A group of 15 Web users filed a lawsuit Monday against behavioral targeting company NebuAd and six Internet service providers that tested the company's platform.
The lawsuit, brought in federal district court in San Jose, Calif., alleges that NebuAd's platform violated Web users' privacy. NebuAd purchased information about subscribers' Web activity from Internet service providers and used that data to send people targeted ads.
"The collection of data by the NebuAd device was wholesale and all-encompassing," the lawsuit alleges. "Like a vacuum cleaner, everything passing through the pipe of the consumer's internet connection was sucked up, copied, and forwarded to the California processing center. Regardless of any representations to the contrary--all data--whether sensitive, financial, personal, private, complete with all identifying information, and all personally identifying information, was recorded and transmitted to the California NebuAd facility."
Several months ago, the Redwood City, Calif.-based company said it was going to retreat from behavioral targeting based on data provided by Internet service providers. But before making that decision, the company tested its platform with at least six broadband service providers--Bresnan Communications, Cable One, CenturyTel, Embarq, Knology and WOW, all of which were named as defendants in the lawsuit.
NebuAd said that all data collected was anonymous, in that the company did not know users' names or phone number and did not retain copies of the IP address associated with users. NebuAd also said that it did not collect sensitive data, and that users would be able to opt out of the platform.
But privacy advocates and other critics were skeptical. Among other concerns, advocates said it might be possible to figure out people's identities from the massive clickstream information that NebuAd was collecting.
Consumer advocates also were alarmed by the sheer scope of information available to NebuAd. Unlike older behavioral targeting companies that only collected data from a network of publishers, Internet service providers have access to everything--including activity at search engines and at non-commercial sites, such as sites operated by religious groups.
Congress held hearings this summer after learning of NebuAd's platform. As part of its investigation, the House Energy and Commerce Committee sent letters to 29 Internet service providers, asking if they had worked with the company.
The six Internet service providers named in the lawsuit all answered that they had tested NebuAd's platform. One of the companies, the Washington Post Company's Cable One, acknowledged that it did not notify customers about the NebuAd test or allow them to opt out.
The plaintiffs, who are seeking class-action status, allege that NebuAd violated a federal wiretap law, California privacy law and computer fraud law, among others. They are asking for damages as well as an injunction ordering the company to delete any data about them.
The lawyers who brought the case--Alan Himmelfarb and Scott Kamber of the firm Kamber Edelson, based in Vernon, Calif. and New York, and Joseph Malley of Dallas--recently sued Facebook for violating members' privacy with the Beacon ad program. That program, launched last November, initially informed users about their friends' purchases, unless they opted out. Facebook later made the program opt-in only.
Tuesday, November 11, 2008
Friday, November 7, 2008
Ringleader's Privacy Problem: No Opt-Out Of Tracking
NebuAd might think it had problems with privacy advocates, but that's nothing compared to what's in store for nascent mobile ad networks.
One such network, Ringleader Digital, has unveiled its new "media stamp" -- a cookie-like item that creates and stores profiles about cell users based on the mobile sites they visit. Unlike online advertising cookies, however, the media stamps are stored on Ringleader Digital's servers and not browsers, which means users can't delete them.
Ringleader Digital collects information based on characteristics of the device, but says it can gather enough data this way to create unique, "anonymous" stamps for every mobile phone user.
"We track devices, not individuals," the company said in a privacy statement issued today. Ringleader Digital adds that it doesn't collect mobile phone number, names, addresses or other so-called "personally identifiable information."
But the notion that anything other than name, address or phone number is "anonymous" has been discredited for a long time now. Consider, nearly every privacy organization, not to mention U.S. courts and lawmakers, hold that people have a privacy interest in their IP addresses -- even though they weren't traditionally considered personally identifiable. One reason is because examining enough activity associated with the same IP address can reveal that user's identity -- as famously happened when AOL released search histories for 650,000 "anonymized" IP addresses.
Thelma Arnold, formerly known as AOL User 4417749, was identified by The New York Times within days of the breach.
Cell phones are even more likely to be tied to a specific individual than an IP address. After all, one person sometimes connects to the Web from different IP addresses (at home and at work, for instance), just as family members might share the same IP address. But many users just have one cell phone, and they keep it with them all the time.
Unlike the doomed ISP-based behavioral targeting company NebuAd, the media stamp only collects information about users when they visit sites of participating publishers. That makes the company seem more similar to a Web-based behavioral targeting company like Tacoda or Revenue Science, and possibly more palatable to privacy advocates.
But, unlike the case with Tacoda, Revenue Science or other behavioral targeting companies, there is no way for consumers to avoid being tracked by Ringleader Digital. The company says people will be able to opt out of receiving targeted ads, but not out of the profile creation and storage. There's little chance that this kind of opt-out will satisfy privacy advocates.
For now, Ringleader Digital has signed up four publishers, including local search company go2 Media and mobile entertainment company Thumbplay. The mobile ad network plans to test the platform early next year.
One such network, Ringleader Digital, has unveiled its new "media stamp" -- a cookie-like item that creates and stores profiles about cell users based on the mobile sites they visit. Unlike online advertising cookies, however, the media stamps are stored on Ringleader Digital's servers and not browsers, which means users can't delete them.
Ringleader Digital collects information based on characteristics of the device, but says it can gather enough data this way to create unique, "anonymous" stamps for every mobile phone user.
"We track devices, not individuals," the company said in a privacy statement issued today. Ringleader Digital adds that it doesn't collect mobile phone number, names, addresses or other so-called "personally identifiable information."
But the notion that anything other than name, address or phone number is "anonymous" has been discredited for a long time now. Consider, nearly every privacy organization, not to mention U.S. courts and lawmakers, hold that people have a privacy interest in their IP addresses -- even though they weren't traditionally considered personally identifiable. One reason is because examining enough activity associated with the same IP address can reveal that user's identity -- as famously happened when AOL released search histories for 650,000 "anonymized" IP addresses.
Thelma Arnold, formerly known as AOL User 4417749, was identified by The New York Times within days of the breach.
Cell phones are even more likely to be tied to a specific individual than an IP address. After all, one person sometimes connects to the Web from different IP addresses (at home and at work, for instance), just as family members might share the same IP address. But many users just have one cell phone, and they keep it with them all the time.
Unlike the doomed ISP-based behavioral targeting company NebuAd, the media stamp only collects information about users when they visit sites of participating publishers. That makes the company seem more similar to a Web-based behavioral targeting company like Tacoda or Revenue Science, and possibly more palatable to privacy advocates.
But, unlike the case with Tacoda, Revenue Science or other behavioral targeting companies, there is no way for consumers to avoid being tracked by Ringleader Digital. The company says people will be able to opt out of receiving targeted ads, but not out of the profile creation and storage. There's little chance that this kind of opt-out will satisfy privacy advocates.
For now, Ringleader Digital has signed up four publishers, including local search company go2 Media and mobile entertainment company Thumbplay. The mobile ad network plans to test the platform early next year.
Subscribe to:
Posts (Atom)