Category: behavioral targeting watch

Commercial Domestic Surveillance: The new White House Website, YouTube & Privacy

In a post for CNET yesterday, privacy expert Chris Soghoian revealed that President Obama’s White House “has quietly exempted YouTube from strict rules relating to the use of cookies on federal agency Web sites.”   Federal rules prohibit the use of what are called “persistent cookies,” that can track an online users activities and behavior.  Soghoian cites the new White House privacy policy that states, “A waiver has been issued by the White House Counsel’s office to allow for the use of this persistent cookie.”  Google’s YouTube received this exemption, notes the White House site, “to help maintain the integrity of video statistics.”

Now the White House has made a quick change, according to a post written today by Soghoian.  “Obama’s web team rolled out a technical fix that severely limits YouTube’s ability to track most visitors to the White House website,” he writes. “By late Thursday evening, each embedded YouTube video had been replaced with an image of a video player, which a user must click on before the real YouTube player will be loaded. The result of this change is that YouTube is now only able to use cookies to track users who click on the “play” button on an embedded YouTube video — the majority of people who scroll through a page without clicking play will not be tracked.”  But he also describes the new approach as a “band-aid. Those users who do click the play button will be secretly tracked as they navigate the White House website — and if those users have visited YouTube or any other Google run website in the past, the fact that they watched an Obama video will be added to the existing massive pile of data the company has compiled on each web surfer.”

But for those White House web site visitors who do click on the YouTube videos, they will likely become part of the data analysis which could be generated via Google’s YouTube Insight.  That’s a video analytics tool providing “detailed statistics” on video use.  One Google executive offered a commercial example of the tools’ features: “YouTube’s geographical insights could help marketers determine ad effectiveness and campaign optimization. For instance, he said, different versions of a movie trailer might perform better in different regions.”  Other YouTube analytical data available  includes a “demographics tab that displays view count information broken down by age group (such as ages 18-24), gender, or a combination of the two, to help you get a better understanding of the makeup of your YouTube audience. We show you general information about your viewers in anonymous and aggregate form, based on the birth date and gender information that users share with us when they create YouTube accounts.”  (Google says “individual users can’t be personally identified.”  But the company has embraced a narrow definition of what privacy protections users should expect, the so-called APEC standard).

Persistent cookies, explains U.S. Military Academy computer science professor Greg Conti, “can exist for many years…repeatedly identifying the user to the issuing web site…persistent cookies are specifically designed to uniquely identify users on return visits to web sites…In terms of anonymity, this is bad.  Advertisers have found innovative ways to exploit cookies to track users as they visit web sites that contain ads or other content.”  [source is Professor Conti’s terrific book, Googling Security:  How Much Does Google Know About You?  Addison-Wesley.  2009.  Page 73]

Of course, Google/YouTube’s cookie placed via a White House visit sets the stage for the company to further track and analyze citizens/ users.  Given YouTube’s ever-growing expansion as a commercial video advertising service, its ability to harness the White House data cookie will undoubtedly prove useful for the company.

The revised White House privacy policy does offer users a way to view the videos “without the use of persistent cookies” through the extra step of clicking the “link to download the video file… provided just below the video.” But we think opt-out is the incorrect approach.

The Obama White House should set the standard for protecting privacy in the digital era.  They should maintain the prohibition on persistent tracking cookies.  Nor should they permit any commercial operator, including Google’s YouTube, to engage in federally-sanctioned data collection.  We know the new Obama Administration has many important issues to address.  But they also need to develop a sophisticated critique of the online advertising industry, ensuring privacy and consumer protection.  The Obama Administration should be able to articulate a balanced perspective– that can take advantage and foster the democratic potential of digital media, while also meaningfully addressing the harms.

The Interactive Advertising Bureau’s Official Definition of Behavioral Targeting

As the debate on privacy, consumer protection, and online marketing is renewed, it may be useful to see how the interactive ad industry classifies its practices.  Here is the definition of behavioral targeting from the IAB’s own glossary of terms.  My bold:
“Behavioral Targeting-
A technique used by online publishers and advertisers to increase the effectiveness of their campaigns. Behavioral targeting uses information collected on an individual’s web browsing behavior such as the pages they have visited or the searches they have made to select which advertisements to be displayed to that individual. Practitioners believe this helps them deliver their online advertisements to the users who are most likely to be influenced by them.

Here are a few other terms used by the IAB that illustrate some of the the online ad industry’s data collection and targeting process:

Click-stream –
1) the electronic path a user takes while navigating from site to site, and from page to page within a site; 2) a comprehensive body of data describing the sequence of activity between a user’s browser and any other Internet resource, such as a Web site or third party ad server.
Heuristic –
a way to measure a user’s unique identity. This measure uses deduction or inference based on a rule or algorithm which is valid for that server. For example, the combination of IP address and user agent can be used to identify a user in some cases. If a server receives a new request from the same client within 30 minutes, it is inferred that a new request comes from the same user and the time since the last page request was spent viewing the last page. Also referred to as an inference.

Profiling –
the practice of tracking information about consumers’ interests by monitoring their movements online. This can be done without using any personal information, but simply by analyzing the content, URL’s, and other information about a user’s browsing path/click-stream.
Unique user –
unique individual or browser which has either accessed a site (see unique visitor) or which has been served unique content and/or ads such as e-mail, newsletters, interstitials and pop-under ads. Unique users can be identified by user registration or cookies. Reported unique users should filter out bots. See iab.net for ad campaign measurement guidelines
Web beacon
a line of code which is used by a Web site or third party ad server to track a user’s activity, such as a registration or conversion. A Web beacon is often invisible because it is only 1 x 1 pixel in size with no color. Also known as Web bug, 1 by 1 GIF, invisible GIF and tracker GIF.

Google, YouTube, and DoubleClick Cookies Placed on Users of YouTube’s new Congress Channels, Says Computer Scientist

Columbia U computer professor Steven M. Bellovin has an important post on the privacy issues raised by YouTube’s new House and Senate channels.  He writes [excerpt, our emphasis] that:

“I opened a fresh web browser, with no cookies stored, and went directly to the House site. Just from that page, I ended up with cookies from YouTube, Google, and DoubleClick, another Google subsidiary. Why should Google know which members of Congress I’m interested in? Do they plan to correlate political viewing preferences with, say, searches I do on guns, hybrid cars, religion, privacy, etc.?

The incoming executive branch has made the same mistake: President-Elect Obama’s videos on Change.gov are also hosted on (among others) YouTube. Nor does the privacy policy say anything at all about 3rd-party cookies.

Video channels providing the public access to members of Congress and the new Administration should be in the forefront of privacy protection-and not serve as a data collection shill for any company.  Nor should one company be permitted to shape broadband video access to federal officials.

Get Set, Ready, Regulate!: Online Marketing and Data Collection in 2009-2010 [see how everyone “owns” your data except you!]

New Year, new Administration and Congress.  Plus a growing global concern from policymakers, advocates and citizens about data collection online.  Even the relatively feckless Federal Trade Commission will do more on the issue this year. Here’s a toast to hope for a honest discussion about the data collection and targeting system which embodies the online marketing apparatus.  Look at this excerpt from a story on behavioral targeting and online publishing from this week’s Advertising Age.  Note that everyone believes that can collect and use the data collected from observing an individuals’ behavior–and don’t even have to get permission from the actual person.  Such online marketing practices, of course, raise important civil liberties issues, as far as I’m concerned.

Here’s the excerpt:  “…Who created the customer and who owns the data generated by a visit or a sale? “Data is key; everybody wants to own it, everybody wants to use it. It’s not just ad networks — its portals, publishers and holding companies,” said Mike Cassidy, CEO of Undertone Networks. “The question to be answered is who owns the data, if anybody.” In the offline world, publishers market their own subscriber lists. But online that data is harvested by a host of third parties such as Google’s DoubleClick, Microsoft’s Atlas and vast ad networks such as Platform A’s Advertising.com. “People are stealing from the media companies who have lost control of their data,” said Operative CEO Mike Leo….Here’s how it works: A publisher decides to allow an ad network to sell some of its inventory. That network places a cookie on the publisher’s site. Now, when a user leaves that site, and goes somewhere else, the network can track that user.”

source:  “As Tracking Proliferates, Web Publishers are Left Out: Behavioral Targeting Punishes Producers of Original Content.”  Michael Learmouth.  Advertising Age.  January 5, 2009 [sub may be required].

Behavorial Tracking a User of Search and Display: Hey, FTC. Better Tighten Up Those Proposed self-regulatory rules [Annals of Behavioral Targeting]

Online ad companies, such as Microsoft, have been developing ways of tracking a users journey online (“engagement mapping” of the digital marketing “conversion funnel”) so the share of ad dollars can be more properly apportioned (meaning, it’s not only the ad companies providing the “last-click” that receives all the credit).  We have long been troubled by the stealth tracking and commercial surveillance system being put in place.  Rich media online ad company Eyeblaster has developed a similar service.  Here’s an excerpt from a trade article.  After you read it, think about the FTC during an Obama Administration, and what we should expect it to do under a new majority:

“Eyeblaster has introduced Channel Connect for Search, a service that helps marketers track consumers who click on their display ads but do not transact immediately.

The service places a cookie on a user’s computer that remains on his or her desktop for 30 days. Eyeblaster customers can then identify those individuals when they later convert through search.

“It bridges the gap between display and search advertising,” said Thomas MciIheran, senior media manager with digital media agency Sicola Martin, which is based in Austin, TX. “It’s such valuable information, because there are clients who say display advertising isn’t working, and they think they should stop. This could be eye opening for them, because it shows that display is leading to search, and how much.” …The new service is “able to pinpoint crucial campaign data and draw important insights about the interaction of our search and display ads,” said Harry Case, director of media analytics and technology at Mindshare, in a written statement. “In the end, it provided us with a more comprehensive overview of user behavior.”

A Behavorial Targeting Example Shows Why Privacy Laws are Required, including a New and More Accurate Definition of Personally Identifiable Information

Interclick, “one of the largest advertising networks in the U.S., reported higher revenues today.  The company says that it collects “non-personally identifiable information (non-PII)” via cookies.  Here’s what Interclick considers, like other online advertisers, non-PII: “On the interCLICK network, we collect non-personally identifiable information (non-PII) such as web sites visited, content viewed, ad interaction, interaction with advertiser websites, IP addresses, search terms used, and other click and browsing behavior. Additionally, we may collect non-PII technical information including IP address, OS, browser type, language settings.

Meanwhile, Interclick’s behavioral targeting “option” for advertisers explains that its: “innovative behavioral targeting filters allow you to target the right individual users at the right time, increasing the effectiveness of your campaigns. With over 350 behavioral categories, interCLICK can get as precise as you want.

We segment users based on observed behaviors into 3 interest levels: slightly, moderately and very. Furthermore we use frequency and recency to classify these interest as short, mid, or long term interests. As the user navigates throughout our network of sites, we continually adjust their profile based on anonymous observations, assuring the accuracy of our profiles.” It offers “Behavioral Segmentswhich allows online advertisers to “Leverage interCLICK’s massive data warehouses to effectively target users who have been determined to exhibit certain behaviors throughout interCLICK’s network. interCLICK offers over 350 different Behavioral Targeting categories/sub-categories.”

Among the segments include financial services including “personal banking seekers, credit card seekers, retirement investing.”   There’s a segment targeting “college seekers,” raising issues related to youth marketing.  Another segment is on “health,” including categories targeting “Diet & Fitness Enthusiasts.”

InterClick is just of many ad networks engaged in such data collection and targeting.  But it illustrates why the online ad industry must be regulated, to protect consumer privacy and welfare.

Google’s Doubleclick Using Widgets to “give advertisers the ability to tap into the incredible power of potential brand evangelists”

Google’s Doubleclick division is working with social media and widget advertising company Gigya so marketers can “integrate a viral component into any campaign to allow consumers to “snag” or “grab” the ad onto their personal homepage or social network page.” We think the Doubleclick release is very revealing. So here are some choice excerpt excerpts:

“Widgets are part of a fundamental change within the online marketing arena,” said Ari Paparo, vice president of advertiser products for DoubleClick. “Widget Ads provide audiences with the ability for self-expression and identification with well-loved brands while providing marketers the benefits of virality and engagement along with the measurability of traditional online channels.”…

“Incorporating viral functionality helps give advertisers the ability to tap into the incredible power of potential brand evangelists,” said Ben Pashman, vice president of business development with Gigya,…enabling great creative to enter a user’s social circle, where it may become an even more powerful, user-endorsed ad unit.”

Widget Ads may be distributed in a multitude of ways including branded websites, word-of-mouth outreach and even through another rich media ad… integration with the industry-standard DART platform allows for valuable Widget Ad metrics including impressions, interactions, video metrics, viral “grabs” for different social networks, and reach and frequency…”

No so sweet on Privacy—a new “Behavioral Targeting Suite” [Behavioral Targeting Watch]

excerpt from Valueclick press release: “Mediaplex, today announced the release of its Dynamic Behavioral Targeting suite…to cost-effectively achieve true one-to-one messaging… Dynamic Behavioral Targeting – Enables advertisers to differentiate and segment qualified customers from prospects based on their prior activity, and serve the most appropriate message using dynamic, real-time creative. This means advertisers can truly deliver the most relevant offer at the right time, in real time… Dynamic Reporting… This level of reporting detail gives advertisers ROI metrics down to each individual offer, giving the advertiser the right level of data insights they need to make informed decisions regarding best performing creatives and offers.

source: Mediaplex Releases Dynamic Behavioral Targeting Suite:
Product Advancements Enable 1-1 Messaging, Eliminate Wasted Marketing Dollars and Improve Campaign Performance [press release]. Dec. 10, 2008

Tales of Behavioral Targeting: Merging Offline Databases with Online User Tracking

The folks at the Federal Trade Commission better toughen up its proposed privacy principles. And Congress and the new Obama Administration, of course, will need to step in. That’s because the online marketing behavioral targeting industry is rushing to push the data collection from unprotected consumer digital envelope. Take, for example, Datran Media. In an interview, a representative explains “Datran’s unique advantage is in the fact that we have figured out a way to aggregate more audience data than anyone else…We derive our behavioral and lifestyle data from real online and offline requests for information or transactions, and obtain our household-level demographics and interests from the most informative and accurate direct marketing databases available. We feel that the combination is unprecedented and unbeatable in the marketplace.”

On Datran’s website it explains to potential clients that its Aperture product “is the first and only advertising solution to leverage the power of offline demographic data – at the household level – with online display advertising to help identify, reach and define your ideal customers – no matter where they are on the Web.” Describing a “smarter way” to reach consumers, the company explains that:

  • Aperture is the only advertising solution that uses household demographic information to precisely target banner ads online, and report on the ads’ audience AND responders.
  • Aperture defines your customers by WHO they are and WHAT they do.
  • Retargeting capabilities bring customers back to your site with an added level of insight into who they are.
  • Leveraging 100 million + demographic profiles combined with proprietary transaction-based behavioral intelligence, Aperture is capable of delivering greater consumer insights than ever before.

Aperture provides deep insights into the effectiveness and reach of your campaigns – by the view and click – so you can make the best business, media mix and creative decisions for your brand.”

The company’s targeting capabilities are also explained:

“Using Datran Media’s proprietary 100 million+ household level profiles, Aperture can layer any of following criteria to define your ideal customer and target your ads directly to them anywhere they go on the web.

  • Household
  • Gender
  • Household Size
  • Number of Adults
  • Number of Children Present
  • Renter/Owner
  • Length of Residence
  • Marital Status

The company can also “layer” in such targeting parameters as one’s neighborhood [“Number of Adults, Median Number of Children Present, Median Annual Income,” etc.] as well as consumer “behavior” [“auto, insurance, personal finance, dating and romance,” etc.].

As we said to the FTC and the industry, just because technology permits you to collect data and target individuals, doesn’t mean one should do it without the complete prior informed consent of users. Industry leaders need to own up to what they are doing, and support the kind of privacy protections a digital democracy requires.

AT&T and a leader of its funded Privacy Forum Raises Questions About the Need for Safeguards

Those busy data collection bees at AT&T–including its funded Future of Privacy Forum co-head–appear to be working to undermine the growing movement supporting consumer privacy protection. According to a news report, a meeting was held last week at the University of Oklahoma on privacy issues. Forum co-director Christopher Wolf, whose law firm represents AT&T, is reported as placing behavioral targeting in a favorable light. Instead of calling for legislation, Wolf suggested that companies should create videos and other technical approaches to serve as supplemental privacy policies.

Also speaking at the event was Keith Epstein, “AT&T’s chief public policy and regulatory compliance counsel.” Here are the last two grafs of the story: There is no legislation pending in Washington regarding online privacy, Epstein said. A legislative solution if it did exist, he said, would be inflexible.

Epstein favored guidelines instead, and said the FTC should be issuing industry standards by the fall of next year.

AT&T’s stance on privacy legislation to protect U.S. consumers is troubling. It will have its deep-packet inspection, all-seeing ISP broadband clout, to monitor and then target each subscriber. AT&T should make it clear it supports legislation which provides real consumer protection (opt-in, transparency, control, extra protections on health, financial and youth data). Where is the privacy leadership at AT&T?