Category: media industry lobbying

Baby Steps for Online Privacy: Why the FTC Self-Regulatory Principles For Online Behavioral Advertising Fails to Protect the Public

Statement of Jeff Chester, Exec. Director, Center for Digital Democracy:

The Federal Trade Commission is supposed to serve as the nation’s leading consumer protection agency.  But for too long it has buried its mandate in the `digital’ sand, as far as ensuring U.S. consumer privacy is protected online.    The commission embraced a narrow intellectual framework as it examined online marketing and data collection for this proceeding.  Since 2001, the Bush FTC has made industry self-regulation for privacy and online marketing the only acceptable approach when considering any policy safeguards (although the Clinton FTC was also inadequate in this regard as well).  Consequently, FTC staff—placed in a sort of intellectual straitjacket—was hampered in their efforts to propose meaningful safeguards.

Advertisers and marketers have developed an array of sophisticated and ever-evolving data collection and profiling applications, honed from the latest developments in such fields as semantics, artificial intelligence, auction theory, social network analysis, data-mining, and statistical modeling.  Unknown to many members of the public, a vast commercial surveillance system is at the core of most search engines, online video channels, videogames, mobile services and social networks.  We are being digitally shadowed across the online medium, our actions monitored and analyzed.

Behavioral targeting (BT), the online marketing technique that analyzes how an individual user acts online so they can be sent more precise marketing messages, is just one tool in the interactive advertisers’ arsenal.  Today, we are witnessing a dramatic growth in the capabilities of marketers to track and assess our activities and communication habits on the Internet.  Social media monitoring, so-called “rich-media” immersive marketing, new forms of viral and virtual advertising and product placement, and a renewed interest (and growing investment in) neuromarketing, all contribute to the panoply of approaches that also includes BT.  Behavioral targeting itself has also grown more complex.  That modest little “cookie” data file on our browsers, which created the potential for behavioral ads, now permits a more diverse set of approaches for delivering targeted advertising.

We don’t believe that the FTC has sufficiently analyzed the current state of interactive marketing and data collection.  Otherwise, it would have been able to articulate a better definition of behavioral targeting that would illustrate why legislative safeguards are now required.  It should have not exempted “First Party” sites from the Principles; users need to know and approve what kinds of data collection for targeting are being done at that specific online location.

The commission should have created specific policies for so-called sensitive data, especially in the financial, health, and children/adolescent area.  By urging a conversation between industry and consumer groups to “develop more specific standards,” the commission has effectively and needlessly delayed the enactment of meaningful safeguards.

On the positive side, the FTC has finally recognized that given today’s contemporary marketing practices, the distinction between so-called personally identifiable information (PII) and non-PII is no longer relevant.  The commission is finally catching up with the work of the Article 29 Working Party in the EU (the organization of privacy commissioners from member states), which has made significant advances in this area.

We acknowledge that many on the FTC staff worked diligently to develop these principles.  We personally thank them for their commitment to the public interest.  Both Commissioners Leibowitz and Harbour played especially critical roles by supporting a serious examination of these issues.  We urge everyone to review their separate statements issued today.  Today’s release of the privacy principles continues the conversation.  But meaningful action is required.  We cannot leave the American public—now pressed by all manner of financial and other pressures—to remain vulnerable to the data collection and targeting lures of interactive marketing.

FTC’s Behavioral Ad Principles–the last act of the Bush Administration? Why is the Obama White House Allowing the FTC To Remain Under the Leadership Appointed by Pres. Bush?

In a few hours, approximately between 10-11 am eastern, the FTC is expected to release its final “Online Behavioral Advertising Principles.” Originally released for comment in December 2007, the principles are a sort of Valentine’s Day present to the online ad industry from the (supposedly departed) Bush Administration.  From what we know, the FTC principles support self-regulation.  Online marketers will be told they should behave better–and here are suggestions.  It’s like a teacher telling a misbehaving student–‘behave better, dear,’ or else we will have to tell your parent (in this case, the guardian being potential congressional action).

My CDD urged Commissioners Harbour and Leibowitz to issue separate statements on the principles, and call for tougher requirements—especially in the area of so-called sensitive information.  This would include data connected to our financial and health related online activities (think mortgage and loan applications or queries for prescription drugs).  CDD and a coalition of groups also formally asked the commission to impose serious privacy safeguards for both children and adolescents.

But these principles were crafted within the narrow confines of the Bush Administration philosophy prevailing at the FTC.  Only self-regulation is permitted.  Consequently, such an approach likely means these rules leave the online data collection, profiling and targeted marketing system which comprise behavioral marketing off the privacy protection hook.

But one question looms at the moment.  Why has the new Obama administration allowed the FTC to remain under the leadership of Bush-appointee William E. Kovacic? The principles being issued today, in fact, reflect the “old” FTC, not one run under the philosophy of President Obama.  Why is the Obama White House failing to ensure a change of leadership at the FTC?  The agency is responsible for overseeing a huge portion of the economy, including critical financial issues.  It’s also supposed to be the leading agency on consumer protection issues.   The Obama White House should have–by now-found someone who would led the FTC, so it can better protect the public.

The principles being released today were only made possible because of the Bush FTC give-away to Google, when it approved its takeover of online ad giant DoubleClick.  CDD, the Electronic Privacy Information Center (EPIC), and USPIRG fought the merger, including on privacy grounds.  FTC Commissioner Pamela Harbour played a key role forcing the agency (then run by Chairwoman Majoris, whose husband’s law firm represented DoubleClick) to address the privacy concerns. As a consequence of the political pressure from its failure to seriously examine the consumer privacy issues of the Google deal, the FTC staff were told to develop these principles.

The next chair of the FTC needs to take privacy and online consumer protection issues seriously.  The agency does need more resources, but also a new spirit.  If the FTC had been on the job, and was examining how lending institutions were recklessly promoting loans and mortgages, maybe today’s mess wouldn’t be as tragic as it is.  More to come after the commission releases the principles.

Annals of Behavioral Targeting: New product designed to “to prompt a profitable response for every user”

Perfect timing for International Privacy Day.  A new behavioral targeting product that will soon be released.  Here’s an excerpt from the press release:  “TARGUSinfo, the leading provider of On-Demand Insight(SM) about prospects and customers, plans to unveil AdAdvisor(SM) services…a new predictive-targeting solution leveraging the industry’s largest repository of verified offline lifestyle and demographic information. “The power of AdAdvisor is that it enables ad networks, publishers and advertisers to serve the ad most likely to prompt a profitable response for every user based on the most predictive offline consumer information,”…When an ad network sees a user on its’ publisher network, AdAdvisor cookies relay precisely which segment they fall within and enables ad networks and publishers to serve the most relevant advertisement — from the moment they first encounter users.”…Extensive Coverage – More than 50 million unique cookies, each embedded with highly predictive data attributes.”

and from Targusinfo’s site:  “Each AdAdvisor cookie contains verified, household-level demographics, interests and purchase behaviors. Our cookies are then deployed to score Internet users according to their unique segment — enabling you to serve the ad most likely to trigger a response…

“We deliver unprecedented predictive power. Our cookie-based services deliver rich, offline consumer information to boost existing behavioral-targeting methods.”

The company’s privacy policy states that “AdAdvisor services place a cookie containing non-personally identifiable information on a user’s computer…AdAdvisor cookies enable Web sites using the Services to recognize users when they return to those Web sites…The cookies used by the Services do not contain any personally identifiable information. Instead, the cookie contains anonymous, non-personally identifiable categories of information which are derived as a result of a user’s registration through one of our registration partners.”

It’s not personally identifiable but, in their own words, “recognize users” when they return to sites!  It’s anonymous, but includes user “registration” data via third parties! This is another example of why the FTC and the Congress has to reform privacy safeguards.  The antiquated concept of what is considered personally identifiable has to brought into the 21st Century and the Obama Administration era.

Congressional Internet Caucus–Brought to You by Google, Microsoft, Verizon, AT&T, CTIA and More!

We hope the era of government reform that should be a hallmark of the incoming Obama Administration and the new Congress will include reforming the Congressional Internet Caucus.

For too long, the Caucus agenda has been under the influence of the “Advisory Committee to the Congressional Internet Caucus.”  This is not an independent group–but one with connections deep into the Silicon Valley and communications business.  Last week’s annual State of the ‘Net Congressional Caucus meeting was funded by “platinum sponsors” Google, Microsoft, and Verizon.  The “gold sponsors” were AT&T,  the Center for Democracy and Technology (which is funded by many of these same corporations), CTIA (The Wireless Association), and VeriSign.  “Notepads” were provided by the Hunton & Williams law firm; “Laynards” were paid for by Juniper Networks.  “Coffee Breaks” paid for by the National Cable and Telecommunications Association.  Qwest provided “bags.”  The Venable law firm gave out the “travel coffee mugs.’

As always, the agenda of the meeting was purposefully narrow, to help ensure none of the corporate sponsors would be seriously challenged. Broadband policy is too important an issue to be left in the hands of a few well-funded DC insiders.

Google, YouTube, and DoubleClick Cookies Placed on Users of YouTube’s new Congress Channels, Says Computer Scientist

Columbia U computer professor Steven M. Bellovin has an important post on the privacy issues raised by YouTube’s new House and Senate channels.  He writes [excerpt, our emphasis] that:

“I opened a fresh web browser, with no cookies stored, and went directly to the House site. Just from that page, I ended up with cookies from YouTube, Google, and DoubleClick, another Google subsidiary. Why should Google know which members of Congress I’m interested in? Do they plan to correlate political viewing preferences with, say, searches I do on guns, hybrid cars, religion, privacy, etc.?

The incoming executive branch has made the same mistake: President-Elect Obama’s videos on Change.gov are also hosted on (among others) YouTube. Nor does the privacy policy say anything at all about 3rd-party cookies.

Video channels providing the public access to members of Congress and the new Administration should be in the forefront of privacy protection-and not serve as a data collection shill for any company.  Nor should one company be permitted to shape broadband video access to federal officials.

Digital TV, the Giveway to the Broadcast Lobby, and the Current Proposal for a Delay

The focus on a lack of digital TV converter discount coupons obscures a more important story.  The grabbing of the digital spectrum by the broadcast lobby as part of the 1996 Telecommunications Act.  There is no business model for terrestrial broadcasting—what happened was a spectrum grab–so broadcasters could gain for free public airwaves worth billions.  Ironically, now taxpayers are footing the bill for the converters as well–another subsidy in a way to the National Association of Broadcaster lobby.

The debate should be on how the digital airwaves giveway to the broadcast lobby should be a lesson learned.

Dr. Mark Cooper’s Vision of a Principled Broadband and Telecommunications Policy Stimulus Approach

In a recent essay on reforming the Federal Communications Commission, long-time consumer advocate and economic expert Dr. Mark Cooper concludes with a very important analysis.  He says that:

“Ensure that stimulus does not deteriorate into corporate welfare, as the financial bailout did. A progressive stimulus package should direct funding to the distinguishing features of 21st century infrastructure – human capital and social networks.  Human capital and social networks are the unique inputs of the digital economy that create collaborative production.  These can be supported by directing funds to people and communities, rather than corporations.”   

Dr. Cooper is correct.  If the digital media era is to truly help the public, then funds should empower communities.  That includes social networks, mobile platforms, video services and other content services that foster a diverse and more democratic communications environment.  If the broadband part of the stimulus plan is merely corporate welfare to the already unregulated powerful, it will not generate the kind of economic growth–or societal change–envisioned by the incoming Obama Adminsitration.

Broadband Stimulus Investment or Broadband Corporate Welfare?: The Information Technology and Innovation Foundation’s new report

Yesterday’s New York Times had a column on broadband innovation and a potential federal investment as part of the forthcoming stimulus proposal.  The article cites a new report by the Information Technology and Innovation Foundation (ITIF) calling for a “$30 billion” investment in “the nation’s digital infrastructure.”  The ITIF report, “The Digital Road to Recovery: A Stimulus Plan to Create Jobs, Boost Productivity and Revitalize America,” is to be released Wednesday.  Yesterday’s article didn’t mention the special interest relationship ITIF’s backers have with such a proposed broadband “bailout.”  We haven’t seen the report yet (ITIF says it will be available Wednesday).  But we hope it explains how the major digital media companies and lobbyists which help govern the ITIF will likely benefit from such federal funding.

For example, ITIF’s board includes representatives of IBM, Cisco, Oracle, Microsoft, and Sun Microsystems.  The ITIF itself is an affiliate of the Information technology Industry Council, which says it’s “the tech industry’s most effective lobbying organization in Washington.” The council’s members include, among many others, Time Warner, Dell, Corning, and eBay.

Pork–whether for building bridges to nowhere or of the digital variety–doesn’t belong in a stimulus package.  Broadband investment is important.  But the public deserves full disclosure about who may benefit from the use of federal funds.

The “Revised” Network Advertising Initiative Principles: Ghost-written by Bernard Madoff?

That was really what we felt reading the “NAI Response to Public Comments” released yesterday.  It accompanied the 2008 principles announcement by the self-regulatory trade online marketing trade group.  The “response” is worth reading, because it really reveals the inability of the group to meaningfully address how to protect consumers online.  You would think that an organization which has Microsoft, Google, Yahoo, Time Warner and many others as paying members could at least clearly state what happens to our data in the online marketing process.  But the real goal of the NAI is to prevent the enactment of serious state and federal privacy policies that would protect consumers. My group put out a statement yesterday discussing the new principles.

The credibility of Google, Microsoft, Yahoo and Time Warner are at stake.  They should be able to ensure that their own organization can honestly address the implications of online advertising.  But it’s time to abandon any call for self-regulation.  That has been a failure.  It’s clear that a growing number of consumer and privacy groups are calling for a legislative solution, as well as a more effective FTC.  Responsible online ad companies will support such regulation.

AT&T and a leader of its funded Privacy Forum Raises Questions About the Need for Safeguards

Those busy data collection bees at AT&T–including its funded Future of Privacy Forum co-head–appear to be working to undermine the growing movement supporting consumer privacy protection. According to a news report, a meeting was held last week at the University of Oklahoma on privacy issues. Forum co-director Christopher Wolf, whose law firm represents AT&T, is reported as placing behavioral targeting in a favorable light. Instead of calling for legislation, Wolf suggested that companies should create videos and other technical approaches to serve as supplemental privacy policies.

Also speaking at the event was Keith Epstein, “AT&T’s chief public policy and regulatory compliance counsel.” Here are the last two grafs of the story: There is no legislation pending in Washington regarding online privacy, Epstein said. A legislative solution if it did exist, he said, would be inflexible.

Epstein favored guidelines instead, and said the FTC should be issuing industry standards by the fall of next year.

AT&T’s stance on privacy legislation to protect U.S. consumers is troubling. It will have its deep-packet inspection, all-seeing ISP broadband clout, to monitor and then target each subscriber. AT&T should make it clear it supports legislation which provides real consumer protection (opt-in, transparency, control, extra protections on health, financial and youth data). Where is the privacy leadership at AT&T?