Category: privacy

Progress & Freedom Foundation & Online Privacy: Looking at PFF’s Online Ad Industry [& Data Collecting] Funders

Two staffers from the Progress and Freedom Foundation (Adam Thierer and Berin Szoka) issued a quick response to the new FTC online marketing privacy principles.  In a press release announcing the short paper, PFF explains that:

Tighter regulation of the online advertising market in the form of privacy mandates, the authors warn, “would severely curtail the overall quantity of content and services offered—and greatly limit the ability of new providers to enter the market with innovative offerings.”

It’s interesting to consider what such “tighter regulation” of the online marketing might mean for the companies that fund the Progress and Freedom Foundation.  The list includes heavyweights of online data collection, such as Google, Microsoft, News Corp (MySpace and other Fox Interactive properties) and Time Warner.  PFF funders include monopoly ISPs which want to get into interactive data collection and online ad targeting big-time, such as Comcast, AT&T, and Verizon (other PFF supporters include a number of companies engaged in online ad targeting, such as Cox, CBS, NBC, etc).

Perhaps a good research project for PFF would be to examine the online data collection, analysis, and ad targeting work being done by its funders (including all the technologies being used).  We’d like to see the press release on that one!

Online Ad Privacy Watch: Those “Pixels” Are Tracking You [Annals of Behavioral Targeting]

In bringing the issue of what is considered personally-identifiable information more up-to-date, the FTC has finally begun to acknowledge the ever-expanding techniques used to collect information about our online experiences.   Case in point, the modest “pixel,” an invisible piece of data placed on your browser–in the words of one online ad marketer, a digital “mole.”  It’s worth reading the entire article “What a Pixel and Cookie Can Reveal,” by Brian Massey (ClickZ.  Feb. 4, 2009).  Here’s an excerpt:

The pixel delivers a list of basic attributes… These basic attributes include:

  • IP address, character set, and encoding
  • Language, connection, and host
  • Referrer, browser, and portal

The pixel can also pass along just about any information that the browser knows:

  • URL, server name, and posting method
  • Search keyword, keyword phrase, or search engine term
  • Time and date, time of day, day of the week, and week of the year

The URL provides the entire content of the page visited by the surfer:

  • Text, images, headings, and navigation
  • Parameters and values
  • Were they home or just landing?

The IP address can be used to look up more information:

  • Country, state, and city
  • ISP, cable, DSL, or dial-up
  • Bot, crawler, or spider

By adding a cookie, surfer data can be aggregated over time, and more can be inferred about visitor behaviors…

Once we get ZAG [Zip code, age, gender], we can start to segment visitors more accurately:

  • Where do they live?
  • What do they make?…
  • What is their profession, race, marital status; do they have kids; and other census data           And when we integrate this information with other non-PII databases, we can learn even more: What they buy, how often, how recently…

Baby Steps for Online Privacy: Why the FTC Self-Regulatory Principles For Online Behavioral Advertising Fails to Protect the Public

Statement of Jeff Chester, Exec. Director, Center for Digital Democracy:

The Federal Trade Commission is supposed to serve as the nation’s leading consumer protection agency.  But for too long it has buried its mandate in the `digital’ sand, as far as ensuring U.S. consumer privacy is protected online.    The commission embraced a narrow intellectual framework as it examined online marketing and data collection for this proceeding.  Since 2001, the Bush FTC has made industry self-regulation for privacy and online marketing the only acceptable approach when considering any policy safeguards (although the Clinton FTC was also inadequate in this regard as well).  Consequently, FTC staff—placed in a sort of intellectual straitjacket—was hampered in their efforts to propose meaningful safeguards.

Advertisers and marketers have developed an array of sophisticated and ever-evolving data collection and profiling applications, honed from the latest developments in such fields as semantics, artificial intelligence, auction theory, social network analysis, data-mining, and statistical modeling.  Unknown to many members of the public, a vast commercial surveillance system is at the core of most search engines, online video channels, videogames, mobile services and social networks.  We are being digitally shadowed across the online medium, our actions monitored and analyzed.

Behavioral targeting (BT), the online marketing technique that analyzes how an individual user acts online so they can be sent more precise marketing messages, is just one tool in the interactive advertisers’ arsenal.  Today, we are witnessing a dramatic growth in the capabilities of marketers to track and assess our activities and communication habits on the Internet.  Social media monitoring, so-called “rich-media” immersive marketing, new forms of viral and virtual advertising and product placement, and a renewed interest (and growing investment in) neuromarketing, all contribute to the panoply of approaches that also includes BT.  Behavioral targeting itself has also grown more complex.  That modest little “cookie” data file on our browsers, which created the potential for behavioral ads, now permits a more diverse set of approaches for delivering targeted advertising.

We don’t believe that the FTC has sufficiently analyzed the current state of interactive marketing and data collection.  Otherwise, it would have been able to articulate a better definition of behavioral targeting that would illustrate why legislative safeguards are now required.  It should have not exempted “First Party” sites from the Principles; users need to know and approve what kinds of data collection for targeting are being done at that specific online location.

The commission should have created specific policies for so-called sensitive data, especially in the financial, health, and children/adolescent area.  By urging a conversation between industry and consumer groups to “develop more specific standards,” the commission has effectively and needlessly delayed the enactment of meaningful safeguards.

On the positive side, the FTC has finally recognized that given today’s contemporary marketing practices, the distinction between so-called personally identifiable information (PII) and non-PII is no longer relevant.  The commission is finally catching up with the work of the Article 29 Working Party in the EU (the organization of privacy commissioners from member states), which has made significant advances in this area.

We acknowledge that many on the FTC staff worked diligently to develop these principles.  We personally thank them for their commitment to the public interest.  Both Commissioners Leibowitz and Harbour played especially critical roles by supporting a serious examination of these issues.  We urge everyone to review their separate statements issued today.  Today’s release of the privacy principles continues the conversation.  But meaningful action is required.  We cannot leave the American public—now pressed by all manner of financial and other pressures—to remain vulnerable to the data collection and targeting lures of interactive marketing.

FTC’s Behavioral Ad Principles–the last act of the Bush Administration? Why is the Obama White House Allowing the FTC To Remain Under the Leadership Appointed by Pres. Bush?

In a few hours, approximately between 10-11 am eastern, the FTC is expected to release its final “Online Behavioral Advertising Principles.” Originally released for comment in December 2007, the principles are a sort of Valentine’s Day present to the online ad industry from the (supposedly departed) Bush Administration.  From what we know, the FTC principles support self-regulation.  Online marketers will be told they should behave better–and here are suggestions.  It’s like a teacher telling a misbehaving student–‘behave better, dear,’ or else we will have to tell your parent (in this case, the guardian being potential congressional action).

My CDD urged Commissioners Harbour and Leibowitz to issue separate statements on the principles, and call for tougher requirements—especially in the area of so-called sensitive information.  This would include data connected to our financial and health related online activities (think mortgage and loan applications or queries for prescription drugs).  CDD and a coalition of groups also formally asked the commission to impose serious privacy safeguards for both children and adolescents.

But these principles were crafted within the narrow confines of the Bush Administration philosophy prevailing at the FTC.  Only self-regulation is permitted.  Consequently, such an approach likely means these rules leave the online data collection, profiling and targeted marketing system which comprise behavioral marketing off the privacy protection hook.

But one question looms at the moment.  Why has the new Obama administration allowed the FTC to remain under the leadership of Bush-appointee William E. Kovacic? The principles being issued today, in fact, reflect the “old” FTC, not one run under the philosophy of President Obama.  Why is the Obama White House failing to ensure a change of leadership at the FTC?  The agency is responsible for overseeing a huge portion of the economy, including critical financial issues.  It’s also supposed to be the leading agency on consumer protection issues.   The Obama White House should have–by now-found someone who would led the FTC, so it can better protect the public.

The principles being released today were only made possible because of the Bush FTC give-away to Google, when it approved its takeover of online ad giant DoubleClick.  CDD, the Electronic Privacy Information Center (EPIC), and USPIRG fought the merger, including on privacy grounds.  FTC Commissioner Pamela Harbour played a key role forcing the agency (then run by Chairwoman Majoris, whose husband’s law firm represented DoubleClick) to address the privacy concerns. As a consequence of the political pressure from its failure to seriously examine the consumer privacy issues of the Google deal, the FTC staff were told to develop these principles.

The next chair of the FTC needs to take privacy and online consumer protection issues seriously.  The agency does need more resources, but also a new spirit.  If the FTC had been on the job, and was examining how lending institutions were recklessly promoting loans and mortgages, maybe today’s mess wouldn’t be as tragic as it is.  More to come after the commission releases the principles.

Annals of Behavioral Targeting: Yahoo! targeting capabilities

From Yahoo Advertising [an excerpt:]

Demographic Targeting
Our more than 150 million registered users have told us a lot about themselves, including date-of-birth, zipcode, gender, and occupation, plus a wide range of self-identified interest areas. When added to standard 3rd party data, it adds up to an incredible array of demographic options.

Geographic Targeting
Based on zipcodes, we can target to states, DMA’s, election districts or virtually any other way of looking at the world by location.

Behavioral Targeting
Target visitors by what they are currently doing and have been doing. Looking for car shoppers, soccer moms or recent shoppers in any category? We have them…

Database Targeting
Match your customers with ours, and find lots more look-alikes, too.”

Google Latitude, Privacy and Mobile Marketing

Google’s new application called Latitude is just one of a growing number of efforts that help extend social networking into the mobile space.  But its role is also to help further develop Google’s online marketing and advertising apparatus into what will be a very lucrative mobile space.  After all, Google CEO Eric Schmidt declared in 2007 that the biggest opportunity online was “Mobile, mobile, mobile — it’s probably the most wide open space out there right now. Also, local. Most search companies don’t take advantage of the local data inherent in the web.”  Last year, in an interview with a German newspaper, Mr. Schmidt explained that “The next big wave in advertising is the mobile internet.”

Latitude fits in with Google’s plans to expand its mobile marketing business, and this should raise both privacy and consumer protection issues.   Reporters covering the online ad business spotted Latitude as a move by Google to broaden its mobile marketing clout.  For example, Laurie Sullivan from MediaPost noted that:

“Google came one step closer Wednesday to providing brands with a one-to-one mobile marketing and ad tool that speaks directly to consumers. The company, which dominates in the mobile mapping space, launched an add-on social network service called Latitude.

And while the service clearly aims to focus on social networking–connecting friends and family by sharing their whereabouts–the application could easily adopt mobile marketing applications that target users with special deals and ads at specific locations such as in front of Starbucks or McDonald’s as they drive or walk down the street…Industry insiders are not convinced the service will stop with a social network service to connect with friends and family. The social network is the next logical step for Google to further its mobile services–mapping, networking and advertising–but the technology makes location-based advertising a real possibility… said Dave Tan, VP of content solutions at Resolution Media, an Omnicom Media Group company. “Mobile advertising tethered to GPS/cell-tower based location information has tremendous opportunities…”  

Writing on AdAge.com, one marketer explained that “Google’s merging of a utility like Google maps with social networking is a great opportunity for marketers. Until now, social apps like those on Facebook and MySpace were used when primarily when one wasn’t doing anything else, making advertising to that person difficult for driving call to action. With Google Latitude, social networking is integrated into tools that people use while doing something or seeking something.

Of interest too was the announcement this week by Google Health partner Anvita Health that it was introducing “a new mobile viewer for Google Health that is built on the Android platform..The Anvita Mobile Viewer enables users of Google Health to view their Google Health profile data from Android-powered devices…This allows for on-demand and real-time view of their medical records anytime and anywhere and provides for more flexibility when visiting physicians, pharmacists, and other care provide…Anvita Health provides innovative health care analytics to its customers who, in aggregate, manage more than 50 million lives.”

Google should acknowledge whether Latitude will eventually be linked to marketing, and also if it is collecting any analytical data when users agree to use it.  For example, what kind of mobile health marketing does Google plan to do, and will it be connected to Latitude?  One of the frustrating things about Google is that it always attempts to frame what it does for the public as some beneficent gift.  It’s privacy PR video for Latitude describes the service as a “fun, useful feature.”  It should be more forthright about its plans for mobile marketing, and should develop a system which clearly informs users how the data will be collected and used.  Google should also more closely examine how to empower mobile users so they have real control of what data is collected–including what is used for marketing and advertising purposes.  But we are working to get the FTC to actually develop safeguards for this mobile marketplace, including ensuring “opt-in” really gives users knowledge and control.
PS:  It never hurts to see what Google is telling major advertisers they can do via its DoubleClick Mobile: “Now publishers can deploy mobile advertising with the same confidence and control as online display ads…gives you all the power you need to deliver truly effective mobile campaigns. When creating your ad, you can make use of link text, jump pages and roadblock pairing to deliver greater impact…DoubleClick Mobile enables you to manage and report on your mobile advertising campaign through every click. We’ve made it easy to set campaign dates, define mobile specific targeting criteria and get full reports on all mobile campaigns.”

Marketers Urging Targeting of Hispanic Tweens, including via Mobile [Annals of Mobile Marketing]

There’s nothing to say except read what this marketer wrote for MediaPost’s Engage series.

Excerpt:  “To effectively reach Hispanic tweens…Don’t forget mobile. Many tweens already have cell phones, and they use them daily to text their friends. Text messages are a key way to connect with tweens, especially if you offer them a fun service, such as daily horoscopes, that doesn’t feel like an ad. Cell phone numbers can be collected right alongside emails in your lead-gen efforts. You get a branding boost, as well as their mobile number in your database for future text messaging campaigns.”

source:  Make Your Marketing Dollars Pay: Target Tweens.  Engage Hispanics:  MediaPost.  February 6, 2009

Bravo to Google for Supporting M-Lab. But How About a Tool That Also Exposes All Data Collection?

I applaud Google for supporting an academic initiative announced today that provides tools and other services to users so they can measure and test their broadband connection. These tools and effort will permit users to have greater insight into how their ISPs are shaping network traffic–it’s part of the important campaign to ensure network neutrality.  Google has been a leader in this area, and we commend them.

But Google should now use its resources to create a public tool for privacy, so that everyone can be informed about what kind of data is being collected from them–and who is collecting it.  That would mean identifying, for example, what Google collects for itself, for DoubleClick, YouTube, Feedburner and other services.  Of course, the tool would help consumers/citizens know about all data collection, not just via Google.  Beyond a new tool, Google should also support the passage of national privacy protection laws.  Google needs to also be a serious policy leader on privacy.   An open and unfettered connection is just one of the conditions global users require to ensure a democratic online medium.  So is meaningful privacy.

Don Graham of Washington Post now on Facebook board of directors

We just saw the press release from Facebook announcing that Donald Graham, the chairman and CEO of the Washington Post company joined its board this month.  While it makes perfect business sense for the Post and Facebook to co-mingle, it’s bad for journalism.  Facebook’s work raises a host of policy issues–including privacy and consumer protection for online marketing–which requires a watchdoging independent press.  Mr. Graham’s new role sends the wrong signal to the already under stress reporters and editors who work for him.  We need tough investigative report on the digital marketplace–not some mutual-old-media-back-scratching-new-media relationship.  Here’s an excerpt from the press release announcing Mr. Graham’s new role:

“Don Graham understands how to build and manage an organization for the long term,” explained Mark Zuckerberg, founder and CEO of Facebook. “He has made The Washington Post Company one of the most valued and respected education and media companies while making society more open and understanding. What I most admire about Don is his commitment to build around this purpose – and not just a business. His decision to join our board means that Facebook will benefit from this insight and experience.”

“Facebook has completely transformed how people interact by providing a compelling forum where millions and millions of people can connect and share,” said Graham. “Mark’s sense of what Facebook can do is quite remarkable.”

Annals of Behavioral Targeting: New product designed to “to prompt a profitable response for every user”

Perfect timing for International Privacy Day.  A new behavioral targeting product that will soon be released.  Here’s an excerpt from the press release:  “TARGUSinfo, the leading provider of On-Demand Insight(SM) about prospects and customers, plans to unveil AdAdvisor(SM) services…a new predictive-targeting solution leveraging the industry’s largest repository of verified offline lifestyle and demographic information. “The power of AdAdvisor is that it enables ad networks, publishers and advertisers to serve the ad most likely to prompt a profitable response for every user based on the most predictive offline consumer information,”…When an ad network sees a user on its’ publisher network, AdAdvisor cookies relay precisely which segment they fall within and enables ad networks and publishers to serve the most relevant advertisement — from the moment they first encounter users.”…Extensive Coverage – More than 50 million unique cookies, each embedded with highly predictive data attributes.”

and from Targusinfo’s site:  “Each AdAdvisor cookie contains verified, household-level demographics, interests and purchase behaviors. Our cookies are then deployed to score Internet users according to their unique segment — enabling you to serve the ad most likely to trigger a response…

“We deliver unprecedented predictive power. Our cookie-based services deliver rich, offline consumer information to boost existing behavioral-targeting methods.”

The company’s privacy policy states that “AdAdvisor services place a cookie containing non-personally identifiable information on a user’s computer…AdAdvisor cookies enable Web sites using the Services to recognize users when they return to those Web sites…The cookies used by the Services do not contain any personally identifiable information. Instead, the cookie contains anonymous, non-personally identifiable categories of information which are derived as a result of a user’s registration through one of our registration partners.”

It’s not personally identifiable but, in their own words, “recognize users” when they return to sites!  It’s anonymous, but includes user “registration” data via third parties! This is another example of why the FTC and the Congress has to reform privacy safeguards.  The antiquated concept of what is considered personally identifiable has to brought into the 21st Century and the Obama Administration era.