Senators, Tech Giants Seek Answers on Privacy - Page 2

Page 2 of 2

FTC advocates self-regulation

The FTC has taken heat from parties on both sides of the issue -- those who believe it meddles too much in a market that is humming along just fine and those who champion robust privacy protections through a government mandate.

The agency is currently looking over comments it received regarding the self-regulatory principles for behavioral targeting it proposed in December.

Although the FTC supports self-regulation, Leslie Harris, president and CEO of the public-interest watchdog group Center for Democracy and Technology, differed. "Self-regulation is not the answer," she countered. Harris appealed for the FTC to make its guidelines enforceable -- either through its own authority or an act of Congress.

"Existing privacy protections are outstripped by technology, and there is a lack of transparency about behavioral advertising practices, and an absence of meaningful controls to help consumers make informed decisions about the use of their data," she said.

Consumers prefer relevant ads, and the targeted ad-based model has made much of the Web free, said Lydia Parnes, director of the FTC's Bureau of Consumer Protection. "At the same time, many consumers express discomfort about the privacy and data security implications of being tracked," she added. "Without adequate safeguards in place, consumer data could fall into the wrong hands or be used for unanticipated purposes."

But the rapid evolution of technology in the online ad space is a common argument for opponents of regulation. Sen. Jim DeMint (R-S.C.) asked Parnes how long it would take the FTC to sort through the comments they received and finalize their self-regulatory principles for behavioral targeting. She declined to give a timeframe, but when pressed, said she hoped it would be within a year.

"It would be my hope that you continue to see your responsibility as protecting consumers and not necessarily attempting to manage and regulate different aspects of our economy," DeMint told Parnes.

Another point of contention was just how much of a threat to privacy is the information that companies are collecting. Google's Horvath and Microsoft's Hintze both touted their companies' privacy controls, which ensure no personally identifiable information could link an individual to search terms or browsing activities.

In one testy exchange, Byron Dorgan, the North Dakota Democrat who chaired the hearing, asked Horvath how Google would protect him from getting outed for the embarrassing search terms (gout, dementia, post-nasal drip) he jokingly suggested he wanted to keep from the rest of the room. Horvath bristled slightly, insisting that Google only records searches on its own site, and even if a Google user was signed in while making the query, the retention of IP addresses and use of tracking cookies could in no way associate the senator with the ailments he later "disavowed."

To the privacy advocates, the assertion that isolated pieces of computer code collected from people's Web activities is anonymous does not hold water.

"While each piece of information in a consumer profile may itself not be personally identifiable, the aggregation of this information into rich profiles means that it may be more readily tied into a person's identity," the CDT's Harris said.

Harris is especially concerned with a controversial new ad scheme that seeks to bring Internet service providers into the online advertising revenue stream by redirecting subscribers' Web activities to a company called NebuAd. Yesterday the CDT released a legal analysis suggesting that ISPs that partner with NebuAd might be violating federal wiretapping laws.

How real is the harm to consumers?

To what extent can companies be trusted as custodians of consumer data? What is the proper role for the government in online advertising? These questions went unanswered.

[cob:Special_Report]In large measure the hearing was a fact-finding mission, and Dorgan promised that there would be more hearings to come. He said that representatives from ISPs all declined the invitation to testify, but said that he expected to hear from them in future hearings on the issue.

"One of the most important elements from this hearing is how little we do understand," Dorgan said by way of conclusion. "I would hope that every consumer has an opportunity when traveling on the Internet to know how their information is being used."