Nov. 27, 2006 – Internet companies and third-party ad agencies are stalking consumers online to pick them off with advertisements tailored to specific behavior and buying patterns. Evolving technologies track your virtual footprints, peek at your online purchases, count how many times you click a link and piece together behavioral profiles based on what you search for and buy.
Such predatory behavior is "almost a central requirement of the current business model," said Marc Rotenberg, director of the Electronic Privacy Information Center (EPIC). Rotenberg says the art of spying on Internet users to better target them with advertising has evolved from broad-based marketing to a targeted, "one-to-one" approach.
"[One-to-one marketing] requires knowing a lot about Internet users â€“ where they live, what theyâ€™re interested in," Rotenberg told The NewStandard. "We consider that surveillance."
Currently, the only law that specifically regulates online privacy applies to children under 13 years old, according to the Federal Trade Commission (FTC).
This month, two watchdog organizations filed a 50-page complaint with the FTC concerning online privacy. Together, the privacy group Center for Digital Democracy (CDD) and consumer advocates US Public Interest Research Group (US PIRG), are pushing the agency to take action.
The groups want the Commission to investigate online advertising practices, immediately halt the most egregious consumer-abusing practices, and recommend federal legislation to regulate online marketing practices as they relate to privacy violations.
â€œ[One-to-one marketing] requires knowing a lot about Internet users â€“ where they live, what theyâ€™re interested in. We consider that surveillance.â€
Jeff Chester, director of CDD, said marketing tactics used by companies such as Microsoft, Google and AOL, as well as advertising firms, are "a broad-scale invasion of the privacy of Americans."
Additionally, the complaint warns, consumers lose the ability to "browse anonymously, to window-shop," or to just "be left alone."
While the FTC would neither affirm nor deny that it has launched an investigation, Jessica Rich, assistant director in the division of privacy and identity protection at the FTC, told TNS that the agency has received the complaint.
"We are interested in it," Rich said. "Weâ€™re looking at it. Weâ€™re going to be meeting with people who can educate us on it. So weâ€™re taking it very seriously."
On the heels of consumers
In order to stealthily mine consumersâ€™ information for marketing, companies use "cookies" to view Internet usersâ€™ online whereabouts, employ "web beacons" to monitor if users have viewed a page or e-mail, and store the personal information that users are forced to provide to sign up for online services.
In hocking its own "AdPath" technology, the marketing agency Blue Lithium promises prospective clients that it can track consumersâ€™ preferences and then target advertisements appropriately. The companyâ€™s promotional material states, "AdPath guarantees the right audience by tracking user actions and interests and then serving your ad to only those consumers who have shown an interest in what you sell."
â€œThe online advertisers see communities like MySpace as a kind of one-stop-shop to harvest hundreds of thousands upon millions of data profiles.â€
Blue Lithium clients can also "ride along" with prospective customers as they browse a companyâ€™s own site or any of the Blue Lithium networkâ€™s more-than 1,000 member websites, serving those unsuspecting Web users "sequential offers as they go."
The marketing agency ValueClick Media promises clients can "identify the consumers most likely to respond to" their messages through the use of "demographic and psychographic segmentation." ValueClick boasts that it can provide specific information about Internet users, including age, gender, household income, number of children, education level and Internet service provider.
Internet companies and ad agencies shadow Internet users as they roam the Web and make purchases, said Chester of CDD. Then, he explained, Internet companies engage in "segmentation" â€“ corralling certain potential consumers and herding them through preconfigured channels on the Internet. Doing so, while also trampling privacy, he said, creates an "illusion of free choice."
"Increasingly," Chester said, "our cyber traffic will reflect a fun-house mirror where weâ€™re not really seeing images of who we really are, but what the big marketers would like us to be."
ValueClick, Blue Lithium and a leading firm called Atlas did not respond to interview requests.
Mining consumersâ€™ online lives
In an attempt to get inside consumersâ€™ heads, companies are not just monitoring where people travel on the Web; they are also analyzing what people look for with search engines.
â€œWithout the consent of the American public being placed at the core of the US communications system are powerful, unchecked technologies designed to drive individual behavior toward consumption and acquisition and further materialism.â€
Increasingly, companies are also electronically trawling for personal information in public spaces on the Internet â€“ such as blogs and online communities like MySpace â€“ in order to later hook consumers with precision.
The president of Fox Interactive gushed over the information that MySpace users provide. "The digital gold inside of MySpace wasn't the number of users, but the information they're providing, structured and unstructured data," Ross Levinsohn said in June, according to Online Media Daily.
In July 2005, MySpace was purchased by the media giant News Corporation, which also owns Fox. Many analysts have speculated that the ability to mine personal data from tens of millions of unsuspecting MySpace users was the real motive behind the purchase, with potential ad revenues a secondary consideration.
"The online advertisers see communities like MySpace as a kind of one-stop-shop to harvest hundreds of thousands upon millions of data profiles," Chester told TNS.
Microsoftâ€™s Digital Advertising Solutions lets clients have access to consumersâ€™ "digital world" by mining the information found in Windows Live programs â€“ new Internet software that offers mail and chat services. "Interaction with users on Windows Live Spaces means you can reach your target audience as they open and share their lives with their online community of friends," Microsoft says of the service.
The CDD and US PIRGâ€™s complaint asked the Trade Commission to specifically investigate Microsoftâ€™s marketing practices.
Microsoft would not grant TNS an interview. Instead, the company sent a statement proclaiming its openness regarding privacy policies and insisting its adCenter technology "works in a way that protects consumersâ€™ privacy."
In 2005, Jonathan Carson, director of the company Nielsen BuzzMetrics, discussed in a newsletter how consumer buzz could be studied by "employing sophisticated search software and linguistic algorithms to passively monitor the billions of naturally occurring conversations that occur in blogs, online message boards, public e-mail groups and consumer-ratings websites."
Chester said he is disturbed by these practices. He said consumers are "losing all sense of privacy as a result of these unchecked technologies and the lack of policy safeguards."
But Chester warns that the dangers of the marketing practices â€“ all designed to get consumers to buy more â€“ go beyond infringing on privacy. "Without the consent of the American public," he said, "being placed at the core of the US communications system are powerful, unchecked technologies designed to drive individual behavior toward consumption and acquisition and further materialism."
Ignorance vs. bliss
While most Internet users are unaware of how their personal information is being used, Internet companies say itâ€™s all in the fine print.
A TNS analysis of Microsoftâ€™s, Googleâ€™s and AOLâ€™s privacy policies reveals that indeed, consumers are warned that their information may be tracked, collected and stored.
Each of the top 100 commercial sites posts privacy policies, according to the FTC.
Chester says one of the biggest myths surrounding the collection of user information is that people remain anonymous to companies. There is not always a name or physical address connected to the profiles marketers are aggressively building, but each record has a unique identification code. As a result, "marketers know who you are, where you've gone, and what you've done online," CDDâ€™s complaint reads.
The dearth of legal protections specific to the Internet has left the FTC using a mixed-bag of privacy laws to police the industry. The Commission has used its authority under Section 5 of the FTC Act, which forbids unfair or deceptive practices, to enforce companiesâ€™ compliance with their own privacy statements.
Additionally, the Childrenâ€™s Online Privacy Protection Act, passed in 1998, requires companies to obtain verifiable parental consent before collecting the personal information of kids under 13.
The FTC also relies on companies to self-regulate online profiling. In 2000, the FTC began helping a cooperative of marketing and advertising agencies draft self-regulatory principles to ensure a degree of online privacy. The Network Advertising Initiative (NAI) principles require voluntary member companies to post a notice on all websites they service that tells consumers a cookie may be placed on their computers. Members must also give consumers an "opt-out" method, whereby they can choose to disengage the cookie.
There are currently eight full-compliance members, including industry leaders, according to the NAI website.
Privacy advocates, however, do not think the industry-written standards have teeth. Rotenberg, of EPIC, slammed the principles in a 2000 report, saying they "perpetuate the secretive tracking of Internet users" and "place the burden of privacy protection squarely on the consumer by relying on opt-out for both tracking of Internet users and linking of profiles to personally identifying information."
In a 2000 report to Congress that touted the NAI principles, the FTC also made recommendations for "backstop legislation" to ensure the protection of consumersâ€™ online privacy. When asked about the suggestionsâ€™ status, Claudia Bourne Farrell, a spokesperson with the Commission, said, "I donâ€™t remember what those legislative recommendations are, but apparently Congress did not pass the legislation."
Rich, of the FTC, said the agency is using the complaint as an "opportunity to revisit the NAI principles."
"Weâ€™re getting up to speed again on [online-privacy] issues, which we havenâ€™t looked at in several years," Rich said.
In 2001, then-FTC chair Timothy Muris said the agency could do little to stop online privacy violations. Muris remarked in a speech that "it is too soon to conclude that we can fashion workable legislation" to curb abuses of online privacy. He even criticized pursuing such broad-based regulations as "extraordinarily difficult" and "daunting."
Earlier this month, the FTC held public hearings that explored the way changes in marketing and technology affect consumer protection.
Real national policies
Although privacy policies may warn consumers about what companies do with their personal information, consumers often have little recourse to stop the practices if they want to use companiesâ€™ services. While the policies say consumers can choose not to release their information, doing so could limit the services that are available to them. That is, "premium" services are sometimes offered to induce consumers to surrender their privacy.
Instead, Chester and other privacy advocates are pushing for "opt-in" standards, which means "no data is collected about you unless you agree to it in advance."
Rotenberg, of EPIC, said he would like to see "genuine privacy protections that are consistent across the Internet."
Chester said he hopes that the groupsâ€™ complaint will spark action by the FTC and Congress.
"The future business model that Microsoft and all these companies have is the ability to harvest our data for tremendous profit," he said, speculating that new policies could lead to a sea change in Net usersâ€™ caretaking of their own online privacy. "If there were real national policies to protect our information, most people would not allow it to be used in the way the industry intends."