RealTime IT News

NebuAd Grilled on the Hill Again

NebuAd CEO Bob Dykes took another shellacking on Capitol Hill this morning, as lawmakers probed into his company's controversial plan to target ads to Internet users by intercepting their Web activities from broadband service providers.

Appearing before the House Subcommittee on Telecommunications and the Internet, Dykes reprised his testimony at a Senate hearing last week, defending his company against charges that NebuAd's technology runs roughshod over consumer privacy.

"In many ways I feel like Galileo when he was viewed with skepticism for demonstrating that the Earth revolved around the sun," Dykes said, emphatically claiming that NebuAd only collects nonsensitive information on an anonymous basis. "No one, not even the government, can determine the identity of our users."

The hearing, the second in as many weeks to consider privacy and online advertising, follows the highly publicized decision of Charter Communications, the nation's fourth-largest cable provider, to shelve its plan to try out NebuAd's system.

NebuAd promises to bring Internet service providers (ISPs) into the online advertising revenue stream, but critics have charged that intercepting data from unsuspecting subscribers amounts to wiretapping.

One group, the Center for Democracy and Technology, has concluded that the practice could put ISPs on the wrong side of federal and state surveillance laws.

"Most consumers would be quite surprised to find a middleman lurking between them and the sites they visit," said Alyssa Cooper, chief computer scientist for the CDT.

The matter of consent was central to the hearing. Ed Markey, the Massachusetts Democrat who chairs the subcommittee, pressed Dykes on whether he would be willing to alter NebuAd's policy so that consumers would have to proactively consent to having their browsing histories tracked, rather than the current model, which sets tracking as the default but allows people to opt out.

Dykes did not answer the question directly, instead saying that it is important for the ISPs to give their subscribers "robust notice" -- a phrase he repeated more than half a dozen times throughout the hearing. Visibly frustrated, Markey tried again.

"Should you get permission from the consumer first, Mr. Dykes?"

Again Dykes protested and said he felt like he was being bullied, like a man facing the hopelessly loaded question, "Have you stopped beating your wife?"

No, Markey said, "It's more like have you stopped beating the consumer?" After a third unsuccessful attempt at getting Dykes to give a direct answer to the opt-in question, the congressman gave up. "I don't think that's a high enough standard Mr. Dykes. I think that's basically saying that silence is consent."

NebuAd requires its ISP partners to provide their subscribers with written notice 30 days before it begins tracking their information. That notice can take the form of a message on their billing statement, a separate mailed letter, an e-mail or a posting online.

The technology that facilitates NebuAd's system is called deep-packet inspection, a form of Internet traffic filtering that examines the contents of individual packets of information. The common form of packet inspection only looks at the header of a data packet to determine where it is to be routed.

Deep-packet inspection, or DPI, was the nominal subject of the hearing, though the discussion was predominated by NebuAd. DPI is regularly used to detect and block security threats such as spam or distributed denial-of-service (DDoS) attacks. It can also be used to detect the transmission of copyrighted material, though Net neutrality advocates warn that ISPs could use the technology to block or degrade transmissions of online content or services that compete with their own.

Next page: Customer trust