Profiling This document has been submitted in response to the DoC's and FTC's Federal Register Notice Requesting Public Comment and Announcing Public Workshop on Online Profiling . We welcome comments from everyone on our submission. [Feedback] Cover Letter To: Re: Online Profiling Project - Comment, P994809 /
Docket No. 990811219-9219-01. Dear Sir Junkbusters Corp. is pleased to submit the attached comments in response to the NTIA and FTC's public invitation to comment. Our comments are best read from http://www.junkbusters.com/ht/en/profiling.html through a Web browser so that links to other pages may be seen and followed. I am emailing these comments so that may be placed on the Commission's web site if desired. Pursuant to point 4 of the Federal Register Notice's criteria we designate CME, EPIC, the NAMED, Privacy Times, and US PIRG as parties sharing group interests with us. I also request the opportunity to participate as a panelist, in the first session as an expert in profiling technology and software, and in the latter two sessions as a privacy advocacy group. Respectfully submitted [Feedback] Comment, P994809 1 What types of companies are engaged in online profiling or in the development of online profiling technologies? What are the relevant business models? By far the leaders in these technologies are ad networks and the companies that supply them with software and systems. This part of the industry has been undergoing a furious consolidation in recent months, and three "camps" have emerged as dominant:
As the companies listed above illustrate, there is a chain of ownership linking the profiling companies into other kinds of online and offline businesses. Furthermore, some of these companies offer for sale profiles to other businesses. So it would naive to assume any containment of profiling activities to one particular sector or area. Rather, they are becoming pervasive throughout all business-to-consumer commerce. Under the somewhat misleading name of "one-to-one marketing" companies, even manufacturers with no previous direct consumer relationship, such as Levi's jeans, are collecting and exchanging thousands of times more personal information than they were a few years ago. There is a distinction worth making between profiles initiated when a customer buys something from a merchant and those built by an organization such an an ad network, whose existence the consumer is unaware of, but even this distinction is blurred when profiles are obtained to "customize the web experience" before a consumer identifies herself, and when the information after identification is "enhanced" with demographic and psychographic data purchased from personal data vendors. Both these practices are becoming commonplace. 2.1 What types of information are currently being collected by online profiling companies from or about Web site visitors? Most companies do not discuss even the types of information collected. An exception is Engage Technologies, which has been open about its practices selling ``anonymous'' profiles gathered from web browsing. In August 1998 the New York Times ran a story titled Big Web Sites to Track Steps of Their Users, from clickstreams, which showed that hundreds of pieces of information were collected by Engage, but health and religious information was deliberately not collected. There is little reason to think that all companies will exhibit this restraint. For example, Experian has for years sold an "ailments" list, identifying sufferers of conditions from hemorrhoids to depression, and Acxiom among others sell data including religious denomination. Particularly troubling to many consumers is whether information is recorded about their visits to ``adult'' sites, a category which exhibits considerable diversity, and which accounts for approximately one billion dollars in ecommerce revenues. A consumer profiles is generally formatted as an "interest vector" - collections of numeric "scores" in several hundreds categories. At the time of the DoubleClick/Abacus merger, Abacus CEO Tony White told MSNBC "The goal is to have the most complete picture of the consumer you can." The near-term future of an unrestrained online ad industry is clear: hundred of millions of secret electronic dossiers containing a vast range of information about every aspect of people's lives. It is an Orwellian vision about to be made real. 2.2 What technologies do online profiling companies use to collect information about consumers? Please describe how these technologies function. The most common technique is the use of cookies by an ad network to observe and record the visits of consumers to specific pages of sites in their network. Although cookies were intended to be site-specific, networks are using a technique sometimes called cookie synchronization to be able to effectively "share" cookies and the information associated with them on the server side across multiple sites. For details see http://www.guid.org or http://www.junkbusters.com/cookies.html for example. The insidious effect of this technology is that once a user's identity becomes known to a single company with a cookie set, it is technically possible for any of the others to discover identity with every visit to their sites. Junkbusters has been alerting consumers to this threat since 1996, and specifically described it in our submission to the FTC in the summer of 1997. The prevailing state of the art has advanced considerably. It is now routine practice for commercial email in HTML format to include Web-based tracking elements that allow a company to determine whether, when, and from where the email was viewed, and to synchronize the address with a cookie. Other Internet media are also used as a means of surveillance. Both RealNetworks' RealPlayer and the Microsoft Windows Media Player carry GUIDs, ``and those numbers are transmitted to any site where you access a streaming file,'' according to the Seattle Weekly. (4/8) There is also evidence that some products report when specific tracks are played. The Forrester report also notes that "clever interactive tools such as Reel.com's Mood Matcher -- which helps customers find movies based on their moods -- and PlanetRx's personalized prescription filler make it possible for companies to collect "highly intrusive psychographic data that individuals would rarely provide on a standard registration form." 2.3 Do these technologies currently enable creation of anonymous profiles? A profile may or may not be associated with the name of a person. We prefer the term "pseudonymous" here. 3.1 Do these technologies currently enable the creation of consumer profiles that identify individual consumers? A profile may be associated with an individual by several means:
3.2 Do the profiles include information originally collected anonymously but later linked to an individual? This is certainly technically possible. It is difficult to know how prevalent this practice is because companies are generally secretive about such details. 3.3 Are online profiling companies currently creating such profiles? Some vendors that make "collaborative filtering" software, such as Net Perceptions, market their products as a "bolt-on brain" that greatly enhances the targeting performed on existing customers. 4 Are there technologies in development that will enable the creation of consumer profiles that identify individual consumers? If so, please describe. New companies and technologies are constantly appearing that do this. For example, in September Vignette and Edocs announced that they would combine their consumer data from multiple Web sites (including many major media sites) and bill payment to build more extensive profiles, Reuters reported. [Vignette Release] Vignette also proposed an XML standard called ICE to exchange consumer data. 24/7 Media has been reported as linking individual with cookies in an arrangement with a company that provides online product registration - Boston Globe (9/9, p. C1) 5 How is the information collected by online profiling companies used? The main direct use is to target advertising. Another use that is more hyped that used in earnest is customization of a site from the first time that a visitor enters. See Net Perceptions for example. 6 Is the information collected by online profiling companies being merged with other databases? If so, what kinds of information are included in such databases? How is the merged information being used? Yes. See the "enhancement services" offered by traditional database marketing companies such as Acxiom for example. The information is used for the same purposes: targeting and customization. See also our letters concerning the DoubleClick/Abacus merger and the excerpt from the NetDeals site below. 7 What are the costs and benefits, to both industry and consumers, of online profiling? There is no question that online profiles can and do have substantial economic benefits to both consumers and companies; the question should be whether the current manner in which profiles are being built has unacceptable consequences in what economists call "negative externalities": undesirable effects not measured as part of the economic equation. To quickly see the danger of ignoring these and being misled by the cost-benefit analysis presumed by the question, imagine asking in 1850 "What are the costs and benefits of rice and cotton farming?" or in 1965 "What are the costs and benefits of automobiles?" while ignoring issues such as slavery, deaths in road accidents, and environmental pollution. As in the case of slavery, the missing factor in the case of online profiling is the consent of the individuals concerned. Neither rice farming nor profiling is inherently bad, but forcing them unfairly on people is wrong. As in the case of automobile safety and pollution, the public is not being told about or offered alternatives, such as safer, cleaner cars; or in the case of profiles, profiles built with the informed consent of the individual, open to their inspection and destruction if desired, limited in scope and time, and following the principles of fair information practice. Profilers argue that more "relevant" advertising (i.e. more targeted messages based on more detailed profiles) result in lower prices and better products, but this minor effect does not trump the fundamental human rights of privacy any more than lower rice prices and a stronger trade balance trumps freedom from slavery. One prominent industry commentator has taken the advertisers' side of the argument to its logical conclusion. Evan Neufeld, senior analyst for Jupiter Communications in New York was quoted making the following statement in an interview in Silicon Alley Reporter in August 1999. I always thought the privacy thing should be flipped around and the government should be going after these privacy groups who actually want to hurt consumers by raising consumer prices. By keeping everything secret, where you can't learn from anything, and where you can't give people relevant advertising, you hurt the consumer. Most privacy and consumer groups would bristle at his allegation that their intention in seeking privacy is to hurt consumers, but the more coherent sentence here is the second one. It ignores the enormous amount of information that can be gained by aggregate data that is not personally identified. Also ignored is the possibility that "dynamic pricing" based on personalization may actually cause a net increase in prices, in favor of brand "spinners" and against the loyal stable customer who is too busy to constantly shop for a better deal. (Research by CALPIRG on shoppers' cards suggests that this form of personalization has not resulted in a net decrease in supermarket prices.) But if we accept Neufeld's thesis as valid, would we not also have to accept that any government action supporting consumers in the evasion of commercial solicitations is detrimental to society on the grounds that it results in higher prices? In 1970 the Supreme Court upheld a statute that allows consumers to stop unwanted junk mail, rejecting the appellants' contention that unimpeded communications are ``imperative to a free and sane society.'' We therefore categorically reject the argument that a vendor has a right under the Constitution or otherwise to send unwanted material into the home of another. If this prohibition operates to impede the flow of even valid ideas, the answer is that no one has a right to press even ``good'' ideas on an unwilling recipient. Similarly, we contend that marketers should not have the right to extract information from a consumer's web browsing at home to build profiles without observing fair information practices such as first obtaining the consumer's consent. 8 What are consumers' perceptions about online profiling? Please provide the results of any studies or surveys addressing this question. It would be difficult to obtain survey results because so few consumers are aware of what profiling is performed. At the time of the DoubleClick/Abacus merger, Forrester's Jim Nail told MSNBC "I don't think the average consumer has any idea that individual transactions are being dumped into a monster database. The fact that it's not only being released with other catalogers but with any Web marketer is crossing a boundary." The GVU's 6th WWW User Survey concluded ``The notion that people like to receive targeted marketing material is not supported by the data, regardless of the medium. There is high agreement on these issues across strata.'' Industry surveys also routinely show that the majority of people don't click on a banner ads even once per year. The marketing newspaper DM News reported (1998/10/12) that a study by Forrester Research, showed that consumers are not responding favorably to Internet advertising. Their study study found that only 37 percent of new Internet users have ever clicked on banner ads. The percentage increased to 62 percent after 42 months of online experience. Clearly advertising, targeted or not, is not a strongly desired part of the online experience. Since the chief benefit of these profiles is targeted advertising, it is unlikely to be appreciated even if most consumers understood the link. 9 What are the beneficial uses of the information collected by online profiling companies? The primary benefit inures to ad companies in the form of higher CPMs (cost per thousand ads delivered). For untargeted "eyeballs" this is typically around $10; for highly targeted deliveries it often rises to $30 or more. Ad companies argue that their trade supports free content on the web. This is true, but it does not justify arbitary privacy intrusions. The web has a superabundance of content (how many weather sites do we need?) and there will always be some companies whose finances are marginal. Most companies maintain their sites as a way of lowering transaction costs and reinforcing their franchise with existing customers. The claim of some advertisers that without ever-more targeted advertising the economics of the web will collapse lacks credibility. In the case of a consensual relationship with a merchant, many consumers request and enjoy the convenience and personal service that is possible with online account histories. For example, Amazon.com provides a service by which customers can request email notifications of new books of interest. This kind of profiling is a considerable distance from the surreptitious profiling of ad networks, but should still become fully compliant with fair information practices, including rights of access. In many cases, profiling information has very beneficial effects for consumers, companies and the economy. But in many cases the information practices that companies are scrambling to assemble are simply unfair and dangerous, and there's no reason for them to be, other than a slight inconvenience and expense to the companies of doing the right thing. 10 Are consumers' privacy interests implicated by the collection, compilation, sale and use of information collected by online profiling companies? If so, please describe. Yes, clearly. The current received definition of privacy is ``...is the claim of individuals... to determine for themselves when, how, and to what extent information about them is communicated to others...'' Consumers currently have few effective means to determine which organizations store and communicate information about them. 11 Do online profiling companies disclose the ultimate uses of the information they collect? If so, what is the nature of such disclosures? Where possible, please provide examples of such disclosures. Disclosures, where present, are usually very vague, as this example from http://win.netdeals.com/getaway/ shows. When you register on NetDeals you provide us with personally identifiable information such as your name, home address and e-mail. We combine that information with other information about you that is available to us. This includes other personally identifiable information and certain non-personally-identifiable information, such as the type of browser you use. We participate in the DoubleClick Information Alliance and share the information we have about you with that Alliance. You can contact DoubleClick at info@doubleclick.net if you have any questions about the Alliance. Through the DoubleClick Information Alliance, we will use the information you provide to us, alone or in combination with other online and offline information, to deliver targeted advertising messages to you. One prominent and disgraceful example is the language used by Microsoft's Internet Explorer (a Web browser) when a user asks to be notified of cookies. The notice states that the site would like to "personalize" the visitor's experience by placing a file on their PC. No consumer would be even vaguely anticipate what is happening with ad networks based on this notice. 12 Do online profiling companies provide effective mechanisms for a consumer to remove his or her information from their databases or otherwise control the use of such information? Some provide a farcical opt-out mechanism. For example, the following statement dates from October 1998 on DoubleClick's site. While some third parties offer programs to manually delete your cookies, DoubleClick goes one step further by offering you a "blank" or "opt-out cookie" to prevent any data from being stored. This is one of the most laughable instances of the fake-privacy notion of opt-out. A parody makes this clearer: While some hotels offer hardware to lock your door, the DoubleClick Inn goes one step further by offering you a "do not disturb" sign to prevent your door ever being opened. DoubleClick's "opt-out cookie" does not prevent data being stored; it is itself a piece of data being stored on the consumer's PC which DoubleClick says it will interpret to indicate that its servers should not store further profile information associated with that PC and cookie. The opt-out cookie will itself expire, and may be pushed out of the limited space allocated to cookies by the browser. Further, it is unclear whether, for example, DoubleClick still stores information about the IP address used, which in the case of static IP addresses is constantly associated with the user. Also unclear is whether information previous collected is then deleted. It is difficult to imagine any consumer who would go to the effort of understanding what cookies do and how ad networks work, and then choose as a remedy DoubleClick's opt-out mechanism. A far more plausible and widespread reaction is to reconfigure one's browser to restrict cookies, or to use cookie management or ad filtering software. But in a spectacular 13 Do online profiling companies provide consumers an opportunity to choose whether and how their information will be collected and used? If so, please describe the choices that consumers are given and how consumers can exercise these choices. Many offer Hobson's choice: let us track you or get out of our web site. Leading examples include Healtheon, and Expedia and other Microsoft sites. 14 What is current industry practice, with respect to information already collected from individuals, when there is a later change in the company's policies? Current industry practice is to simply post the change in the privacy policy. There is rarely even have a notice period. 15 What is the current industry practice, with respect to information already collected from individuals, when there is a material change in the corporate structure or business contracts governing such information, such as through a merger, joint venture, or sale of customer lists? Generally, the buyer gets the data, and a consumer who wants to stop her data being transferred has to try to stop it. Few companies are configured to destroy data on request at any time, so this is generally not available. Companies rarely inform consumers explicitly of the event. The buyer usually wants the customer data as part of the assets being bought. Junkbusters was told by a Firefly executive that when Firefly was sold to Microsoft, its members were asked to opt-in to the transfer of the profiles, but we have not seen confirmation of this. The following quote DoubleClick's privacy policy addresses their merger. On June 14, 1999, DoubleClick and Abacus Direct Corporation announced their plan to merge in the third quarter of 1999. Abacus currently maintains a database consisting of personally-identifiable information used primarily for off-line direct marketing. DoubleClick has no rights or plans to use Abacus' database information prior to the completion of the merger. Upon completion of the merger, should DoubleClick ever match the non-personally-identifiable information collected by DoubleClick with Abacus' database information, DoubleClick will revise this Privacy Statement to accurately reflect its modified data collection and data use policies and ensure that you have adequate notice of any changes and a choice to participate. 16 Do online profiling companies provide notice and choice with respect to how already-collected information is handled under changed circumstances? Some privacy policies include language along the lines of "we can change our mind anytime by changing our posted language, and you can close your account if you want." Most ignore the question. 17 What, if any, legal or other practical issues would be implicated in the creation of effective self-regulatory programs to govern the sorts of changed circumstances described in Question 16? Self-regulatory programs have been shown to be endemically ineffective in this environment. See for example the example of Microsoft and TRUSTe. Remember that the buyer wants the customer data as part of the assets being bought, and the seller wants to maximize his price. Expecting self-regulation to work here is expecting parties in a negotiation about money to leave money on the table. It's completely naive. 18 Do online profiling companies provide consumers the opportunity to see what information has been collected from or about them and the ability to correct errors? If so, please describe. We are not aware of any ad networks that do this. At least one profile-building shopping site, http://www.dash.com provides the user with complete access to the user's profile, along with the capability to edit and destroy any part or all of the profile. (Disclosure: Junkbusters advised Dash on the design of its information practices.) The Forrester report urged companies to give consumers such capabilities. Acxiom offers such access on some of their data products, but it is not clear to us whether or how far this extends into Acxiom's online data. 19 What procedures have online profiling companies instituted to maintain the security of the information they collect? Every company has a duty and incentive to maintain a high level of data security, and doubtless many have diligently spent the time and money to achieve appropriate levels of security, but the large number of incidents reported this year suggests that the prevailing level of security is woefully inadequate. For example, in late August Microsoft's Hotmail service was left open for anyone who followed instructions posted on the Internet to read the email of any Hotmail member. We did not see any report that the profile associated with the member was also compromised, but this would clearly be equally possible, and such a breach will be increasingly dangerous as Microsoft has recently integrated with Hotmail its Passport service, which Wired News noted will be logging records of all the sales across its partner sites, building up ``a monumental database of consumer behavior.'' In the past year dozens of companies, from General Motors to Butterball, (a brand of turkey), have accidentally placed profile data on the Web, where the databases could be downloaded by anyone. In many cases the data included name, address, marital status, and whether the household has children. In August 1999 DoubleClick filed suit over ads run by its competitor AdForce claiming that DoubleClick has given confidential information about its customers to their competitors. "You've just been Double Clicked," say the ads. DoubleClick maintained that the accusation was false. The companies later settled with a stipulated injunction. 20 What self-regulatory efforts have online profiling companies undertaken to address concerns raised by their collection, compilation, sale, and use of consumer information? How do these efforts address the fair information practice of notice, choice, access, security, and enforcement? What are the costs and benefits, to both consumers and businesses, of such self-regulatory efforts? TRUSTe has initiated an "Advertising Affiliate Program" specifically for ad networks. According to a spokesperson for Imgis, an online ad company, ``to guarantee that users will respond positively to Web ads, people must be assured that no one seeing their data in the course of an online transaction will sell it to third parties, including ad serving companies.'' Sites will be audited twice a year to ensure they abide by their privacy policy. Chuck Berger, chairman and CEO of Imgis, told ZD Net "We initiated the idea for this program to promote end-to-end self regulation for the online advertising industry." Unfortunately nothing has been heard of this initiative since March 1998, and the industry has gone on to do exactly the things that this self-regulatory measure sought to prevent. Junkbusters asked has TRUSTe to explain what happened, and has received no explanation. In the intervening year and a half, Imgis has changed its name to AdForce and been bought by CMGi. Some web companies maintain that since their services are given away free, they should be able to do whatever they want with consumers' personal data. This makes as much sense as saying that toys or automobiles that are given away free should be exempt from basic safety requirements. Free services should still be required to observe fair information practices. The costs of observing fair information practices would be a very tiny percentage of most businesses, but the absolute figures would be substantial, which explains why businesses are spending large amounts of money lobbying to stop the government imposing them. Each business will attempt to minimize its costs by doing as little as possible, which translates into the least regulation that is politically achievable. Here lies a "tragedy of the commons": the consumer population is therefore being left unprotected, resulting in distrust and non-participation. It is fair to impose costs due to regulation on all companies, indeed it is more fair than expecting good actors to volunteer for expenses that will not be borne by their less altruistic or less farsighted competitors. All automobiles sold in the US must meet basic safety standards; it would be preposterous to expect manufacturers to voluntarily choose their own minimum requirements and to rely on consumers' preference for safe cars. Advocates of self-regulation are asking the Administration to believe an equally preposterous premise, that companies should choose minimum privacy standards, and (even more implausible) that they should be the ones to ensure these standards are maintained. This makes as much sense as putting the Fortune 500 companies in charge of setting taxation policy for the IRS, and for running its compliance division. Privacy advocates have been saying for years that self-regulation is not providing privacy protection and that nobody should expect it to. Recently an independent and respected research firm, Forrester Research, which makes its money by advising companies, issued a report that was highly critical of self-regulation. The report suggests that the FTC, rather than producing reassuring messages to the industry, should push companies to take bigger and faster strides towards complying with already established privacy principles. Forrester also suggests that companies should be required to make customer profiles available to users, including all parties with whom data is shared, and provide the ability for customers to control who the information is shared with and the option to remove themselves from lists. Finally, the report says that "because independent privacy groups like TRUSTe and BBBOnline earn their money from e-commerce organizations, they become more of a privacy advocate for the industry -- rather than for consumers. The FTC should call for a consumer-based organization to provide principles and redress." 21 Are there any efforts currently underway or planned to educate consumers and businesses about online profiling? If so, please describe. The industry "educates" itself as part of the processes of sales and business development; but rather than using the nasty-sounding word "profiling" they speak of "one-to-one marketing" or "personalization". For an example see the "Personalization Summit" at http://www.personalization.com on the Web. Early media coverage of Netcoalition suggested it would offer advice to the public in addition to lobbying against privacy laws. So far the web site consists of two pages of press release. Most marketers desperately want not to talk about this topic, and those who do are chastised by their colleagues. Denny Hatch, a veteran marketer, former editor-in chief of Target Marketing and author of the book Method Marketing: how to make a fortune by getting inside the heads of your customers, wrote ``Many marketers are insensitive goons who happily love to show off how much they know about a person--reeling off information about a person to a person which was obviously obtained elsewhere.'' After recounting several horrific incidents, his book concludes ``Aren't marketers playing fast and loose with highly sensitive, intensely private data? Once fully understood by government and consumers alike, aren't marketers heading for a cataclysmic juggernaut with regulators who could legislate us all back to the Stone Age of database technology?'' Yes Denny, they are playing fast and loose with highly sensitive, intensely private data. But once they are fully understood by government and consumers, you'll still be able to use your database technology. You'll just have to ask those people first. |