Privacy Advocate Calls on Congress to Act

Amid the hacking problems plaguing DoubleClick again in as many days, Jason Catlett, president of, is urging Congress to investigate online profiling companies.

“These profiling companies are gathering information on consumers,
keeping that vast amount of data in secrecy and then are unable to keep the
same data secure from hackers,” Catlett told “This is a
total outrage.”

In an open
, addressed to Congressional Privacy Caucus Co-chairs Rep. Joe
Barton (R-TX), Rep. Edward J. Markey (D-MA), Senator Richard Shelby (R-AL),
and Senator Christopher Dodd (D-CT), Catlett stated that online profiling

  • Refuse to allow people to access there own files.
  • Develop consumer profile exchange technology without any commitment to
    observe fair information practices in their use of it.

  • Have long-standing security flaws in many of their computer

“In brief, we have a group of companies bent on collecting hundreds of
millions of enormous electronic dossiers, keeping them secret from the
people they concern, intending to exchange and sell them using advanced
technologies, but unable to keep them secure from criminals,” according to
Catlett. “This is unfair and is moving our society into a level of
surveillance that most Americans find unacceptable.

The president of the Greenwood, N.J.-based consumer advocacy firm urged
Congress to consider action to protect the privacy of Americans “in the face
of this unprecedented surveillance effort,” he said.

“Today’s events reinforce the need for consumers to have control of data
that companies have on them,” Catlett told However, he
noted that the recent hacking/security events occurred after he sent the
open letters. The letter to Congress is dated for Thursday, while
correspondence on related matters is dated Wednesday, March 27.

Catlett yesterday penned an open letter to
Microsoft criticizing the cookie defaults on its new browser as well as a letter to
DoubleClick calling for publication of security audits.

He called on DoubleClick to:

  • Publish all existing auditors’ reports and attestations on
    DoubleClick’s privacy compliance and the state of its security. (DoubleClick
    announced in February 2000 that PriceWaterhouseCoopers would conduct privacy

  • Commission a specific independent investigation of this incident and
    the current state of DoubleClick’s security, and publish the report.

  • Show me all the data it has about me, and then permanently destroy it.
    Do the same for anyone else who asks.

“There is a great risk for accidental or intentional disclosure of this
data,” Catlett said. “I want to know what the hackers may have obtained.
DoubleClick did not have my permission to gather that information and now
they are holding it hostage.”

Officials at Microsoft and Doubleclick weren’t immediately available.

News Around the Web