Five Ways to Protect Privacy

[a version we wrote of this ran in Multichannel News]
Five Ways for Digital Marketers to Protect Consumer Privacy

If George Orwell were writing today, 1984’s Winston Smith would be working as a “Doublespeak” specialist crafting privacy policies and creating self-regulatory regimes.  That’s not what consumers and citizens need in the interactive marketing era.   All Americans should have their privacy respected and protected when they go online—including when they use mobile phones.

1.     Tell your users what you actually say to your advertisers—about how the profiling and targeting process really works.  There is a disconnect that is unfair and deceptive between what companies say in their privacy policies and pitch to their clients and potential partners.   Be honest about the “360 degree” ways you engage in online marketing.

2.     Don’t collect information and target consumers based on their interests in finance and health.  These two most “sensitive” categories should be opt-in only.   When consumers go online for loans, credit, mortgages, and health concerns they require the upmost privacy.  Although online financial, health and so-called lead-generation advertising is big business, consumers should not be forced to have their online financial and health behavior stealthfully-tracked and compiled.  The risks to consumers are great if we don’t develop special rules for this data.

3.     Racial and ethnic profiling data should also be opt-in. Hispanics, African-Americas, Asian-Americans and other minorities are increasingly the focus of a growing behavioral targeting and online marketing apparatus.  In the “offline” world, we have witnessed a disturbing use of racial profiling practices to discriminate against individuals.  In today’s online environment, users are being identified as being a member of a racial or ethnic group without either their awareness or consent.  While we all want to see the growth of diversely owned online publishing, it should not be done at the expense of civil liberties in the digital era.  We must prevent the growth of online racial profiling, that when tied to income, geography and other data can be used to create 21st Century forms of discrimination.

4.     Don’t use neuromarketing and other subliminal and subconscious-based advertising.   Fortune 1000 advertisers and online marketers such as Microsoft, Yahoo and Google are using new forms of ad testing and development involving the latest tools of neuroscience, such as fMRI’s and EEGs.  Neuromarketing’s goal is to directly influence a consumer’s subconscious, and when combined with the power of online data targeting,  offers powerful—and frightening—new forms of manipulation.

5.     Users need to consent to having their profiles be bought and sold on so-called online ad exchanges.  Selling off the right to target a consumer online, via real-time auctions that happen in milliseconds, is dehumanizing.  Nor should we permit the growing combination of offline and online databases to be used for targeting, including via these new digital auction houses.

Interactive marketing is now a fundamental operating principle for the cross-platform media economy throughout the world.   But right now, it’s a digital “wild west” that doesn’t serve the interests of consumers, citizens and most marketers.

Behavioral Targeting is About Tracking an “Individual,” Explains Online Marketer

The online ad industry and lobby better stop saying that cookies and other forms of data collection aren’t personally identifiable–so-called PII [personally identifiable information].  As we know, behavioral targeting (BT) identifies, profiles, tracks and targets an individual.  Here’s just one example of how online marketers discuss what BT really is when they are talking among themselves and to clients (our emphasis):

What is behavioral targeting?
Behavioral targeting is a technique used by online advertisers to improve the effectiveness of their campaigns by increasing the relevance of product offers and promotions on a visitor-by-visitor basis.

Behavioral targeting uses information collected on an individual’s web-browsing behavior, such as the pages they have visited or the searches they have made, to select and deliver online ads to the users who are most likely to be interested…As the effective mixing and mining of audience data has become increasingly important to online advertisers, the role of behavioral targeting and retargeting have grown more central…The typical approach to behavioral targeting starts by using web analytics to group visitors into discrete channels. Each channel is analyzed and a virtual profile is created to for each channel…
Most platforms identify visitors by assigning a unique id cookie to each and every visitor to the site, allowing them to be tracked throughout their web journey.  An example is a user who visits content about auto insurance, clicks on an insurance advertiser button or banner, and then searches for “auto insurance.” This user would be assigned to the insurance prospect channel and the next time that user goes to Yahoo they will see ad for insurance…

Time Warner Cable Funds Scholars to Boost Big Cable Goals on Data Collection and Consumer Targeting [Annals of Buying Access to Scholars]

Lobbyists like to hire academics in order to give their agenda the patina of scholarly respectability.  Many academics are ideologically aligned with the interests of major media and telecom companies–supporting an unregulated environment (and like to reap the bucks as well).  Some academics want to schmooze with deep-pocketed special interests.  So it’s not a surprise to learn that Time Warner Cable has a “Research Program on Digital Communications.”  They have already released a volume of papers on the “Future of Digital Communications: Policy Perspectives.”  Time Warner’s so-called research agenda is so self-serving that it would be laughable if the goal wasn’t ultimately to undermine the public interest and consumer protection.  Luckily, there are scholars and other policy experts who care more about their integrity and the academic issues and wouldn’t consider taking such funding.  Here’s what the first “research question” is for those seeking funding to ultimately help undermine consumer privacy by enabling Time Warner and other digital marketers to expand their behavioral targeting approaches:

Topic One: Advertising, Two-Sided Markets, and the Role of Network Operators (ISPs, MSOs)
The emergence of more precisely targeted (interest-based or so-called “behavioral”) advertising offers potential benefits to consumers while at the same time raising possible concerns about privacy. Application providers, network owners, advertisers, content providers, and other interested parties may play a role in allowing these potential benefits to be realized. By facilitating two-sided markets, or platforms that enable two distinct but related groups of customers (such as advertisers and consumers) to obtain value, service providers can expand the scale and scope of their offerings to consumers. Industry groups and the Federal Trade Commission have developed principles for self-regulation online, while some advocacy organizations and members of Congress have pointed to potential harm from more targeted advertising and are calling for new government mandates.
Key questions concern the types of disclosures and the level of consumer consent that should be required.
Questions
• What are the benefits of more precisely targeted advertising, and how prevalent is the practice?
• What technological innovations support the development of more targeted advertising over digital media?
• How are consumers affected by increasingly prevalent forms of targeted advertising, and what is the appro-
priate public policy response?
• What is the role for self-regulation, government intervention, and industry standard-setting?
• What role should network operators play in regulation (voluntary or prescriptive)?
• Describe the future of the advertising marketplace and the role of new and potential entrants, such as
Internet service providers (ISPs), cable operators, and other multichannel video programming distributors
(MVPDs) offering interactive television services.
• How can two-sided markets help encourage the development of new broadband and video services?
• How can regulation of advertising or privacy affect, promote, or retard the development of these new
services?

What AOL Should Have Told Reps. Barton & Markey


AOL also describes to Reps. Barton and Markey the way they use cookies that doesn’t reflect what they say to clients--such as “Target users based on attributes from user registration or third-party data (e.g. age, gender, income, kids)… Retarget users who visit your website… Target users within households using Experian’s statistical modeling based on hundreds of offline data elements that are most predictive for defining the specific audience of consumers.” For question 1, they refer to their privacy policy—something few consumers would read or understand.  Nor does the privacy policy spell out how AOL collects and targets users, as they do for potential clients.  See and compare to privacy policy. See how they offer targeting based on political information.

Question 2:  They didn’t answer completely.  They should have included information from here. And what their partners collect.

Question 3.  They should have said they urge advertisers to use pixels, beacons and other tracking tools:   “Place pixels on all high-traffic pages… Target broadly… Most networks, including Advertising.com, look at IP or cookie data to determine if a user is part of a specific demographic or has demonstrated a particular online behavior, such as shopping for a car, browsing cooking sites, and so on. With user targeting, you reach those consumers directly, regardless of the sites they happen to be visiting.”

And they say that the third party cookies don’t identify the “specific user.”  But that’s what AOL says it can target:  “Target users within households… Retarget users who visit your website… Target users within households that demonstrate the highest propensity to buy certain products…”

Question 7.  They don’t say what they do.  It’s monetizing all the data:  “We monetize nearly 1.5 billion impressions per day on average.”

10.  They should have said how they target based on financial and health info.  They didn’t.  See its targeting for health, finance, teens, Hispanics, African-Americans.


14.   Users don’t have enough information on the process to really determine whether they should opt-out.  Nor is AOL’s opt-out really visible.

What News Corp/MySpace Should Have Told Reps. Markey and Barton


Yahoo isn’t alone in not being candid to Congress.  Here’s what News Corp should have also said to the Congress about its data collection, profiling and targeting system. 

It should have informed Congress how its Fox Interactive Media (FIM) data-mines its users daily.  From its data-mining company: “FIM operates some of the highest-traffic websites in the world, including MySpace, and serves over 5 billion online ads across its sites per day.  Each of these ads is optimized and targeted to specific audiences based on analysis of web traffic, user behavior and click patterns.  As part of our targeted ad serving platform, we analyze nearly 2,000 identifying variables for each of the millions of visitors to our sites every day (tracking and analyzing, for example, whether a visitor likes jazz, but also whether they respond more to car ads than to pizza ads).  While our targeting process was already one of the most advanced in the industry, we were eager to improve ad click-through rates further by fine- tuning targeting.  To get to this next level of targeting precision, we needed to analyze massive volumes of data to discover patterns and identify relevant targeting criteria across segments and demographics.  FIM implemented Greenplum for its parallel, multi-core architecture that could scale to support our massive data volumes, but also because the Greenplum data warehouse allows data analysis to be performed directly within the warehouse 

– instead of having to extract it first…our team can execute lightning-fast queries against a matrix that is 4 billion rows tall and 1 million rows wide, running tests against thousands of variables for each for the 5 billion ads FIM serves to visitors each day. What’s more, we can now complete 10,000 experiments against 20 million site visitors in just three hours. Previously, it took an entire day just to extract the data – and then another whole day to run the tests.  The result has been faster and more efficient data analysis, which has in turn enabled more precise ad targeting, delivering up to 200% higher click- through rates for the 5 billion ads served daily across the FIM network…our research analytics team uses Greenplum Database to conduct tens of thousands of real-time tests against millions of users every day, analyzing each visitor’s reaction to ads against over with an absolute deluge of data.”

Online Ad Biz to Reps. Markey/Barton: We Really Don’t Have to Tell You the Facts! The case of Yahoo!




If George Orwell were writing today, 1984’s Winston Smith would be working as a “Doublespeak” specialist crafting privacy policies and creating self-regulatory regimes for the online ad industry.  None of the replies provided to Reps. Markey and Barton answered the basic charge posed by the WSJ in its series and previously raised by privacy advocates:  that “[O]ne of the fastest-growing businesses on the Internet is the business of spying on Internet users.”   All the companies hide behind `it’s a business as we created it and good for everyone’ facade.  Many use a scare tactic claiming that the data collection model they developed is responsible for funding online content/publishing and without it much/if not all of the Internet would vanish (as if you can’t have both robust e-commerce and privacy!).  Many of the answers to Congress also say that their privacy policies and membership in self-regulatory groups (such as the NAI) reflect best practices (as if they automatically vanish the problems!).  The companies don’t take responsibility for the problem or acknowledge that there are privacy concerns outstanding. 

The responses reflect the Orwellian recasting of industry terms on the data collection practices it created and operates.  Behavioral targeting (with $1.13 billion this year in spending for this type of ad) has been transformed into “preference,” “relevant,” or “interest” targeting.  Online profiling and targeting is now called “customization.”  The industry is running away from the precise definitions they created and use because they are honest terms showing consumers are being tracked, profiled and targeted based on our behaviors and actions.  Finally, several of the companies submitted their privacy policies.   In order to full understand them, a consumer (in between taking their children to school or a soccer game, working, shopping, cooking) would simultaneously also have to be a technologist, lawyer, and investigator, to understand and control all the cookies, etc.

Also, the companies resort to a now out-of-date definition of what’s considered so-called personally identifiable information (PII).  Cookies, IP addresses, pixels and web bugs, they claim, are “non-PII” and hence fail to raise privacy concerns.  Yet both the EU and FTC have said that in today’s online data collection world, the old definition of what’s identifiable no longer really works.  The FTC explained last year that “[S]taff believes that, in the context of online behavioral advertising, the traditional notion of what constitutes PII versus non-PII is becoming less and less meaningful and should not, by itself, determine the protections provided for consumer data.  Indeed, in this context, the Commission and other stakeholders have long recognized that both PII and non-PII raise privacy issues…

Companies such as Yahoo, AOL, About.com (NYTimes Co), News Corp/MySpace and others are disingenuous in their responses—failing to inform the Congress what they tell their clients and prospective advertisers.  Among the most cynically self-serving is Yahoo. First, Yahoo did not describe all the ways it collects data on users when it answered question 1.  For example, examine Yahoo’s Advertising Blog, where you can find a discussion of far-ranging techniques used in the data collection process.  Most of which are not spelled out or really explained in the privacy policy;  See also, Yahoo’s “smart ad” technology that changes the copy in real time based on the data it collects.  Its privacy policy really doesn’t explain it in the same way it pitches itself to clients.  Yahoo says in its Hill letter that it “may” acquire data from external sources and gives the link to that section of its privacy policy.  Not even a multi-tasking genius could opt-out all of that.  Nor does Yahoo tell you about the tons of data on consumers their partners collect.  Also, they say in question 3 how they collect data, but tell potential clients a more informed story:  “Yahoo! gets to know its visitors to give them what they’re looking for, even when they’re not actively looking. In part, Yahoo! does this by using an industry practice called behavioral targeting (BT)… Yahoo! BT goes beyond common rules-based segmentation or grouping of consumers by the sites they’ve visited. The tool is powered by sophisticated modeling technology based on extensive online interactions that include searches, page views, and ad interactions. With these models, Yahoo! identifies what consumers are interested in and predicts where they are in the buying process, thereby determining which consumers may respond best to your ad placements.”  In question 4-5, Yahoo claims its users have all the information they require via the privacy policy.  But Yahoo’s information for perspective clients tells a more complete and different story:  “With rich media, you benefit from deep reporting that goes way beyond the click. Track time spent watching video, mouse-over interactions, poll results, average number of panels interacted with and much more.  If you design it, we can track it… Partner with Yahoo! to produce unique, immersive consumer experiences that integrate your brand…”Question 9, again, they call it “customized experience” to Congress—and “smart ads” that track and learn about you when they explain it to advertisers.   Question 10.  Health and finance.  Yahoo failed to tell Congress they track and target consumers health and financial info.  And they target teens.  For health; finance.


ITIF’s psuedo and self-serving analysis of Info Politics. Note they like Federal funding

The idea that ITIF places itself as a “moderate” in its newly released “taxonomy” of Internet policy is laughable.  The group is part of the elite and mostly corporate funded lobbying apparatus.   It classifies many public interest groups and academics as “social engineers,” in order to disparage their legitimacy (talk about a tactic designed to protect their own narrow interests!).  But what they ignore is that groups such as my CDD and many others actually know about the workings of the industry and the issues we address.  We don’t form baseless and knee-jerk ideological positions that protect the people paying the bills.  We stand up for the public and what we believe is right, based on the facts.  Groups like ITIF have failed to intellectually engage with the real dynamics of the privacy issue–conveniently ignoring what’s actually going on.  Meanwhile, next time ITIF disparages the role of gov’t and regulation, remember how enthusiastic they are taking a $500K federal grant (however worthy the subject matter).

*****
ITIF Consortium Wins Federal Grant to Make Voting More Accessible for Injured Soldiers
October 4, 2010
WASHINGTON – The Information Technology and Innovation Foundation (ITIF) consortium is the winner of the Military Heroes Initiative grant competition, sponsored by the U.S. Election Assistance Commission (EAC). The $500,000 grant will help advance efforts to improve voting technology and processes for military service members disabled in combat operations.

“ITIF welcomes the opportunity to pioneer new research that will help ensure that the brave men and women injured in our military are able to exercise their right to vote,” said Daniel Castro, ITIF senior analyst. “This research will ultimately help increase voting accessibility for the approximately 50 million Americans with disabilities.”

EAC is an independent commission created by the Help America Vote Act. Under the terms of grant, ITIF will partner with Georgia Tech Research Institute, a leading research organization with extensive experience working with military institutions and conducting accessibility research, and Operation Bravo Foundation, a pioneer in developing voting alternatives for military and overseas citizens.

ITIF and its partners will undertake a review of current voting access and offer recommendations to improve the voting needs for military personnel with disabilities. The evaluation of current voting practices and emerging technologies to assist with balloting will not only be valuable for military personnel but also for others with disabilities that make it challenging for them to exercise their Constitutional rights.  Recommendations will be delivered by early 2012 for potential use in the 2012 federal election.

The Help America Vote Act (HAVA) and, more recently, the Military and Overseas Voter Empowerment Act, recognized the necessity for improving the voting process for people with disabilities and military personnel. The Military Heroes Initiative will help further these vital goals. Funding from this grant comes from appropriations made available under the Consolidated Appropriations Act for Fiscal Year 2009 (P.L. 111-8).

Facebook to TV Business: We can boost your audience: “it’s all about making that data available”

Yesterday, Facebook pitched itself to the global commercial TV industry at MIPCOM.  Facebooks’ EMEA rep Joanna Shields touted how Facebook could help generate more viewers and greater involvement with TV programs, such as “X-Factor.”  Ms. Shields said that Facebook Places location targeting system might let its users “check in” to a program:  “…you could check into a television show and tell everyone what’s happening.  You could say I am watching this and you got to see it… It could become a very powerful marketing tool at some stage…It’s all about data, it’s all about making that data available.”  Other quotes from Ms. Shields: The voice of your fan can be amplified to a chorus, and a focus group can be the size of a country…30% of all TV viewers have admitted to being logged onto to Facebook while watching a TV show…[TV program] stories are the beginning of the conversation, and not the last word…I can see someday the ability to sign in using your Facebook ID to a show.”

Danah Boyd, COPPA, Online Marketing Targeting Youth, the role of Microsoft

Danah Boyd, like many other digital media researchers, fails to examine the business practices which shape and construct most of contemporary online media.  Ms. Boyd is quoted in last week’s Boston Globe about the Children’s Online Privacy Protection Act saying “[I]t’s well-intentioned, but this legislation has failed on every level.”  Ms. Boyd is incorrect.   A whole range of interactive ad practices and techniques commonly found on most digital sites has not been embraced by the under-13 online advertising market.  The goal of COPPA was to help structure the commercial online data collection and targeting practices aimed at young people–and it’s done so (just see what kind of data collection and targeting practices occur the minute anyone reaches 13.  From that age onwards, everyone is fair game for a wide range of very disturbing practices, most of which collect and use our information). Ms. Boyd and the Globe article are also incorrect claiming that “Congress is considering renewing” COPPA.   The FTC is currently conducting a periodic review of COPPA’s rules and the Congress has held hearings on the law.  But Congress doesn’t have to “renew” COPPA.

Finally, a challenge to Ms. Boyd.  She is working for Microsoft–which is targeting youth across the globe via its advertising division.  Microsoft Advertising is collecting data and targeting teens for junk food and other products.  See Microsoft’s “How to Target Young People Online” and other materials, for example.  Ms. Boyd needs to analyze what her employer–and other financial backers from the online ad industry supporting Berkman–are doing regarding youth–and hold them and herself accountable.

The new Self-Reg Online Ad Plan–Digital “Deja-vu” All Over Again! See What they Say about the NAI Now!

In 1999, online marketers promised consumers they would protect their privacy.  Leading interactive ad companies created the Network Advertising Initiative (NAI) as a scheme to head-off proposals by the FTC that would help regulate online profiling.  Now it turns out, says the online ad industry, the NAI really couldn’t work.  So they have developed yet another self-regulatory effort.  Here’s what online marketers told Ad Week today:  “The move marks the most significant regulation the industry has imposed on companies and goes significantly farther than the Network Advertising Initiative, which held third-party advertisers needed to allow consumers to opt out. Doing so, however, was a cumbersome process.“   So the industry didn’t tell the FTC or consumers that the NAI wasn’t consumer friendly and “cumbersome.”  Yet they have used the NAI as a political bulwark to head-off consumer protection rules.  Shame on them.  Meanwhile, in the same story, it’s revealed that only now–as pressure mounts to protect online consumers—does the industry recognize protecting privacy is important:  “The guys that drive the industry have figured out this privacy stuff does matter,” said Scott Meyer, CEO of Better Advertising Project, which will help companies comply with the requirements.

The new “aboutads.info” website established by the industry fails to provide consumers serious information about cookies and behavioral targeting and profiling.  It reveals how little the industry is committed to protecting privacy and informing U.S. consumers about the process.  To see how this new plan is really designed to protect the data collection business, examine the rules for sensitive information. Beyond the children’s privacy law (COPPA) we got enacted in 1998, this scheme permits full-scale collection and use of financial and health information.   Under the “new” self-reg policies, the narrowest of definitions for respecting your financial and health information has been created:  “Entities should not collect and use financial account numbers, Social Security numbers, pharmaceutical prescriptions or medical records about a specific individual for OBA without Consent.”
Shame on them.  Online marketers spent some $3 billion last year on online financial marketing and will spend $1 billion for pharma and health related targeting in 2010. Consumer data collected by online financial and health marketers, much of which is sensitive and personal, is ok under the industry’s “new” plan.

PS:  The folks at Better Advertising need to take a course in online marketing–and change its new website so it really informs consumers about the process.  What it has now would get a C-minus in any class on online marketing.  They can start with 360 degree targeting, online and offline profiling, rich media, a serious description of online auctions, the tracking process, work on “engagement” and neuromarketing,” social media marketing, etc.  Consumers deserve better.