I've Been Mugged Blog

Do you see the emerging trend in consumer privacy abuses?

Last month, I reported about how the Internet Service Provider (ISP) Embarq secretly spied upon and never notified its Kansas customers during a test of its behavioral advertising program. Consumers never had a chance to opt out of the behavioral advertising program.

Now, it appears that another ISP in the USA has made the same consumer privacy mistake, and probably broke several laws. According to the Silicon Valley Insider, the Washington Post's Cable One service secretly spied on its customers:

"In a response to a House query, [Washington Post] unit Cable One admitted it collected data on 14,000 subscribers in Anniston, Ala. for 180 days in order to serve targeted advertising. And no, they didn't ask for consent, but argued that customers "opted in to our monitoring of their Internet usage ... when they agreed to our Acceptable Use Policy." In other words, when they signed up for service."

How slimy and dishonest! Cable One didn't bother to offer consumers either opt-in or opt-out mechanisms. Instead, Cable One tries to hide behind the lame excuse that signing up for their service is consent enough. According to Media Post:

"Cable One justified the failure to let users opt out by saying that subscribers knew the company might spy on their Web activity when they signed up for broadband because the acceptable use policy mentions that the company may occasionally monitor "bandwidth, usage, and content." Of course, even if it's true that subscribers read the fine print in the acceptable use agreement and knew that Cable One might be watching them online, they still didn't know that Cable One would sell their clickstream data to NebuAd. And, even more important, they had no way to opt out of it."

Company executives need to go to jail when they do this. Fines are not enough. Sadly, the Silicon Valley Insider reported that this may be the tip of the iceberg:

"Congressmen John Dingell (D-Mich), Joe Barton (R-Tex) and Cliff Stearns (R-Fla.) and Ed Markey (D-Mass.) sent letters to 33 broadband providers last month asking about their ad-targeting techniques. So far, Charter Communications (CHTR) and former Sprint (S) unit Embarq (EQ) have copped to using NebuAd."

You can read here the replies the Congressional committee has received.

What is it that allows companies to arrogantly treat consumers' personal data like they own it... without giving consumers any notices? Is a general attitude among executives within telecommunications companies? Is it an assessment that they can likely get away with it? Or, is this a result of the spying immunity Congress gave phone companies earlier this year?

Notification of the test and an "opt-in" system default would have been appropriate for these behavioral advertising tests. If behavioral advertising delivers the promised benefits to consumers (e.g., relelvant advertising), then tell consumers! Otherwise, it is just a rush by ISPs to make money and ignore consumer privacy.

An opt-in approach is convenient, since consumers are already trained to remember which web sites they have registered (or opted in) at. This is not difficult. Consumers have been registering at web sites since the mid-1990's.

Why the fuss about behavioral advertising? First, there is the abuse of consumer privacy. Companies have to tell consumers when they perform behavioral advertising and provide an opt-in mechanism, regardless of the indefensible position the FTC has taken to facilitate this rush.

Second, the steady monthly volume of corporate data breaches, which are driven by corporate carelessness and incompetence, mean that companies will lose or have stolen behavioral advertising data. Data that is lost, stolen, or hacked can be abused. Behavioral advertising data includes the sites you visit, the keyword searches you submit at search engine web sites, and the specific site pages you visit at sites that are members of the advertising network -- all highly personal data. Companies must state to consumers how they will protect data collected by behavioral advertising programs.

These behavioral advertising program tests without notifying consumers and without providing consumers with opt-in mechanism, are examples of the current imbalance or "tilt in the playing field" in U.S. commerce, which I wish more consumers recognized. A better balance can and must be achieved between the needs of corporations and the needs of consumers.

In the soon-to-be-released book, Age of Conversation 2008, I wrote a chapter about behavioral advertising as one of the key emerging issues and challenges this year. It appears that ISPs are proving me correct.

Thanks to Congressional representatives for investigating this so far. I encourage you to write to your Congressional representatives today. Demand investigations by Congress and enforcement of consumer privacy laws. Demand that any data collected already from behavioral advertising tests be destroyed.