A key House committee is expanding its probe into the privacy implications of the behavioral targeting of online advertising, calling on more than 30 leading Internet companies to detail how they collect information and the steps they take to safeguard consumers’ identities.
The leaders of the House Energy and Commerce Committee wrote to executives at many of the nation’s largest broadband providers and Web companies on Friday, asking for specifics on “the growing trend of companies tailoring Internet advertising based on consumers’ Internet search, surfing or other use.”
The letter comes as the latest step in the escalating scrutiny among lawmakers into the practice of behavioral ad targeting. Most recently, the House Subcommittee on Telecommunications and the Internet held a hearing focusing on the controversial practice of deep-packet inspection, or DPI, a technique the ad firm NebuAd has been using in partnership with Internet service providers to improve targeting.
In that hearing, Subcommittee Chairman Ed Markey, D-Mass., likened the practice to the post office opening individuals’ mail, and lambasted NebuAd CEO Bob Dykes for not structuring the system so that users would have to opt in for their information to be collected. Dykes has repeatedly insisted that NebuAd’s technology does not collect any information that can be traced to an individual’s identity.
While the new letter (available as a PDF here) expands the congressional inquiry beyond just broadband providers, Markey indicated that DPI is still at the top of his mind.
“Privacy is a cornerstone of freedom,” Markey said in a statement about the letter. “Online users have a right to explicitly know when their broadband provider is tracking their activity and collecting potentially sensitive and personal information.”
The letter revisits the main pivot points in the debate over online privacy, asking the companies what information they collect on sensitive topics such as health and finance, what kinds of notification they provide consumers and how long information is stored.
It also asked the companies to provide details on any legal analyses they have conducted to determine whether their behavioral targeting practices are lawful.
One consumer advocacy group, the Center for Democracy and Technology, has produced a legal analysis concluding that broadband providers using DPI could run afoul of federal and state wiretapping laws.
The 33 recipients included large ISPs such as Comcast and AT&T, as well as Web companies such as Google, Microsoft, Yahoo and AOL.
Comcast (NASDAQ: CMCSA) spokeswoman Sena Fitzmaurice told InternetNews.com that the company is examining the language of the letter. She said that she expected to respond by Friday, Aug 8, as the representatives requested, and said that Comcast does not use DPI to facilitate ad serving.
AT&T (NYSE: T) spokesman Michael Balmoris said he expected a prompt response from his company to the committe’s request. Spokespeople for Microsoft (NASDAQ: MSFT) and Yahoo (NASDAQ: YHOO) also said that they were reviewing the letter and preparing their responses.
A spokesman for Google (NASDAQ: GOOG) declined to comment on the letter.
Law to apply to all industries
The letter revisits the issues of consumer profiling and behavioral targeting that were the subject of a Senate hearing last month, where representatives from Google and Microsoft both expressed support for a baseline national privacy law. That law, as they envision it, would apply to all industries, rather than enshrining specific requirements for online advertisers. AOL has previously indicated that it supports that position.
The Federal Trade Commission has also taken up the issue of behavioral targeting. Much to the disappointment of privacy advocates, the commission has opted for a set of self-regulatory principles that it hopes will widely adopted among the industry.
At the July Senate hearing, Lydia Parnes, the FTC’s director of consumer protection, testified that she did not think that a federal online-privacy law was necessary.
State legislators in New York and Connecticut have introduced bills that seek to set boundaries on how Internet companies collect and use consumers’ data.