Behavioral Targeting May Be Illegal

from the smells-like-wiretapping dept

A bunch of ISPs have been experimenting with systems such as Phorm and NebuAd that monitor their users' online behavior and create profiles that help third parties create more targeted advertisements. Back in March we noted that behavioral advertising may be illegal under UK law. And last week we reported that Congress was asking some tough questions about the plans. CNet's Declan Declan McCullagh has an in-depth look at American law, and concludes that such systems are probably illegal here too. The problem is that what Phorm and NebuAd do sounds a lot like wiretapping, and wiretapping is illegal under several federal laws. At least three federal laws govern when electronic communications providers can disclose their customers' communications to third parties. One of the key questions Declan looks at is consent: the law generally allows eavesdropping with customer consent, but the exact nature of the consent isn't clear. ISPs have tended to be very secretive about their use of these systems, so at the very least, privacy laws would require that ISPs disclose what they're doing and give consumers a way to opt out. But Declan suggests that this might not be sufficient. Some of the legal experts he talked to think the law would require the ISPs to obtain the affirmative consent of customers before commencing the use of these programs. Since it's hard to imagine customers being enthusiastic about having their ISPs eavesdrop on them, such a requirement might make these programs non-starters.



Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, May 22nd, 2008 @ 10:00am

    "Since it's hard to imagine customers being enthusiastic about having their ISPs eavesdrop on them, such a requirement might make these programs non-starters."

    Unless the ISP wants to cut me a break on my monthly bill. If it's a substantial rate cut, I'd jump all over it (and start tunneling most my traffic through a secure proxy, most likely).

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    suckerpunch-tm, May 22nd, 2008 @ 10:12am

    "ISPs have tended to be very secretive about their use of these systems, so at the very least, privacy laws would require that ISPs disclose what they're doing and give consumers a way to opt out." It should't be a matter of having to opt OUT, it should be a program for people who want to opt IN. F@%k that.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Jake, May 22nd, 2008 @ 3:36pm

      Re:

      Doesn't personal responsibility come into this? Yes, the opt-out should be reasonably simple to perform and the ISP has to be transparent about what they're doing, but as far as I'm concerned anyone too lazy and/or ignorant to take a little bit of control over their own privacy has no right to complain that nobody else is willing to do it for them.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, May 22nd, 2008 @ 6:19pm

        Re: Re:

        I do not think you are aware of the method being employed here. It is entirely possible that even if you do opt out, your click history is still recorded.

        I would change ISPs

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        John Wilson, May 23rd, 2008 @ 7:39am

        Re: Re:

        I don't know about the United States but here in Canada it's not considered consent to offer, in small print (or any kind of print) an opt-out of these things and pretend it's informed consent.

        The customer has to be given the opportunity to opt-in after the "service" is fully explained to them.

        That said, I doubt many people would opt-in which is why ISPs tend to want to wait till they get caught with their collective pants down. By then, of course, in terms of privacy it's too late.

        ttfn

        John

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Nate, May 22nd, 2008 @ 11:10am

    They better make this go away. I don't want some 3rd party group monitoring my activities online. They are getting free consumer data that they should have to pay to learn. I will gladly opt in if I recieve compensation for the knowledge they gain. Otherwise, what I do is my personal business.

    http://www.custompcmax.com

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 22nd, 2008 @ 11:51am

    What kind of behavior is watched by a system called Phorn?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Shane C, May 22nd, 2008 @ 12:04pm

    Click-through-agreements

    Some of the legal experts he talked to think the law would require the ISPs to obtain the affirmative consent of customers before commencing the use of these programs.

    Maybe I'm not fully aware of how this law would play out, but this doesn't seam like a major stumbling block to me. All an ISP would have to do, is bury the "agreement" within their standard "YOU MUST AGREE TO THIS TO USE OUR SERVICE" legal mumbo-jumbo.

    Where I live I have two broadband providers (well, nine according to the FCC, but that's another story). If both of them make agreeing to this snooping as part of their service agreements, what choice would I have?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Steve R. (profile), May 22nd, 2008 @ 12:43pm

    Innovative Application

    By extension. If it is illegal to profile persons of interest (the new politically correct phrase for suspect) based on religion, race, sexual orientation, ethnicity, etc. then targeted advertising would also be illegal. Hadn't thought of that innovative twist before.

    Ironically, I don't mind targeted advertising, what does bother me is the degree of intrusion and the arrogance of the advertisers.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    ed, May 22nd, 2008 @ 4:45pm

    Why should you have to constantly be on the lookout for your privacy being violated? Oh, well if you took a little effort you could get it removed from site x and site x and site x... well guess what.. I shouldn't have to kthx.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Alex Har, May 23rd, 2008 @ 5:28pm

    Ethics Issues abotu data usage

    Everyone probably hopes that computers can become increasing more intelligent so we can interact more meaningfully with it. This would certainly make our lives much more pleasant. However to do so it has to get to know us, collect information about us, analyse and understand as much as a human is ablwe to do.

    As human we automatically use information about people we know to improve our interaction with them. We talk to ojur wives, friends, parents and kids differently. Often we use information to manipulate people, target at their soft spots to get what we want.

    The latter is of course not exactly moral or ethical. It is often difficult to differentiate between someone using our information to be nice to us or to manipulate us....and it is in this area that legislations may become vexatious and cumbersome.

    Legislations if any should stay within the big areas like...do not murder, rape, steal,cheat...be a real nuisance. If legislations actually prevent computers from being more intelligent in interacting with humans, or in helping humans to interact better with each other, it would do the world a disservice.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Alex Har, May 23rd, 2008 @ 5:30pm

    Ethics Issues about data usage

    Everyone probably hopes that computers can become increasing more intelligent so we can interact more meaningfully with it. This would certainly make our lives much more pleasant. However to do so it has to get to know us, collect information about us, analyse and understand as much as a human is ablwe to do.

    As human we automatically use information about people we know to improve our interaction with them. We talk to ojur wives, friends, parents and kids differently. Often we use information to manipulate people, target at their soft spots to get what we want.

    The latter is of course not exactly moral or ethical. It is often difficult to differentiate between someone using our information to be nice to us or to manipulate us....and it is in this area that legislations may become vexatious and cumbersome.

    Legislations if any should stay within the big areas like...do not murder, rape, steal,cheat...be a real nuisance. If legislations actually prevent computers from being more intelligent in interacting with humans, or in helping humans to interact better with each other, it would do the world a disservice.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Matt Wood, May 23rd, 2008 @ 8:08pm

    Internet Privacy? What a Concept!

    Ever wonder what your secure proxy knows about you? And who pulls their strings while you're distracted by headlines? Even if you were to go back to paper and verbal communications, you're already in too many databases to even think about privacy.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    John, May 24th, 2008 @ 12:12pm

    This will decrease usefulness of the internet!

    As soon as things are 'targeted, it means that other things are 'de-targeted'. As you get, for instance, search results based on your 'interests' of, say, your previous search, then the newer search is degraded. It is also madness, as many websites don't have the commonsense to even manage properly what they are doing now, without trying to do more, especially 'secret' things. I agree with Matt Wood, they already have enough to know you - my thinking is that they just have to decide how to use it to annoy you.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Greg, May 25th, 2008 @ 9:11am

    Amazon was the pioneer of behavioral targeting and built their entire business model around it.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This