsing
habits, raise significant concerns for many consumers. These concerns
are not new; since 1997, surveys have consistently demonstrated
consumer unease with data collection practices in the online
marketplace.\64\ The Commission has responded to these concerns with a
series of workshops and reports focusing on a variety of privacy
issues, including the collection of personal information from children,
self-regulatory efforts and technological developments to enhance
consumer privacy, consumer and business education efforts, and the role
of government in protecting online privacy.\65\ The Commission's
longstanding goal has been to understand this new marketplace and its
information practices and to assess its cost and beneficial effects. It
has also used its law enforcement authority to challenge Web sites with
deceptive privacy policy statements.\66\
In its 1998 report, Privacy Online: A Report to Congress, the
Commission summarized widely-accepted principles regarding the
collection, use, and dissemination of personal information.\67\ These
fair information practice principles, which predate the online medium,
have been recognized and developed by government agencies in the United
States, Canada, and Europe since 1973, when the United States
Department of Health, Education, and Welfare released its seminal
report on privacy protections in the age of data collection, Records,
Computers, and the Rights of Citizens.\68\ The 1998 Report identified
the core principles of privacy protection common to the government
reports, guidelines, and model codes that had emerged as of that time:
(1) Notice--data collectors must disclose their information
practices before collecting personal information from
consumers;\69\
(2) Choice--consumers must be given options with respect to
whether and how personal information collected from them may be
used for purposes beyond those for which the information was
provided;\70\
(3) Access--consumers should be able to view and contest the
accuracy and completeness of data collected about them;\71\ and
(4) Security--data collectors must take reasonable steps to
assure that information collected from consumers is accurate
and secure from unauthorized use.\72\
It also identified Enforcement--the use of a reliable mechanism to
impose sanctions for noncompliance with these fair information
practices--as a critical ingredient in any governmental or self-
regulatory program to ensure privacy online.\73\
The 1998 Report assessed the information practices of commercial
Web sites and the existing self-regulatory efforts in light of these
fair information practice principles and concluded that an effective
self-regulatory system had not yet taken hold.\74\ The Commission
deferred judgment on the need for legislation to protect the online
privacy of consumers generally, and instead urged industry to focus on
the development of broad-based and effective self-regulatory
programs.\75\ One year later, the Commission issued a second report,
Self-Regulation and Online Privacy: A Report to Congress (``1999
Report'').\76\ In the 1999 Report, a majority of the Commission again
recommended that self-regulation be given more time, but called for
further industry efforts to implement the fair information
practices.\77\ The Commission also outlined plans for future Commission
actions to encourage greater implementation of online privacy
protections, including the public workshop on online profiling.\78\ In
its 2000 Report, a majority of the Commission concluded that, despite
its significant work in developing self-regulatory initiatives,
industry efforts alone have been insufficient. Thus, the majority
recommended that Congress enact legislation to ensure consumer privacy
online.\79\
C. Online Profiling and Self Regulation: the NAI Effort
The November 8th workshop provided an opportunity for consumer
advocates, government, and industry members not only to educate the
public about the practice of online profiling, but to explore self-
regulation as a means of addressing the privacy concerns raised by this
practice. In the Spring of 1999, in anticipation of the Workshop,
network advertising companies were invited to meet with FTC and
Department of Commerce staff to discuss their business practices and
the possibility of self-regulation. As a result, industry members
announced at the Workshop the formation of the Network Advertising
Initiative (NAI), an organization comprised of the leading Internet
Network Advertisers--24/7 Media, AdForce, AdKnowledge, Avenue A, Burst!
Media, DoubleClick, Engage, and MatchLogic--to develop a framework for
self-regulation of the online profiling industry.
In announcing their intention to implement a self-regulatory
scheme, the NAI companies acknowledged that they face unique challenges
as a result of their indirect and invisible relationship with consumers
as they surf the Internet. The companies also discussed the fundamental
question of how fair information practices, including choice, should be
applied to the collection and use of data that is unique to a consumer
but is not necessarily personally identifiable, such as clickstream
data generated by the user's browsing activities and tied only to a
cookie identification number.\80\
Following the workshop, the NAI companies submitted working drafts
of self-regulatory principles for consideration by FTC and Department
of Commerce staff. Although efforts have been made to reach a consensus
on basic standards for applying fair information practices to the
business model used by the network advertisers, this process is not yet
complete. The Commission will supplement this report with specific
recommendations to Congress after it has an opportunity to fully
consider the self-regulatory proposals and how they interrelate with
the Commission's previous views and recommendations in the online
privacy area.
IV. Conclusion
The Commission is committed to the goal of ensuring privacy online
for consumers and will continue working to address the unique issues
presented by online profiling.
Endnotes
1. A transcript of the Workshop is available at and will be cited as ``Tr. [page],
[speaker].'' Public comments received in connection with the Workshop
can be viewed on the Federal Trade Commission's Web site at and will be cited as
``Comments of [organization or name] at [page].''
2. See FTC and Commerce Dept. to Hold Public Workshop on Online
Profiling, .
3. See 64 Fed. Reg. 50813, 50814 (1999) (also available at ).
4. Not all profiles are constructed by network advertising
companies (also known as online profilers). Some Web sites create
profiles of their own customers based on their interactions. Other
companies create profiles as part of a service--for example, offering
discounts on products of interest to consumers or providing references
to useful Web sites on the same topic as those already visited by the
consumer. See, e.g., Megan Barnett, The Profilers: Invisible Friends,
The Industry Standard, Mar. 13, 2000, at 220; Ben Hammer, Bargain
Hunting, The Industry Standard, Mar.13, 2000, at 232. These profiles
are generally created by companies that have a known, direct
relationship with the consumer, unlike third-party network advertising
companies, and are beyond the scope of this report.
5. See Federal Trade Commission, Privacy Online: A Report to
Congress (1998) [hereinafter ``1998 Report''] at 3. The Report is
available on the Commission's Web site at .
6. See Internet Advertising Bureau, Internet Advertising Revenues
Soar to $4.6 billion in 1999 (available at ).
7. See Jupiter Communications, Inc., Online Advertising Through
2003 (July 1999) (summary available at ).
8. In 1999, 56% of all online advertising revenue was attributable
to banner advertising. See Internet Advertising Bureau, Internet
Advertising Revenues Soar to $4.6 billion in 1999 (available at ).
9. DoubleClick, the largest network advertising company, estimates
that it serves an average of 1.5 billion ads each day, for an average
of approximately 45 billion ads per month. The next largest network
advertisers, Engage and 24/7 Media, serve approximately 8.6 billion
ads/month and 3.3 billion ads/month respectively. See DoubleClick DART
Now Serving on Average 1.5 Billion Ads Per Day, ; Engage
Reports Strong Growth in Key Metrics for Fiscal 2000 Second Quarter,
; 24/7 Media, Inc.,
.
10. See, e.g., ; ; .
11. A cookie is a small text file placed on a consumer's computer
hard drive by a Web server. The cookie transmits information back to
the server that placed it and, in general, can be read only by that
server. For more information on cookies, see, e.g., .
12. ``Web bugs'' are also known as ``clear GIFs'' or ``1-by-1
GIFs.'' Web bugs are tiny graphic image files embedded in a Web page,
generally the same color as the background on which they are displayed
which are invisible to the naked eye. The Web bug sends back to its
home server (which can belong to the host site, a network advertiser or
some other third party): the IP (Internet Protocol) address of the
computer that downloaded the page on which the bug appears; the URL
(Uniform Resource Locator) of the page on which the Web bug appears;
the URL of the Web bug image; the time the page containing the Web bug
was viewed; the type of browser that fetched the Web bug; and the
identification number of any cookie on the consumer's computer
previously placed by that server. Web bugs can be detected only by
looking at the source code of a Web page and searching in the code for
1-by-1 IMG tags that load images from a server different than the rest
of the Web page. At least one expert claims that, in addition to
disclosing who visits the particular Web page or reads the particular
e-mail in which the bug has been placed, in some circumstances, Web
bugs can also be used to place a cookie on a computer or to synchronize
a particular e-mail address with a cookie identification number, making
an otherwise anonymous profile personally identifiable. See generally
Comments of Richard M. Smith; see also Big Browser is Watching You!,
Consumer Reports, May 2000, at 46; USA Today, A new wrinkle in surfing
the Net: Dot-coms' mighty dotsize bugs track your every move, Mar. 21,
2000 (available at ).
13. When a consumer requests additional information about a product
or service by clicking on a banner ad, she has ``clicked through'' the
advertisement.
14. Personally identifiable data is data that can be linked to
specific individuals and includes, but is not limited to such
information as name, postal address, phone number, e-mail address,
social security number, and driver's license number.
15. A previously anonymous profile can also be linked to personally
identifiable information in other ways. For example, a network
advertising company could operate its own Web site at which consumers
are asked to provide personal information. When consumers do so, their
personal information could be linked to the identification number of
the cookie placed on their computer by that company, thereby making all
of the data collected through that cookie personally identifiable.
16. ``URL'' stands for Uniform Resource Locator.
17. This kind of data transmission occurs when Web sites use the
``GET'' (as opposed to ``POST'') method of processing data. See, e.g.,
Janlori Goldman, Zoe Hudson, and Richard M. Smith, California
HealthCare Foundation, Privacy: Report on the Privacy Policies and
Practices of Health Web Sites (Jan. 2000). It is not presently clear
how personally identifiable information sent to network advertisers in
a URL string as the result of ``GET'' technology is recognized, stored,
or utilized.
18. Psychographic data links objective demographic characteristics
like age and gender with more abstract characteristics related to
ideas, opinions and interests. Data mining specialists analyze
demographic, media, survey, purchasing and psychographic data to
determine the exact groups that are most likely to buy specific
products and services. See Comments of the Center for Democracy and
Technology (CDT) at 5 n.5. Psychographic profiling is also referred to
in the industry as ``behavioral profiling.''
19. For example, the Web site for Engage states repeatedly that its
profiles contain 800 ``interest categories.'' See, e.g., .
20. DoubleClick has approximately 100 million consumer profiles,
see Heather Green, Privacy: Outrage on the Web, Business Week, Feb 14,
2000, at 38; Engage has 52 million consumer profiles, see ; and 24/7 Media has 60
million profiles, see .
21. Most Internet browsers can be configured to notify users that a
cookie is being sent to their computer and to give users the option of
rejecting the cookie. The browsers' default setting, however, is to
permit placement of cookies without any notification.
22. For example, Netscape's Navigator or Microsoft's Internet
Explorer.
23. For example, Windows.
24. Hypertext Transfer Protocol (the protocol for communication
between Web browsers and Web servers).
25. Hypertext Markup Language (the code/language in which most Web
content is created).
26. Because many sites require users to accept cookies in order to
view their content, or make multiple attempts to place cookies before
displaying content, the notification process may unacceptably frustrate
consumers' ability to surf the Web efficiently.
27. The privacy issues raised by these uses of cookies are beyond
the scope of this report. Data reflecting the use of cookies are
reported in the FTC's recent report Privacy Online: Fair Information
Practices in the Electronic Marketplace (May 2000) [hereinafter ``2000
Report''], available at The Commission's vote to issue the 2000 Report was 3-
2, with Commissioner Swindle dissenting and Commissioner Leary
concurring in part and dissenting in part.
28. See, e.g., Comments of the Magazine Publishers of America (MPA)
at 1; Comments of the Direct Marketing Association (DMA) at 2; Comments
of the Association of National Advertisers (ANA) at 2; Tr. 30, Smith;
Tr. 120, Jaffe.
29. See, e.g., Comments of the Magazine Publishers of America (MPA)
at 1.
30. See, e.g., Comments of the Association of National Advertisers
(ANA) at 2.
31. See, e.g., Comments of the Magazine Publishers of America (MPA)
at 1; Comments of Solveig Singleton at 3-4; Tr. 20, Jaye; Tr. 124,
Aronson.
32. See Comments of Solveig Singleton at 4-5.
33. Survey data is an important component in the Commission's
evaluation of consumer concerns, as is actual consumer behavior.
Nonetheless, the Commission recognizes that the interpretation of
survey results is complex and must be undertaken with care.
34. See Comments of the Center for Democracy and Technology (CDT)
at 3.
35. See, e.g., Comments of the Center for Democracy and Technology
(CDT) at 2, 16; Reply Comments of the Electronic Information Privacy
Center (EPIC) at 1; Comments of TRUSTe at 2; Tr. 113, Mulligan.
36. It is possible for consumers to learn about profiling after the
fact by examining the cookie files on their hard drive; the text of a
cookie will disclose the server that placed the cookie. Consumers can
also delete the cookie files stored on their computers. Deletion will
not erase any information stored by a network advertising company, but
it will prevent future Web activity from being associated with past
activity through the identification number of the deleted cookie.
37. For purposes of the FTC's survey, third parties were defined as
any domain other than the one survey participants were currently
visiting, but the majority of the third-party cookies were in fact from
network advertising companies that engage in profiling. The full
results of the FTC study, as well as a description of its methodology,
were released in the Commission's 2000 Report.
38. Even for consumers who are aware of cookies, it is often
difficult to discern how to change a browser's settings in order to
receive notification of cookies. For example, in Netscape Navigator, a
user must click on the ``Edit'' menu and select ``Preferences'' from
the dropdown menu; select ``Advanced'' under the listing of categories;
and click on a check-off box to activate the notification feature. In
Internet Explorer 5.0, the user must click on the ``Tools'' menu and
select ``Internet Options'' from the dropdown menu; click on the tab
for ``Security'' options; click on ``Custom Level''; then scroll down
to the choices for cookies and select ``Prompt.''
39. See Business Week Online, Business Week/Harris Poll: A Growing
Threat, www.businessweek.com/2000/00_12/b3673010.htm (March 20, 2000)
[hereinafter ``Business Week/Harris Poll''].
40. See, e.g., Comments of the Center for Democracy and Technology
(CDT) at 2; Reply Comments of Electronic Information Privacy Center
(EPIC) at 1-2. One commenter also worried that the existence of
detailed personal profiles may facilitate an increase in identity
theft. See Rebuttal Comments of the Electronic Frontier Foundation
(EFF) at 4.
41. See, e.g., Comments of the Center for Democracy and Technology
(CDT) at 2-3; Tr. 112, Steele; Tr. 128, Smith.
42. See, e.g., Rebuttal Comments of the Electronic Frontier
Foundation (EFF) at 2; Tr. 40-1, Catlett; Tr. 54, Smith; Tr. 62,
Weitzner.
43. See Comments of the Center for Democracy and Technology (CDT)
at 2-3; Christopher K. Ridder (Nov. 30, 1999) at 6 (listing examples of
sites whose privacy policies explicitly reserve the right of the site
to change privacy policies without notice to the consumer); Tr. 158,
Mulligan.
44. See Comments of the Center for Democracy and Technology (CDT)
at 3; Comments of the Electronic Frontier Foundation (EFF) Session II
at 2; Rebuttal Comments of the Electronic Frontier Foundation (EFF) at
4; Tr. 81, Feena; Tr. 114, Hill; Tr. 146-7, Steele; see also John
Simons, The Coming Privacy Divide, The Standard, Feb. 21, 2000, .
45. See, e.g., Rebuttal Comments of the Electronic Frontier
Foundation (EFF) at 4 (expressing concern about ``electronic
redlining''); Tr. 81, Feena (describing technology's potential use for
``redlining'' [sic]); Tr. 146-7, Steele (describing risk of
``electronic redlining and price discrimination''); see also Marcia
Stepanek, Weblining: Companies are using your personal data to limit
your choices--and force you to pay more for products, Business Week
Online, Apr. 3, 2000, . ``Redlining'' and ``reverse redlining'' are,
respectively, the practice of some financial institutions to not extend
credit or to offer less favorable credit terms to prospecitve borrowers
in predominantly minority areas.
46. Comments of the Center for Democracy and Technology (CDT) at
19; see also Rebuttal Comments of the Electronic Frontier Foundation
(EFF) at 4-5; Reply Comments of the Electronic Information Privacy
Center (EPIC) at 2.
47. See Comments of the Center for Democracy and Technology (CDT)
at 19.
48. See Comments of the Center for Democracy and Technology (CDT)
at 19; Rebuttal Comments of the Electronic Frontier Foundation (EFF) at
4-5; Reply Comments of the Electronic Information Privacy Center (EPIC)
at 2.
49. See, e.g., Comments of Robert Ellis Smith; Tr. 56-7, Catlett;
Tr. 122, 148, Chester; Tr. 129-30, Smith.
50. See Louis Harris & Assoc., IBM Multi-National Consumer Privacy
Survey (1999) [hereinafter ``IBM Privacy Survey''], at 81.
51. See IBM Privacy Survey, at 76.
52. Business Week/Harris Poll.
53. Business Week/Harris Poll.
54. Business Week/Harris Poll.
55. Business Week/Harris Poll.
56. See Alan F. Westin, Privacy and American Business, Personalized
Marketing and Privacy on the Internet: What Consumers Want (1999)
[hereinafter ``Westin/PAB 1999''] at 8-9.
57. Westin/PAB 1999 at 8-9.
58. Westin/PAB 1999 at 11. Consumers also want access to and
control over their personal information. Eighty-three percent of
Internet users say that it is important that companies engaged in
tailored advertising programs allow participants to see their
individual profiles and remove items that they do not want included;
seventy percent felt that this was absolutely vital or very important.
Id.
59. Business Week/Harris Poll.
60. Business Week/Harris Poll.
61. There may be complicated issues regarding the consequences of
choice, such as the extent to which consumers may exchange use of their
data for benefits.
62. See 15 U.S.C. Sec. 45(a).
63. The Commission also has responsibility under 45 additional
statutes governing specific industries and practices. These include,
for example, the Truth in Lending Act, 15 U.S.C. Sec. Sec. 1601 et
seq., which mandates disclosures of credit terms, and the Fair Credit
Billing Act, 15 U.S.C. Sec. Sec. 1666 et seq., which provides for the
correction of billing errors on credit accounts. The Commission also
enforces over 30 rules governing specific industries and practices,
e.g., the Used Car Rule, 16 C.F.R. Part 455, which requires used car
dealers to disclose warranty terms via a window sticker; the Franchise
Rule, 16 C.F.R. Part 436, which requires the provision of information
to prospective franchisees; the Telemarketing Sales Rule, 16 C.F.R.
Part 310, which defines and prohibits deceptive telemarketing practices
and other abusive telemarketing practices; and the Children's Online
Privacy Protection Rule, 16 C.F.R. Part 312.
In addition, on May 12, 2000, the Commission issued a final rule
implementing the privacy provisions of the Gramm-Leach-Bliley Act, 15
U.S.C. Sec. Sec. 6801 et seq. The rule requires a wide range of
financial institutions to provide notice to their customers about their
privacy policies and practices. The rule also describes the conditions
under which those financial institutions may disclose personal
financial information about consumers to nonaffiliated third parties,
and provides a method by which consumers can prevent financial
institutions from sharing their personal financial information with
nonaffiliated third parties by opting out of that disclosure, subject
to certain exceptions. The rule is available on the Commission's Web
site at ); Liberty Financial Cos., Docket No.C-3891 (Final
Order, Aug. 12, 1999) (available at ); GeoCities, Docket No. C
-3849 (Final Order, Feb. 5, 1999) (available at ).
67. 1998 Report at 7-14. See also 1996 Staff Report at 8-12,
available at
(summarizing participants' testimony on fair information practices).
68. 1998 Report at 7-11. In addition to the HEW Report, the major
reports setting forth the core fair information practice principles
are: The U.S. Privacy Protection Study Commission, Personal Privacy in
an Information Society (1977); Organization for Economic Cooperation
and Development, OECD Guidelines on the Protection of Privacy and
Transborder Flows of Personal Data (1980); U.S. Information
Infrastructure Task Force, Information Policy Committee, Privacy
Working Group, Privacy and the National Information Infrastructure:
Principles for Providing and Using Personal Information (1995); U.S.
Dept. of Commerce, Privacy and the NII: Safeguarding
Telecommunications-Related Personal Information (1995); The European
Union Directive on the Protection of Personal Data (1995); and the
Canadian Standards Association, Model Code for the Protection of
Personal Information: A National Standard of Canada (1996).
69. 1998 Report at 7-8; see also 1999 Report at 3-4; 2000 Report at
4.
70. 1998 Report at 8-9; see also 1999 Report at 3-4; 2000 Report at
4.
71. 1998 Report at 9; see also 1999 Report at 3-4; 2000 Report at
4.
72. 1998 Report at 10; see also 1999 Report at 3-4; 2000 Report at
4.
73. 1998 Report at 10-11; see also 1999 Report at 3-4; 2000 Report
at 4.
74. See 1998 Report at 41. In addition, the Commission recommended
that Congress adopt legislation setting forth standards for the online
collection of personal information from children; and indeed, just four
months after the 1998 Report was issued, Congress enacted the
Children's Online Privacy Protection Act of 1998 (``COPPA''). On
October 21, 1999, the Commission issued the Children's Online Privacy
Protection Rule, which implements the Act's fair information practices
standards for commercial Web sites directed to children under 13, or
who knowingly collect personal information from children under 13. The
Rule became effective on April 21, 2000.
75. See 1998 Report at 41-42.
76. See 1999 Report.
77. The 1999 Report was issued by a vote of 3-1, with Commissioner
Anthony concurring in part and dissenting in part.
78. See 1999 Report at 13-14. Other actions contemplated by the
Commission included the establishment of an advisory committee of
industry representatives and privacy and consumer advocates to develop
strategies to implement the fair information practices of access and
security and to assess the costs and benefits of those strategies. The
Advisory Committee on Online Access and Security was established in
December 1999 and its final report was released as an appendix to the
Commission's 2000 Report.
79. See supra at n.27; 2000 Report at 34-38. The 2000 Report did
not discuss and its legislative proposal does not address the unique
issues raised by online profiling.
80. Tr. 186, Jaye; Tr. 192-193, Zinman.
______
Statement of Commissioner Orson Swindle Concurring in Part and
Dissenting in Part in Online Profiling: A Report to Congress
File No. P994809
I concur in the issuance of ``Online Profiling: A Report to
Congress,'' but I dissent from the use of consumer opinion surveys in
the Report.
Consumer opinion surveys like the ones used in the Report are often
not reliable predictors of consumer behavior. For several reasons, and
as this Report acknowledges in footnote 33, survey results should be
examined with scrupulous care. Surveys are one-time snapshots of
consumer opinion, are easily biased by design, and must be examined for
methodological integrity.
Ideally, consumer opinion surveys should complement, but not be a
substitute for, empirical evidence of consumer behavior relating to
privacy. Consumer opinion surveys should not serve as a substantive
basis for policy decisions.
The Chairman. Thank you very much and thank you for a very
interesting, illuminating presentation.
I would like to talk for a minute about these discussions
you are having with the online advertisers. Is not a
fundamental question here opt-in or opt-out?
Ms. Bernstein. That would be a fundamental question and it
could be--or there are those who would say that, depending on
what the purpose is, it could be--one or the other, and it
might depend on the type of information that is being
collected.
The Chairman. Would that not get a little complicated
pretty quick?
Ms. Bernstein. It could get very complicated. We hope not,
because obviously it needs to be simple in order to be useful
to consumers.
The Chairman. Well, we conduct these hearings on the
basis--on the premise--that there is no such thing as a dumb
question, Okay?
It seems to me that the decision made by the consumer as to
whether they want out of one of those files is one thing. It is
an entirely different scenario if these people have to come to
me and say, we would like for you to give your positive,
affirmative permission to use your information or track your
habits.
So is this not a fundamental question here?
Ms. Bernstein. Yes, it is.
The Chairman. Mr. Medine, you want to comment?
Mr. Medine. Well, these discussions are trying to address
this issue, but of course the discussions are under way, and
obviously the Committee's views on what the proper balance is
in this area would be extremely helpful in informing us as the
discussions go forward as to whether consumers should be asked
if they want to participate in this process or should simply be
told of their ability to not participate in this process.
The Chairman. Well, do you have a view on that, Ms.
Bernstein?
Ms. Bernstein. The Commission has not taken a position on
that yet, as you know, Mr. Chairman. And in view of the fact
that we are still engaged in trying to do two things--one is to
see if we can complete an effective self-regulatory program--I
think we would be, as David said, we could be of the view that
in order for a cookie to be placed in the first instance an
affirmative consent by a consumer would be useful. Principally,
one wants to put the consumer in the position of being in
control of how his information is used.
The Chairman. Well, it just seems to me that the
advertisers would argue strenuously for an opt-out option.
Ms. Bernstein. They have and I am sure that they would
continue to.
The Chairman. What we just saw is relatively innocuous. I
believe that--I hope that every American would know of a
golfing vacation package in Tucson.
[Laughter.]
Senator Bryan. And want to go there.
The Chairman. Bypassing Nevada on the way.
[Laughter.]
Senator Bryan. And stopping there on the way back.
Senator Wyden. But still finding their way to the Oregon
coast.
Ms. Bernstein. We will try to accommodate every Senator on
this Committee.
The Chairman. Let us hear from you or Mr. Medine about the
less attractive aspects of this. Your presentation is
excellent, but, frankly, if that was the only problem we have
here, I do not think we would be having these hearings. Let us
talk about the really invasive, intrusive aspects of this kind
of procedure.
Ms. Bernstein. I will be happy to do that. One of the
things that is clear from the presentation that we decided to
use as an illustration is that so far the information is not
personal. It is only connected to the consumer's computer. That
is, it does not say John McCain asked for this information, but
rather it is connected to John McCain's computer.
That information, however, is capable of being combined
with personal information about that person.
The Chairman. For example?
Ms. Bernstein. By use of another database or combining it
with prior information, or sometimes the website itself.
The Chairman. For example, what kind of personal
information? How much money I have in a bank account, or my
credit rating?
Ms. Bernstein. Well, it could be your name, your address,
perhaps your telephone number. From that information, sometimes
more sensitive information can be obtained from another source.
So there is the capability to put together a really very
complete information profile about a consumer.
The Chairman. Do you want to add to that, Mr. Medine?
Mr. Medine. Yes. In addition to that, the consumer may
visit a website that might reveal sensitive items, like certain
health conditions or religious or political affiliations that
might be linked to somebody's name. There is also the
capability of making identifiable months or even years of web
browsing that you had thought were anonymous that could then
become identified to you. There have certainly been instances
publicly where people have been associated with past browsing
that has made them uncomfortable.
There is also the issue of merging online and offline data
as well. That is, you think your shopping online is one thing,
your shopping offline or your habits offline are different, but
to have them merged raises special concerns as well.
So this is the most innocuous of non-personally
identifiable information used to target a relatively simple ad.
But clearly there is the capability of gathering personal and
sensitive information through this process.
Ms. Bernstein. That is really where the intrusiveness comes
about and why so many people are expressing concerns about it.
In addition, it is really secret. People do not know this is
going on, and that I think is the most--most people react very
negatively to the fact that there is----
The Chairman. How do you let them know that it is going on?
Ms. Bernstein. Well, you could let them know by various
notices that could be either on the website or that would be
required to be on website where it begins in the first
instance, and then you could have a subsequent notice in the
site itself so that the consumer knew that that was going on.
But it would be fundamental notice that does not now occur.
The Chairman. Could you have something that would flash
that said ``Information is being transmitted concerning your
visit to this website; do you object?''
Ms. Bernstein. You could have that, certainly.
The Chairman. Well, I guess that question is also something
for the next panel.
Finally, I guess if you could carry it to its extreme, for
someone who is a very heavy user of the Internet, you could
compile information which would over time give someone a
dossier compiled of your political, religious, financial
information--literally everything about your life. Is that your
view, Mr. Medine?
Mr. Medine. That is certainly a potential here when you are
web browsing, which many people think of as being anonymous and
they appreciate being anonymous so that they can freely move
around, gather information, and it may no longer be anonymous
if an identifiable cookie is placed on your computer.
The Chairman. Finally, what is your degree of optimism
about reaching some kind of a deal with the online advertising
industry?
Ms. Bernstein. We have had good talks with them and I think
they are very anxious to put an effective self-regulatory
program in place. As the Commission said in its earlier
testimony, Mr. Chairman, the Commission did not view a self-
regulatory program in isolation, but rather expressed its view
that the most effective program is a self-regulatory program
that is supported or buttressed by a fundamental law that would
support the program.
I would say it is about--oh, we could flip a coin, but
better than half and half. How is that?
The Chairman. Well, let me just say that we obviously would
like to see an agreement that is acceptable to one and all. You
have heard views, strong views, expressed by both Senator Burns
and Senator Wyden that legislation is necessary. So if you do
reach an agreement, I think you are going to have a selling job
at least with some members of the Committee as well as other
members of Congress.
I thank you for being here today.
Senator Hollings.
Senator Hollings. Well, Ms. Bernstein, we only said that
legislation was necessary after five years of the Federal Trade
Commission working on it. The FTC put out reports and reviews
that suggested the voluntary approach was the proper approach.
Having done that for over five years, Mr. Pitofsky, your
Chairman, came here and testified that he thought that
legislation was necessary. That is correct; is that not right?
Ms. Bernstein. Yes, it is absolutely correct.
Senator Hollings. I mean, do not have the Federal Trade
Commission be a moving target. What we are trying to do is
maintain the integrity of the Internet so that people can trust
it. We are at the same starting line. We are going to have to
have some kind of regulation, I take it, for those who make a
business of collecting personally identifiable privacy
information.
Do you agree with me on that?
Ms. Bernstein. Yes, I do agree with you.
Senator Hollings. When we drew the bill, we looked at the
recommendations in the five-year consideration of the Federal
Trade Commission. We said that for anonymous information, like
you are taking a census, we wouldn't talk about opting in
there. We are only talking about opting out. If people are
making a business out of this, then they can collect any kind
of personal information on Senator McCain or me. Anybody in the
audience can collect the information and know it and understand
it.
Once they start making a commercial enterprise or business
out of the thing, then we say, now hold up, you owe a duty to
the public. If we do not do that, then people are going to be
fearful of using the Internet. The trust that we have and the
participation that we have won't continue. We want to continue
Internet participation.
Now, only after five years did we really start with a bill.
You toyed with it for five years and we see only the
frustration, having toyed with it and not getting a voluntary
response. You are not going to get advertisers. You have always
got that group that won't be fair. I go to a class where the
teacher grades on a curve and 95 percent of the students are
honest and they study and they are ready to take the exam. The
honest 95 percent finds out that 5 percent of the class has
already stolen the exam. I say, wait a minute, I better get a
copy of the exam, too.
That sort of breaks the discipline and the voluntariness
and everything. We have tried that for five years, and you are
not going to get it voluntarily. You are going to have certain
advertisers who are going to use every scheme there is to get
around and make money out of it.
Otherwise, we have got these states attorneys general all
moving for different kinds of rules, regulations, and laws. We
find that the longer we delay the greater the chaos and the
greater the difficulty there is to legislate.
When the Federal Trade Commission appeared before the
Committee, we asked each one of the Commissioners to critique
our bill. Do you know where they are on it? I am welcome to
criticism. I do not get any award for a bill. People back in
South Carolina could care less whether I put it in. They do not
even know I am up here hardly. The state has gone Republican; I
am having a hard time. The best thing I can do is tell them I
am a friend of John McCain and we get along.
[Laughter.]
So I do not have to have a bill. But I can see and ten
others have seen. We have tried to look at all the features,
rather than hit and run driving politically. I have got a bill
in on privacy, so tell them to study it further and hope they
voluntarily respond.
We are five years into the real study of it, and we have
got the states all moving to laws. So it begs the question now
that the federal government here in Washington move and get
some orderly measure.
So we do not discourage your moving with advertisers, but
if we wait on that we will never get a law. We will never get
what you finally say. Even if you got the voluntary agreement,
you would still have to have a law for some kind of
enforcement. Is that not correct?
Ms. Bernstein. I believe that is correct.
Senator Hollings. So we are going to pass some kind of law
on privacy for those who are trying to make a business out of
my identifiable personal information on the Internet.
You have answered the question, you said 50-50. Well, that
is a good answer, but----
Ms. Bernstein. I think I said better than 50-50, so I am a
little more optimistic than that.
Senator Hollings. Yes, but I mean, we cannot wait. You have
got to get 100 percent.
Ms. Bernstein. Yes.
Senator Hollings. When do you think you are going to get
100 percent agreement?
Ms. Bernstein. Well, we will either reach agreement or we
will--the Commission has to review this, obviously, and we are
still working at the staff level to see whether or not we have
a program that we think we could recommend enthusiastically to
the Commission. That should happen in a week or two.
Senator Hollings. Now, you identified someone in the
original instance as a ``guru.''
Ms. Bernstein. Yes.
Senator Hollings. What is his name?
Ms. Bernstein. Her name----
Senator Hollings. Her name, excuse me.
Ms. Bernstein [continuing]. Is Dawne, Dawne Holz, and she
is our technology guru who assisted us with putting this
program together, more than assisted us, even came up with some
of the names of sites and so forth so that we could do our
presentation. She works with this.
Senator Hollings. What we want to do here at the
Congressional level is pass something that is realistic. Let me
ask the guru, will you please take our bill and study it and
criticize what is unrealistic, what is too burdensome, what is
unenforceable? Any kind of criticism that you can give from
your experience, we would appreciate here at the Committee
level.
Take that bill for me and criticize it so that we can
correct it or not pass it or whatever it is, knock it out. I
would appreciate it.
Ms. Bernstein. Senator, each of the Commissioners I know is
at work preparing their own views, as you have asked.
Senator Hollings. But I want the guru.
Ms. Bernstein. Yes. Well, the guru will----
[Laughter.]
Senator Hollings. I want the guru. You know, sometimes the
Commissioners, they are political just like me. It is like sort
of delivering lettuce by way of a rabbit. The guru's ideas do
not come through. I want her ideas.
Ms. Bernstein. You have it, sir. You will have it.
Senator Hollings. Thank you very much. Thank you, Ms.
Bernstein.
The Chairman. Thank you, sir. Thank you for your kind
words.
Senator Wyden.
Senator Wyden. Thank you, Mr. Chairman.
Ms. Bernstein, if an agreement is reached on online
profiling, how could the profiling industry guarantee that all
of the profiling companies are going to participate?
Ms. Bernstein. They can guarantee it of all the companies
are signatories to the agreement. That leaves open, of course,
the issue of new entrants into the industry and whether they
could be bound. That is always a difficulty when one is dealing
with a self-regulatory program and it is probably one of the
underlying reasons why in the past self-regulatory programs
that have had an underlying legal structure have been the most
effective ones, because then everyone is bound even if there is
a new entrant.
Senator Wyden. What is troubling to me, and I think it is
what Senator Hollings is touching on, as well, is that you are
not likely to bring into the system of oversight the people who
most need to be monitored. I think my next question would be
who would enforce an action against a company that was
violating the agreement? Are profilers going to do this? Are
they going to run their own enforcement program? Are
advertising agencies, websites where banner ads are running
going to enforce this? Who is going to enforce this?
Ms. Bernstein. If they did not do what they have promised
to do in an agreement, a final agreement, the FTC could. The
FTC's underlying authority is to prevent deception and
therefore we could bring an enforcement action if they failed
to live up to their promises. So that is one method of
enforcement.
In addition, other groups have made arrangements for third
parties to audit their compliance with agreements, and if those
auditors turn up violations that could also be referred to the
FTC, as others have done.
Senator Wyden. So signatories can be brought before the
Federal Trade Commission. But, again, the people, frankly, that
I'm most concerned about are not the people who sit down and
work with you on these kinds of pieces of legislation. They're
the ones that operate in the shadows and certainly are engaged
in some practices that are far more serious than the one we saw
today involving golf.
Now, you identified four core principles for personal data,
that is what the FTC did, and that is why I tried to separate
out personal data from profiling, which is the area we are
looking at today. Now, with respect to personal data, the FTC
said it is important to deal with notice, choice, access, and
security.
What arguments would there be for not applying these
principles to data collected by online profilers?
Ms. Bernstein. There is none. In fact, the Commission's
report that was released today on online profile articulates
those same four fundamental elements of fair information
practices--notice, choice, access, and security--and
enforcement.
Senator Wyden. Now, you have been in the consumer
protection field an awfully long time. I happen to think you
give public service a good name because of the work that you
have done in consumer protection. I think I would like you to
outline whether there are any consumer laws now on the books
that significantly limit what online profilers could do with
respect to, say, medical and sensitive information?
Ms. Bernstein. In regard to medical and sensitive----
Senator Wyden. Let us just say, are there any laws on the
books today that limit in a significant way what online
profilers can do with important significant information?
Ms. Bernstein. There are some, but they are not
comprehensive and do not do what you are suggesting. But as you
know, the recent Financial Modernization Act (Gramm-Leach-
Bliley) did provide some protections for consumers for the
collection of financial information and, while we are not
expert in it, there has been some legislation in connection
with medical information that is being, I believe, worked in
the regulatory process from the Health and Human Services.
Those are the only ones that we know of.
Senator Wyden. But it does not exist today, and I think
that is the important point. I think both the questions asked
by Chairman McCain and by Senator Hollings are extremely
important. We all want to see the self-regulatory initiative
succeed and, from the very beginning, I have said they ought to
have a wide berth. But people who are not signatories to these
voluntary agreements, based on what you have just told us, as
of today those that are not and are not willing to try to
subscribe to strong consumer protection standards can do any
darn thing they want with respect to sensitive medical
information and online profiling.
I do not think that is right. I do want to give the private
sector a wide berth, but I think we do need to have enough
oversight and enough leverage on the part of government to be
able to proceed against those who would exploit and rip off the
citizens of this country with respect to sensitive medical
information and other areas. I think that is why we ought to be
trying on a bipartisan basis to put together a bill.
Mr. Chairman, I thank you.
The Chairman. Thank you.
Senator Bryan.
Senator Bryan. Thank you very much, Mr. Chairman.
Ms. Bernstein, let me continue where Senator Wyden left
off. Among those core values, notice it would seem to me is the
most fundamental and basic right that a consumer would have,
that is to be informed as to what is occurring with respect to
his activity or her activity. Is there objection to
establishing a legislative floor, to say at least there is a
requirement that you must provide notice if you are collecting
this kind of information? Is that something that is resisted by
the industry?
Ms. Bernstein. I do not believe so, and in fact the
Commission's legislative proposal that was discussed before
this Committee two weeks ago would require a website on which
there would be a third party operating to disclose that to a
consumer. So that was already contemplated in terms of the
notice requirement that the Commission was recommending.
Senator Bryan. I guess what I am saying, Ms. Bernstein,
does the industry agree with that? I know that was the proposal
that was advanced, but do they agree with that?
Ms. Bernstein. Yes, they do.
Senator Bryan. So we have an agreement that legislation
that provides one of those core values, that is notice, would
be appropriate?
Ms. Bernstein. Yes.
Senator Bryan. Okay, so at least we have crossed the
Rubicon on that issue. What are the sanctions that attach to
those companies that agree to a self-regulatory agreement if
one of the parties violate the terms of the agreement, in
general? Just do not do that again, or if you do that again we
are going to really get pretty upset with you, kind of the
Bobby Knight approach to regulation?
Ms. Bernstein. No, we do not agree with the Bobby Knight
approach. As I said before, the FTC has authority under its
deception authority to proceed to bring an action that would
force them to comply with the agreement and under some
circumstances we could seek penalties, as you know.
Senator Bryan. Would that be monetary fines of some kind,
Ms. Bernstein or Mr. Medine?
Mr. Medine. Well, there would be injunctions and possible
consumer redress if we could establish actual injury, and
certainly going forward actual fines or enforcement proceedings
if they fail to comply with an FTC order.
Senator Bryan. Just in general--you may have many options--
what would the maximum fine be? Suppose you have a signatory to
the agreement who has a habit or practice of consistently
violating the provision? This is not just, we goofed, we are
sorry, we are not going to do that again. What would be the
hammer that the FTC could bring down upon that violator?
Ms. Bernstein. Well, under existing law the penalties are
$11,000 a day per violation. So that could add up to a very
significant amount of money.
Senator Bryan. Indeed it could.
Now, with respect to those who are not participants to the
agreement, there are no penalties that would attach; am I
correct?
Ms. Bernstein. Under present circumstances, no. If they are
not signatories, they would not be subject unless they took
some other actions.
Senator Bryan. Are there other actions covered in the law?
Ms. Bernstein. Right.
Senator Bryan. Do you have any idea as to what percentage
of the universe out there would be willing to sign onto such a
self-regulatory agreement?
Ms. Bernstein. We have--there are about a dozen companies
and we believe that that represents about 90 percent of the
industry.
Senator Bryan. So we would still have 10 percent that would
be operating beyond the ambit of whatever agreement would be
entered into?
Ms. Bernstein. That is what we know at the present time,
and it is an estimate, Senator.
Senator Bryan. I appreciate that.
Ms. Bernstein. But it may be that it is greater than that.
Senator Bryan. Ms. Bernstein, you made the point that
currently, in the example that was cited, this was not
personally identifiable information.
Ms. Bernstein. Right.
Senator Bryan. You also made the point that it might be
possible, in response to the Chairman's inquiry, to in effect
combine a personally identifiable database with this and then
really put a great deal of information in it. Is there
currently any law that prohibits that?
Ms. Bernstein. No, there is not.
Senator Bryan. Let me be clear on that. So you are saying
that tomorrow, at the end of this hearing, if a determination
was made by any commercial website or one of these cookie
companies or however we would characterize them, it would be
possible for them to combine the personally identifiable
database with the non-personally identifiable information that
you provided there and that could be done without any violation
of the law at all?
Ms. Bernstein. That is correct, Senator.
Senator Bryan. Now, is there objection by the industry to
legislation that would say, you shall be prohibited from
combining those two types of database?
Ms. Bernstein. We have not discussed legislation with them,
Senator. That really has not been a part of our discussions to
date with them. Rather, we have been trying to work through a
self-regulatory program----
Senator Bryan. And I understand that. But would you not
agree that we have agreement essentially that there ought to be
a requirement in law of notice? Would it not be appropriate to
have legislation that says, look, you cannot combine those two
databases?
Ms. Bernstein. I will not be representing the views of the
Commission, so this makes it a little uncomfortable for me. And
I am not sure you want my personal views, but my personal views
are----
Senator Bryan. What would your personal view be? You have
done a great deal. We understand that for the record you have
made the disclaimer that you are not speaking on behalf of the
Commission.
Ms. Bernstein. Right.
Senator Bryan. And I am not trying to entrap you, Ms.
Bernstein.
Ms. Bernstein. I know you are not, sir.
Senator Bryan. But you are a witness with considerable
experience and a great deal of credibility, as my colleague
from Oregon pointed out.
Ms. Bernstein. It would seem to me that, unless there is at
a minimum an opt-in by consumers, that is if a company is ever
going to combine personal and non-personal information that the
consumer would have the opportunity to have a very full
disclosure of what was going to happen to them and a very firm
opportunity to say yes or no to that. And that would be at a
minimum.
Senator Bryan. Now, is there any technical reason that one
could not require an opt-in provision in terms of this whole
profiling issue that we are talking about? Is there any
technical reason, anything systematically that would prevent
that?
Ms. Bernstein. Not that I know of.
Senator Bryan. And my friend from South Carolina's guru
would agree with that statement, would she?
Ms. Bernstein. Guru, you agree with that?
Ms. Holz.
[Nods affirmatively.]
Ms. Bernstein. She agrees.
Senator Bryan. Guru indicates that----
Ms. Bernstein. Let the record show.
Senator Bryan. Let the record reflect that the guru agrees
with the witness.
Mr. Medine. Hearing no objection.
Senator Bryan. We thank the guru.
Finally, if I may, because I know there are many others
that want to comment on this, in terms of providing the
greatest measure of protection to the consumer would not the
opt-in, that is to say, look, before we are going to do this
profiling we need your prior permission. Does that not provide
the ultimate or best protection to the consumer?
Ms. Bernstein. I believe most people would agree that that
provides the greatest amount of protection or, put another way,
it allows the consumer the greatest control over their own
information; and that really is where the control should rest.
Senator Bryan. By and large, we are talking about the
consumer's personal information, activities, shopping habits,
or otherwise, of the individual. I know every one of my
colleagues fully understands that, but the opt-in requires the
prior consent. That is, none of this activity could occur
unless the consumer affirmatively agreed.
Ms. Bernstein. That is correct.
Senator Bryan. The opt-out permits the company to do so,
notify the consumer, and then the consumer can say, stop, I do
not want you to do that again; is that the essence of it?
Ms. Bernstein. Well, an opt-out could be that they could
not do it unless they gave the consumer notice of the
opportunity to not have it done. So it is just a slight
difference in the way I think you phrased it, Senator.
Senator Bryan. So would that mean, in effect, that silence
is acquiescence under what you have just said? In other words,
the consumer is notified, but you do not require his or her
affirmative consent, but if they take no action at all silence
is acquiescence?
Ms. Bernstein. Having given them the opportunity to opt
out, yes.
Senator Bryan. I appreciate that. Thank you very much to
our witnesses and thank you very much, Mr. Chairman.
The Chairman. Senator Burns.
Senator Burns. Thank you, Mr. Chairman.
I do not know what ground my colleagues have covered here,
but even though Senator Wyden and I have worked on a bill that
principally is an opt-out type of an approach, which I think is
the correct approach until somebody convinces me otherwise, I
am still concerned about enforcement. How do we know who the
bad actor is, or who takes unlawful information and either
markets it or it pops up somewhere else, and then there is no
paper trail or there is not anything to go back and see who
really was the first to misuse it? Because once the information
is out there in cyberspace, it just roams around out there and
it becomes the property of the guy that has got the biggest net
to catch it.
What kind of--what do you recommend as an enforcement
mechanism? How do we do that?
Ms. Bernstein. Well, one of the things that has worked
effectively in other areas we believe, Senator, is a third
party audit or a third party firm that will on a systematic
basis review what practices each of the sites are engaging in,
sample it, and find out whether or not the protections are
being provided.
You can also have consumers who are surfing the net. They
can also report, as they often do, to an enforcement mechanism
or, in the case of a law, to the FTC. We have a very, very good
way, I think, of collecting consumer complaints, and then a law
enforcement action can be brought. But that requires, of
course, what we have talked about previously, and that is
either a system where they have not done what they promised to
do in self-regulation or a legal structure that would permit
that kind of enforcement.
Senator Burns. Does that also pertain to the people who
collect information on consumers through any other mode other
than electronically? In other words, any place else than the
Internet? Every time I buy something that says:
congratulations, you bought this great new thing here, in order
to get your warranty you have to send in this card, but you are
going to answer some questions; what about those?
Ms. Bernstein. In the sense of if they tell you something
that is not true, represent something that is not true? That is
against the law.
Senator Burns. Even in the collection of this information
and what they are going to do with it?
Ms. Bernstein. If they tell you that they are not going to
do with it what they are going to do with it, then it could be
considered deceptive under the FTC Act.
Senator Burns. What if there is no statement at all?
Ms. Bernstein. Then it makes it very difficult for the FTC
to proceed, because no statement has been made and there is not
a specific requirement that it be made under existing law. That
is why the Commission recommended legislation on general
privacy two weeks ago.
Senator Burns. You see, I am very supportive of some
privacy legislation. I am very supportive of that. I just think
that the consumer has that right. It is one of the American
core values that we must protect, a person's own privacy. It
gets even more sensitive whenever we start talking about
financial arrangements and those kind of things, and also with
medical records and some other privacy things that I do not
think the public needs to know anything about.
But I am still concerned about whether we are placing
certain restrictions on those folks who are in the electronic
business or the Internet business and not placing the same
restrictions on the people who collect personal information
even at grocery stores--and they make no statement on how that
information is going to be used?
Ms. Bernstein. Well, there are two things. First of all,
there are some significant differences in the so-called e-
commerce marketplace, as you have already alluded to. It is
faster, it is quicker, they have access to more information,
and they can more quickly obtain that information, in a way
that has not happened before.
But most recently there has been increased public attention
on just what you raise, and that is, is there a need to make
sure that there is a level playing field across these various
media so that the same protections consumers expect in the
offline world would be provided in the online world and vice
versa?
Senator Burns. You see, I think I read a story, was it
yesterday--and I have got such a fantastic memory, but it is
short about the implementation of Senator Bryan's legislation
with regard to child privacy on the act that we passed through
here and which we were very supportive of. But yet they are
still having problems on implementation and enforcement.
That is the reason I ask those questions, because I think
we can pass this thing and say we have done a good thing and
then not revisit the situation later on. I think that would not
serve the industry or the consumer very well.
I thank the chairman.
The Chairman. Senator Cleland.
STATEMENT OF HON. MAX CLELAND,
U.S. SENATOR FROM GEORGIA
Senator Cleland. Thank you very much, Mr. Chairman.
Ms. Bernstein, Mr. Medine is it? I am still struggling with
the terminology. The terminology, I find, is fascinating about
the Internet: mouse, web bugs, cookies, and spam--all found in
every kitchen in America. What is your understanding of what a
web bug is, Ms. Bernstein?
Ms. Bernstein. My understanding of what a web bug is, it is
a very tiny image that can be placed on a computer and indeed
can be placed on a cookie itself and it cannot be detected
visibly at all. It also collects information, not exactly the
same way that a cookie does, which is a file, a little file of
personal information.
Do you want to add anything to that, guru?
Ms. Holz. No.
Ms. Bernstein. That is my understanding of what a web bug
is. They are both used in different ways.
Senator Cleland. Are you saying that a web bug can be put
on someone's personal computer when they use the Internet and a
cookie can be imposed on an Internet user without their
knowledge?
Ms. Bernstein. Yes.
Mr. Medine. Web bugs are typically found on web pages and
they are really hidden code on web pages that essentially sends
a message back to a third party, typically a network
advertiser, saying, does this consumer have a cookie--and
reading the cookie if the consumer has one on their file--and
if not, placing a cookie.
But what's unique about web bugs is you do not see them and
they may even appear on a page--unlike the pages that we showed
earlier, there may not even be an advertisement on that page.
You may not have any reason to suspect that a third party is in
any way monitoring your web browsing.
Senator Cleland. So as you browse you may leave cookies?
Mr. Medine. The web bug can place cookies or read cookies,
yes, even when you are unaware that that is going on.
Senator Cleland. That is amazing. Spam, what is spam?
Ms. Bernstein. Other than the pink meat that you get, spam
is unsolicited----
Mr. Medine. E-mail.
Ms. Bernstein [continuing]. E-mail, unsolicited. It comes
in over your e-mail.
Senator Burns. It is like junk mail.
Ms. Bernstein. Right, it is junk mail in every sense.
Senator Burns. In your mail box.
Senator Cleland. And the ultimate unwanted access is the
Love Bug, right?
Mr. Medine. Which is a virus.
Senator Cleland. A virus.
Ms. Bernstein. Right.
Senator Cleland. Mouse, web bugs, cookies, spam, and
virus--amazing terminology to apply to this new technology.
Let me just say, Mr. Chairman, I think bringing the privacy
rights of Internet users to the forefront of the Senate's
attention is, quite frankly, critical. I think most people when
they use the Internet think of it in many ways starting out,
much like I would, using a telephone. A telephone is a direct
line. You do not assume that it is a party line. You do not
assume that there is somebody out there monitoring your call.
You assume that what you say is in private between you and the
hearer.
I think most Americans would be shocked if they picked up a
telephone, dialed a number, and found out later that their
phone call was being monitored, their preferences were being
tracked with a cookie, and that ultimately if they hung up all
of a sudden they could get multiple phone calls back
unsolicited. I think that would be relatively shocking to the
average individual out there. But that is exactly, apparently,
what is happening to Internet users. Is that correct?
Ms. Bernstein. That is correct, and we agree that Americans
are shocked by it to the extent that there is survey data that
suggests that, when they know about it.
Senator Cleland. Because it seems to me that, much like the
privacy of a phone, if one goes to the Internet one goes to it
with a sense of privacy. It is you and the computer, and you
and the information, and usually not a whole bunch of people
standing around. It is pretty much a private moment, shall we
say. It is kind of deceptively private and personal. It is kind
of deceiving.
Now we find out that there is some deception out there. I
am not sure, quite frankly, what role we have to play, but we
are trying to find that out here.
Thomas L. Friedman, who wrote the book ``Lexis in the Olive
Tree: Understanding Globalization,'' says that maybe government
is more needed rather than less. He said that government should
be downsized, but it should be raised in quality, and said what
we have to worry about is not so much government tapping your
phone line or big brother, but little brother, somebody else
out there.
He says in the web world everybody is connected, but nobody
is in charge. And one wonders what the role of the FCC is and
what the roles of the Senate Commerce Committee and the Senate
are in installing some sense of being in charge, some sense of
rules, some sense of instituting or guaranteeing privacy.
I think privacy is the currency of the Internet. If that is
destroyed, I think people will not go to the Internet or be as
open, or as frank, or as consuming of the Internet and its
products as we would be comfortable in doing.
Is that your sense?
Ms. Bernstein. Yes, it is, Senator. In fact, you have hit
on something that many have written about also, that one of the
great benefits of the Internet and Internet commerce was the
anonymity, that you could do what you wanted to do at your own
pace and make your own choices. That can be destroyed by
practices that impact on the anonymity that you might have come
to and hopefully could expect.
Senator Cleland. Yes, I think there is a certain
expectation that when you use the Internet, that one is not so
much anonymous, but it is private. It is private, and it is
personal. The exchanges that take place there in effect belong
to you and you should have the ability of choice.
Now, that is where we come to opt-in and opt-out. I am not
sure I follow the bouncing ball here, but it seems to me the
underlying principle is that I do not want web bugs, I do not
want cookies, I do not want spam, I do not want anything
messing up my communications here unless I choose for that to
happen. If I choose, then so be it. I am still empowered with
that choice.
I think we are looking at something here that we have to
come to some decision on. The Internet and the web can
certainly be very empowering. It can facilitate commerce, and
it can facilitate the flow of information worldwide. The
Internet can help heal diseases and communicate to people, all
kinds of wondrous things. But if the medium itself is
compromised, shall we say, by these terms, I think we shoot
ourselves in the foot. We make the medium less than it can be.
Is that your sense, Ms. Bernstein?
Ms. Bernstein. It is indeed, and we know that consumer
confidence has already been somewhat impacted because of fears
of just what you suggest, Senator, that they are fearful that
their privacy will not be protected.
Senator Cleland. Fear is a terrible thing. Fear can drive
the stock market up or drive it down. Millions of people can
react in fear just by one or two, shall we say, horror stories.
We are not in the horror story business here, but the point
being we are trying to find that role here. We do not want to
kill the Internet, and we do not want to kill the goose that
lays the golden egg. I understand that information technology
is now the number one force driving the American economy, that
Internet business, e-commerce, is growing at 6 to 8 percent a
year.
This growth is, quite frankly, incredible. But I think one
of the things that can kill the goose that lays the golden egg
is an attrition of consumer confidence. You have that in the
old economy, too. If you lose confidence in a manufacturer or
product, all of a sudden overnight sales drop, and things
happen that are not good.
So we appreciate you working with us and your guidance and
advice in helping us work through these issues. We do not want
to be too active here where we interfere with people's commerce
and their communication, but, by the same token, I think it
does rest and reside on a certain level of confidence and
therefore privacy that is assumed and that ultimately I think
should be guaranteed if the Internet is going to go ahead and
grow.
Thank you, Mr. Chairman.
[The prepared statement of Senator Cleland follows:]
Prepared Statement of Hon. Max Cleland,
U.S. Senator from Georgia
Thank you, Mr. Chairman, for holding this Committee hearing on one
of the most important issues facing Americans today, at least for those
Americans who are not on the short end of the digital divide. We owe
Internet users our undivided attention in developing ways of ensuring
their privacy while not unduly overburdening the Dot Com companies or
place them at a competitive disadvantage with off-line businesses. I
believe that there is a solution that be crafted which respects the
advertiser's ability to collect consumer information on the Internet
and Americans' right to privacy.
By bringing the privacy rights of Internet users to the forefront
of the Senate's attention, we are setting a course in a positive
direction to alleviate the fears that many have concerning how their
private information is acquired, stored, shared and used by others. In
this fast-paced electronic age, information is being collected and
stored at the rate of billions of bits per second. The information that
users send over the Internet passes through dozens of different
computer systems on the way to its final destination. Each of these
systems may be managed by a different system operator, each with its
own capability of capturing and storing online communications. It is
little wonder that Internet users have concerns about their online
activities.
Network advertisers are developing relationships with consumers
that they don't know and, in many cases, these relationships are
unwanted by the consumer. Placing cookies and ``web bugs'' on one's PC
and tracking their movements in such an apparently underhanded manner
seems very wrong on its face. What kind of a technology is ``web bugs''
anyway? In my mind bugs are pests that you use a bug zapper to get rid
of. The alarming trend of using cookies and placing ``web pests'' on
peoples' PCs that is being practiced by more and more firms, some of
whom are represented here today, can't be a good thing if consumers are
unaware these actions are being taken.
While some might consider targeted ads directed at a person to be
helpful, many others consider them to be bothersome. For example, spam,
or unwanted e-mail solicitations, is one form of advertising unwanted
by just about everyone. What concerns me the most is the vast databases
that are being generated to aim ads based on ``inferential'' or
``psychographic'' data. The ever increasing use of cookies, web bugs,
and inferential data is only the beginning. With data collection
technology, such as it is, peoples' innovativeness with how to apply
this technology and the speed at which data can be processed, there is
no telling how or what data will be collected in the future. One thing
we can be certain of is that the information gathering industry will
not be the same tomorrow as it is today. It is disconcerting to think
how many current Internet users are unaware that their communications
are being monitored and their activities tracked.
Today, there are an estimated 17.8 million websites registered
worldwide and every day more are coming online. Each of these websites
has the potential of collecting data that many consider private and
many of them are actually collecting such information. I recognize that
there are firms out there who are helping to ensure that industry's
self-governing online privacy becomes a reality. One is the Better
Business Bureau. Since it began certifying sites, the Bureau has
certified just over 6,000 of the 17.8 million websites in existence
today. While some in industry may believe this is a good start at self-
regulating privacy concerns, I believe industry is falling short in its
attempt to show it is capable of self regulation in this field.
I am looking forward to the dialog that will take place this
morning and to hearing the distinguished witnesses address how the
legislation that has been offered, or should be offered, can
appropriately balance the consumer's right to privacy and the
advertiser's ability to collect and utilize personal information. I am
very interested in ensuring that a comprehensive, enforceable online
privacy policy is afforded to all Americans. It is our collective
responsibility to do this so the Internet can continue to grow at an
exponential rate, businesses are not burdened by overly burdensome
restrictions and consumers can be assured that their privacy rights
will be protected.
The Chairman. Senator Kerry.
STATEMENT OF HON. JOHN F. KERRY,
U.S. SENATOR FROM MASSACHUSETTS
Senator Kerry. Thank you, Mr. Chairman.
I regret coming in late because I know it has been an
interesting discussion, and there is nothing worse than trying
to pick up on it without having been part of the flow. So I was
just trying to get as quick an update as I could. I do not want
to, hopefully, be repetitive.
I have been spending more and more time in the last weeks
trying to reach out to the folks in the industry who are on the
cutting edge of changing things so rapidly and trying to get a
better sense of what the play is and what the possibilities are
within this privacy issue. I have come away from those
discussions perhaps more confirmed, Mr. Chairman, in my sense,
that we need to be careful about how fast we move.
I know there is bubbling up a sort of congressional sense
of outrage that wants to protect appropriately our citizens'
right of privacy, and I want to do that, too. But I become more
convinced that the more you dig into it, the more complicated
it becomes as to exactly what you can mandate effectively from
this vantage point at this time.
Let me be precise. On the access issue, for instance, it is
very difficult to provide the full measure of access that some
people are asking for and still maintain the integrity of the
recordkeeping on the other side that you want. How does
somebody get access to their record to change whatever it is
they want, and what is the guard against the input that they
might want to change it with, the information that they have?
You can run down the line here on various aspects of the
issue and you keep running into walls. Enforcement, I gather,
has been raised by a number of my colleagues as an issue. It is
almost a certainty that whatever we pass will be unenforceable
unless we are passing something that sets some very clear
standards and expectations that are meetable. Whether or not
they will be meetable will depend to a large degree on where
the technology goes and what the cooperative effort is going to
be within the industry itself.
I think there is a medium ground, and I have tried to
express that in the prior hearing that we had. But I think
that, on greater analysis, my colleagues are going to share
with me a sense that there may be a first step. Now, we are
here focused on the online profiling, I believe, which in a
sense it sort of underscores the predicament that we face.
The last hearing that we had was also focused on sort of
online and we are focused on the Internet. But privacy is
privacy is privacy. I mean, if privacy is a right and privacy
is something that attaches to every American, it attaches to
them online and offline. And, to the best of my knowledge, no
one in the U.S. Congress has put forward a full measure of what
has happened to Americans offline.
Am I correct? Is there not a very significant intrusiveness
that takes place in the marketplace offline?
Ms. Bernstein. There certainly is some. There are,
however--as you know, Senator, there have been some responses
to that. Organizations like the Direct Marketing Association
have put in place systems so that consumers can indicate that
they do not want to receive certain kinds of telephone calls
from sales persons or mail calls.
The Telemarketing Sales Act put some restrictions on what
messages can be limited by consumers on the telephone. So I
think it is not quite as bereft of any kind of protections for
consumers as you suggest. Could there be more? I am confident
that there could be.
Senator Kerry. That is a voluntary system.
Ms. Bernstein. The DMA is, but the----
Senator Kerry. So it is not mandated by Congress.
Ms. Bernstein [continuing]. Telemarketing Sales Act was
mandated by Congress.
Senator Kerry. But you can get very significant, through
private sources and otherwise, extraordinary amounts of
information regarding any fellow citizen. I mean, you can get
their criminal record. You can get what their credit card
expenditures have been for some particular months through
various sources. It is not a crime to do that.
You can do some remarkable profiling through purchases that
take place. For instance, if I walk into a store here in
Washington, swish my card through the credit machine, every
purchase that I have made is known to those people. They can do
whatever targeting they want.
So what we are doing here is we are really talking about
conceivably in the outcome, depending on what we do, picking
some winners and losers and affecting the marketplace as
against another component of the marketplace. I mean, if
privacy is the concern, privacy applies to everybody in every
context, does it not?
Ms. Bernstein. Yes, it does.
Senator Kerry. So why are we focused on one sector of the
marketplace versus others?
Ms. Bernstein. I think the focus has been on the online
marketplace particularly because it is new, it does have many
benefits for consumers that they would like to be able to use,
and at the same time there have been increasing concerns about
what happens to their information when they are using it. It is
new. Everyone wants it to flourish because of the benefits it
can bring, but it also has to have a balance of having people
feel confident or they will not use it.
Senator Kerry. I agree with the Chairman that there is a
special status with respect to medical information, and there
is a special status with respect to financial information.
Ms. Bernstein. Whether online or offline.
Senator Kerry. Correct, online or offline, and they ought
to probably be treated similarly. But what is the harm with
respect to this protection we are seeking to provide with
respect to the other aspects of the targeting and profiling?
What is the harm?
Ms. Bernstein. Well, one of the harms is that, at least in
what we have been discussing today, is that consumers have no
idea that this is going on.
Senator Kerry. Which, the profiling?
Ms. Bernstein. The profiling. They have no idea.
Senator Kerry. So my concept of privacy, of what we should
do at this point, is to mandate the level of notice and to
encourage the maximizing of anonymity. I have spent some time
lately trying to sort of test different sites and see where
privacy appears. I look for how fast it leaps out at me, and
how quickly can I see the word. I also look for what they are
going to do. And there is a difference, there is a variance, I
will concede that.
Clearly, we could legislate some standard that would
encourage people--or not encourage, that would mandate and that
would flow to your jurisdiction that as a fair trade practice
people must post right up front what the options are. That is
maximizing choice.
In the context of measuring against the harm that may be
done, is that not a balance?
Ms. Bernstein. The Commission has already recommended just
that notice and just that choice in connection with all
commercial website activity. So it would certainly go a long
way toward bringing about a much better balance than exists
today.
Senator Kerry. Well, let me go a step further. If citizens
are as concerned as you say they are, then the opt-in, opt-out
issue becomes more important. Some people would argue that the
initial opt-in is when you buy your computer, turn it on, and
go to a site. That is opting in.
Ms. Bernstein. It is correct that some people argue that.
Senator Kerry. Then, if on that site there is a prominent
display about how the information may or may not be handled,
they have a next threshold level at which they can exercise
again a choice of opt-in, opt-out, correct?
Ms. Bernstein. Under present circumstances, Senator?
Senator Kerry. No, assuming you had adequate notice that
was posted.
Ms. Bernstein. Right.
Senator Kerry. So then the consumer is making a choice,
correct? And the down side of harm is that it may be that they
had adequate posting of X, Y, or Z profiling process or they
may be targeted for some sale or something. If their financial
and health information is completely and totally protected,
would you not have gone an extraordinary distance here to sort
of set a standard as to how we view privacy without becoming
overly intrusive and overly regulated and overly structured in
a way that might inhibit the creativity of the marketplace?
Ms. Bernstein. I think everyone agrees that it would go a
long way to have those kinds of protections for financial and
medical information. There are other areas of sensitive
information, at least to some people, for example, their
religious preferences or organizations that they belong to,
that they may consider as highly confidential to them.
Senator Kerry. Is any of that protected in the offline
world?
Ms. Bernstein. I do not know that it is routinely
collected.
Senator Kerry. The answer is no.
Ms. Bernstein. I believe not.
Senator Kerry. Okay. So the bottom line comes to this
question of what definition of ``privacy'' are we prepared to
recommit ourselves to with respect to the American people,
online or offline, so that we are not somehow picking winners
and losers in the process. I will pursue that later, and I
thank the chair.
The Chairman. Thank you, Senator Kerry. I thank my friend.
We have been almost an hour and a half and we have another
panel. So I thank you, Ms. Bernstein, Mr. Medine, and guru.
Thank you very much.
The next panel is: Mr. Jules Polonetsky, who is the Chief
Privacy Officer of DoubleClick; Daniel Jaye, the Chief
Technology Officer of Engage Technologies; Mr. Marc Rotenberg,
who is the President of the Electronic Privacy Information
Center; and Mr. Richard Smith, an Internet consultant.
Mr. Polonetsky, we will begin with you. Welcome and thank
you for your patience.
STATEMENT OF JULES POLONETSKY, CHIEF PRIVACY OFFICER,
DOUBLECLICK
Mr. Polonetsky. Thank you, Mr. Chairman. Thank you,
Senators. Thank you for holding this hearing on the critical
issue of online profiling and Internet privacy. As Chief
Privacy Officer at DoubleClick, I report directly to the
company's Board of Directors to ensure that DoubleClick is
effectively implementing its privacy policies and procedures. I
act as a resource for Internet users. I work with advertisers
and publishers to oversee their privacy policies and I work to
educate the public about Internet privacy.
I appreciate the opportunity to testify today. In order for
the Internet to continue to flourish--in order for this
revolutionary medium to keep growing at such a rapid pace and
be the engine for the greatest economic expansion in U.S.
history--the Internet industry must make consumers comfortable
that their privacy is being protected online, and at the same
time publishers and ad servers must continue to customize and
personalize web content and advertising so that users can get
the information they want and websites can generate the
revenues necessary to stay in business and keep content on the
Internet free.
Currently, a vast majority of websites offer content free
of charge. From The New York Times to The Washington Post to
Encyclopedia Britannica, sites offering directions, weather
information, content is offered to consumers for free. Why?
Because of effective Internet advertising. By keeping the
Internet free, Internet advertisers help bridge the digital
divide for consumers. Internet advertising revenue also helps
smaller startup websites offer unique and diverse content and
compete with more established businesses.
As the consumer affairs commissioner in New York City for
Mayor Giuliani for the past two years, I saw firsthand the
consumer benefits of effective advertising. In markets where
merchants were competing successfully, consumers had many
choices and were easily able to find the products and services
they needed. In markets where advertising was limited or
ineffective and where it was difficult for merchants to reach
the right consumer at the right time, such as funeral services
or prescription medications, prices varied by as much as 40
percent or 50 percent from location to location. The result:
many consumers overpaying for services and products they
needed.
On the Internet, advertising is effective for consumers and
advertisers when ads reach the right consumer at the right
time. Internet advertising companies use information to attempt
to deliver the ads to consumers that the consumers are likely
to click on.
As Senator Kerry noted, this happens every day in the
offline world. Catalogue companies share their mailing lists
with each other. Magazines share subscription lists, and
political candidates use voting lists so they can send
persuasion or fundraising mail only to the voters likely to
respond. This is the heart of offline direct marketing and it
is critical to effective advertising on the web.
Now, we at DoubleClick understand and take very seriously
the privacy issues raised by the technological tools used for
effective web advertising. We also understand that the
different types of information used need to be treated very
differently. Not surprisingly, consumers understand that
certain information in the wrong hands can be harmful to them
and that some information, like marketing data, does not pose a
threat.
Research that we conducted showed that consumers are very
concerned about the collection of social security numbers, a
fear of identity theft. They are concerned about their credit
card numbers, information that could be used against them.
People have very practical concerns. They are worried about the
collection and sharing of sensitive credit information that
could be used to deny them mortgages, sensitive health
information that could be used to deny them insurance.
It is DoubleClick's policy not to use sensitive information
for profiling when we deliver an ad. We do not use health
information, we do not use sensitive financial information,
visits to adult sites, sexual information, information about
children. The example that the FTC presented and that, Senator
McCain, I think you referred to as relatively innocuous frankly
is the kind of ad serving that we do.
Consumers are much less concerned about transaction data
used for marketing purposes, but we do believe that they have a
right to know--even if it is not sensitive data--data about
basic transactions. Consumers have the right to know what kind
of data net advertisers are using and they have the right to
have control over that use. There are significant steps that
industry can and should take to give consumers more confidence
in and more control over their web experience. Primary among
them are notice and choice.
Consumers need and deserve real choice. They need to know
the type of data that is being collected about them and they
need to have the ability to opt out, to choose not to
participate if they want to. We recently finished one of the
largest Internet education campaigns in web history. We served
more than 100 million banner ads connecting consumers to
privacychoices.org, a website dedicated to consumer privacy
education, offering a two-clicks-and-you-are-out policy for
consumers who wanted to opt out of targeted advertising.
At DoubleClick, no website is allowed to contribute profile
information or to have ads delivered based on any cross-web
behavior unless their privacy policy links to DoubleClick to
give consumers notice about what is going on and a chance to
opt out.
We are also rewriting our privacy policy to make it
shorter, clearer, and easier for consumers to understand. We
employ an outside auditor, PriceWaterhouseCoopers, to do an
external audit periodically to ensure that we are living up to
the privacy commitments that we make to consumers, and we have
an independent consumer privacy advisory board to help us
continue to improve our privacy procedures and to respond to
the new issues that will continue to arise as new forms of e-
commerce develop.
Finally, as part of the network advertising initiative, we
are working with the other companies in our industry to develop
uniform rules for all third party advertisers to follow to
ensure that our activities are clear and understood by
consumers and to ensure that consumers have control over how we
use information.
We recognize that consumers must know that their privacy is
protected online for e-commerce to continue to flourish and we
welcome your ideas for additional steps that we can take to
benefit consumers.
Thank you.
[The prepared statement of Mr. Polonetsky follows:]
Prepared Statement of Jules Polonetsky, Chief Privacy Officer,
DoubleClick
Thank you for holding this hearing on the critical issue of online
profiling and Internet privacy. As Chief Privacy Officer at
DoubleClick, I report directly to the company's Board of Director's to
ensure that DoubleClick is effectively implementing its privacy
policies and procedures, act as a resource for internet users, work
with advertisers and publishers to oversee their privacy policies and
work to educate the public about internet privacy. I appreciate the
opportunity to testify today.
In order for the Internet to continue to flourish--in order for
this revolutionary medium to keep growing at such a rapid pace and be
the engine for the greatest economic expansion in U.S. history--the
Internet industry must make consumers comfortable that their privacy is
being protected on-line. And, at the same time, publishers and ad
servers must continue to customize and personalize web content and
advertising so that users can get the information they want and
websites can generate the revenues necessary to stay in business and
keep the Internet free.
Currently, a vast majority of Web sites offer content free of
charge. From The New York Times to The Washington Post to Encyclopedia
Britannica and sites offering directions and weather information,
content is offered to consumers for free. Why? Because of effective
Internet advertising. By keeping the Internet free, Internet
advertisers help bridge the digital divide for consumers. Internet
advertising revenue also helps smaller start up Web sites offer unique
and diverse content and compete with more established Web sites.
As the Consumer Affairs Commissioner in New York for Mayor Giuliani
for the past two years, I saw firsthand the consumer benefits of
effective advertising. In markets where merchants were competing
successfully, consumers had many choices and were easily able to find
the products and services they needed. In markets where advertising was
limited or ineffective and where it was difficult for merchants to
reach the right consumer at the right time--such as funeral services or
prescription medications--prices varied by as much as 40% from location
to location and many consumers overpaid for services and products they
needed.
On the Internet, advertising is effective for consumers and
advertisers when ads reach the right consumer at the right time.
Internet advertising companies use information to attempt to deliver
the ads to consumers that they are likely to click on.
This happens every day in the off-line world. Catalogue companies
share their mailing lists with each other. Magazines share subscription
lists. And political candidates use voting lists so they can send
persuasion or fundraising mail only to likely voters.
This is the heart of off-line direct marketing. And it is critical
to effective advertising on the Web.
Now, we at DoubleClick understand and take very seriously the
privacy issues raised by the technological tools used for effective Web
advertising. We also understand that different types of information
need to be treated differently.
Not surprisingly, consumers understand that certain information in
the wrong hands can be harmful to them and that some information--like
marketing data--does not pose a threat.
Research conducted for DoubleClick showed that consumers are very
concerned about the collection of social security numbers--in other
words, a fear of identity theft--credit card numbers and information
that can be used against them. People have very practical concerns--
they are worried about the collection and sharing of sensitive credit
information that can be used to deny them mortgages and sensitive
health information that can be used to deny them insurance.
It is DoubleClick's policy not to use sensitive information for
profiling when delivering an ad. We do not profile using health
information, detailed financial information, visits to adult sites or
sexual information, or information about children.
While consumers are much less concerned about transaction data used
for marketing purposes, we believe they have a right to know what type
of data is being used by network advertisers and have the right to have
control over that use.
There are significant steps that industry can and should take to
give consumers more confidence in and control over their web
experience. Primary among them are notice and choice. Consumers need
and deserve real choice. They need to know the type of data that is
being collected about them and have the ability to opt-out--to choose
not to participate--if they want to.
We recently finished one of the largest Internet education
campaigns in Web history . . . 100,000,000 banner ads connecting
consumers to www.privacychoices.org, a website dedicated to consumer
privacy education and offering a two-clicks-and-you're-out policy for
those who wish to opt-out of targeted advertising.
At DoubleClick, no Web site is allowed to contribute profile
information or receive ads based on cross web behavior unless their
privacy policy links to DoubleClick to give consumers notice and a
chance to opt-out.
We are also re-writing our privacy policy to make it shorter,
clearer and easier to understand.
We employ PriceWaterhouse Coopers to provide an outside audit to
ensure we are living up to the privacy commitments we make and we have
appointed an independent Consumer Privacy Advisory Board to help us
continue to improve our privacy procedures and respond to new issues
that will arise as new forms of e-commerce develop.
And finally, as part of the Network Advertising Initiative, we are
working with the other companies in our industry to develop uniform
rules for all third party advertisers to follow to ensure that our
activities are clear and understood by consumers and to ensure
consumers have control over how we use information.
We recognize that consumers must know that their privacy is
protected online for e-commerce to continue to flourish and we welcome
your ideas for additional steps that we can take to benefit consumers.
Thank you.
The Chairman. Thank you very much.
Mr. Jaye, welcome.
STATEMENT OF DANIEL JAYE, CHIEF TECHNOLOGY OFFICER, ENGAGE
TECHNOLOGIES
Mr. Jaye. Thank you. Thank you, Mr. Chairman. My name is
Daniel Jaye. I appreciate the opportunity to appear before you
today. I am the Chief Technology Officer and co-founder of
Engage, Inc., of Andover, Massachusetts. When I joined with
CMGI Chairman and CEO David Weatherall to create Engage in
1995, we were guided by the fundamental proposition that
effective, tailored online advertising was vital to the
Internet's future, but could ultimately be effective only if
consumers found online targeted advertising a valued customized
information service and not an unwelcome intrusion. This is
only more clear today.
If the Internet is going to bridge--and not widen--the
digital divide, advertising support is essential. Today,
however, three out of four Internet ads remain unsold or
undersold, and the great majority of websites remain
unprofitable. The traditional advertisers we need will commit
to the web only if they can achieve the effectiveness
attainable offline and something more as well. That is where
online profiling comes in.
Using various business models and technologies, online
network advertisers enable website visitors to receive news,
information, and ads customized in real time to their
demonstrated interests. At Engage, we have developed a
distinctive anonymous profiling model that enables online
marketers to deliver the relevant ads to the right audience. In
this model, while we do provide notice and choice, we do not
know a consumer's name, address, social security number, or any
other personally identifiable information.
We do not maintain information about the specific websites
a browser visits. We do not collect any sensitive or
controversial data, such as personal medical or financial data,
ethnic origin, religion, political interests, or review of
adult content. And we do not merge anonymous profiling data
with personally identifiable data, no matter what the source.
Instead, we simply derive an apparent interest level score
by looking to the aggregate amount of time a browser has spent
on different types of content, very similar to the
demonstration we saw earlier. We do not look at who they are or
where in particular they have been on the web. Our patent-
pending, dual-blind technology creates a firewall that prevents
our customers from gaining access to our interest profiles or
determining a visitor's real world identity.
Industry-wide as well, elegantly simple technological tools
are emerging for consumers to ensure their privacy. We are
particularly excited about an outgrowth of the Platform for
Privacy Preferences project, P3P, that is specifically focused
on cookies. Engage has authored and is working with other
industry leaders on this trust labels technology that would
recognize automatically whether a website's use of cookies
meets third party seal organization standards and the user's
own standards.
Moreover, any third party that attempts to set a cookie but
does not meet these standards will trigger a warning on the
computer screen, instantaneously allowing the consumers to
block the business from collecting data. Unless and until it
reforms its practices to meet the standards of privacy seal
organizations, the bad actor will actually be locked out of the
marketplace. This more than any regulation will drive
widespread, indeed global, compliance with seal programs.
In addition, market forces are driving the online industry
to raise the bar for protection of consumer privacy through
effective industry standards, through increasingly vigorous
seal of approval programs, through contractual commitments that
extend the reach of industry standards to our business
partners, and through stepped-up consumer and business
education.
Through the network advertising initiative, we are ensuring
that our network advertiser segment of the marketplace embraces
each of these mechanisms and expands upon prevailing industry
standards in a clear, public, and enforceable way. You should
be hearing soon about the particulars of the significant
standards and practices to which our sector has committed.
The growing marketplace premium on privacy protection makes
the commitment to self-regulation of our business particularly
credible. We welcome the spotlight on privacy. Engage feels
confident that its own technology, business models, and
commitment to consumer privacy will continue to meet or exceed
the highest of any industry standards or government mandates.
But the early adoption of a regulatory framework or, worse
yet, a patchwork of regimes could undermine these surging
market incentives to develop and deploy technological advances
and privacy protection. Instead of setting a floor that turns
into a ceiling as well, policymakers would, I believe, be well
served to test the dynamism of technological innovation and the
power of the market to deliver on this promise before moving
forward.
Thank you.
[The prepared statement of Mr. Jaye follows:]
Prepared Statement of Daniel Jaye, Chief Technology Officer,
Engage Technologies
Thank you, Mr. Chairman. I appreciate the opportunity to testify
before you today on these issues of importance to your Committee, to
Internet users, and to the future of our Internet economy.
My name is Daniel Jaye. I am the Chief Technology Officer and Co-
Founder of Engage, Inc. of Andover, Massachusetts. Engage is a leading
provider of technology and services that allow website operators and
advertisers to tailor their commercial and editorial content in
innovative ways likely to be of the greatest interest to a visiting
Internet user--all without tracking, or ever learning, an individual's
identity.
Since co-founding our company in 1995, I have been engaged in the
design and development of privacy-sensitive online marketing
solutions--including inventing the Internet's first anonymous profiling
technology, participating as a founding member of the initial so-called
``P3P'' specification and as author of the related ``TrustLabels''
specification (developments I'd like to highlight shortly). I have also
actively participated in a number of significant industry online
privacy standards initiatives, including the Network Advertising
Initiative (NAI). And I have recently served as a member of the Federal
Trade Commission (FTC) Advisory Committee on Online Access and
Security, and a panelist in the FTC/NTIA Online Profiling Workshop in
November 1999.
I would like to address three topics today:
First, the fundamental role served, and the basic models
used, by online network advertisers;
Second, the technological tools and developments that are
bolstering the power of industry--and indeed the power of
consumers themselves--to promote privacy-sensitive online
practices; and,
Third, the potent market forces that are compelling online
businesses to provide consumers real assurance that they can
surf the web without unwittingly sacrificing their personal
privacy.
I might note that I offer these comments not in an effort to
demonstrate that there could never be a place for legislation in this
area, nor out of any concern about the direct impact of proposed
privacy legislation on our company's practices. Engage feels confident
that its own technology, business models, and longstanding commitment
to consumer privacy would continue to meet or exceed the highest of any
industry standards or mandates. Yet, I offer these comments because I
respectfully believe that it is essential that any legislative
deliberations fully appreciate the vital role, the dynamic technology,
and the palpable marketplace forces that shape the online advertising
business.
Keeping The Internet Free For All Consumers Through Effective Online
Advertising
Let me briefly explain, then, how ``online profiling'' offers a
tool critical to underwriting the Internet's emergence as a remarkable
toll-free bridge spanning an otherwise widening societal divide in
access to information and commerce. Early online entrepreneurs learned
quickly that sustaining a rich array of information and services on the
Internet, readily accessible to all consumers, would require a model
based on advertising support--and free of subscription fees. And, based
on this prevailing model, the Internet has flourished as a remarkably
vibrant and innovative source of freely accessible information,
entertainment and commerce.
Yet if advertising is truly to provide a viable, long-term
foundation for the Internet economy resting upon it, website operators
must harness the medium's unique marketing capabilities to allow
advertisers to deliver relevant ads to the right audience. Today,
however, three out of four Internet ads remain unsold or undersold.
And, not coincidentally, the great majority of websites remain non-
profitable. The traditional advertisers that we must attract to the web
will come in requisite numbers only if they can achieve the
measurability and effectiveness that they can achieve offline--and
something more, as well. Profiling technology enables this advertising
and content to be more effectively targeted to consumers' interests,
thus offering a vital means for fulfilling the Internet's rich
potential--for consumers, advertisers, and website operators alike.
Different online companies employ different business models and
technologies to offer customized news, information and ads on topics of
demonstrated specific interest, even when a visitor might be viewing
more general interest web pages. And, the types of information
collected and used for online profiling can vary among personally
identifiable information (PII), non-personally identifiable information
(non-PII), or a combination of the two.
PII is data used to identify, contact, or locate a person,
such as name, address, telephone number or e-mail address.
Non-PII is data that does not identify a particular person
and is typically compiled from anonymous clickstream
information collected as a browser moves among different
websites (or a single website).
The collection of online data relies upon the use of ``cookies,''
which are simply small files of information that most websites place on
a user's browser--to provide, in Engage's case, a unique anonymous
identifier or, importantly, a message that the browser is set to opt-
out from collection of any data about its users.
Harnessing Technology To Make Online Advertising Effective And Privacy-
Sensitive
When I joined with CMGI Chairman & CEO David Wetherell to create
Engage in 1995, we were guided by the fundamental proposition that
effective, tailored online advertising was vital to the Internet's
future--but could ultimately be effective only if consumers found
online targeted advertising a valued, customized information service
and not an unwelcome intrusion. From the outset, then, we developed an
innovative technology to enable online marketers to understand the
interests of website visitors based strictly upon anonymous, non-
personally identifiable information.
Relying only on the apparent interests, broad demographics, and
general location of a visitor reflected in interest profiles, Web site
publishers, advertisers, and merchants can customize web pages and
offer content, ads, promotions, products and services tailored to the
visitor in real-time--and, at the same time, protect the consumer's
privacy by not collecting personal (or otherwise sensitive) information
of any kind. In fact, in our anonymous model:
We do not know a consumer's name, address, social security
number or any other personally identifiable information;
We do not maintain information about specific web pages a
browser visits or how long a visitor stays;
We do not collect any sensitive or controversial data, such
as personal medical or financial data, ethnic origin, religion,
political interest or review of adult content; and,
We do not merge anonymous profiling data with personally
identifiable data, no matter the source.
Instead, our anonymous profiles consist of a score signifying the
apparent level of a user's interests in various categories. We simply
look to the aggregate amount of time a browser has spent on different
types of content--not who they are, or where in particular they have
been on the Web. Our conviction from the start has been that it should
never be possible for Engage or anyone else to determine (or even
``triangulate'') a visitor's real world identity based on our
abstracted data.
And we employ additional technological tools and practices to
ensure this anonymity. We use firewalls--technological barriers to
protect a system--to secure the (already) non-personally identifiable
information we collect through a patent-pending technology we call
``dual-blind'' identification: this way individual websites we work
with do not have access to our interest profiles or know what other
sites a user may have visited. There is no user interface through which
anyone else can gain access to an individual profile. And, even with
these technological protections in place, and only non-personally
identifiable data at issue, we also provide consumers effective choice
regarding whether to participate. We offer clear information about our
data collection practices and an opportunity to opt-out of our
anonymous information gathering.
In short, Engage's business model not only accommodates, but is in
fact borne of, consumer's interest in protecting their privacy
interest.
Privacy-Driven Technological Innovation Is Further Empowering Industry
And Consumers Themselves To Raise The Bar
Continued technological innovation promises our online industry--
and the web visitors themselves--sophisticated yet simple tools to
support consumer privacy interests. I can report first-hand that the
online industry has indeed brought to bear in the interest of consumer
privacy the same zeal for technological break-throughs that have
characterized--and fueled--the Internet itself. The result: a
remarkable progression of emerging solutions that will offer consumers
previously unimagined forms of notice, choice and protection of their
own personal privacy demands.
Emerging tools offer not only instantaneous and automatic notice
and choice, but more than that, they also would empower consumers
essentially to set for themselves just what measure of privacy they
demand--and to avoid any sites that fail to meet their personal
standards. The Platform for Privacy Project (P3P) at the World Wide Web
Consortium (W3C) would enable a web server to communicate automatically
how it collects and shares user data so users can define what privacy
standards they prefer for that particular site or in general. Engage
was a co-author of the P3P Protocol Specification.
Beyond this, we are very excited about a specific application of
P3P in the context of ``TrustLabels'' for cookies. To directly respond
to the leading concerns over third party data collection and
transparency, Engage has authored and is working with other industry
leaders on a specification for TrustLabels, which would allow web
servers to provide notice to consumers concerned about certain uses of
cookies and would allow consumers the ability to accept or reject a
site's data practices. This technology critically serves the goal of
universal compliance with privacy standards. It permits consumers to
compel online businesses to be privacy-sensitive because those
businesses that attempt to set a cookie and do not meet consumers'
privacy demands will cause a warning alert to be displayed on the
computer screen of the user, allowing a choice (probably ``NO'') to be
made solely by the consumer regarding whether to permit the business to
collect data. The business will be unable to collect the data it seeks,
unless and until it reforms its practices to meet the standards of
privacy seal organizations. The bad actor will actually be locked out
of the marketplace. This, more than any regulation, will drive
universal compliance with seal programs. And, on the Internet, such
technology-based enforcement does not stop at national borders.
Certainly this is the sort of technological innovation that no one
would wish to discourage with a premature regulatory framework that
could stunt this continuing evolution--or, worse yet, a patchwork of
such regimes across jurisdictions.
Extending Privacy-Sensitive Practices Through Industry Self-Regulation
Along with this commitment to developing robust technological tools
to empower consumers, online industry leaders have relied on a
complementary set of additional tools to raise the bar industry-wide
for the protection of consumer privacy:
First, adopting effective standards for industry collection
and use of consumer data;
Second, giving those standards teeth through enforceable and
increasingly vigorous seal of approval programs;
Third, extending the reach of those standards by
incorporating them into contracts with other online businesses
not already subject to such standards; and,
Finally but critically, actively educating consumers and
business customers about our business and the available means
for effectively safeguarding privacy on the Web.
In the few short years over which the Internet has blossomed, the
online industry has--through rapidly growing use of these tools--made
tremendous strides in voluntary, but self-regulated adoption of ``the
right way'' to do business. And through the Network Advertising
Initiative, we are ensuring that our network advertiser segment of the
marketplace embraces and expands upon prevailing standards--in a clear,
public, and enforceable way.
You will hear in the very near future, I believe, in greater detail
about how our NAI standards will effectively incorporate all of the key
self-regulatory tools I just described--substantive standards,
independent third party certification and enforcement, binding
commitments on our customers to follow the same standards, and a
campaign to educate the public and our website customers alike.
The Power of Marketplace Demands For Privacy-Sensitive Practices
I will confess that, for Engage, the standards and practices
contemplated by industry largely codify the standards we have set for
ourselves from the outset. But by no means does that suggest that this
self-regulatory initiative, and the recurring spotlight on our
industry's business practices, is not making a difference. To the
contrary, as a whole, we are working to set a bar and, in certain
respects, raise the commonly prevailing bar. More than that, we are
fully unleashing an already significant and growing set of marketplace
forces--the force of privacy-sensitivity as a competitive advantage. It
is a force that we welcome--indeed one we have long harnessed. It is a
force that public policy must take care not to squelch. And it is a
force that makes the commitment to self-regulation in our business all
the more credible.
Our customers know that consumer comfort and security is critical
to use of the Internet. In this competitive climate, those businesses
serving consumers online ultimately will embrace only those
technologies and practices that can provide tailored and effective
online advertising without compromising consumer privacy. This is a
powerful bottom-line force, as ongoing marketplace developments bear
witness.
Conclusion
The potent combination of technological innovation, industry
standards, contractual requirements extending those standards,
enforceable privacy seal programs, consumer and industry privacy
education, and FTC enforcement offers a highly reliable and uniquely
effective response to online privacy concerns. These initiatives
bolster what are already formidable marketplace checks on online
businesses' protection of consumer privacy. The needs of our customers
to attract--and not repel--consumers will ensure that we get the job
done.
But so too is it critical to ensure that we do not needlessly
undermine the effectiveness of online advertising by freezing the
development of new technological tools to meet consumer and business
needs. Instead of setting a floor that turns into a ceiling as well,
the power of the market and the dynamism of technological innovation
promise continued remarkable developments to protect privacy interests.
As I suggested at the outset, the viability of e-commerce, of our
advertising-supported Internet, and thus of all the Internet's
tremendous economic and societal benefits depends on it.
Thank you.
The Chairman. Thank you very much.
Mr. Rotenberg.
STATEMENT OF MARC ROTENBERG, DIRECTOR, ELECTRONIC PRIVACY
INFORMATION CENTER
Mr. Rotenberg. Thank you very much, Mr. Chairman, members
of the Committee. It is a pleasure to be here today. It was
actually at a similar hearing a year ago that I described for
you a company named DoubleClick, the Internet's largest
advertising network, and another company named Abacus Direct,
the country's largest database catalogue firm, and I explained
following the announcement of a recent merger that the joining
together of the online information in the Abacus Direct
database and the surfing records that were being maintained by
DoubleClick would raise profound issues for Internet privacy,
that users would strongly object to this type of profiling of
their Internet activity, and that you would see a public
response.
Indeed, that is what happened over the past year. The
public responded, the FTC responded, State attorney generals
responded, because people understood that in their use of the
Internet--in the desire to obtain information online and
receive the benefits of electronic commerce it did not seem
fair or right that they should have to sacrifice their--
privacy.
Now, the online advertising industry will say: We are
providing great benefits. We are providing free content. We are
making it possible for people to get access to information and
systems. But I think it is important to keep two points in
mind.
First, advertising has always supported the delivery of
editorial content. Whether it is a radio broadcast, a TV spot,
magazine ad, or a billboard, there have always been ways for
advertisers to market to consumers to support the delivery of
information. What is different about the Internet, and it is
different, is that this is the first time that it has been
possible for advertisers to profile the people who receive
information, to build detailed dossiers about their interests,
their preferences, their likes, and their dislikes. In this
respect the Internet world is different from the offline world.
There is a different type of privacy problem made possible by
the creation of a digital network.
Now, a second point to keep in mind is that Congress has in
the past confronted this issue of how we deal with the creation
of personal profiles. This is not the first time. In fact, more
than 30 years ago when people looked at the practices in the
credit reporting industry and said, look at this detailed
information that is being put together about how people live,
whether they are married, what they earn, what time they show
up at work, there has to be some control on the collection and
use of this information.
So Congress 30 years ago passed privacy legislation to
control the collection and use of credit record information, to
make sure that improper information was not collected and that
the information that was collected was not used improperly.
Similar issues were raised about the potential of Big
Brother databases in the Federal Government. In the 1960's,
Federal agencies were bringing in automation and people
realized that it would be possible to create very detailed
profiles of American citizens. So, over time a legislative
framework called the Privacy Act was put in place which gives
every citizen in America the right to limit the collection and
use of information about them and, critically, to see the
information which is collected.
My suggestion to you today is that what we are facing with
Internet profiling is in fact not a new problem. It is a
familiar problem. It is the detailed collection of information,
the creation of profiles, enabled by technology. Now, of course
it is a wonderful technology and we really do not need to
dispute the benefits of the Internet. The question is, are we
going to have to trade our privacy, lose control of this
information, to receive the benefits of the Internet.
I think over the last five years as the FTC and the
sponsors of legislation, this Committee, privacy groups--my
own, Junkbusters and others--we have realized that there is
simply not a need to make this trade. We do not need to choose
privacy or the benefits of the Internet. We really should have
both.
Pulling it all together, I think the key point here is that
when I came to you a year ago and said that this type of
profiling is going to create problems, I also suggested that
there were ways to do online marketing, online targeting, that
would be good for business, good for consumers, and would not
create these types of privacy problems. So what we needed, and
what we still need, is the baseline privacy legislation that
establishes an opt-in requirement, that gives people the right
to access those profiles, and in some cases the right to have
their personal information deleted if they no longer have a
relationship with a company or they do not want to have a
future relationship with a company.
Those baseline standards will encourage the development of
very good online business practices, very good privacy
technology. They will not stand in the way of innovation and
they will give people the benefits of the Internet and provide
privacy protection.
So I thank you very much for the chance to be here, and I
will be pleased to answer your questions.
[The prepared statement of Mr. Rotenberg follows:]
Prepared Statement of Marc Rotenberg, Director,
Electronic Privacy Information Center
Summary
Privacy organizations that favor legislation to protect privacy
have also been the leaders in the effort to establish good technology
to protect privacy. Our view is that good privacy technologies will
depend very much on the regulatory environment. Laws such as export
controls that limit the availability of encryption or the requirements
of the Communications Assistance for Law Enforcement Act, now before a
federal appeals court, will discourage the development of good
techniques to protect privacy. On the other hand, laws that implement
Fair Information Practices, such as the Privacy Act of 1974, will have
a positive impact on the development of technology. Privacy legislation
is appropriate for the Internet because it will have a positive impact
on the development of technologies to protect online privacy.
In the matter of Doubleclick, we first brought the Committee's
attention to this problem at a similar hearing a year ago. We warned
that self-regulation would fail to protect privacy and that there would
be a public backlash against the company's plan to profile Internet
users. We think the lesson is clear that legislation is necessary. Even
good models for online advertising can quickly change without baseline
privacy rules.
Going forward, we think the key is the development of techniques
that implement common-sense Fair Information Practices and that
minimize or eliminate the collection of Personally Identifiable
information. Techniques for profiling that are not based on the
identity of an actual user may be acceptable. But any system of
profiling that could be linked to a user, even if that is not intended
at the beginning should be subject to legal safeguards. The experience
with Doubleclick has made this clear.
In terms of P3P, we do not view this as a technology that will
promote privacy. It builds on the very weak ``notice and choice''
approach that is increasingly asking consumers to trade their privacy
for the benefits on electronic commerce. It is not fair to force
consumers to make this choice. Good technologies that aim to protect
consumer privacy will not be built on this model.
We need privacy legislation to establish baseline standards for
electronic commerce. We also need to look closely, with input from
technical experts and experts in privacy, at how best to develop
technologies that protect online privacy. We need a much broader right
of access in the online world than currently exists in the offline
world precisely because the online world enables such far-reaching
profiling. Finally, we need to think more deeply about the true nature
of profiling in the online world. The establishment of persistent
profiles, beyond the control or scrutiny of the individuals affected,
can stigmatize and reduce opportunity for some even as they create
benefits for others.
Testimony
My name is Marc Rotenberg, and I am Executive Director of the
Electronic Privacy Information Center in Washington, DC. I am grateful
for the opportunity to appear before the Committee this morning and
also for your efforts in developing good privacy legislation that
responds to growing public concern. Last year I testified before you on
the growing risks to Internet privacy and described a firm named
Doubleclick that had announced a merger with Abacus Direct. I warned in
my testimony that Doubleclick proposal to profile Internet users showed
the problems with the self-regulatory approach to privacy protection
and that it would lead to a vast privacy backlash.
This morning I will focus my comments specifically on one of the
central questions in the ongoing effort to protect privacy online--what
is the relationship between privacy legislation and privacy technology?
With legislation pending before the Committee, and many companies
developing privacy technologies, I am sure you are trying to understand
the relationship between privacy legislation and privacy technology.
Are they alternatives? Should we have both? What happens with
technology if we continue to go forward without legislation?
Privacy Advocates Have Long Encouraged the Development of Technology to
Protect Privacy
To answer these questions, I need to say a few words about the
establishment of EPIC. The Electronic Privacy Information Center, which
has long favored the adoption of legislation to protect Internet users,
has also been on the front lines to ensure that Internet users would
have access to the best technology to protect privacy. Several years
ago there was a widespread belief in government that it would be
necessary to limit the availability of strong technology, such as
encryption, that would protect personal privacy. We strongly opposed
this view and said that these technologies should be widely available
to the general public. We argued that privacy technology was good for
consumers, good for business, and ultimately good for national
security. We prepared a letter to the President by experts, opposing
the Clipper proposal to establish the escrowed encryption standard.
That letter was later endorsed by 50,000 users of the Internet who
agreed that good technology was critical to good privacy. The
administration eventually changed its views and today the United States
policy on encryption favors the development of good tools to protect
personal privacy, though I should add that it is still the case that
electronic mail is not routinely encrypted, though I think it should
be.
Since the Clipper campaign, we have also urged the development and
adoption of the very best technical means to protect personal privacy.
Our website contains a popular page--Practical Privacy Tools, which was
featured in the New York Times just last week. The page includes
techniques for encryption, anonymity, cookie management, and more.
Members of the EPIC staff have even trained human-rights advocates
and journalists in different parts of the world how to use encryption
to protect their private communications from police forces and
governments that would send a person to jail for what he might write in
a private message. We supported the widespread use of anonymous re-
mailers, PGP, robust encryption, and other privacy tools, when many
industry groups waited quietly in the wings for the policy debate to
play out.
Although lobbyists like to characterize privacy advocates as
favoring ``heavy-handed Government regulation'' in fact we were far
ahead of industry on proposing technical solutions to privacy
protection. We have been pressing for good technical solutions to
protect privacy before the vast majority of Internet-based companies
were even established.
And when groups in industry or government have gone forward with
technical standards that threaten individual privacy--the Clipper chip,
the Intel Processor Serial Number, the FBI wiretap standards, the
Microsoft Global Universal Identifier--we launched national campaigns,
in association with such groups as Junkbusters, the ACLU and others to
bring public attention to the growing risks to privacy.
Privacy Legislation is Critical to Privacy Technology
So why do we favor legislation? The answer is that our experience
over the last ten years shows that you will get better technologies to
protect personal privacy where there a legal framework in place that
establishes baseline privacy standards. The Clipper proposal came about
in the United States but not in Europe or Canada. One of the reasons is
that European and Canadian privacy laws and European and Canadian
privacy agencies prevented the adoption of a technical standard that
would have enabled such widespread surveillance of privacy
communications.
Doubleclick pushed forward with its profiling scheme in the United
States but not in Europe because European law would have required to
Doubleclick to follow a set of privacy rules once it started collecting
personal data. Doubleclick decided it didn't want to bother complying
with privacy rules so it pushed forward in the United States.
Many of the Internet protests that are taking place in the United
States result from the failure to develop good privacy standards. Some
might say that this is because the US is a leader in technology and
first to experience the social consequences when companies go too far.
But in fact, in many critical sectors--online banking, Internet use,
cell phone use--the US is not the leader but is still facing enormous
public concerns about the loss of privacy. The reason is simply that
whereas other countries have made some effort to update their privacy
laws to keep pace with new technology, the US stubbornly refuses to do
so. And in the United States where privacy legislation is in place, you
simply do not see the type of invasive profiling that companies like
Doubleclick have pursued on the Internet.
The message here is simple: privacy laws encourage good business
practices and good privacy technologies. Where those laws exist, you
can have innovation and privacy protection. Where the laws do not
exist, you may still have innovation, but I doubt you will have privacy
protection.
The Profiling Problem is Not New
Although the Internet and Doubleclick appear to raise new problems,
in many ways Congress has confronted similar problems in the past and
developed appropriate legislative solutions.
More than thirty years ago there was a proposal to establish a
centralized databank in the United States called the National Data
Center that would have provided detailed profiles on American citizens.
The purpose was benign. It was believed that such a databank would be
very useful to social scientists and others, but the implications were
severe. People understood that the collection of these permanent
profiles, made possible by computerized automation, would pose a threat
to the privacy and liberty of American citizens. The proposal for the
National Data Center was withdrawn and over time a comprehensive legal
framework--the Privacy Act of 1974--was established to safeguards the
rights of American citizens. The Privacy Act imposed on all federal
agencies essential privacy rights and responsibilities--``Fair
Information Practices''--that would limit would federal agencies could
do with personal information and gave every American the right to see
the information about them that was collected.
Significantly, the Privacy Act did not slow the use of computers.
It simply made the people who were designing those systems more aware
of their obligations to protect the privacy interests of the people
whose information was collected. In other words, the Privacy Act helped
ensure that as automation was introduced in the federal government,
privacy was built-in at the outset.
Now I want to be clear at this point, that I am not defending all
data collection practices by the federal government. I think there are
any number of programs where data collection is too intrusive. Nor do I
think the Privacy Act is beyond criticism. Recent amendments
appropriately strengthened the penalty provisions to help ensure that
there would be sufficient incentives to pursue enforcement, and recent
court opinions have asked, appropriately in my view, whether the
Privacy Act should apply to the White House.
But the critical point is clear: law is necessary to limit
profiling, such law does not discourage innovations, and the US Privacy
Act provides a clear example of how such laws can operate successfully.
Lessons of Doubleclick
To understand Doubleclick, I think it is important to think about
how advertising has operated traditionally. Whether in the print world
with magazine ads and billboards or the communications world with radio
spots and TV ads, advertisers large and small have been able to reach
their audience without collecting any personal information. This is
true when 30 million people watch the same beer commercial on a
television football game or when 30 people see an ad for a used kitchen
table in the classified section of a morning newspaper. Advertisers
communicate information to an audience without trying to create
detailed profiles.
Advertisers have always been able to tailor ads to specific
markets. With the Internet it is even easier to do. The subject matter
can be more focused, the information more timely. Advertisers also get
almost instantaneous feedback on which ads are working and which are
not. Follow an auction on one of the auction sites and you will see
just how well the Internet enables targeted advertising between buyer
and seller and still protects privacy.
All of these factors suggest that the Internet could be a very
effective way for marketers to reach customers with a minimal privacy
intrusion. But Doubleclick, and in fairness, several of its
competitors, pushed the envelope and decided that reaching customers,
regardless of the privacy consequences, was the way to go. Not content
with the most effective and efficient form of advertising ever made
possible, these companies began plans to profile net surfers, to link
anonymous clickstream data with detailed and personally identifiable
purchase records. They called it ``personalization'' but the process is
``profiling'' and the method involves the secretive collection of
personal information about consumers.
The schemes were deeply flawed, both as a matter of policy and
technology. Doubleclick essentially ignored all of the generally
accepted privacy rules. People could not see what information would be
collected or determine how it would be used. Doubleclick couldn't even
comply with their own privacy policy. As we pointed out in our
complaint to the Federal Trade Commission, the privacy policy at the
Doubleclick website was constantly being revised. First, Doubleclick's
privacy policy assured users who received targeted ads from Doubleclick
that they would remain ``completely anonymous.'' Then Doubleclick
dropped the reference to anonymity and said the information was not
``personally identifiable.'' More recently, following the merger with
Abacus Direct, Doubleclick said that if it joined the two databases it
would further revise its privacy statement to reflect its ``modified
data collection and data use practices.''
There was no way any consumer could make a meaningful decision
about whether to disclose personal information to Doubleclick.
Doubleclick could essentially do with the information whatever they
wished. They might as well have scrapped their privacy policy and put
up three words ``subject to change.''
The technology was just as bad. Even Doubleclick's business
partners were not aware of how personal information was being
collected. Kozmo dropped Doubleclick when they realized that videotape
rental records were being transferred by the advertising network, most
likely in violation of the Video Privacy Protection Act. Web sites
offering healthcare advice learned to their chagrin that they were
passing on medical information on their visitors through the
Doubleclick network. Even the opt-out scheme proposed by Doubleclick
had problems. Customers who wanted privacy would be required to store a
Doubleclick cookie on their computer. Not a very smart idea when
consumers, trying to protect their privacy, are routinely deleting
cookies.
By the time Doubleclick dropped the plan, the company was facing
investigation from the Federal Trade Commission, two state attorneys
general, and a host of private litigants. Doubleclick's problems were
hardly caused by the campaigning of a few privacy advocates; virtually
anyone who thought about the long-term implications of profile-based
advertising saw the problem.
Doubleclick CEO Kevin O'Connor was right to admit a mistake and
should be commended for responding, albeit belatedly, to growing public
concern about privacy in the online world. The question now is what
lessons will be learned. Is this simply a matter of ``issue
management,'' or is there an opportunity for a genuine exploration of
how to develop business models for the Internet that are profitable and
also respect consumer privacy? My hope is that the industry will take
the second course. But this will mean taking seriously the need to
develop strong and effective privacy measures.
If net advertisers intend to collect personal information on
Internet users, they should follow the most stringent Fair Information
Practices. That's not just about giving individuals ``notice and
choice,'' it's about allowing individuals to know what the company
knows about them, and to object to the use of the information and even
to have it permanently deleted if they wish. It's about being more open
and accountable in how personal information will be used. Access to a
privacy policy is never as good as actually being able to see how
someone else will use your personal data.
Better of course would be for innovative firms to take advantage of
the extraordinary flexibility of the Internet and develop advertising
models that do not rely on the collection of personally identifiable
information. Several advertising firms currently do this and others
should consider it as well. There is every reason to believe that
advertising models that respect consumer privacy can be made to work in
an environment as dynamic as the Internet.
Support for privacy legislation that would establish baseline
standards across the industry would also be a good move. Self-
regulation has its advantages, but in the world of privacy it simply
protects bad actors. A better approach would establish simple, uniform,
predictable rules for business and consumers. A legal principle in
support of anonymity will do a lot to spur the development of robust
technologies of privacy.
One argument that simply does not fly is that the surreptitious
profiling of customers' private activities--what websites they visit,
what articles they read, what pictures they watch--is necessary to
support the Internet. That's an argument without bounds and one the Net
advertisers should drop quickly if there is going to be a real
discussion about how to protect privacy online. The Internet is growing
rapidly in countries that do not permit these practices. In fact
Internet penetration is higher in several countries that have stronger
privacy rules than the United States.
Consumers are serious about the need for privacy protection on the
Internet, and they do not see a need to trade their privacy for their
ability to use the Net.
The Danger of Notice and Choice
Too often, the privacy problem is viewed as requiring the offering
of notice and choice to consumers. But this is not the approach that
the United States has typically taken to ensure privacy protection in
other sectors, even those where there is rapidly changing technology.
The privacy of cable subscriber records is protected because of a
provision in the Cable Act. The privacy of video rental records is
protected by the Video Privacy Protection. The privacy of telephone
calling records is protected by a series of laws and regulations. But
``choice'' is what consumers face where there is no baseline privacy
protection.
You have probably already heard about something called ``P3P'' and
you are no doubt going to hear more about this in the future. This is a
technical proposal developed by the World Wide Web consortium to
facilitate the collection of personal information on the Internet. Many
in industry believe that this standard will help solve the privacy
problem because it will facilitate choice about privacy practices. But
the real choice offered is not how to protect privacy, but how much
privacy to give up. The FTC Chairman made the point very well that the
reason we need privacy laws today is that consumers are too often asked
to give up their privacy for some benefit.
We need strong technical measures that give people greater control
over the collection and use of personal information, and that limit
where possible the collection and use of personal data. Consumers
should not be forced to choose between the protection of privacy and
the benefits of electronic commerce.
Recommendations
First, we need privacy legislation to establish baseline standards
for electronic commerce. Until there is legislation, you will see
public protests grow. But in those sectors where there is good
legislation, you will hear fewer complaints, except to see that the
laws are in fact enforced. Even where companies are doing the right
thing today, there is no assurance that they will continue to do so
tomorrow. Remember that Doubleclick began with the exact same approach
to Internet advertising that some today will hold up as a model. But
that model collapsed because there were no baseline privacy rights in
place to hold it up.
Second, we need to look closely--with far more input from technical
experts and experts in privacy--at how best to develop technologies
that protect online privacy. Too many of these standard-setting
discussions are dominated by the industry groups that have opposed
privacy legislation and would much prefer technical standards that
encourage people to trade privacy rather than to retain privacy.
Privacy experts believe that we can develop good technical standards
for privacy protection built on a legal framework that protects the
interests of consumers and still encourages innovation. We do not think
that users of the Internet should face a bewildering range of choices
to protect their reasonable expectation of privacy in the collection
and use of their personal information.
We need a much broader right of access in the online world than
currently exists in the offline world precisely because the online
world enables such far-reaching profiling of private behavior in a way
that is simply not possible in the physical world. The FTC's recent
report on this subject failed to make clear this essential point.
Any company that creates a persistent profile on a known user, or
that could be linked to a known user, should be required to make known
to that user all of the information that is acquired and how it is used
in decisions affecting that person's life. The profile should always be
only ``one-click'' away--there is no reason on the Internet that
companies should force users to go through elaborate procedures or pay
fees to obtain this information about themselves. Access will promote
transparency and accountability. It is vital to consumer trust and
confidence.
It would also be appropriate in many cases to give individuals the
right to compel a company to destroy a file that has been created
improperly or used in a way that has caused some harm to the
individual. Data could still be preserved in an aggregate form, but
individuals should be able to tell a company that they no longer have
permission to make use of the personal information that they have
obtained.
Finally, we need to think more deeply about the true nature of
profiling in the online world. Profiling raises significant questions
about identity, grouping, and what information people receive and what
information they do not. Of course, such lines are drawn all the time,
but it is the establishment of persistent profiles, beyond the control
or scrutiny of the individuals affected, that can stigmatize and reduce
opportunity for some even as they create benefits for others. Privacy
law will help make companies more accountable and reduce the risk of
unfair or inaccurate decisionmaking.
Conclusion
We are not simply talking today about Internet privacy. More and
more of our lives--entertainment, private communications, banking,
reading, buying products, getting the news--all of this is taking place
online. We are really talking about the future of privacy in the
twenty-first century and whether there will be good standards in place
to protect personal information or whether companies will be free to
build secret, elaborate profiles that will determine where we go and
what we see in this new world.
Technology will clearly play a role in privacy protection.
Technologies that protect privacy will enable online transactions
without requiring the disclosure of actual identity as much as
possible. Technologies that protect privacy will minimize or eliminate
the collection of personally identifiable information.
But technology is not enough. Legislation that enforces common-
sense Fair Information Practices is necessary to protect the interests
of Internet users and it will also play a critical role in the
development of these new technologies. It will protect privacy where
privacy technologies have not been deployed. It will properly place
burdens on companies that chose not to use good techniques to protect
privacy. And it will support the development of technologies that will
genuinely protect privacy.
We are living in a time when we can still exercise choice over the
future of the Internet. I don't mean simply the choice of a single
person trying to comprehend a complicated privacy policy, but the
choice of a country to safeguard its basic freedoms even as it enjoys
the benefits of new technology. Legislation is the way we express this
choice and legislation is the path toward technologies that will
safeguard privacy interests in the future.
References
Phil Agre and Marc Rotenberg, eds., Technology and Privacy: The New
Landscape (MIT Press 1997)
EPIC Doubleclick page
[www.epic.org/doubletrouble/]
EPIC, Online Guide to Practical Privacy Tools
[http://www.epic.org/privacy/tools.html]
Oscar H. Gandy, Jr., Exploring Identity and Identification in
Cyberspace, Notre Dame Journal of Law (forthcoming)
Junkbusters Doubleclick page
[www.junkbusters.com/doubleclick.html]
Peter G. Neumann, Computer Related Risks (Addison Wesley 1995)
Marc Rotenberg, Testimony and Statement for the Record on The Online
Privacy Protection Act of 1999, S. 809, Before the Subcommittee on
Communications of the Senate Committee on Commerce, Science and
Transportation, 106th Cong., 1st Sess. (July 27, 1999), reprinted in
Congressional Digest, February 2000
``Weblining,'' Businessweek, March 26, 2000
[http://www.businessweek.com/2000/00--14/b3675017.htm]
``Kozmo Delivers `Consumer Racism?', MSNBC, April 12
[http://www.zdnet.com/zdnn/stories/news/0,4586,2534749,00.html]
Attachments
1. LIn the Matter of Doubleclick,, Complaint and Request for
injunction, Request for Investigation and Other Relief, Electronic
Privacy Information Center (EPIC), before the Federal Trade Commission,
February 10, 2000
[http://www.epic.org/privacy/internet/ftc/DCLK--complaint.pdf]
2. ``Privacy on the Internet,'' New York Times, February 22, 2000
(editorial)
Attachment 1
Before the
Federal Trade Commission
Washington, DC 20580
In the Matter of )
)
DoubleClick Inc. )
)
---------------------------------------------------
Complaint and Request for Injunction, Request
for Investigation and for Other Relief
INTRODUCTION
1. This complaint concerns the information collection practices of
DoubleClick Inc. and its business partners. As is set forth in detail
below, DoubleClick Inc. has engaged, and is engaging, in unfair and
deceptive trade practices by tracking the online activities of Internet
users and combining that tracking data with detailed personally-
identifiable information contained in a massive, national marketing
database. DoubleClick Inc. engages in these activities without the
knowledge or consent of the affected consumers, and in contravention of
public assurances that the information it collects on the Internet
would remain anonymous. The public interest requires the Commission to
investigate these practices and to enjoin DoubleClick Inc. from
violating the Federal Trade Commission Act, as alleged herein.
PARTIES
2. The Electronic Privacy Information Center (``EPIC'') is a public
interest research organization in Washington, DC. EPIC is a project of
the Fund for Constitutional Government (``FCG''). FCG is a non-profit
charitable organization established in 1974 to protect civil liberties
and constitutional rights. EPIC's activities include the review of
governmental and private sector policies and practices to determine
their possible impacts on individual privacy interests. Among its other
activities, EPIC has prepared reports and presented Congressional and
administrative agency testimony on Internet and privacy issues.
3. DoubleClick Inc. (``DoubleClick'') was organized as a Delaware
corporation on January 23, 1996. DoubleClick's principal offices are
located at 41 Madison Avenue, 32nd Floor, New York, New York 10010. At
all times material to this complaint, DoubleClick's course of business,
including the acts and practices alleged herein, has been and is in or
affecting commerce, as ``commerce'' is defined in Section 4 of the FTC
Act, 15 U.S.C. Sec. 44.
4. DoubleClick's business partners include more than 1,000 companies
that have agreed to display DoubleClick advertising on the Web sites
they operate and to enable the placement of ``cookies'' on the
computers of Internet users who visit their Web sites. At all times
material to this complaint, such companies' course of business,
including the acts and practices alleged herein, has been and is in or
affecting commerce, as ``commerce'' is defined in Section 4 of the FTC
Act, 15 U.S.C. Sec. 44.
THE IMPORTANCE OF PRIVACY PROTECTION
5. The right of privacy is a personal and fundamental right in the law
of the United States. The privacy of an individual is directly affected
by the collection, use and dissemination of personal information. The
opportunities for an individual to secure employment, insurance and
credit, to obtain medical services, and the rights of due process may
be endangered by the misuse of certain personal information.
6. U.S. privacy law has by tradition protected the privacy of consumers
in the offering of new commercial services enabled by new technologies.
For example, the Cable Act of 1984 protects the privacy of cable
subscriber records created in connection with interactive television
services. The Electronic Communications Privacy Act of 1986 protects
the privacy of electronic mail transmitted over the Internet. The Video
Privacy Protection Act of 1988 protects the privacy of rental records
for video recordings of commercial programs made available to the
public for home viewing.
7. Many Americans are today ``concerned'' or ``very concerned'' about
the loss of privacy, particularly with regard to commercial
transactions that take place over the Internet. One recent poll has
indicated that the ``loss of personal privacy'' is the number one
concern facing the United States in the twenty-first century.
8. The Federal Trade Commission today plays a critical role in
protecting consumer privacy, particularly with respect to the offering
of commercial services over the Internet, and the resulting collection
and use of personal information.
STATEMENT OF FACTS
DoubleClick's Tracking of Online Activities
9. DoubleClick is a leading provider of Internet-based advertising. The
company places advertising messages on Web sites that are part of the
``DoubleClick Network,'' which consists of highly-trafficked Web sites
grouped together by DoubleClick in defined categories of interest.
Participating sites include AltaVista, The Dilbert Zone, Macromedia,
U.S. News Online, PBS Online, Multex Investor Network, Travelocity and
Major League Baseball.
10. DoubleClick tracks the individual Internet users who receive ads at
Web sites in the DoubleClick Network. When a user is first ``served''
an ad, DoubleClick assigns the user a unique number and records that
number in the ``cookie'' file of the user's computer. When the user
subsequently visits a Web site on which DoubleClick serves ads,
DoubleClick reads and records that unique number. DoubleClick has
acknowledged that ``Web sites usually place certain information
(`cookies') on a user's hard drive usually without the user's knowledge
or consent.'' \1\
---------------------------------------------------------------------------
\1\ DoubleClick Inc. Form 10-K/A (Amendment No. 2) for Calendar
Year Ended December 31, 1998.
11. Using the unique numbers contained in cookies, DoubleClick's
``DART'' technology enables advertisers to target and deliver ads to
Web users based on pre-selected criteria. As a user visits Web sites
that utilize DoubleClick's technology, DART collects information
regarding the user and his or her viewing activities and ad responses.
According to DoubleClick, ``[t]he sophisticated tracking and reporting
functionality incorporated into DART provides advertisers with accurate
measurements of ad performance based on selected criteria.'' \2\ In
early 1999, the company described the technology as follows:
---------------------------------------------------------------------------
\2\ Id.
DART's dynamic matching, targeting and delivery functions
enable Web advertisers to target their advertising based on a
variety of factors, including user interests, time of day, day
of week, organization name and size, domain type (i.e.,
commercial, government, education, network), operating system,
server type and version, and keywords. In addition, DoubleClick
offers the ability to match geographic location of the user's
server and organization revenue, if known, through third-party
databases. . . . Further, in order to deliver the
advertisements on the pages that are likely to result in the
best response, DART improves its predictive capabilities by
continuously collecting anonymous information regarding the
---------------------------------------------------------------------------
user's viewing activities and ad responses.
Among other capabilities, DART technology allows advertisers ``to track
a user to the advertiser's own Web site to determine what actions a
user takes following a clickthrough.''
12. Through the use of cookies and DART technology, DoubleClick's
collection of consumer information is extensive. In December 1998, the
company received over 5.3 billion requests for the delivery of ads
generated by approximately 6,400 Web sites. DoubleClick estimates that
more than 48 million users worldwide visited Web sites within the
DoubleClick Network during December 1998. According to Media Metrix,
45.8% of Internet users in the United States visited Web sites within
the DoubleClick Network during the same month. During the fourth
quarter of 1998, DoubleClick placed approximately 18,000 Internet
advertisements for over 2,300 advertisers. In calendar year 1998,
DoubleClick's DART technology delivered approximately 34 billion
advertising impressions worldwide.
13. DoubleClick reportedly has compiled approximately 100 million
Internet user profiles to date.
DoubleClick's Prior Assurances of Anonymity
14. DoubleClick has publicly represented that any information it
collected about Internet users and their online activities was, and
would remain, anonymous. Thus, the ``Privacy Policy'' displayed at the
DoubleClick Web site in 1997 (attached hereto as Exhibit A) provided:
DoubleClick does not know the name, e-mail address, phone
number, or home address of anybody who visits a site in the
DoubleClick Network. All users who receive an ad targeted by
DoubleClick's technology remain completely anonymous. Since we
do not have any information concerning names or addresses, we
do not sell or rent any such information to third parties.
Because of our efforts to keep users anonymous, the information
DoubleClick has is useful only across the DoubleClick Network,
and only in the context of ad selection.
The ``Privacy Policy'' displayed at the DoubleClick Web site in 1997
did not state that it was ``subject to change,'' or otherwise indicate
that the assurance of anonymity was in any way conditional.\3\
---------------------------------------------------------------------------
\3\ The attached print-outs of material displayed at the
DoubleClick Web site in previous years were obtained from cached copies
of Web pages that EPIC accessed through the Google search engine at
http://www.google.com/
Likewise, the ``Privacy Policy'' displayed at the DoubleClick Web site
in 1998 (attached hereto as Exhibit B), when the company served some 34
---------------------------------------------------------------------------
billion advertising impressions, provided:
All users who receive an ad targeted by DoubleClick's
technology remain completely anonymous. We do not sell or rent
any information to third parties. Because of our efforts to
keep users anonymous, the information DoubleClick has is useful
only across sites using the DoubleClick technology and only in
the context of ad selection.
The ``Privacy Policy'' displayed at the DoubleClick Web site in 1998
did not state that it was ``subject to change,'' or otherwise indicate
that the assurance of anonymity was in any way conditional.
15. DoubleClick's business partners have similarly represented that
DoubleClick cookies generated at their Web sites were anonymous and
that no personally-identifiable information would be collected by
DoubleClick or its business partners as a result of the placement of
DoubleClick cookies.
DoubleClick's Acquisition of Ababus Direct
16. On June 13, 1999, DoubleClick entered into an agreement to acquire
Abacus Direct Corporation (``Abacus''), a leading provider of
specialized consumer information and analysis for the direct marketing
industry.
17. Abacus created and directs the Abacus Alliance, a cooperative
arrangement through which more than 1,050 direct marketers contribute
their customers' purchasing histories to Abacus for inclusion in a
comprehensive database. As of December 31, 1998, the Abacus database
contained over 88 million detailed buyer profiles compiled from records
of over 2 billion catalog purchasing transactions. Abacus claims that
the Abacus Alliance members include over 75% of the largest consumer
merchandise catalogs in the United States. The database is continually
enhanced as members contribute current sales transaction information
and as additional companies join the Abacus Alliance.
18. Since at least as early as 1998, the Abacus database has contained
information identifying and tracking the activities of Internet users.
On November 2, 1998, Abacus formed a strategic alliance with Catalog
City, Inc., an on-line catalog Web site offering on-line shopping
services to catalog shoppers, to jointly promote each others services
and share certain ``e-commerce data.'' That information includes
consumer e-mail addresses and phone numbers, online transactions and
``click data.''
DoubleClick's Intention to Combine ``Personally-Identifiable
Information'' and ``Non-Personally-Identifiable Information''
19. Subsequent to entering into the agreement to acquire Abacus,
DoubleClick began to distance itself from its earlier assurances that
users would ``remain completely anonymous.'' A revised ``Privacy
Policy'' posted on the DoubleClick Web site in or around June 1999
(attached hereto as Exhibit C) stated:
In the course of delivering an ad to you, DoubleClick does not
collect any personally-identifiable information about you, such
as your name, address, phone number or e-mail address.
DoubleClick does, however, collect certain non-personally-
identifiable information about you, such as the server your
computer is logged onto or your browser type (for example,
Netscape or Internet Explorer). The information collected by
DoubleClick is used for the purpose of targeting ads and
measuring ad effectiveness on behalf of DoubleClick's
advertisers and Web publishers who specifically request it. . .
.
In addition, in connection solely with the delivery of ads via
DoubleClick technology to one particular Web publisher's Web
site, DoubleClick combines the non-personally-identifiable data
collected by DoubleClick from a user's computer with the log-in
name and demographic data about users collected by the Web
publisher and furnished to DoubleClick for the purpose of ad
targeting.
There are some cases when a user voluntarily provides personal
information in response to an ad (a survey or purchase form,
for example). In these situations, DoubleClick (or a third
party engaged by DoubleClick) collects the information on
behalf of the advertiser and/or Web site. This information is
used by the advertiser and/or Web site so that you can receive
the goods, services or information that you requested. Where
indicated in some requests, DoubleClick may use this
information in aggregate form to get a more precise profile of
the type of individuals viewing ads or visiting the Web sites.
20. Under the heading of ``Future Plans,'' DoubleClick stated as
follows in its revised ``Privacy Policy'' posted on the DoubleClick Web
site in or around June 1999:
On June 14, 1999, DoubleClick and Abacus Direct Corporation
announced their plan to merge in the third quarter of 1999.
Abacus currently maintains a database consisting of personally-
identifiable information used primarily for off-line direct
marketing. DoubleClick has no rights or plans to use Abacus'
database information prior to the completion of the merger.
Upon completion of the merger, should DoubleClick ever match
the non-personally-identifiable information collected by
DoubleClick with Abacus' database information, DoubleClick will
revise this Privacy Statement to accurately reflect its
modified data collection and data use policies and ensure that
you have adequate notice of any changes and a choice to
participate.
There is no indication that DoubleClick's business partners, who
operate the Web sites at which Internet users convey personally-
identifying cookies to DoubleClick, made similar revisions to the
privacy statements posted at their Web sites.
21. On November 23, 1999, DoubleClick completed its acquisition of
Abacus. For the first time, DoubleClick stated that ``personally-
identifiable information'' (including ``the user's name, address,
retail, catalog and online purchase history, and demographic data'')
would be combined with ``non-personally-identifiable information
collected by DoubleClick from Web sites on the DoubleClick Network.''
Specifically, a revised ``Privacy Policy'' currently (as of February 9,
2000) posted on the DoubleClick Web site (attached hereto as Exhibit D)
states as follows:
On November 23, 1999, DoubleClick Inc. completed its merger
with Abacus Direct Corporation. Abacus, now a division of
DoubleClick, will continue to operate Abacus Direct, the direct
mail element of the Abacus Alliance. In addition, Abacus has
begun building Abacus Online, the Internet element of the
Abacus Alliance.
The Abacus Online portion of the Abacus Alliance will enable
U.S. consumers on the Internet to receive advertising messages
tailored to their individual interests. As with all DoubleClick
products and services, Abacus Online is fully committed to
offering online consumers notice about the collection and use
of personal information about them, and the choice not to
participate. Abacus Online will maintain a database consisting
of personally-identifiable information about those Internet
users who have received notice that their personal information
will be used for online marketing purposes and associated with
information about them available from other sources, and who
have been offered the choice not to receive these tailored
messages. The notice and opportunity to choose will appear on
those Web sites that contribute user information to the Abacus
Alliance, usually when the user is given the opportunity to
provide personally identifiable information (e.g., on a user
registration page, or on an order form).
Abacus, on behalf of Internet retailers and advertisers, will
use statistical modeling techniques to identify those online
consumers in the Abacus Online database who would most likely
be interested in a particular product or service. All
advertising messages delivered to online consumers identified
by Abacus Online will be delivered by DoubleClick's patented
DART technology.
Strict efforts will be made to ensure that all information in
the Abacus Online database is collected in a manner that gives
users clear notice and choice. Personally-identifiable
information in the Abacus Online database will not be sold or
disclosed to any merchant, advertiser or Web publisher.
Name and address information volunteered by a user on an Abacus
Alliance Web site is associated by Abacus through the use of a
match code and the DoubleClick cookie with other information
about that individual. Information in the Abacus Online
database includes the user's name, address, retail, catalog and
online purchase history, and demographic data. The database
also includes the user's non-personally-identifiable
information collected by Web sites and other businesses with
which DoubleClick does business. Unless specifically disclosed
to the contrary in a Web site's privacy policy, most non-
personally-identifiable information collected by DoubleClick
from Web sites on the DoubleClick Network is included in the
Abacus Online database. However, the Abacus Online database
will not associate any personally-identifiable medical,
financial, or sexual preference information with an individual.
Neither will it associate information from children.
The Inadequacy of DoubleClick's ``Opt-Out'' Procedure
22. The most recent version of DoubleClick's ``Privacy Policy''
purports to offer users the ability to ``opt-out'' of the information
sharing activities described above. It states, in pertinent part:
While some third parties offer programs to manually delete your
cookies, DoubleClick goes one step further by offering you a
``blank'' or ``opt-out cookie'' to prevent any data from being
associated with your browser or you individually. If you do not
want the benefits of cookies, there is a simple procedure that
allows you to deny or accept this feature. By denying
DoubleClick's cookies, ads delivered to you by DoubleClick can
only be targeted based on the non-personally-identifiable
information that is available from the Internet environment,
including information about your browser type and Internet
service provider. By denying the DoubleClick cookie, we are
unable to recognize your browser from one visit to the next,
and you may therefore notice that you receive the same ad
multiple times.
23. The vast majority of Internet users who receive cookies from
DoubleClick never visit the DoubleClick Web site and therefore never
learn of the ``opt-out'' procedures described by the company.
DoubleClick cookies are placed on users' computers when users visit
third-party Web sites that display ads placed by DoubleClick. Users are
rarely given notice by such third-party Web sites that they need to
visit the DoubleClick Web site in order to understand DoubleClick's
data collection activities or learn about any available ``opt-out''
procedures.
24. A large percentage of DoubleClick cookies are placed on the
computers of users who visit the AltaVista Web site. Approximately
18.7% of DoubleClick's revenues for the nine months ended September 30,
1999, resulted from advertisements delivered on or through the
AltaVista Web site. Approximately 41.2% of DoubleClick's systems
revenues for the nine months ended September 30, 1999, resulted from
AltaVista billings.\4\
---------------------------------------------------------------------------
\4\ DoubleClick Inc. Form 10-Q for the Quarterly Period Ended
September 30, 1999
25. Visitors to the AltaVista Web site are not provided notice that
their use of the AltaVista site will result in the placement of
DoubleClick cookies on their computers. The AltaVista ``Privacy
Policy'' displayed on February 9, 2000 (attached hereto as Exhibit E)
---------------------------------------------------------------------------
provides, in pertinent part:
AltaVista uses one or more third party companies to serve
advertisements at our site. These companies may use cookies to
ensure that you do not see the same advertisements too often,
but they also may collect information about you when you view
or click an advertisement at our site. Cookies that are
received with advertisements are read and placed by one of our
advertising companies, and AltaVista does not have access to
them, nor can we control how they are used.
The AltaVista ``Privacy Policy'' does not contain any reference to
DoubleClick.
Inaccurate Information Posted by DoubleClick's Partners
26. Some third-party Web sites that generate DoubleClick cookies do
inform users of their relationship with DoubleClick and that
DoubleClick places cookies on the computers of users who visit such
third-party sites. Some of those Web sites continue to assure users
that they will remain anonymous. For instance, the ``Privacy Stuff ''
page at the Dilbert TV Web site (attached hereto as Exhibit F)
displayed the following information on February 9, 2000:
United Media contracts with DoubleClick to sell and manage the
advertisements that you see on this site. The advertisements
help us bring you the United Media site without charge.
DoubleClick uses ``cookies'' to improve the quality of your
visit to the Dilbert TV Web site. . . .
DoubleClick uses cookies to make sure that you do not see the
same advertisements repeatedly and when possible, shows
advertising that is relevant to you based on what you have seen
previously. Cookies are anonymous. DoubleClick does not know
the name, e-mail address, phone number, or home address of
anybody who visits the United Media site or any other site in
the DoubleClick Network. All users receiving an ad from
DoubleClick through the United Media site therefore remain
entirely anonymous to DoubleClick; DoubleClick does not have
any information to sell or rent to other parties.
VIOLATIONS OF SECTION 5 OF THE FTC ACT
27. Section 5(a) of the FTC Act, 15 U.S.C. Sec. 45(a), prohibits unfair
or deceptive acts or practices in or affecting commerce.
DoubleClick's Activities Constitute Deceptive Trade Practices
28. DoubleClick has publicly represented that any information it
collected about Internet users and their online activities was, and
would remain, anonymous.
29. In truth and in fact, DoubleClick intends to combine data it has
consistently described as ``non-personally-identifiable information''
with users' names, addresses, retail, catalog and online purchase
histories, and other personally-identifiable information contained in
the Abacus database. Therefore, DoubleClick's representations
concerning the anonymity of information it collected and collects about
Internet users were, and are, deceptive practices.
DoubleClick's Activities Constitute Unfair Trade Practices
30. DoubleClick's collection of information about Internet users,
through the placement of cookies on users' computers and the linkage of
cookie-generated data with information contained in the Abacus
database, is performed without the knowledge or consent of the great
majority of Internet users who receive DoubleClick cookies. Users who
receive DoubleClick cookies on their computers do not knowingly access
the DoubleClick Web site. Many of DoubleClick's partners, who operate
the Web sites which generate DoubleClick cookies, provide either no
information or inaccurate information about the placement of such
cookies and the manner in which data about users will be collected or
used. As a result, the great majority of users who receive DoubleClick
cookies neither know that their activities are being monitored, nor are
aware of any ``opt-out'' procedures that might be available.
31. DoubleClick's collection of information about Internet users,
through the placement of cookies on users' computers and the linkage of
cookie-generated data with information contained in the Abacus
database, without the knowledge or consent of Internet users, is likely
to cause substantial injury to consumers which is not reasonably
avoidable by consumers and not outweighed by countervailing benefits to
consumers or competition, and therefore is an unfair practice.
32. DoubleClick has publicly represented that any information it
collected about Internet users and their online activities was, and
would remain, anonymous.
33. DoubleClick's plan to combine ``non-personally-identifiable
information'' with users' names, addresses, retail, catalog and online
purchase histories, and other personally-identifiable information
contained in the Abacus database, in violation of its representations
to the contrary, is likely to cause substantial injury to consumers
which is not reasonably avoidable by consumers and not outweighed by
countervailing benefits to consumers or competition, and therefore is
an unfair practice.
Consumer Injury
34. DoubleClick's conduct, as set forth above, has injured consumers
throughout the United States by invading their privacy; using
information obtained through the placement of DoubleClick cookies in
ways and for purposes other than those consented to or relied upon by
such consumers; causing them to believe, falsely, that their online
activities would remain anonymous; and undermining their ability to
avail themselves of the privacy protections promised by online
companies.
35. Absent injunctive relief by the Commission, DoubleClick is likely
to continue to injure consumers and harm the public interest.
36. Absent injunctive relief by the Commission in this matter, other
companies will be encouraged to collect personally-identifiable
information from consumers in an unfair and deceptive manner.
37. Absent injunctive relief by the Commission in this matter, the
privacy interests of consumers engaging in online commerce and other
Internet activities will be significantly diminished.
REQUEST FOR RELIEF
WHEREFORE, EPIC requests that the Commission:
A. Initiate an investigation into the information collection and
advertising practices of DoubleClick and the Web sites on which
DoubleClick places advertisements and/or generates cookies on the
computers of Internet users;
B. Order DoubleClick to destroy all records it created concerning
Internet users during any period of time in which DoubleClick or any of
its business partners were assuring the anonymity of the information
DoubleClick collected;
C. Order DoubleClick to obtain the express consent of any Internet user
about whom DoubleClick intends to create a personally-identifiable
record, and to develop such means as are necessary to ensure that the
user has access to the complete contents of the record;
D. Order DoubleClick to pay a civil penalty equal to fifty percent
(50%) of the revenues it obtained as a result of the practices
described herein, or such other civil penalty as may be appropriate;
E. Permanently enjoin DoubleClick from violating the FTC Act, as
alleged herein; and
F. Provide such other relief as the Commission finds necessary to
redress injury to consumers resulting from DoubleClick's violations of
the FTC Act.
Respectfully Submitted,
Marc Rotenberg David L. Sobel
Executive Director General Counsel
______
Attachment 2
Privacy on the Internet
February 22, 2000, New York Times
As the Internet matures, preserving user privacy and anonymity is
becoming a significant problem. Technology now makes it possible for
online businesses and advertisers to turn the Internet into a realm
where activities and habits are monitored and recorded, largely without
consumer knowledge or consent. Unless businesses can protect privacy,
the erosion of trust could seriously harm e-commerce as well as cause
the public to become wary about using the Internet for education,
research and other important non-commercial functions.
In the offline world, a big part of personal privacy is simply the
freedom to remain a face in the crowd. No one tracks a shopper as he
visits various stores in a mall or keeps notes on what products he
looks at. But in cyberspace, that shopper's behavior--which Web sites
he visits, and which ads he clicks on--can all be instantly recorded
and compiled, albeit through computer-based identifiers rather than by
name. Most consumers have little idea that unseen advertising networks
on the Internet track their movements across multiple Web sites. Most
do not know that Web sites can collect and sell data about them. But
consumer concerns are rising, and businesses are getting worried about
a privacy backlash.
This month the Electronic Privacy Information Center, an advocacy
group, filed a complaint against DoubleClick with the Federal Trade
Commission, alleging unfair trade practices in its tracking of the
online activities of millions of Internet users. DoubleClick, the
leading Internet advertising company, places ads for its clients on
about 1,500 Web sites--including many of the most heavily used sites
such as AltaVista--that are part of the DoubleClick network. When a
computer user views an ad on a network site, DoubleClick places a
``cookie'' file on the user's computer hard drive that carries a
special identifying number. The cookie allows DoubleClick to monitor
the user's computer--though without being able to identify the user by
name or address--whenever he visits a network site, and note the
content he is viewing to deliver a targeted ad that is customized to a
user's interests.
Last year DoubleClick acquired Abacus Direct, a company that has a
database of millions of names, addresses and other personal information
collected by the nation's largest direct-mail catalogues. Now
DoubleClick is building an online version of Abacus, and will be able
to match personally identifiable information on purchasers collected by
the online Abacus with DoubleClick's data on those individuals'
subsequent Web activities.
DoubleClick says it will give users the opportunity to opt out of
this matching. But privacy advocates fear that this kind of data
collection will become widespread in cyberspace, and that personal
information--from browsing habits to the research one might do on the
Web--could potentially be released to employers, insurers and others.
Industry's answer to these worries is self-regulation and the creation
of privacy policies. Unfortunately, even good policies are largely
unenforceable. A new study by the California HealthCare Foundation of
21 major health-related Web sites found that many violated their own
stated privacy policies, and shared personal information collected from
visitors without their permission.
One solution is to give users easier ways to block the collection
of information. DoubleClick, responding to public criticism, has begun
a campaign to tell users how to opt out of tracking. The World Wide Web
Consortium, the group that designs standards for the Web, is creating a
new way for Web sites to transmit the site's privacy policy
automatically, and allow users to signal only the information they are
willing to share.
Also, several Internet privacy bills have been introduced in
Congress. Businesses are concerned that government regulations could
hinder the Internet's dynamism. Many users may want to receive ads
aimed at their interests. But all users should get a meaningful choice
about how personal data are collected and used. Maintaining privacy
will be integral to the Internet's future, if only because consumers
need to feel safe enough to participate.
The Chairman. Thank you very much.
Mr. Smith, welcome.
STATEMENT OF RICHARD SMITH, INTERNET CONSULTANT
Mr. Smith. Thank you for the invitation here to speak today
before this Committee. My background is technical. I have been
in the computer business for approximately 30 years and have
also run my own businesses for about the last 20 years.
Since September of this past year, I have taken a
sabbatical and begun looking at the issues of Internet privacy
and security. What I would like to do today is talk a little
bit and expand upon the excellent presentation that was made by
Jodie of the FTC here of some of the technology that is going
on behind the scenes here.
In my written testimony, I have--I want to start off here
with exhibit A here, as I call it, which illustrates one of the
issues of how ad targeting is done today. This is from the
AltaVista search engine. If you have used the search engine,
you probably noticed after a while that the banner ads that you
see at the search engine are related to what you are searching
for. This is not an accident, because companies can purchase
keywords and whatever keyword you type in you get a relevant
ad. So for example, here I have typed in ``sports cars'' and I
get a Toyota ad. I type in ``vacation homes'' and I get an ad
for move.com.
This practice has been going on for 3 or 4 years and is
really, I would say, not necessarily a privacy-unfriendly
technology. But we get down into some other interesting issues
here. I found this one accidentally. I typed in ``growing pot''
and I got an anti-drug ad. This actually comes from the White
House, so even the government is involved in buying these
keywords.
We are doing some medical conditions here. I typed in
``AIDS'' and get a pitch for an anti-HIV drug. ``Compulsive
gambling,'' I get a banner ad for an online casino. I think
that is a little mess-up there.
Given the political nature of this today, I thought I would
also try ``Al Gore'' and ``George Bush'' here. It looked like
they are owned--pardon me--the keywords are owned by women.com.
The idea here is that this illustrates sort of the birth of
online profiling, is that the Internet ad companies noticed
that you could begin discerning a lot about people by how they
search. This is, as Daniel has talked about, one of the ways
that information is put into our profiles, by watching
everything we search for. As a matter of fact, at the AltaVista
search engine, Engage today is using this kind of information.
I want to go on to the topic of web bugs because that came
up a little bit earlier. It is a technology. Basically the idea
is you have a web page and you put an invisible image on the
page, if you are a network advertiser or a marketing company,
to monitor who comes to web pages. They act like banner ads in
the sense that they provide back the same information, but they
obviously, they are totally hidden. They are only one by one
pixel in size.
The problem that I have with them is I think they have very
much undermined the trust in the Internet because they are very
much a tracking device. Some sites that have web bugs on them
today are I think we would all agree very sensitive in nature.
For example, Procrit, it is a drug from Johnson and Johnson,
has approximately five web bugs on the website from
DoubleClick. The home page is one of the pages bugged, as well
as each of the conditions, the page on AIDS, the page on kidney
diseases, and the page on cancer.
So we can see in this case here that DoubleClick has been
hired to do monitoring of users at that site. So I am kind of
interested about this idea that network advertisers do not get
into monitoring sensitive issues.
Another technology, or it is not really a technology, but a
problem that we have with network advertisers, is that of what
I term as data spills. The idea behind a data spill is that if
you type in data on a web form and it goes into the website--
for example, an example I found was at Intuit you would type in
information about your financial information to see if you
could get a mortgage. That information was accidentally leaked
off to DoubleClick through the use of banner ads.
This is a bug, this is a problem or a mistake that the
Intuit website made, but that does illustrate that this data
that is being sent in to the ad networks sometimes is very
personal in nature. In a two-month period, for example, I found
approximately ten data leaks to DoubleClick--things like my
name, address, and e-mail address.
Another issue that I would like to get into real quickly
here is the issue of notice. The industry talks about one of
the things that we need here is notice and the idea that
websites would link to the privacy policies of network
advertisers so they could learn about the online profiling.
Well, over the weekend I did a quick check here with the
AltaVista search engine and found, for example, with the case
of DoubleClick, although they have 12,000 websites that they
provide banner ads to, only about 130 of those sites had links
to their privacy policy. So if you wanted to opt out at
DoubleClick, there are very little ways to understand about
that.
The same thing was true with Engage and its family of
companies. AltaVista shows less than a hundred links to their
privacy policies.
Finally, I would like to end up my testimony with just a
quick remark to give folks an idea how different the Internet
is than any other media in terms of tracking. On my computer I
monitor all traffic that goes in and out of the computer on the
Internet. Over the past 6 months I have had 250,000
transactions, that is web pages and images and java script
applets that have been downloaded. Of those, 27,000 URL's went
back to DoubleClick. So they got back 27,000 URL's of web pages
that I was at.
So we are dealing with a very different medium than
anything else in the offline world. For example, my credit card
company, my bank, and my telephone company do not know about
anywhere--do not get that amount of information about me each
and every day. That works out to about 150 transactions a day.
Thank you very much.
[The prepared statement of Mr. Smith follows:]
Prepared Statement of Richard Smith, Internet Consultant
Introduction
To begin with, I would like to first thank the Chairman and the
Senate Committee on Commerce, Science, and Transportation for this
opportunity to testify today on the issue of online profiling and its
impact on consumer privacy. It is indeed an honor to be here.
My own background is that I have spent almost 30 years in the
computer software business both as a software engineer as well as a
business owner. I retired last September as the President of Phar Lap
Software, Inc., a company I co-founded 14 years ago. Since leaving Phar
Lap, I have worked as a consultant specializing in Internet security
and privacy issues.
The issue of online profiling is very controversial. The reason is
quite simple to understand. Most consumers are very bothered by the
fact that companies are monitoring their Web surfing habits. In
addition, consumers are almost never informed about these monitoring
activities and have never been asked if it is okay. To many people who
learn about online profiling for the first time, their first impression
is that it is something right out of Orwell's 1984.
In my testimony today, I will be focusing on two major areas. To
begin with, I will talk about how data is collected by Internet ad
companies for use in online profiles. To date, I do not think that ad
companies have been totally straight with consumers with their data
collection practices. The second area I want to talk about today is the
lack of proper notice to consumers about online profiling. I will be
using real-life examples of some of things that I have seen in my own
use of the Internet.
Along the way, I want to also suggest an alternative to online
profiling which is content-based targeting for banner ads. Content-
based targeting is typically employed in the off-line world
(newspapers, TV, and magazines). It is much more privacy friendly than
online profiling because it requires no tracking of individual users as
they surf the Internet. The most banner ads shown today are already
using content-based targeting because it is easy to understand and
favored by advertisers.
How Data Is Collected For Online Profiles
To begin the discussion of data collection practices of Internet ad
companies, the best place to start looking is at Internet search engine
sites. Everyone seems to have their own favorite search engine and mine
happens to be AltaVista. It also turns out that the AltaVista site has
business relationships with DoubleClick and Engage who both are also
testifying here today.
Most people probably have noticed at one time or another that the
banner ads that they see on a search results page are related to what
they are searching for. This is no accident. AltaVista employs
DoubleClick to show banner ads at the site. One of the services that
DoubleClick provides for advertisers is the ability to ``purchase''
keywords at the site. When a company owns a particular keyword or
phrase, their banner ads will appear of the search results page for the
keyword or phrase. Keywords are typically purchased on a month-by-month
basis. They can be purchased either on an exclusive basis or can be
shared with other companies.
Exhibit A illustrates how some common keywords such as ``sports
cars'' and ``vacation homes'' will show relevant banner ads at
AltaVista. A version of Exhibit A is also available at my Web site that
shows in real-time what banner ads are being shown for common keywords.
This demonstration is available at:
http://www.tiac.net/users/smiths/commerce/avads.htm
Advertisers like keyword targeted ads because it is more likely
that people seeing their ads will be interested in their products.
DoubleClick and AltaVista also like keyword targeted ads because they
can charge a premium for them. This premium is typically 2 to 3 times
more than standard ads at AltaVista.
But what about the consumer? How do they feel about keyword-
targeted ads? The answers are a bit more difficult to come by. When
many consumers notice keyword-targeted ads for the first time they get
a bit uncomfortable. They realize that someone is watching them as they
search the Internet with AltaVista. Most folks do not like to be
watched and one of the first association that comes to mind is 1984. On
the other hand, I think most people will agree that if they are going
to see banner ads at Web sites, they might as well be relevant to their
interests.
AltaVista did not help matters much, because until January of this
year, they did not disclose to users that banner ads can be targeted to
search phrases. They also have made mixed efforts in informing users
about their relationship with DoubleClick. However, a savvy Web user
today who reads the AltaVista privacy policy will learn both about
keyword-targeted ads and DoubleClick.
So do keyword-targeted ads present a privacy problem for users? I
personally do not think so. In the Yellows Pages, we see ads for car
dealerships in the automobile section. The same is true with the search
results page for ``cars'' at AltaVista. I believe that this type of
content-based targeting is valuable to both advertisers and consumers.
It is an example of good Internet marketing.
However, there still are the concerns of consumers that they are
being watched when they see keyword-targeted ads. How can these
concerns be addressed? The first part of the solution is to provide
adequate notice to consumers about the practice. For example, some of
the search engine companies are now disclosing this practice in their
privacy policies. The real answer for consumers is to make it clear
that that their search strings are never saved in a database. Except
for keeping aggregate statistics on the popularity of keywords,
people's search strings should be discarded. More about this issue
shortly.
But how does DoubleClick know what ad to display for a search
keyword in the first place? Very simply, AltaVista gives DoubleClick,
everyone's search strings. The hand-off is done right on the search
results page. A banner ad is displayed as a image, and the URL of image
is specially constructed by AltaVista to include the search string.
Here is what one of these banner ad image tags looks like for the
search string ``sports cars'':
You will notice that the search string is embedded as the ``kw''
parameter in the image URL.
So DoubleClick is being sent everyone's search strings at
AltaVista. Pretty obviously you can learn a lot about a person by
observing what they are searching for on the Internet. The ad network
companies have realized this also and invented the idea of online
profiling. The basic concept is for the ad server computers of the ad
companies to track over time what an individual is searching for and to
provide relevant ads to according to their search history. These
personalized banner ads can be shown whenever someone searches for a
keyword that has not been purchased by an advertiser. These same
personalized ads can also be shown at other Web sites in the same ad
network.
However it is pretty cumbersome for an ad network to remember every
little search string that someone has used. Such a list does not lend
itself to quickly selecting an ad for a user. In general, an ad server
must decide on what ad a user sees in about 1/100 of a second. So in
order to meet this time constraint, Internet ad companies instead build
profiles of people. A profile is a table that rates a person on their
level of interest in particular subjects. A profile might contain up to
a thousand different subjects areas. These subjects areas might include
things like sports (golf, tennis, football, etc.), travel (US, Canada,
Europe, etc.) and food (cooking, gardening, etc.). A person is then
scored for each of these subject areas. A score is a percentage. Zero
percentage meaning no interesting, while one hundred percentage means
extremely interested. These scores are updated in real-time from search
strings and other data.
Advertisers can then target groups of users by instructing an
Internet ad network to show their ads to people who have certain
characteristics in their profiles. For example, a ski resort may want
to have their ads to be shown only to people who appear by their
profiles to have a strong interest in skiing. The targeting might also
be indirect. A car company might target ads for their luxury models at
people who show an interest in European travel, while their middle-of-
the-road models might be pitched to people who show an interest in
American travel.
An online profile is created for a user the first time they are
shown a banner ad from a particular Internet ad network. All of the
scores in the profile are set to zero. The profile is stored at the ad
server computers. It is updated in real-time according to the following
information that is received by Internet ad networks:
What search strings an individual searches for
What Web pages an individual visits
What banner ads an individual clicks on
A user can be tracked by an Internet ad company on any Web page
that a banner ad appears that is served by the company.
In addition to their profile, a user is also assigned a unique
customer ID number. This ID number is stored with the profile to
identify who the profile belongs to. The ID number is also sent back to
the user's computer as a cookie and stored on the hard drive of the
computer. Then as the user surfs the Web and is shown more banner ads,
this customer ID number is sent back to the Internet ad network with
each and every request for a banner ad. The cookie is the mechanism
that allows Internet ad networks to track people over time.
Cookies are anonymous in the sense that they do not say who a
person is. However, personal information can be associated with a
cookie and stored with a profile if a user provides this information to
an Internet ad company. This is typically done using some sort of
online contest or sweepstake where users are required to provide their
names, addresses, and phone numbers. As an example, DoubleClick
operates a Web site called NetDeals (http://www.netdeals.com) for this
purpose.
In addition, using a technique called ``cookie synchronization'',
it is possible for one Web site to provide an Internet ad network with
personal and demographic data about users. Again this information can
be associated with a cookie and stored in an online profile.
Excite@Home is apparently using this technique to provide registration
data to its sister company, MatchLogic, an Internet ad company.
On paper, the economic benefits of online profiling seem self-
evident. In theory, a profiled banner ad should have an increased
response rate because it is being better targeted. Advertisers can
purchase a smaller number of ad impressions in order to get the same
results. Ad networks can charge more money per ad impression because
the higher perceived value. Consumers are suppose to benefit because
they will see less ads about products that they no interest in.
However in practice, the value of online profiling is yet to be
proven. The industry has not released any studies that show response
rates are significantly higher for profiled ads. In addition, the
response rates need to go up more than the costs of profiling. These
costs include the premium paid for ads themselves plus the time it
takes to figure out what profile works best for a particular ad. This
second point is very important. It is unclear if advertisers can use
all of the data that Internet ad companies can provide them. This point
was made recently in a New York Times article by Saul Hansell:
``So Far, Big Brother Isn't Big Business''
http://www.nytimes.com/library/financial/personal/
050700personal-privacy.html
May 7, 2000
``The few advertisers that have tried these systems have not
yet given up on them. But most say the response to their ads
does not go up enough to be worth the extra cost and bother. It
seems easier for them to buy cheap shotguns, in effect, than
expensive laser-guided rifles.''
Regardless if online profiling systems make economic sense or not,
from a privacy standpoint, they present some real dangers. These
systems are monitoring people as they surf Internet. What data is being
collected and what is being saved away is not made very clear. All of
the uses of this data is not disclosed and may change over time. Also
in spite of claims by Internet ad companies that the profiles are
anonymous almost all of these companies maintain separate databases
with personal data that can be combine with the anonymous profiles at
anytime using cookie synchronization.
However the real danger that I see with online profiling is that
Internet ad companies have set up extensive monitoring systems to
provide data for profiling. It is almost like they have put hidden
microphones in our homes and our offices and they listening to what we
do all day long. Pretty obviously if you deploy hidden microphones, you
are going to pick up information which is personal in nature. And this
is exactly what I have found on my own computer. The data collection
systems that the Internet ad companies are currently running are
getting personal and sensitive information that almost everyone will
agree is none of the business of these companies. The problem here is
one of collateral damage
Data Spills
The first problem that I have seen at many Web sites is the problem
of data spills. A data spill is where information that is typed into a
form at a Web site is accidentally sent off to an Internet ad company.
Data spills are caused by poor Web site design Because I do logging of
my Internet traffic from my computer, I can detect data spills. In a
two-month period, I found close to 10 data spills of personal data to
DoubleClick. These data spills include things like my name, home
address, Email address, and birth date. Web sites that were sending off
this data to DoubleClick included well-known sites like AltaVista, Real
Networks, HealthCentral, Quicken, and Travelocity.
My Web site includes a write-up that describes how data spills
occur in the first place and how they can be prevented. The URL of the
write-up is available at:
http://www.tiac.net/users/smiths/privacy/banads.htm
In the write-up, I talk mostly about DoubleClick. They are going to
be receiving the most information from data spills given that they are
largest provider of banner ads. However, the problem can occur with any
banner ad network and all companies are receiving this kind of personal
data from Internet users. A recent example of data spill really
illustrates the point. I found that on my computer the sign-up page for
the contest Web site, Jackpot.com, gave away my Email address to three
different companies all at the same time. The companies receiving my
Email address were Flycast, YesMail, and Sabela. The Jackpot.com
privacy policy states they never share personal data, but they seem to
have a tough time keeping this promise. My enquiry to the company about
the issue was answered with a denial that there was any problem. The
customer support person simply repeated the claims of the privacy
policy.
In general, Jackpot.com is the exception rather than the rule.
Other Web sites have been more response and fixed the problems right
away when I have brought them to their attention. In addition, in some
discussions I have had with the Internet ad companies, they have made
it clear that they do not want this of type of unsolicited personal
information from users. However, from their perspective it is a problem
they cannot directly solve because the issues are with the Web sites
running the banner ads and not at the ad servers.
In the near term, I am hoping to see Internet ad companies publicly
commit to not use this unsolicited personal data from data spills. The
best place to do this I think is in their privacy policies. The idea
here is to acknowledge the problem that Web sites may accidentally give
away personal data, but the Internet ad networks will discard it and
not make use it.
Over the long term, there is a simple technology solution to the
problem that can be implemented by Web browser companies. This solution
involves eliminating referring URLs for being sent in situations where
a data spill is likely to occur. Referring URLs can contain the
personal data in a data spill.
Web Bugs
Besides banner ads, Internet Ad companies also track users with
something I've nicknamed ``Web Bugs.'' A Web Bug is an invisible image
on a Web page that sends back the cookie of an Internet ad company to
their servers. The main purpose of a Web Bug is to track what pages
users are going to the Internet. Given that images are invisible on the
page, the averagel user has no way of knowing that they are being
tracked in this manner. In addition, to my knowledge, no Web site or
Internet ad company has every disclosed the use of Web Bugs in their
privacy policies.
Pretty obviously, people in the Internet ad business do not call
these invisible images ``Web Bugs'. Instead they use names like ``clear
GIFs'', ``1-by-1 pixels'', ``tracker GIFs'', and sensors. Since no one
has come up with a consistent name for them, I will continue to use the
term ``Web Bugs''.
Even though there has not been very much public discussion about
Web Bugs, they seemed to be employed by most Internet marketing
companies. In my discussions with these companies, I have been told
that they are used for these purposes:
The see who has come to a Web site after viewing a banner ad
To transfer both personal and non-personal information from
a Web site to an Internet ad company
To provide data to an online profile
To count ad impressions and page hits
More technical information on Web Bugs can be found at my Web site
at this URL:
http://www.tiac.net/users/smiths/privacy/wbfaq.htm
In addition, I have set up search page that will locate Web pages
that employ Web Bugs. The page operates by giving special search string
to AltaVista that has located the hidden images. The URL of the search
page is:
http://www.tiac.net/users/smiths/privacy/wbfind.htm
The page will locate Web Bugs that have been placed around the
Internet from more than 20 different Internet marketing companies
Although Internet ad companies represent that they do not do
profiling of sensitive areas such as children, medical, financial, and
sexual issues, most of them will use Web Bugs on pages that deal with
these areas. Here are a few illustrations of Web pages that employ Web
bugs that I believe most people will find troubling:
Kids Zone of Santa.com (http://www.santa.com/santa/kidszone/
index.htm)
Procrit.com (http://www.procrit.com)
Rodale Press (http://www.sexamansguide.com/a/home/
order.rhtml)
Metropolitan Life
(http://metlife.com/Salescareers/Apply/Docs/
online_interview.html)
The Procrit Web site is the most interesting use of Web Bugs on the
list. Procrit is product of Ortho Biotech which is a subsidiary of
Johnson and Johnson. The drug is used to fight anemia in patients with
a number of different conditions including AIDS, cancer, and kidney
disease. Hidden image files from DoubleClick are strategically placed
on the Procrit Web site in order to distinguish if someone is at the
site because they are interested in treatments because of AIDS vs.
cancer vs. kidney disease. Needless to say, I believe that most
visitors to the Procrit site would be very surprised to learn they are
being monitored in this way. However, unless someone understands HTML
source code and knows where to look, they would never see the Web Bugs
at the site.
Web Bugs appeared to be employed by all of the Internet ad
companies. AltaVista has found more 30,000 placed by DoubleClick and
about 1,000 placed by Engage. Be Free, another Internet marketing
company, has more a half of a million according to AltaVista.
Personally I am surprised that Web Bugs are ever used. When
discovered, they undermine people's trust in Web sites. Some sites I
know have stopped using Web Bugs when they received enquires from the
press and consumers about their presences on the sites. Two such sites
were Nabisco Kids and the United States Air Force. Web Bugs are also
playing a role in a number of the privacy lawsuits that have been filed
against Web site and Internet ad companies.
The problem that I see with Web Bugs is that supply information on
the sly to Internet ad companies that can be used in personal profiles.
Given that this tracking is being done with no notice or consent, I
find use of Web Bugs very problematic.
Notice and Banner Ad Networks
I want to shift gears for a second and talk about the problem of
notice with online profiling. Most consumers are unlikely to be aware
that they are being tracked as they surf the Web. I suspect that most
consumers would be surprised that their computers are sending back
information to Internet ad companies about what articles and Web pages
they are reading online. They would probably also be more even dismayed
to learn that some of this information actually is being used for
profiling purposes. Most consumers are in the frame of mind that Web is
just like other media such as television or newspapers. Reading an
article in a newspaper is obviously anonymous unless a person chooses
to tell someone else about what they have read. However, reading the
same article in the online world can be very different. Two or three
different companies may know what article someone has read, how long
the article took to read it, and where the person went on the Web when
they were done.
Over the last 3 or 4 years, the industry has settle on the use of
Web site privacy policies to inform consumers about what data is being
collected by a Web site and what is done with the data. Today almost
all popular Internet sites have privacy policies in places. In most
areas these privacy policies do an acceptable job of inform a consumer
what they can expect with information. One very notable exception is
the use of online profiling at their sites.
In addition, all of the major Internet ad companies also have
privacy policies that describe how banner ad networks work, what data
is being collected by these networks, and the details of online
profiling. Also, most of the Internet ad companies offer an ``OPT-OUT''
to allow consumers the ability to turn off tracking and profiling.
However, there is one major flaw with the privacy policies of
Internet ad companies. Consumers have almost no way of ever seeing
these privacy policies. The problem here is the Internet ad companies
are hidden in the background at Web sites and consumers by and large do
not know anything about the companies. Web sites, in the own privacy
policies, have not helped the situation very much for consumer.
Although a Web site privacy policy may talk some about the Internet ad
company they use, Web sites almost never link to the privacy policy of
ad networks. For example, the AltaVista search engine finds less than
150 links to DoubleClick's privacy policy. Yet, DoubleClick has more
than 12,000 Web sites that they provide banner ads for. A similar
situation exists for Engage, less than 100 links are found to the
Engage privacy policy, yet Engage and its sister companies provide
banner ads for more than 6,000 sites.
There clearly is a problem here of Internet ad companies providing
proper notice about online profiling.
Conclusion
The bottom line for me on online profiling is that Internet ad
companies are getting too much data about us. Their ad networks
function as tracking systems the gather data about us from search
strings, banners ads on Web pages we visit, data spills, and Web Bugs.
Clearly the data collection systems of the Internet ad companies are
gathering more information about us than is necessary to show banner
ads.
I know that many people involved in regulation issues around
Internet advertising support the concept of OPT-OUT from online
profiling. At the present time, I feel extremely uncomfortable with
OPT-OUT for the following reasons:
It is nearly impossible for consumers to learn about how
they can OPT-OUT to online profiling because of lack of almost
any kind of reasonable notice about online profiling.
Invisible Web Bugs can provide data to the online profiles
and consumers have no method of knowing that they are being
tracked.
Data spills are providing personal data about users to
Internet ad companies and the industry has taken no public
steps to stop the problem
Many of Internet ad companies have divisions or sister
companies that maintain databases of personally identified data
that can be combined with the anonymous profiles at any time.
I want to conclude my testimony with one quick statistic from my
own travels around the Internet. As I mentioned earlier, I run software
on computer that logs all of my transactions on the Internet. The last
6 months, I had about 250,000 Web transactions total. More than 10% of
these transactions were with DoubleClick. This works out to about 150
transactions per day. This means that DoubeClick is receiving 150 URLs
of Web pages I am visiting each and everyday. In the offline world, I
cannot think of one company that it is getting this amount of data
about me. Not my phone company, not my bank, and not my credit card
company.
Thank you again for this opportunity to address the Senate Commerce
Committee.
The Chairman. Thank you very much, Mr. Smith.
Mr. Polonetsky, you know that we discussed DoubleClick's
``permission'' in order that one can opt out at the last
hearing. Now you are going to simplify that, according to your
testimony.
Mr. Polonetsky. Yes, the proposed simplified policy that we
have given to your staff, and we welcome your reaction, is a
one-page clear, effective explanation of what the privacy
policy is. I think that, in an effort to give all the possible
information that anybody might want, our earlier privacy policy
was, as you pointed out, long and detailed and complex.
The Chairman. Why was it like that to start with?
Mr. Polonetsky. I think we felt that we ought to give all
the information that anybody would want in all the detail
should anybody want to have all that detail. I think what we
need to do is put a cover page that has the simple, basic
information, with an opportunity to get more detail if you want
to click on a link and get that information.
The Chairman. Well, I guess I will ask you and Mr. Jaye:
According to Mr. Smith, the AltaVista search engine finds, as
he said, less than 150 links to your privacy policy and yet you
have 12,000 websites that you provide banner ads for. In your
case, Mr. Jaye, less than 100 links were found to Engage's
privacy policy, yet Engage and its sister companies provide
banner ads for more than 6,000 sites.
What is your response to that, Mr. Jaye?
Mr. Jaye. Unfortunately, Mr. Smith and I have an e-mail
dialog and I should have gotten back to him when he mentioned
that to me, because unfortunately the search string that he
used at AltaVista was not necessarily the right search string.
We actually provide a deep link directly to our opt-out page
from sites that link to us. So if he was searching for our
privacy page it would not show up.
We have 3,000 sites, for example, in the Flycast network,
which is a company we acquired earlier this year, and we have
gone through a certification process as we have brought them
online and we have all those sites compliant. We have actually
kicked out sites that are not compliant. So I think that we
just need to probably spend a little bit more time on going
over a couple of the details there.
In some cases also, when we deal with a third party in our
business we are working with networks and what happens is that
the site discloses that they are working with Engage and the
third party, but the link may actually be to a slightly
different form of the web page to let them know, for example,
this site is part of the Flycast network, which is working with
Engage.
So I think that we can probably put that to rest, at least
in our case.
The Chairman. Mr. Polonetsky.
Mr. Polonetsky. If I can respond to that as well, Senator.
In February, DoubleClick announced that every new contract that
we signed with a client would have in that contract language
requiring that that U.S. web publisher had a clear and
effective policy with a link to DoubleClick, and every single
one of our new contracts has had that.
I have been going through the 1,000 or 1,200 sites that are
in the DoubleClick network, taking a look at their privacy
policies and requiring that they change that and link to us. So
I think the numbers for us are substantially more than Mr.
Smith laid out as well. Frankly, it is our firm policy that
anybody that we will do business with, anybody frankly who has
information that is being contributed to a profile, certainly
has a link to our policy or I do not sign off on that site's
participation.
The Chairman. Mr. Jaye, should consumers have access to the
profiles that network advertisers keep about them when they are
linked to personally identifiable information?
Mr. Jaye. When they are linked to personally identifiable
information, yes.
The Chairman. Mr. Rotenberg.
Mr. Rotenberg. Yes, Senator. I think without the ability to
see the information that is being collected, the privacy
policies do not really mean very much because they are very
general, they are very confusing, and you really cannot make an
informed decision. I think one of the points also in Jodie
Bernstein's presentation with respect to cookies, even if you
try to exercise choice, which is what she described with the
browser software, you will see a screen that gives a web
domain, an expiration date, and then a value field that is just
a string of characters. It has no meaning to you.
For that reason, you have to see what information is being
collected about you and how it is being used.
The Chairman. Mr. Polonetsky.
Mr. Polonetsky. I think it ought to depend on the type of
information. I think if we are talking about sensitive
information, the kind of information consumers would be
concerned could be used against them or could cause harm, there
ought to be a higher level of protection. But I think that
basic information, such as the kind of information that is used
in the offline world for marketers to make decisions about what
offers to send, the standard there for non-sensitive
information could be opt-out as long as it was clear, as long
as the consumer knew what the rules were when they were at the
site.
The Chairman. What type of information should I have access
to?
Mr. Polonetsky. You should have access I think to a
reasonable amount of information to the extent that the site
has that information easily available.
The Chairman. Who should decide that?
Mr. Polonetsky. Well, we served on the FTC Committee on
Online Access and Security, as did Engage and some of the
others at the table, and I think there is not a one-size-fits-
all answer. There is some information that is probably easily
available and we certainly, if we use personal information,
will make that kind of information available.
Other information may be difficult. If I walk into a
Macy's, whether it is an online version of Macy's or offline,
and I say, I have shopped here once a year, could you please
give me a record of everything I have ever bought--the question
is what is the tradeoff? Are there certain kinds of information
where consumers really need and really should have access? Are
people making decisions about credit, about mortgages,
information that is going to affect their lives substantially?
If it is non-sensitive marketing information, I think the
standard of access might be different.
The Chairman. Mr. Smith.
Mr. Smith. Well, yes, it is a complicated problem of
providing access, and there are also some privacy downfalls to
it in the sense that if you allow somebody else to get
information there are problems. But I would really love to
know, for example, of those 27,000 transactions that
DoubleClick got about me in the last 6 months which are very
personal in nature, which ones they are saving and which ones
they are not.
The Chairman. Finally, the issue of the moment seems to be
that the FTC and the online advertisers are in serious
negotiations. I would like to know the confidence level of the
witnesses in the ability of the parties to come to agreement,
and would that then negate any requirement for legislation?
Mr. Polonetsky.
Mr. Polonetsky. I am not the person at the table for our
company, but I can tell you that we are optimistic that they
are progressing in a positive way. I think we all agree that
strong standards of notice and choice that are adopted by all
in our industry will provide a real strong level of protection
for consumers. So we think that a system of self-regulation
could be very effective.
The Chairman. Mr. Rotenberg?
Mr. Rotenberg. Mr. Chairman, I think even if there were
agreement between the industry and the FTC on practices in this
area, it would not be sufficient to protect privacy. I say this
for several reasons. First of all, we have followed very
closely the self-regulatory efforts in other areas involving
such groups as TRUSTe and BBB Online, and I think the sense at
this point is that those are not providing adequate protection
in the online world.
The second point, as a matter of process, I have been
personally disappointed that the FTC has not involved the
privacy community in this proceeding. I think we have a right
to participate. We were, after all, the group that initiated
the complaint at the Federal Trade Commission. We identified
the flaws in those privacy policies, and we think if the FTC
proposal is going to be responsive it has to address the issues
we raised.
The Chairman. Mr. Jaye.
Mr. Jaye. As was reported evidently this morning in the
Wall Street Journal, I guess I am optimistic about our
likelihood of reaching agreement, and I stand by that comment.
I think that the industry has been working very hard--I am one
of the people at the table from my company--to try to come to
agreement on a baseline set of standards that will meet the
legitimate consumer concerns about data protection and privacy
with regard to network advertisers.
I think that there has been a very good faith dialog going
on and I hope that we will be able to come to an agreement.
Whether or not there is a legislative backdrop or not is
somewhat independent, because I think in the end self-
regulatory programs in this area will be more effective for
jurisdiction issues and many other issues.
The Chairman. Mr. Smith.
Mr. Smith. Well, I have not been privy to any of the
negotiations also, as Marc has pointed out. I am also a
programmer, so I am not sure that I can comment so much on the
legal issues here.
But overall, I think one of the concerns I think raised in
the earlier testimony, what if somebody just does not want to
participate and then we have that problem? That could just see
a breakup of those kinds of regulations.
The Chairman. Senator Wyden. I thank the witnesses.
Senator Wyden. Thank you, Mr. Chairman.
Mr. Polonetsky, I am interested in knowing when DoubleClick
collects information from a website how detailed the
information is about a consumer's activities there? For
example, if I visit a bookstore site, do you have full
information about the titles I browse through as well as what I
purchased?
Mr. Polonetsky. The answer is not at all. What DoubleClick
does is we deliver an ad when somebody is at perhaps a site
where books are being sold. So the information we have is that
we delivered a sports ad to this cookie ID when it was at this
sports site.
Senator Wyden. What about recording search terms that I
type in?
Mr. Polonetsky. When one goes to a search engine and types
in a keyword that one is searching for, the page that is
generated--let us assume one goes to a page and types in
``golf''--the search page that is generated is going to be a
golf page. So the information that DoubleClick gets is: serve a
sports ad here, serve a golf ad here, because the search term
is going to provide a golf page, so put in golf. That is the
kind of information that we would have in terms of paying an
advertiser and paying the website for the ad that was served
and the ad that was delivered.
Senator Wyden. How many users at this point do you have
profiles on?
Mr. Polonetsky. We actually do not currently serve ads
based on profiles. I know that that is a misconception that
many have. We currently serve ads based on some of the visible
demographics of the browser at the site, geographic
information----
Senator Wyden. What kind of numbers are we talking about
there?
Mr. Polonetsky. So those are not profiles at all. We are,
however, developing such a product, as some others are doing,
and will have one in the near future. But we are not currently
working with profiles. We will probably have say 40 or 50
million when we do, because we serve ads at many sites. But we
currently are not serving ads across the web based on profiles.
We are serving ads based on somebody is going to a sports site,
we know we have showed three ads to this unique cookie ID on
other sites; let us serve this sort of ad into that site.
Senator Wyden. Now, Mr. Rotenberg, most of the users never
visit the website of the online profiler that is collecting
information. So we are wrestling with this question of notice
and choice and how to deal with the collection of profile
information there. Would host websites serve as intermediaries
between the consumer and the profiler? How would you see that
working? For those of us who want to make sure that those kinds
of FTC principles apply to profiling, how would you address
this question of notice and choice specifically?
Mr. Rotenberg. Senator, I think the whole process has to be
much more transparent. One of the very interesting things about
Jodie Bernstein's presentation, when she described what was
taking place with the cookie tracking online you saw boxes go
up. I think she used the phrase ``US Advertising,'' maybe that
was the ad network, ``US Advertising is now gathering
information for this purpose, US Advertising is now linking
information for this purpose.''
I actually believe that those are the types of notices that
consumers who are online should be able to see as the
information flows. In other words, you have to literally
understand as you move from one website to the next what
information about you has been obtained and how it will then be
used.
Now, at that point you can make a decision and you can say:
Well, I do not want to be a part of an advertising network that
collects information about me in this way or uses it in this
way. There should be a box there that says: I am not going to
be a part of this.
But as long as we have these very complicated arrangements
where people cannot really evaluate what is going on, frankly,
it would not matter whether you had to go to the advertiser's
website, a consortium's website, or the website that you
visited originally to express a preference, because you would
not understand what the preference was you were expressing.
Senator Wyden. In your view, how critical is the
distinction between personally identifiable information and the
non-identifiable data that is collected by profilers?
Mr. Rotenberg. Well, I used to think it was about the
brightest line that there could be. But I have actually changed
my view on this, because I understand now that it is possible
to take a profile that is not linked to a known user and
subsequently link it to a known user. In fact, that is exactly
what happened with DoubleClick. And I am a little surprised to
hear them say that they are not creating profiles. Now, they
have tens of millions of unique cookie ID's. Maybe that is the
phrase we should be using. Currently today, tens of millions of
unique cookie ID's, and those are the ID's that make it
possible when Richard Smith surfs the web for an advertiser to
know that three ads have gone out to that unique cookie ID
which Richard Smith is standing behind and therefore we have to
put a different ad.
Now, if that unique cookie ID can be linked to Richard
Smith, even though it may not currently be linked to Richard
Smith, then I think we need some legislation in place to
control that practice.
Senator Wyden. Let me do this, because I have one other
important question I want to ask about litigation. But Mr.
Polonetsky, do you want to respond to Mr. Rotenberg's point,
because I think that the reason I asked the question about what
you all were doing specific to individuals is that is of course
what the American people want to know. You all are sort of the
most visible company in this area and Mr. Rotenberg just
described a way with the use of the cookie ID that a fair
amount of personal information was in effect being collected or
certainly utilized.
Mr. Polonetsky. Sure, let me clarify if I can. First of
all, we are not using any personal information at all. What we
are doing is when a browser comes to a site that browser is
assigned a unique ID. If DoubleClick is serving an ad on that
site, DoubleClick knows that this Nike ad was served to this
unique ID.
We also know that most folks, if they have not responded to
an ad after two or three times, do not keep showing the same ad
over and over and over again. So what we will keep a record of
is this ad was shown one time, two times, three times, so then
do not show this same ad again, show a different ad the next
time that unique ID shows up at a site where DoubleClick is
serving ads.
So I do not know that that would be considered profiling. I
think that would be frequency capping, making sure the same ad
is not shown over and over. I would say that a profile is
keeping track of all the different sites that a unique ID was
at and then building a record saying, well, this is a cookie
that spends a lot of time on sport sites, on news sites, so let
us show them a certain kind of an ad when that anonymous ID
shows up again at a different site.
Senator Wyden. Mr. Rotenberg is smiling and that indicates
to me that he is probably concerned about the ramifications of
that on individuals.
Since time is short, I want to ask just one other question.
It is really for you, Mr. Jaye, and you, Mr. Polonetsky. That
is, with folks in the industry facing lawsuits with respect to
the practice of online profiling, do the two of you, Mr. Jaye
and Mr. Polonetsky, believe that by defining the appropriate
scope of profiling behavior that that might head off some of
the disputes that seem to be headed for a lawyer's full
employment program here?
Mr. Jaye.
Mr. Jaye. At Engage we feel comfortable that since we
started the company we have had privacy--finding the balance
between the consumer's right for privacy and the marketer's
need for effectiveness--in the form of anonymity. We feel very
comfortable in our position with regard to those types of
risks.
Certainly there is still the possibility of some sort of
action that would be perhaps without merit, waste our time,
waste the government's time. But at the same point, we are
concerned about moving quickly. For example, just to take a
point, this issue about web bugs. I think web bugs are a very
legitimate concern because they are not visible to the
consumer. But one very important use of this technology is not
for any type of profiling, but simply for the ability of
reporting to an advertiser the percentage of visitors who saw
an ad who actually subsequently made a purchase, not at an
individual level at all, but the ability to basically tell the
advertiser did they spend their money wisely.
If we cannot provide that level of reporting, the ad
spending on the Internet is not going to be sustained. So it is
very important to proceed very carefully to make sure we draw
the lines so that we do not inadvertently carve out the ability
for the advertising to be supported while at the same time
addressing the very legitimate concerns about invisible
tracking.
Senator Wyden. Mr. Polonetsky.
Mr. Polonetsky. I agree. I think that education, definition
of the terms, transparency so consumers are aware of what is
taking place is the key. Much of the research I think that is
out there academically and certainly much of the work that we
have done at DoubleClick has indicated that as people are
aware--as they understand the technology, as they understand
what control they have over any information and how it is
used--they become increasingly comfortable with their surfing
on the web and what is taking place.
So one of the reasons why I think we talk about notice and
choice is it is an easy way to show a consumer what is going on
at a site. It is one of the reasons why we ran our online ad
campaign and I think it is probably key in terms of self-
regulation--making sure that consumers understand what we do as
the greater American public starts spending more and more time
shopping and using the benefits of the web--that people
understand how it works and how they have control over what
happens on the web.
Senator Wyden. The central problem, of course, is that
millions of people, as Mr. Rotenberg has talked about----
The Chairman. Senator Wyden.
Senator Wyden. And I will wrap up with this, Mr. Chairman.
The central point is that----
The Chairman. I am not trying to cut you off. If you would
like to at least let Senator Kerry go and then we will come
back to you.
Senator Wyden. I will wrap up right now.
The Chairman. Thank you. Thank you. No, please.
Senator Wyden. This was just my last point. I happen to
share your view on education and it is clear. But what Mr.
Rotenberg said that is central to this is that millions of
people are not at this point empowered with enough information
to make these choices, and that is why I am hoping that we will
be able to get some legislation that defines the appropriate
scope of profiling behavior.
I thank you, Mr. Chairman.
The Chairman. I thank Senator Wyden and I again appreciate
his deep involvement in this very important issue.
Senator Kerry.
Senator Kerry. Thank you, Mr. Chairman.
Mr. Smith, could you repeat for me. You mentioned something
about 27,000 transactions. That is more than a bank. I did not
quite get the whole thing.
Mr. Smith. Right, yes. I log each time a web page is
fetched or an image is fetched on my computer and sent out to
companies on the Internet. In 6 months I had 250,000, a quarter
million of these transactions--web pages that I went to and
images that I saw. More than 10 percent of those went to
DoubleClick.
With that, each transaction was for like a banner ad. There
would also be the URL of the web page that I was at. So if I
was at Quicken, they would get what page I was on at Quicken.
Senator Kerry [presiding]. But you said something to the
effect that that represented a lot more information than any
bank has on you, or something.
Mr. Smith. Yes.
Senator Kerry. But that is not the kind of information that
a bank collects or needs or that you give a bank. I mean, the
bank has your social security number.
Mr. Smith. Correct.
Senator Kerry. And the bank has an address.
Mr. Smith. I was talking about quantity here, not
necessarily quality.
Senator Kerry. Well, but your quantity was for a specific
purpose. You are not the average person shopping in some way.
You were out there really analyzing this.
Mr. Smith. Well, I might be using it a little bit more, but
I suspect for a regular person it might be 100 transactions, 50
to 100 transactions in a day.
Senator Kerry. But what I am trying to understand is the
information that they gleaned from that was essentially non-
personal, am I correct?
Mr. Smith. No, that is not correct.
Senator Kerry. What was the personal nature?
Mr. Smith. Well, I will just go through some of the list
here: my name, my home address, my e-mail address, what plane
flight my daughter was taking to Philadelphia from Boston,
these sorts of things; on buy.com, the movie that I was
renting.
Senator Kerry. Let me stop you there, because I was trying
to figure out what kind of information it was. Now I want to go
from there to Mr. Jaye.
I specifically want to flow out of this. I think that is
the heart of what we are trying to get at here. Mr. Jaye, you
listed the way Engage approaches this and what you can
guarantee and a list of things that you do not do. Would you
repeat that list?
Mr. Jaye. Certainly. We do not know a consumer's name,
address, social security number, or any other personally
identifiable information. We do not maintain information about
specific web pages a browser visits, which is probably the one
that is most relevant to this issue. We do not collect any
sensitive or controversial data, such as personal medical or
financial data, ethnic origin, religion, political interests,
or review of adult content, and we do not merge anonymous
profiling data with personally identifiable data no matter the
source.
I think just a comment. I think the issue here has to do
with the specific information about the web pages because of
the data spillage issue in particular I think that Richard
Smith is bringing on. That is precisely the reason why we took
a data minimalization approach at Engage to make sure we did
not maintain that information.
Senator Kerry. So essentially you have software that has
the capacity to provide a guarantee of anonymity.
Mr. Jaye. We have made every attempt that we could. Just
once again in full disclosure, the way the web works is data
may be received, but there is a difference between when data is
received and actually processing that data and storing that
data. We do not process that spilled data, and one of the
reasons why we discard it is so that it cannot be subsequently
processed.
Senator Kerry. When you say discard, practically speaking
how does that happen? What happens to it?
Mr. Jaye. From a technical perspective, it never gets
written out into magnetic storage and where it is maintained in
memory for the milliseconds or the seconds while the data
around it is being processed is quickly overwritten with other
data.
Senator Kerry. So, for all intents and purposes, it has
disappeared, or could somebody draw it out?
Mr. Jaye. It has for all intents and purposes disappeared.
Senator Kerry. Now, Mr. Rotenberg, what is the matter with
that?
Mr. Rotenberg. I actually think it is pretty good. I think
it is the type of network advertising that a year ago I
explained could work for business and work for consumers. The
problem, though, is that consumers online do not have a choice
about whether to get their advertising between one firm and
another.
Senator Kerry. Correct. Now, if we were to mandate that the
notice be up front and personal as to what the expectations
are, what is going to happen to somebody, what is being
offered, is there any consumer responsibility here? Is there
any caveat emptor, any degree to which an informed consumer
takes place on page one if it is adequately noticed?
Mr. Rotenberg. I think consumers have some responsibility,
but I think in fairness, considering the rapid growth of these
various business models and the various types of advertising
schemes, we are going to be doing this dozens or hundreds of
times for consumers every time someone figured out a new way to
collect and use personal information, which is why I think--and
I do not think Mr. Jaye would necessarily disagree with me--
that a simple set of fair information practices of the type
that have been adopted in previous legislation--we have done
this, by the way, with a lot of technology. We have done it
with cable subscriber records, video rental records, e-mail.
We have put in place basic fair information practices and
then companies like Mr. Jaye's do very well because they have
good business models and they protect privacy.
Senator Kerry. That is essentially what I am talking about.
That is a notice approach fundamentally, with a requirement as
to standards that are adhered to, correct?
Mr. Rotenberg. And access; notice and access.
Senator Kerry. Well, come to the access thing for a minute.
I want to come back to the other for a second. But when you say
adequate access, of course people should have access. We want
to have some structure there. To what degree can you get
detailed? Exactly how is access going to be implemented,
specifically with respect to what sort of corrective measures
are available to somebody? Once they have access, what
information ought to be changed or can a person change if they
do not like it?
Mr. Rotenberg. Well, it is a problem, but I think it is
also a problem that has been handled in the past. It has
certainly been handled fairly well in the credit reporting
world. People who disseminate information say: To the best of
our understanding, this information is accurate, and the credit
subject seems to disagree with what we know about this person.
So what that statute says is: Okay, give that person a
right to include in the record his own interpretation about
what the bill was not paid. Then the person who receives the
file can see what the credit reporting agency is saying and
what the credit subject is saying and make a determination
about how to interpret it.
But we have not even approached that type of resolution to
I think the question that you are asking, because we are still
not sure about whether people should have the right to access
these profiles. I think we have to take that as a starting
point and then figure out how we would resolve these important
questions that you have asked.
Senator Kerry. Now, what is the distinction between the
profile as it has been described, that is achieved by a cookie
or by ten million cookies and the profile that somebody might
have created on themselves by repeated visits to Macy's,
Neiman-Marcus, and whatever numbers of stores, and they then
are getting X number of catalogues coming to their house on a
regular basis?
Mr. Rotenberg. Well, I think they are different in at least
two respects. One, it really is the nature of this interactive
digital environment that you can collect a lot more information
about individuals. That is why these----
Senator Kerry. Let us stop for a minute.
Mr. Rotenberg. Yes.
Senator Kerry. If we have proceeded--I am not saying
laissez faire. I have said we have got to have a standard and
we have got to put something in place. Let us assume we put in
place a very clear notice requirement with the principles of
choice and access and security as subtexts of that notice. This
is what we are trying to achieve as a full measure of people's
ability to participate in the following way. They are the
principles that have already been adopted fundamentally by the
industry and others, but there is not a clarity to them
necessarily.
Let us say that that is the structure you have here. But
you are giving to companies like Engage and others out there
the creative capacity to provide the technologies and the
competitive abilities to offer people ways of satisfying their
desire to have this adequate privacy. Would you not possibly
excite a greater response and in fact a speedier response
conceivably by approaching that for a little while here to see
how this develops?
Mr. Rotenberg. I think the critical question at this point
is what direction is this self-regulatory experiment taking us.
Senator Kerry. But I have gone beyond the self-regulatory
in that, because if we have gotten very specific as to the
level of notice. Let me say that I have particularly become
sensitive to this in the last months. I have tried to find
different people's privacy and some you can see it on the home
page, boom, you hit it, and it is lower down, it is not exactly
leaping out at you, but you can find the word ``privacy'' or
some protective disclosure. On others you have got to go
multiple clicks away, and in some cases it is quite complicated
because then you have got to type in a relatively long and
complex address to go find it and get the full privacy level.
So it is clearly a discrepancy between companies as to what
they are prepared to offer people in terms of disclosure. There
is no question about that. But if we were more clear about that
requirement of disclosure and there is a clear understanding
that it is an unfair trade practice not to provide that up
front choice to people adequately. You then have empowered the
FTC in terms of enforcement to the degree they can and you have
left it to people like Engage and others to hopefully come back
with a series of competitive measures that offer people what
they want.
Do you see something lacking in that?
Mr. Rotenberg. Well, Senator, I think the problem--and I
certainly understand what the proposal would--I think I
understand what the proposal would accomplish. But I think the
problem is that even if we have a simplified notice and a clear
notice where people can make better informed choices, we will
still end up forcing consumers to choose between their privacy
and the benefit that the website is offering.
I believe that there are solutions that will allow us to
avoid those choices, so that advertisers can reach customers,
so that web merchants can effectively deliver their products,
without requiring consumers on the Internet to make a choice
that invariably involves giving up some degree of privacy.
Senator Kerry. I think you have got to be more explicit on
that, because I have a hard time envisioning it. I mean, I
assume you would agree that there is a major problem if
advertising cannot support the Internet, correct?
Mr. Rotenberg. No.
Senator Kerry. I mean, the dream has been that the Internet
is going to be free, fundamentally supported by advertising.
But the verdict is out on that. I mean, I understand the number
of--Mr. Smith, is not the number of clicks that are currently
recorded as spending meaningful time or making a purchase is
lower, it is about 1 percent, is it not?
Mr. Smith. Right, it has been dropping. But also the number
of banner ad impressions has been going up much faster. So it
is not necessarily an indication of a problem, just that the
number of ad impressions has gone way up. And the companies who
are showing banner ads, revenues are rising very rapidly. So
more money is coming in on advertising.
Senator Kerry. And I think if I am correct, the current
prognosis is that the advertising revenues are going to go from
something like $6.7 billion up to $20 billion in the next
couple years. But that depends on the continuing capacity of
people to be able to market effectively.
Mr. Smith. Right.
Senator Kerry. If all of a sudden that is taken away
somehow because this balance of what you are saying, the choice
between adequate protection and capacity to be able to
effectively figure out who you are reaching is not in balance,
you could wind up with people choosing sort of what they think
is going to be good for them to protect themselves, but in
effect it is going to deny people the capacity to know how to
advertise or how to target.
Mr. Smith. One thing, now. The jury is also still out on
whether online profiling is effective technology for ads. I do
not think that has been proven at all. The New York Times had
an article about a month ago on this exact subject.
Senator Kerry. Well, I think the point is, the point being
made by Mr. Jaye, while he is speaking for a specific company
and technology and it may be that others can do it as well or
whatever, but the point is that they have the ability to
provide a lack of profiling, a specific guaranteed lack of
personal profiling and use of personal information, but still
permit an adequate balance with respect to the advertising
needs. Am I correct?
Mr. Jaye. Yes, that is correct.
Senator Kerry. It seems to me that if that exists, if it is
there in technology and it is really an effective component of
the notice that is right up front, that if somebody is, in
fact, that is their sine qua non of participating in the
Internet, they can get it. And if that notice is required
adequately up front, then have we not provided the protection?
Mr. Smith. None of us have seen our profile, so I am not
sure how we can say. We are going by the word of the companies
on what they say they are doing and they are not doing. I hear
from DoubleClick that they stay away from medical issues, yet
they put web bugs on anti-AIDS drugs. So I do not know what to
think.
Senator Kerry. I mean, there is a distinct difference
between typing in a search word ``AIDS'' and getting back some
drug advertisement or something versus some medical record of
yours with respect to a test or a visit or something else.
Those are two different worlds.
Mr. Smith. Right, but in between here is----
Senator Kerry. Do not confuse it as a medical. That is not
a medical.
Mr. Smith. But what I am talking about is an invisible
image at the Procrit.com website that sends back a message to
DoubleClick saying you are now here and, oh, by the way, you
are interested in cancer treatment. So I do not see that--yes,
it is not medical records, but it is not just viewing a banner
ad, either.
Mr. Polonetsky. If I could jump in----
Senator Kerry. Yes, Mr. Polonetsky.
Mr. Polonetsky. And perhaps explain a little bit about what
these tags do. The sites want to know how many unique users
have visited their site and they also want to know which of the
ads they have run have brought unique users. Johnson & Johnson,
which is the operator of Procrit, might be running an ad on
AOL, might be running an ad on Yahoo, might be running an ad on
a DoubleClick Network site, and wants to know how many people
are coming, how many anonymous unique users are coming to the
Procrit site from each of the sites where ads were displayed.
They use this spotlight tag, as we call it, or, as Mr.
Smith calls it, a web bug, to simply anonymously keep a record
of how many users are coming to the site and did they come from
the ad that Johnson & Johnson ran on AOL or Yahoo. Innocuous.
The information does not belong to DoubleClick. We are
providing this service on behalf of the Johnson & Johnson
Procrit site. We do not use it for a profile.
Senator Kerry. How do you answer the question posed by Mr.
Smith as to whether or not he can have some kind of personal
guarantee that that is in fact all you are doing, so that he
will know that is the full profile?
Mr. Polonetsky. He has got a number of guarantees. Number
one, we employ an outside third party auditor, so the
commitments that we make are audited by PriceWaterhouse-
Coopers, so that we can guarantee that we do what we say we do.
My role as Chief Privacy Officer, as a former consumer affairs
commissioner, is to report directly to our Board and be the
inside watchdog ensuring that we live up to the commitments we
make.
Frankly, our clients would be very unhappy if we took
information about how many users were coming to their site, and
how their site was doing, and which parts of their site were
getting more hits, and which ads were bringing people to their
site, and used it for anything else. So we legally are bound to
make sure that any information, anonymous information that we
are getting from a tag, is used specifically for that purpose:
given back to the advertisers so they know how they can manage
their content.
Senator Kerry. Mr. Rotenberg, if that kind of guarantee can
be put in place and you have the capacity through the software
being provided by Engage or others to be able to give people
that option, what is the compelling rationale for something
more mandated and intrusive?
Mr. Rotenberg. Just to be clear, Senator, when you or I
surf the Internet and banner ads are placed, we are not
choosing between Engage and DoubleClick as the company that is
going to serve ads to us.
Senator Kerry. You are saying anybody can do that.
Mr. Rotenberg. Exactly. Anybody can be doing this in the
background. And while I agree with you that I think Engage is
doing some good things certainly, I do not think privacy
legislation is going to undermine what Engage is doing. If
anything, it may spur the development of half a dozen companies
like Engage, all looking for better privacy solutions.
Senator Kerry. What is the technological response to the
fact that once it is out there on the web, so to speak, anybody
can grab it and try to use it and pull it down? What is the
response to that, either Mr. Jaye or Mr. Smith?
Mr. Jaye. Well, first of all, it is not anyone. They
require certain network connections that make certain types of
transfers possible. But in particular, the commonly used
technology is this thing called third party cookies, that is
cookies that are set and sent back to a website other than the
website the consumer is specifically visiting.
That does not mean that anyone can; only the sites that are
working with each other. So for example, there usually has to
be a specific relationship between the website and the third
party in order for the third party to gain that data.
In terms of the technical aspects of it, that is one of the
reasons why two and a half years ago I initially started
working on this trust label standard at the ITF, which was a
standard to focus on how do you take that cryptic pop-up box
telling you that a cookie was being set and to tell you what it
meant, what it was going to be used for, and more specifically
make it so that the riskiest behavior to consumer privacy,
which is third party cookies, would have a hard and fast
requirement that those cookies would have to pass muster, they
would have to be digitally signed by seal authority before they
would be allowed through or else robust notice and choice would
be provided to the consumer.
So I actually do disagree at the moment with the people on
my left and right with regard to technical solutions addressing
the legislative need, because I think that type of technology
solution goes farther than any legislation could go in ensuring
that we do not have bad actors who are beyond our reach.
Mr. Polonetsky. Senator Kerry, if I could just correct the
record for a second as well. There was the data spillage issue
that was raised earlier and some of those were DoubleClick
examples. There was a technological issue and that is the
reality that there are some sites that accidentally--they
should not, but accidentally--have information sent to anyone
they link to if there is a form on that page.
Now, we certainly informed our clients that they ought to
take a close look and make sure they are not accidently finding
unintended information. But we have also implemented a
technological fix to this problem, in addition to saying please
do not send us anything that we should not have, we do not want
it, we do not use it, it does not go in a profile, but do not
even send something that someone will get nervous about. We
have set up a process where our ad servers truncate anything
after the question mark.
So if we are accidentally sent information from a website
that we do not want, it does not even get recorded because our
technology automatically chops that off so it does not get to
us.
Senator Kerry. Well, query whether you would all be better
off if we were to be more mandatory in being sort of
prophylactic about the capacity of that kind of accident to
occur. In other words, if we make it unlawful for people to
transfer and use, or to use conceivably, that kind of third
party transferred information, would that have an excessively
intrusive impact, based on the fact that you are saying that
this would be accidental and therefore no company would set out
to do it and therefore no one should be impeded by our saying
that is an unlawful act?
Mr. Polonetsky. Well, I think this is probably the best
example of how self-regulation works. Here was a technological
flaw which we all appreciate Richard Smith for helping point
out and identifying, and all the companies who are in the
industry--and frankly, this is not solely an ad server problem.
If I have a website and I have got a form because I am selling
something or registering and I have links to other sites that I
have got partnerships with or that I am linking to because it
is useful information, I can accidentally at this website be
sending that information in any direction.
So this is a technology problem with the way some websites
are set up. When it was identified, all the responsible sites
quickly took a look and made sure they were not doing it.
Frankly, those of us who are at the receiving end, who are
being accused of getting this information and using it or
having it, very quickly said to our clients: Do not
accidentally do this, and here is how we are going to make sure
it does not get to us.
So I think legislation probably cannot even anticipate some
of the other practical problems. This is a perfect example of
industry becoming aware of a flaw in the infrastructure of the
technology of the web and then quickly fixing it so that it
does not happen.
Senator Kerry. Should it be technologically feasible or
even should it be a matter of public policy that if somebody
did not want pop-up ads at all that that should be an up-front
part of notice and they should be able to opt out of those
immediately?
Mr. Polonetsky. It has been our policy at DoubleClick since
1997 to have an opt-out link, even when----
Senator Kerry. But it isn't easy to opt out. I mean, let us
be candid. There are lots of people in the country who would
like to opt out of a lot of things on the net and it is very
hard to do even for people that know how to use the net.
Mr. Polonetsky. I think it is our job to make it frankly
easier. The Internet is 1,700 days old; our company has been
public for two years. I think this huge growth in sites having
privacy policies from 14 percent two years ago to 90 percent--I
agree, now those policies need to be complete. But I think we
are making real rapid progress and in an industry that is still
in its infancy, and frankly, consumers will use the Internet
that we are first imagining.
So I argue that if industry is moving in the right
direction, is eagerly working with the FTC, working with each
other, to put the appropriate protections in place, I think you
are seeing the ideal of how responsive self-regulation should
and can work.
Senator Kerry. What do you think, Mr. Rotenberg?
Mr. Rotenberg. Well, I think it is fine to encourage
industry to address privacy concerns, and in that respect some
progress has been made. But at the end of the day, I think you
really have to focus on the central question, which is, is
consumer privacy being protected? That is about more than
assurances. It is about what is really happening, whether
people can exercise opt-out, what the purpose, frankly, of
choice is in this very important policy world.
So certainly as a privacy advocate I do not want to
criticize industry groups for trying to address this issue. But
also as a privacy advocate, I have to say to you my sense is
that the gap between the amount of privacy protection that
people expect and the amount that they are receiving online
continues to grow, and it is going to grow further. That is why
we need legislation, to give people control over their personal
information.
It may mean that more companies like Engage are going to do
well in that world, because it will be a world where privacy
will be important.
Senator Kerry. Did one of you want to respond to that or
you are comfortable on it?
[No response.]
Senator Kerry. Well, there is no question in my judgment,
as I have said at the outset, that we need to establish the
standard here. The question is how far do we go and how
quickly, and I think it is the balance that we need to find.
You said, Mr. Rotenberg, that it is a different kind of
privacy problem on the Internet. I just wanted to explore that
with you for a minute. Obviously, because it is electronic,
because it is global, because it is fast, there is a perception
issue there. But tell me how in your judgment? Is it the
distribution network that makes it so different and raises the
specter of threat?
Mr. Rotenberg. It is the ability to track and monitor what
you do. If you go into a book store, pick up a book, put it
back down, find another one you like----
Senator Kerry. Right, nobody knows what book you looked at.
Mr. Rotenberg [continuing]. Pay for it by cash--there is a
tremendous amount of anonymity in the physical world, and so
much of what we do--driving in our car, walking on a street,
riding the Metro, cash-based transactions, this is all
anonymous by and large.
In the online world, there are a great deal of incentives,
understandable incentives, to collect information about what
people do. You cannot do it offline, but you can do it online.
That is what created the problem here. It is because this
information could be collected and that there was no way to
protect privacy when, for understandable reasons, I may well
have done the same thing at DoubleClick or Engage in terms of
building these profiles.
That is why I think Congress needs to take some action in
this area. It is different.
Senator Kerry. Well, it is more intense, but as to the
browsing and as to the collection of that information, again it
is possible to create a standard by which people are offered
the opportunity to have that be anonymous, is it not?
Mr. Rotenberg. Anything that we can do to promote anonymity
online--and you have mentioned this several times, Senator--I
think should be encouraged. I think a lot of people who are
familiar with the history of the Internet--and I do not just
mean the last few years of the World Wide Web and electronic
commerce, but know the history of how this network of
interconnected databases could allow people to freely collect
information--look at data, post news, read news, without
disclosing identity--understand that anonymity has always been
a very big part of online privacy.
It is that interest that is now being threatened. Now, as I
have said before, I think advertising can be made to work, can
be made to work very well. I said it in my testimony, in many
ways the Internet offers a wonderful platform for giving
information to consumers. But I think we have to draw some
lines, and one line to draw is when we are collecting
information about individuals.
Senator Kerry. There is, I assume you would agree, a
distinction between--well, I think we have been over that. I do
not think we need to beat that over.
On the third-party cookies, is there a specific--should
that require a specific remedy legislatively directed, or is
that something that under some privacy policy you think it
could be contained?
Mr. Rotenberg. I think if we have a general rule on the
collection and use of personal information online that will be
easiest for businesses, because they do not have to sort of go
back and forth, where are we; and it will be easiest for
consumers because they will know what the expectations are. I
am just concerned if we try to draw too many lines particularly
related to certain technologies or certain business practices
that we are familiar with today----
Senator Kerry. So it is better to have a broader standard
that applies, which is basically the way I think we are
heading.
Mr. Rotenberg. Yes.
Senator Kerry. Understood.
Well, I appreciate it. It is a very interesting subject
with a lot of complexities, but it is very important that we
try to get it right. I am very grateful to you for your input,
all of you here today.
The record will remain open for two weeks. If anyone wants
to update their statements, they can do so. Likewise,
colleagues can submit questions in writing.
At this time the hearing is adjourned.
[Whereupon, at 12:40 p.m., the Committee was adjourned.]
A P P E N D I X
Prepared Statement of Mr. Steve Markowitz, Chairman and CEO,
MyPoints.com, Inc.
Mr. Chairman and Members of the Committee, I am Steve Markowitz,
Chairman and Chief Executive Officer of MyPoints.com. I am pleased to
have the opportunity to submit testimony about my own and my company's
sentiments concerning the important issue of online profiling and
privacy and I thank you for the forum to explain MyPoints' consumer
privacy program, which, I maintain, could form the basis of an industry
standard.
MyPoints.com is the Internet's most popular promotional site, and
the Internet's fifth most popular shopping site. More than eight
million consumers have voluntarily joined our online membership
program--MyPoints--and given us express permission to contact
them via e-mail with targeted advertising offers on behalf of our
clients. We reward consumers to interact with our advertisers, and our
advertisers rely on us to provide them with an integrated suite of
cost-effective, permission-based e-marketing tools.
The MyPoints Program was developed as a ``True Opt-in''
Internet service, and express permission lies at the heart of our
business model. Put simply, MyPoints has one of the Internet's
strongest privacy pledges--guaranteeing to each member that his or her
personal information will not be released to any third party without
his or her express permission. MyPoints members are fully aware and
have expressly approved of our information practices.
We feel so strongly about our True Opt-in marketing approach that
we have trademarked the term ``True Opt-in.'' However, while extremely
well positioned in the competitive and volatile e-marketplace,
MyPoints.com--like any company in the Internet marketing services
space--is not completely insulated from the privacy concerns rumbling
through Internet message boards, the national media and now, the halls
of Congress. Impact on the industry at large can have an impact on
every player in the industry--even players on the right side of the
privacy debate. In fact, the only way to fully protect every company in
this important and fast-growing industry is for a strong move by the
federal government to regulate this space, and help allay consumer
concerns once and for all. Self-regulation is nice in theory, but with
heavy vested interests in a less than-fully consumer focused privacy
policy, change will be, I fear, too slow to offset consumer concern
over Internet privacy issues. Swift and sure movement by the government
is the best answer.
Let me begin by explaining MyPoints' stand on privacy, and then I
will address how the industry and government need to cooperate to frame
effective legislation. The MyPoints privacy policy makes certain
absolute guarantees to our Members. First and foremost is our pledge
never to release personally identifiable information to any third party
without the Member's express consent. Thus, any person who enrolls in
our program does so voluntarily with the knowledge that their
personally identifiable information is safe in our hands. This key
concept is the foundation of our relationship with our Members, a
relationship based upon trust. We send all communications to the Member
on behalf of our advertisers--we do not reveal our list of e-mail
addresses to anyone. Members are then rewarded simply for reading and
responding to the messages they receive by e-mail and on our website.
On the Internet today, consumer privacy has become an oxymoron.
Businesses have the ability to track consumers as they move about the
virtual world, noting what they like, what they don't like, how long
they spend at one site or another, what they buy and how much they
spend.
For many businesses, the name of the game in Web marketing is
data--personal data that sophisticated advertisers use to target ever
more specific offers. For the consumer there is a bright side as well
as a dark side. The bright side offers ever-more-relevant advertising
and opportunities to extract more value from one's time online. The
dark side shows itself when companies most consumers don't know exist
compile deep profiles on them and manipulate personal data on behalf of
advertisers most consumers never asked to hear from.
It is necessary for government and industry groups to consider both
sides carefully as they inevitably make their way towards more
stringent regulations regarding true consumer privacy on the Internet.
However, a threshold issue has already split the Internet marketing
industry into two camps--the question of who should regulate whom. Most
Internet industry groups call vociferously for self-regulation. The
standard refrain is that government meddling will lead ineluctably to
inefficiencies in a fast-moving marketplace. Yet, it is precisely the
speed at which the Internet is developing that demands a more active
role by the government in protecting consumer privacy online.
There are more than 10 million commercial Web sites in the United
States alone, and the number grows by scores every day. Unfortunately,
according to the recent survey by the Federal Trade Commission (FTC),
only 20% of Web-based businesses currently comply with FTC standards of
fair information practices. There is also significant confusion over
what ``Internet privacy'' really means. Ask five Web site managers to
describe when a user has ``opted in'' and you are likely to get five
very different answers. The Internet marketing industry in general has
proven to be a fairly lax self-regulator. Like any big city on the
information highway there is a Main Street and there are back alleys,
and many ``back alley'' companies have been less than genuine in their
dealings with consumers, especially with respect to the protection of
personal information.
This leaves an important and immediate role for government to play
in protecting consumer privacy by setting fair and simple guidelines
and actively enforcing them. Banner bar networks are one example of
where regulations would be an improvement. Many have been known to
surreptitiously collect user information, and although they do give
users the opportunity to opt out, this presents a barrier to the
average user who simply does not know how to go about it. On the e-
mailer's side, many use an ``opt out'' standard as well, which presents
additional barriers to the unwary consumer. These and other dubious
means to get the user to supply information and supposedly ``agree'' to
its use are what have caused user alarms to sound. A clear-cut,
government-enforced policy would eliminate this issue, in no way
impeding the conduct and growth of legitimate Internet businesses.
Regulation is not something for the industry to fear. A major move
by the government to take charge of this matter will do much to allay
consumer concerns (real and imagined) about Internet security, which
will in turn drive the continued embrace of the Internet. Companies
that will prevail in today's Internet marketplace will do so precisely
because of the relationships they have with their users. Trust is the
key to building that relationship. The problem is not the collection
and manipulation of data per se, but collection and manipulation of
data without express permission based on full disclosure of a Web
marketer's data practices. Consumers are smart. Let them make the call
from there.
Many online marketers will ask, why should this be? In the offline
world, after all, the rule was ``opt out.'' Consumers were fair game
for marketers so long as they didn't specifically ask to be exempted
from the marketing process. But on the Internet, the rules are
dramatically different. Marketers unprecedented power to deliver
messages less expensively, faster, and far more effectively than ever
before. And it is precisely because of the unique advantages of the
medium that marketers must make a trade--the ability to utilize the
medium in exchange for a higher degree of respect for the consumer's
roll in creating it. The Internet is a channel for the consumer, by the
consumer.
Thank you Mr. Chairman for allowing me to express my views on the
online profiling and privacy issue and share MyPoints.com's commitment
to protecting online consumer privacy.
______
Additional Testimony of Richard Smith, Internet Consultant
During the Senate Commerce Committee Hearings on June 13, 2000,
Daniel Jaye of Engage and myself disagreed on the issue of the number
of Web sites which link to the Engage privacy policy. After the
hearings, I did some further investigations of the issue to see why Mr.
Jaye's and my numbers were so different. What I found is that the
AltaVista search engine was able to locate more than 1,100 Web sites
that contain links to the Flycast privacy policy. Flycast is an ad
serving company that Engage acquired earlier this year. Clicking on one
of these Flycast links actually takes a person to the Engage privacy
policy and opt-out page. I believe that for the consumer this is a
confusing situation about who Flycast is versus who Engage is. However,
I now do agree with Mr. Jaye that Engage has worked with member Web
sites of its ad networks to have these sites link to the Engage privacy
policy.
�