After A Data Breach, Will A Replacement Credit Card Affect Your Credit Score?
Exposing The Online Tracking Of Consumers By Retailers

NebuAd Closes After Lost Clients And Lawsuit. The Full Story.

Previously, I wrote about the class-action lawsuit filed against NebuAd. From the Associated Press:

"In court filings this week, NebuAd said it has been winding down its business since last year. It laid off virtually all its employees in July and August, closing its office in Redwood City, Calif..."

NebuAd's clients had been phone companies and ISPs (Internet service providers) who wanted a larger share of advertising revenues. According to the same Associated Press report:

"Among the cable and phone operators that abandoned interest in NebuAd were Charter Communications Inc., Bresnan Communications LLC, The Washington Post Co.'s Cable One Inc. and Embarq Corp."

If you want to read a copy of NebuAd's dissolution filing, it is available at the Wall Street Journal Venture Capital Dispatch blog. That's part of the story. There's a lot more.

In his blog, John Linko wrote a good summary about the NebuAd situation. His post included a response from an executive at Bresnan:

"I think it is important to note that when Bresnan performed the limited test of the NebuAd platform in one market, we strictly adhered to the existing FTC rules whereby we notified all of our customers involved in that test and gave them a choice of opting in or out of the trial. With Congressional scrutiny however, the environment in which we began that trial changed and Bresnan quickly suspended the test."

That may be, but on both sides of the Atlantic Ocean consumers are starting to understand the nature and implications of of data collection by behavioral targeting programs. I think that it's important to remember that NebuAd was promoting a service that included Deep Packet Inspection (DPI) technology, that enables an Internet Service Provider (ISP) to collect everything its subscribers send (e.g., e-mail, web activity, search keywords, instant messages, tweets, etc.) through their ISP connection.

DPI goes far beyond the older tracking technologies, like Web browser cookies, which advertisers have traditionally used. Congress and consumers are right to take a long, hard look at firms using DPI. And, however favorable the FTC's proposed behavioral advertising guidelines are for corporations, those guidelines are not finalized.

My interest in this is not just the consumer privacy concerns, but the data security concerns due to the fact that company data breaches soared in 2008 compared to prior years. Too many companies don't take data security seriously enough.

Plus, ISPs play a key role in providing consumers with trustworthy access to the Internet. In the NebuAd and other instances, the ISPs never addressed to my satisfaction the data security concerns when using DPI to collect so much more consumer data. Last summer's Congressional hearings brought to light several behavioral advertising programs by ISPs who performed secret behavioral advertising programs; the ISPs didn't inform their customers and didn't provide consumers with opt-in choices.

The NebuAd closure is part of a larger situation where ISPs rushing for advertising revenues have trampled over and abuse consumer privacy. So, thanks are due to the U.S. Congress and to the Privacy Crusaders --  Alan Himmelfarb, Scott Kamber, and Joseph Malley -- for the pressure applied.

Companies beware! If you abuse consumers' privacy, fail to inform consumers or provide adequate opt-in mechanisms, the Privacy Crusaders will get you.

Meanwhile, there's more work to be done. Some of the former executives at NebuAd have started up another behavioral advertising company. In the U.K., The Register reported:

"Insight Ready Limited was incorporated on March 25 by Paul Goad, the man who had been NebuAd's UK boss... Goad started Insight Ready with the blessing of what remained of NebuAd US, but the two firms have no business or technical relationship beyond having some of the same personnel. Unlike NebuAd, Insight Ready will not seek to collect data from inside ISP networks. Instead, when it launches "in several weeks", it will aim to collect behavioural data in partnership with website owners..."

Want to learn more? Try these sources:

And, as the U.S. FTC releases updates about behavioral advertising guidelines, you can expect the I've Been Mugged blog to cover it.


Feed You can follow this conversation by subscribing to the comment feed for this post.

John Taylor

Thanks for the article George. Since my column is more geared toward identity theft as it results from data breach I kinda live in a corner of a wide issue, that of privacy rights. Identity theft is the result of a violation of ones right to have their personal information safe from those that might want to profit from it without permission. Thats kind of broad since we think of identity theft as an intentional crime, but that is where it becomes the broader concern that you write about so well. Gathering and disseminating information whether it be in electronic form or any other, is growing much faster than guidelines and the law can move making it virtually a "wild west" full of operators who would rather seek forgiveness than for permission as they go about inventing markets and reaping profits without regard for the consequences. The axiom is it is assumed legal until a law is passed to make it illegal. A true bill of privacy rights should have as its' cornerstone the principle that permission is tacitly not implied unless the individual gives expressed permission. The right to commerce does not trump the right of an individuals privacy rights. There, now I feel better.
Thanks George.

The comments to this entry are closed.