In December 2007, the Wall Street Journal profiled CenturyTel Inc., a Louisiana phone company, and its attempt to enter the Internet Service Provider (ISP) business. Along the way, CenturyTel decided to also enter the online advertising business:
"The technology it's using could change the way the $16.9 billion Internet ad market works, bringing in a host of new players -- and giving consumers fresh concerns about their privacy. CenturyTel's system allows it to observe and analyze the online activities of its Internet customers, keeping tabs on every Web site they visit. The equipment is made by a Silicon Valley start-up called NebuAd Inc. and installed right into the phone company's network."
Pretty soon, advertisers will no longer need to install software or use the HTTPs cookies file on consumers' computers to perform behavioral advertising (a/k/a behavioral targeting). Instead, they can get all the consumer data they'd ever want from ISPs -- who are happy to install the behavioral targeting software and equipment on their servers for a piece of the new revenue stream. How it will work:
"NebuAd takes the information it collects and offers advertisers the chance to place online ads targeted to individual consumers. NebuAd and CenturyTel get paid whenever a consumer clicks on an ad."
The description of the new server software and equipment:
"The newer form of behavioral targeting involves placing gear called "deep-packet inspection boxes" inside an Internet provider's network of pipes and wires. Instead of observing only a select number of Web sites, these boxes can track all of the sites a consumer visits, and deliver far more detailed information to potential advertisers."
Companies already see the new revenue opportunity:
"... new companies are rushing in. Both wireless and wireline Internet-access providers such as CenturyTel, Rochester Telecom Systems Inc. and Embarq Communications Inc., among others, have entered the advertising gold rush. And they've tapped Internet equipment companies like NebuAd, Front Porch Inc., and Phorm Inc. to provide the gear to help them along."
Well, this is just peachy. Every ISP knows a lot about its subscribers... personally identifiable information such as name, address, birth date, phone, credit card, e-mail address, IP address, and in some cases Social Security Number. It doesn't take much effort to match this personally-identifiable data to a subscriber's web surfing activity.
This new technology fundamentally changes the relationship between ISPs and their subscribers. As ISPs get more or most of their revenue from advertising, and a decreasing amount from subscribers' fees, it logical to question whether ISPs will continue to operate in the best interests of consumers. In a weird way, ISPs can now make (a lot of) money through surveillance.
This makes it more important now for consumers to express their privacy and data security concerns. It is reasonable for consumers to demand legislation requiring ISPs to provide clear, easy, free, opt-in mechanisms for consumers who wish to participate in that ISP's behavioral advertising program.
Now is also an opportunity for consumers to specify the data they consider sensitive and should be excluded from any ISP behavioral advertising programs. See these prior posts about why consumers' IP addresses should be considered sensitive personal data, and why consumers' personal data should be treated (and protected) like nuclear fuel.