Category: FTC

Center for Democracy & Technology Goes for the “Gold” as it Raises $ for its “Gala” from AT&T, eBay, Microsoft, Google (and many other corporations)

CDT is having a “Gala Celebration” next month, supported by “Gold, Silver, and Bronze” sponsors.  AT&T, eBay, Microsoft and Google are listed at the $15,000 “Gold” level [“Two tables in Premium Location-Two tickets to the VIP Reception”]; Among the “Silver” sponsors [“One table-One ticket to the VIP Reception”] at the $7,500 tab include Time Warner (AOL), Dow Lohnes, Qorvis Communications (repping Sun, Cisco, etc), American Express, Verizon, Intel, US Chamber of Commerce, ID Analytics, Yahoo!, Arnold & Porter, IAC/Interactive Corp, Thompson LexisNexis, Hogan & Hartson (reps News Corp’s MySpace, among others), Comcast, and Sonnenschein Nath  & Rosenthal, LLP.   There are also a number of “Bronze” sponsor at the $1000 level [“One seat at a table”]. (CDT has a Facebook page on the event.)

CDT’s 2007 Gala, which honored Bill Gates, had “more than 900″ supporters” in attendance.

Porsche Teams with Yahoo for Mobile Behavioral Ad Targeting [Annals of Mobile Marketing]

Excerpt from Ad Age:

“…in just a 4-month-long pilot run, mobile outperformed Porsche’s wider campaign…The carmaker used Yahoo behavioral targeting tools to serve Porsche ads to smartphone users whose web-surfing behaviors had indicated they were in the market for coupes, SUVs, convertibles or luxury cars.”

source:  Mobile Effort Gets More to Say `I Can’ Purchase a Porsche.  Rita Chang.  Ad Age.  February 9, 2009 [sub. required]

more on Yahoo and behavioral targeting

Facebook, Advertising, Third-Party $Apps, Terms of Service, Data Collection & Privacy

The role that third party developers play accessing user data on social networks such as Facebook has long been a privacy concern for us.  The business practices, including data collection, profiling and targeting that form the basis of social networking “monetization” strategies are hidden from public view.  My CDD and USPIRG, in our various privacy complaints to the FTC, asked the agency to examine this area.  Maybe the new Obama FTC will do so.  But for now, here’s some excerpts from Facebook’s advice “on common business models” to application developers, as well as from its list of “third party developers” involved in social media marketing:

“As you think about building your app on Facebook, we want to help by highlighting some keys ways of thinking about your app as a business… Apps that are meaningful, trustworthy and well designed have real staying – and monetizing – power… we host a Platform with instant access to more than 175 million active users… Once you’ve created a sustainable, engaging social application, there are many different ways to help monetize it… Advertising: We at Facebook have had success serving targeted advertisements to our users based on information we know about them. By leveraging the data we give you access to (as detailed in our Developer Terms of Service) and data users share with you directly as a part of your application experience, you can serve highly relevant ads… Virtual Credits / Virtual Goods:… instead of accepting payments directly from users for subscriptions or virtual goods, some applications instead allow users to complete affiliate offers by filling out surveys or agreeing to try new products. There are a number of providers who consolidate these types of offers…
Third Party Providers to Help You Monetize:
Advertising:
AdParlor:  “Over 500 Million users worldwide are on a social networking site. These users are comfortable sharing their age, gender, and location, and can be reached through targeted advertising.”…
Shopitmedia: “you can target based on:
1. Location
2. Gender
3. Age
4. Application Category”…
Affiliate marketing…
Analytics…

Payments

Why CDD Was Prepared to Go to FTC with EPIC on Facebook’s Terms of Service Digital `Bait & Switch’

Yesterday, my group worked closely with the Electronic Privacy Information Center to prepare a complaint on Facebook’s new Terms of Service agreement.  We have been tracking Facebook’s new “engagement” ad targeting efforts, including its “polling” product.  As Adweek recently reported, “The polling ad is part of Facebook’s second effort to integrate advertisers into the fabric of the site beyond standard banner units.”  As explained by eMarketer, “Facebook’s Engagement Ad polling feature may be a precursor to a more full-blown market research program—one that Facebook isn’t quite ready to talk about yet,” said eMarketer senior analyst Debra Aho Williamson. “Social network profiles are a treasure trove of information about consumer preferences, and people talk about brands and products frequently.”

Facebook also recently “announced the release of several new Facebook Platform APIs, all of which enable application developers to access and share more real-time information about their users and their friends.” As InsideFacebook reported, the “release of several new Facebook Platform APIs, all of which enable application developers to access and share more real-time information about their users and their friends…While Facebook apps have been able to set Facebook users’ status updates for a long time, this is the first time developers will be able to access current and recent updates for app users and their friends.”

This latest Facebook flap underscores our call for policy safeguards.

Two Words on Why the FTC’s Self-Reg Approach is Wrong: Financial Meltdown

It has been deregulation, including forms of self-regulation, which led to the current financial crisis.  Regulators and most policymakers looked the other way, while many from the investment community created a Ponzi scheme bigger than Bernie Madoff’s.  The online marketing of mortgages and loans played a role in the `borrow’ and `buy’ culture which contributed to the economic mess we are in.

It’s now more important than ever that online marketing, including the structure of data collection and privacy, be regulated.  Congress has to act to make sure consumers understand the loans and other financial products they are being offered interactively online.  The financial crisis, noted Google, is actually fostering the growth of online marketing (as consumers look for less expensive ways to shop).   As Google recently explained to advertisers, the “slowdown is actually accelerating the use of consumer online shopping for goods and services.”  The “mass market is now online,” they noted.

Consumers need to completely understand and fully control how data is collected and used when they seek financial services.  The behavioral targeting system involved with mortgage loan sales, we believe, is totally unknown to consumers (and sadly, regulators).  That’s why my group and others criticized last week’s FTC report.  It’s self-regulatory approach is based on a failed policy (from the people on both sides of the aisle who got us into this mess).  We can have both regulation/fair rules and make the commercial market prosper.  It’s time for the online ad industry to support a regulatory policy that will help make our financial future more secure.

Progress & Freedom Foundation & Online Privacy: Looking at PFF’s Online Ad Industry [& Data Collecting] Funders

Two staffers from the Progress and Freedom Foundation (Adam Thierer and Berin Szoka) issued a quick response to the new FTC online marketing privacy principles.  In a press release announcing the short paper, PFF explains that:

Tighter regulation of the online advertising market in the form of privacy mandates, the authors warn, “would severely curtail the overall quantity of content and services offered—and greatly limit the ability of new providers to enter the market with innovative offerings.”

It’s interesting to consider what such “tighter regulation” of the online marketing might mean for the companies that fund the Progress and Freedom Foundation.  The list includes heavyweights of online data collection, such as Google, Microsoft, News Corp (MySpace and other Fox Interactive properties) and Time Warner.  PFF funders include monopoly ISPs which want to get into interactive data collection and online ad targeting big-time, such as Comcast, AT&T, and Verizon (other PFF supporters include a number of companies engaged in online ad targeting, such as Cox, CBS, NBC, etc).

Perhaps a good research project for PFF would be to examine the online data collection, analysis, and ad targeting work being done by its funders (including all the technologies being used).  We’d like to see the press release on that one!

Online Ad Privacy Watch: Those “Pixels” Are Tracking You [Annals of Behavioral Targeting]

In bringing the issue of what is considered personally-identifiable information more up-to-date, the FTC has finally begun to acknowledge the ever-expanding techniques used to collect information about our online experiences.   Case in point, the modest “pixel,” an invisible piece of data placed on your browser–in the words of one online ad marketer, a digital “mole.”  It’s worth reading the entire article “What a Pixel and Cookie Can Reveal,” by Brian Massey (ClickZ.  Feb. 4, 2009).  Here’s an excerpt:

The pixel delivers a list of basic attributes… These basic attributes include:

  • IP address, character set, and encoding
  • Language, connection, and host
  • Referrer, browser, and portal

The pixel can also pass along just about any information that the browser knows:

  • URL, server name, and posting method
  • Search keyword, keyword phrase, or search engine term
  • Time and date, time of day, day of the week, and week of the year

The URL provides the entire content of the page visited by the surfer:

  • Text, images, headings, and navigation
  • Parameters and values
  • Were they home or just landing?

The IP address can be used to look up more information:

  • Country, state, and city
  • ISP, cable, DSL, or dial-up
  • Bot, crawler, or spider

By adding a cookie, surfer data can be aggregated over time, and more can be inferred about visitor behaviors…

Once we get ZAG [Zip code, age, gender], we can start to segment visitors more accurately:

  • Where do they live?
  • What do they make?…
  • What is their profession, race, marital status; do they have kids; and other census data           And when we integrate this information with other non-PII databases, we can learn even more: What they buy, how often, how recently…

Baby Steps for Online Privacy: Why the FTC Self-Regulatory Principles For Online Behavioral Advertising Fails to Protect the Public

Statement of Jeff Chester, Exec. Director, Center for Digital Democracy:

The Federal Trade Commission is supposed to serve as the nation’s leading consumer protection agency.  But for too long it has buried its mandate in the `digital’ sand, as far as ensuring U.S. consumer privacy is protected online.    The commission embraced a narrow intellectual framework as it examined online marketing and data collection for this proceeding.  Since 2001, the Bush FTC has made industry self-regulation for privacy and online marketing the only acceptable approach when considering any policy safeguards (although the Clinton FTC was also inadequate in this regard as well).  Consequently, FTC staff—placed in a sort of intellectual straitjacket—was hampered in their efforts to propose meaningful safeguards.

Advertisers and marketers have developed an array of sophisticated and ever-evolving data collection and profiling applications, honed from the latest developments in such fields as semantics, artificial intelligence, auction theory, social network analysis, data-mining, and statistical modeling.  Unknown to many members of the public, a vast commercial surveillance system is at the core of most search engines, online video channels, videogames, mobile services and social networks.  We are being digitally shadowed across the online medium, our actions monitored and analyzed.

Behavioral targeting (BT), the online marketing technique that analyzes how an individual user acts online so they can be sent more precise marketing messages, is just one tool in the interactive advertisers’ arsenal.  Today, we are witnessing a dramatic growth in the capabilities of marketers to track and assess our activities and communication habits on the Internet.  Social media monitoring, so-called “rich-media” immersive marketing, new forms of viral and virtual advertising and product placement, and a renewed interest (and growing investment in) neuromarketing, all contribute to the panoply of approaches that also includes BT.  Behavioral targeting itself has also grown more complex.  That modest little “cookie” data file on our browsers, which created the potential for behavioral ads, now permits a more diverse set of approaches for delivering targeted advertising.

We don’t believe that the FTC has sufficiently analyzed the current state of interactive marketing and data collection.  Otherwise, it would have been able to articulate a better definition of behavioral targeting that would illustrate why legislative safeguards are now required.  It should have not exempted “First Party” sites from the Principles; users need to know and approve what kinds of data collection for targeting are being done at that specific online location.

The commission should have created specific policies for so-called sensitive data, especially in the financial, health, and children/adolescent area.  By urging a conversation between industry and consumer groups to “develop more specific standards,” the commission has effectively and needlessly delayed the enactment of meaningful safeguards.

On the positive side, the FTC has finally recognized that given today’s contemporary marketing practices, the distinction between so-called personally identifiable information (PII) and non-PII is no longer relevant.  The commission is finally catching up with the work of the Article 29 Working Party in the EU (the organization of privacy commissioners from member states), which has made significant advances in this area.

We acknowledge that many on the FTC staff worked diligently to develop these principles.  We personally thank them for their commitment to the public interest.  Both Commissioners Leibowitz and Harbour played especially critical roles by supporting a serious examination of these issues.  We urge everyone to review their separate statements issued today.  Today’s release of the privacy principles continues the conversation.  But meaningful action is required.  We cannot leave the American public—now pressed by all manner of financial and other pressures—to remain vulnerable to the data collection and targeting lures of interactive marketing.

FTC’s Behavioral Ad Principles–the last act of the Bush Administration? Why is the Obama White House Allowing the FTC To Remain Under the Leadership Appointed by Pres. Bush?

In a few hours, approximately between 10-11 am eastern, the FTC is expected to release its final “Online Behavioral Advertising Principles.” Originally released for comment in December 2007, the principles are a sort of Valentine’s Day present to the online ad industry from the (supposedly departed) Bush Administration.  From what we know, the FTC principles support self-regulation.  Online marketers will be told they should behave better–and here are suggestions.  It’s like a teacher telling a misbehaving student–‘behave better, dear,’ or else we will have to tell your parent (in this case, the guardian being potential congressional action).

My CDD urged Commissioners Harbour and Leibowitz to issue separate statements on the principles, and call for tougher requirements—especially in the area of so-called sensitive information.  This would include data connected to our financial and health related online activities (think mortgage and loan applications or queries for prescription drugs).  CDD and a coalition of groups also formally asked the commission to impose serious privacy safeguards for both children and adolescents.

But these principles were crafted within the narrow confines of the Bush Administration philosophy prevailing at the FTC.  Only self-regulation is permitted.  Consequently, such an approach likely means these rules leave the online data collection, profiling and targeted marketing system which comprise behavioral marketing off the privacy protection hook.

But one question looms at the moment.  Why has the new Obama administration allowed the FTC to remain under the leadership of Bush-appointee William E. Kovacic? The principles being issued today, in fact, reflect the “old” FTC, not one run under the philosophy of President Obama.  Why is the Obama White House failing to ensure a change of leadership at the FTC?  The agency is responsible for overseeing a huge portion of the economy, including critical financial issues.  It’s also supposed to be the leading agency on consumer protection issues.   The Obama White House should have–by now-found someone who would led the FTC, so it can better protect the public.

The principles being released today were only made possible because of the Bush FTC give-away to Google, when it approved its takeover of online ad giant DoubleClick.  CDD, the Electronic Privacy Information Center (EPIC), and USPIRG fought the merger, including on privacy grounds.  FTC Commissioner Pamela Harbour played a key role forcing the agency (then run by Chairwoman Majoris, whose husband’s law firm represented DoubleClick) to address the privacy concerns. As a consequence of the political pressure from its failure to seriously examine the consumer privacy issues of the Google deal, the FTC staff were told to develop these principles.

The next chair of the FTC needs to take privacy and online consumer protection issues seriously.  The agency does need more resources, but also a new spirit.  If the FTC had been on the job, and was examining how lending institutions were recklessly promoting loans and mortgages, maybe today’s mess wouldn’t be as tragic as it is.  More to come after the commission releases the principles.

Annals of Behavioral Targeting: New product designed to “to prompt a profitable response for every user”

Perfect timing for International Privacy Day.  A new behavioral targeting product that will soon be released.  Here’s an excerpt from the press release:  “TARGUSinfo, the leading provider of On-Demand Insight(SM) about prospects and customers, plans to unveil AdAdvisor(SM) services…a new predictive-targeting solution leveraging the industry’s largest repository of verified offline lifestyle and demographic information. “The power of AdAdvisor is that it enables ad networks, publishers and advertisers to serve the ad most likely to prompt a profitable response for every user based on the most predictive offline consumer information,”…When an ad network sees a user on its’ publisher network, AdAdvisor cookies relay precisely which segment they fall within and enables ad networks and publishers to serve the most relevant advertisement — from the moment they first encounter users.”…Extensive Coverage – More than 50 million unique cookies, each embedded with highly predictive data attributes.”

and from Targusinfo’s site:  “Each AdAdvisor cookie contains verified, household-level demographics, interests and purchase behaviors. Our cookies are then deployed to score Internet users according to their unique segment — enabling you to serve the ad most likely to trigger a response…

“We deliver unprecedented predictive power. Our cookie-based services deliver rich, offline consumer information to boost existing behavioral-targeting methods.”

The company’s privacy policy states that “AdAdvisor services place a cookie containing non-personally identifiable information on a user’s computer…AdAdvisor cookies enable Web sites using the Services to recognize users when they return to those Web sites…The cookies used by the Services do not contain any personally identifiable information. Instead, the cookie contains anonymous, non-personally identifiable categories of information which are derived as a result of a user’s registration through one of our registration partners.”

It’s not personally identifiable but, in their own words, “recognize users” when they return to sites!  It’s anonymous, but includes user “registration” data via third parties! This is another example of why the FTC and the Congress has to reform privacy safeguards.  The antiquated concept of what is considered personally identifiable has to brought into the 21st Century and the Obama Administration era.