海角大神

ISPs enter the targeted ad game

Direct marketing is big business online. But this business shift has privacy advocates worried.

Until recently, Internet service providers (ISPs) were just that: a bare-bones channel through which the Web flowed to customers.

They were stuck manning the Internet spigot as Google and Microsoft lapped up the profits from incredibly successful targeted ads. Every time users type in search terms or read letters in Gmail, the company learns a little more about what ads might appeal to them. Online social networks such as Facebook have also cashed in on direct marketing by picking up keywords in user profiles.

But now, many ISPs want in on targeted advertisements. From their perspective, they are the best source for user data. Google can only track what users do on its sites. But since ISPs control the flow, they can monitor everything a customer does online.

It鈥檚 the marketing mother lode, but this shift in business practices worries some privacy advocates.

鈥淭here is a definite push for more data collection,鈥� says Alissa Cooper, chief computer scientist at the Center for Democracy and Technology. 鈥淸ISPs can also] collect your search terms. They claim they limit that. We haven鈥檛 done independent research, but if you look at the capabilities of their devices, they鈥檙e certainly capable of looking at other types of traffic.鈥�

Ms. Cooper鈥檚 colleagues take up this issue in a Senate Commerce Committee hearing this week. After a recent scandal where British Telecom reportedly tracked user data without alerting its customers, Congress wants to iron out what American ISPs are allowed to monitor and how much they need to disclose.

Already, 70 percent of Web users are aware that their Internet footsteps may be tracked for advertising, according to a TrustE survey cited by CNET. Yet just 23 percent are comfortable with such online tracking, even if companies agree not to share the information.

Even if Web users accept some online snooping, few expect ISPs to be the culprits, says Wendy Seltzer, a follow at Harvard University鈥檚 Berkman Center for Internet and Society.

鈥淭here is a difference between going to a site that you know will be including advertising and going to an ISP who you expect to be a simple carrier,鈥� she says. People can easily choose whether or not to use Google sites, but it鈥檚 much more difficult to switch ISPs.

In many cases, these ISP targeted ad initiatives are 鈥渙pt-out,鈥� meaning that the company automatically enrolls users. If people want out, they have to ask to be removed.

While European activists and legislators are up in arms about British Telecom鈥檚 questionable definition of user rights, legal professionals say laws in the United States are much less restrictive.

The European Union explicitly requires an 鈥渙pt-in鈥� on the part of users, so British Telecom likely will have to change their policy. Not so for American ISPs.

The US has 鈥渁 very market-driven, capitalistic approach,鈥� says Leslie Reis of the Center for Internet Technology and Privacy Law at the John Marshal Law School in Chicago. 鈥淭he US takes a mishmash approach to privacy. There are a lot of interests and a lot of lobbyists on the commercial side involved.鈥�

Part of the reason the rules are so murky is that the Privacy Act of 1984, the go-to law for Internet users鈥� privacy, has not adapted to the rapidly changing face of the Internet, according to Professor Reis.

鈥淥ther than one amendment that dealt with data mining, there have been no changes to this law,鈥� she says. 鈥淭his is a huge problem. The legislation was created when the Internet was a gleam in certain scientists鈥� eyes.鈥�

One solution: Companies can explain their privacy policies, usually as part of an 鈥渆nd user license agreement,鈥� which are those long blocks of text that people often see when they install a new computer program. While this is legally kosher, few actually read the fine print. That鈥檚 not always a good thing for companies. In some circumstances, websites have found it to be in their own interests to be transparent.

Last year, Facebook created a stir with Beacon, the part of its ad system that delivered social-network features to nonsocial sites. This allows a user to share her Web activity with friends across the Internet 鈥� and possibly with advertisers as well.

In November, several online privacy groups banded together to demand that Facebook not share any Beacon information without the user鈥檚 explicit consent. The company quickly reached out, explained how the new feature works, and retooled Beacon to ease privacy concerns.

Unfortunately, ISPs don鈥檛 necessarily have the same incentive to educate their customers. There鈥檚 far more competition between social-network sites than there is in the ISP market, says Ms. Seltzer. Signing up for a new service provider can take days, and some communities only have one ISP.

While the disincentive of restricting the market for targeted ads is present, Seltzer argues that regulation and the strength of the market are not diametrically opposed.

鈥淩egulation creates a framework for the targeted advertising business model to operate in,鈥� she says. 鈥淩egulation that preserves the Internet鈥檚 openness allows the many Web markets to flourish. It鈥檚 not regulation versus market, it鈥檚 regulation for the market.鈥�