Policy Post 6.03 | How to Reject DoubleClick's Double-Cross

CDT POLICY POST Volume 6, Number 3 February 1, 2000

A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY

CONTENTS:
(1) CDT Empowers Consumers to Reject DoubleClick's Double-Cross
(2) How DoubleClick's Tracking System Works
(3) Activist Network Administration

______________________________________________________________________

(1) CDT EMPOWERS CONSUMERS TO REJECT DOUBLECLICK'S DOUBLE-CROSS

DoubleClick, a company that uses "cookies" planted on the computers of many Internet users to customize online advertisements, has begun to link up online surfing habits and purchases with offline names, addresses and other identifying information, putting in place the last piece of a comprehensive Internet tracking system and threatening to deprive consumers of control over their identity online. DoubleClick's network includes such large Web sites as Altavista, the New York Times and Sesame Street.

But Internet users who care about their privacy can take action against the DoubleClick double-cross, reassert control over their data, and in the process send a message through the marketplace that anti-privacy business practices don't pay.

As a follow-on to "Operation Opt-Out," CDT has created a new Web site where users can opt-out of the DoubleClick cookie system and tell DoubleClick's partners "I Will Not Be Targeted."

The special site is at http://www.cdt.org/action/doubleclick.shtml. There you can:

1) Opt-out of DoubleClick's profiling activities - Opt-out is not the complete answer to online privacy woes. But with a single click, you can render DoubleClick's cookies meaningless on your computer.

2) Send a message to DoubleClick's member Web sites. We don't know which ten sites are disclosing subscriber identities to DoubleClick -- when we find out we'll tell you -- so for now you can use our site to spread the message to all major DoubleClick partners that your identity isn't to be sold or traded away to DoubleClick.

3) Send a message to DoubleClick's CEO that you want to decide what Web sites know your identity. We have created a simple online template that generates an email to DoubleClick CEO Kevin O'Connor.

If you care about your privacy and want to surf the Web without your every move being recorded in a giant database and connected to your name, it's time to just say no to DoubleClick's profiling. And tell the companies that work with DoubleClick that your identity isn't for sale.

______________________________________________________________________

(2) HOW DOUBLECLICK'S TRACKING SYSTEM WORKS

When a user visits one of thousands of popular Web sites in the DoubleClick system, DoubleClick plants a "cookie" (an id number of sorts) on the user's computer. Most users don't even know that the cookie is in operation. The cookie allows the DoubleClick network to recognize that computer when it visits the same site again or another site, allowing, for example, online publishers and advertisers to customize content and advertisements based on a user's prior visits.

DoubleClick uses "cookies" to collect information about how individuals use the Web -- the sites they visit, the search terms they use and other queries they make, their online purchases, their "click through" responses to advertisements. In addition to compiling long lists of visited sites and pages, a user profile may contain "inferential" or "psychographic" data - information that the company infers about users based on their surfing habits.

DoubleClick has repeatedly stated that its cookies identified computers, not people -- that it couldn't link its "cookies" to names and home addresses or other elements of personal identity and didn't want to do so.

Now, DoubleClick acknowledges that it has begun to tie surfing habits and online searches to personal identity. DoubleClick has quietly entered into an arrangement to collect names, addresses, and other personal information from Web sites where Internet users knowingly register. So far, at least ten Web sites (the Company hasn't said who they are) are participating by providing DoubleClick the identity of their subscribers. Thus, DoubleClick, to whom you have never revealed your identity, may have access to your name, credit card number, and home address.

When a site discloses your identity to DoubleClick, the final piece of a massive tracking system falls into place. DoubleClick can link your cookie to your name whenever you visit any of the 1,500 Web sites in the DoubleClick network, which includes such prominent online companies as CBS Sportsline, Travelocity, drkoop.com, Mindspring, TheStreet.com, NBC and the Wall Street Journal. From then on, as you surf the Web, DoubleClick knows who you are, and can track your online habits, purchases and even search terms.

Moreover, DoubleClick can tie information about your use of the Web to information about your offline habits -- gathered by DoubleClick's recently acquired catalog purchasing database company, Abacus.

For more background:

The story by Will Rodger in USAToday that first revealed the DoubleClick practice: http://www.usatoday.com/life/cyber/tech/cth211.htm

CDT's testimony on online profiling and advertising companies, including DoubleClick: http://www.cdt.org/testimony/ftc/991130mulligan.shtml

______________________________________________________________________

(3) POLICY POST ADMINISTRATION

To subscribe to CDT's Policy Post list, send mail to majordomo@cdt.org In the BODY of the message type "subscribe policy-posts" without the quotes.

To unsubscribe from CDT's Policy Post list, send mail to majordomo@cdt.org In the BODY of the message type "unsubscribe policy-posts" without the quotes.

Detailed information about online civil liberties issues may be found at http://www.cdt.org/.

This document may be redistributed freely in full or linked to http://www.cdt.org/publications/pp_6.03.shtml.

Excerpts may be re-posted with prior permission of ari@cdt.org