MediaPost reported this week:
"A group of 15 Web users filed a lawsuit Monday against behavioral targeting company NebuAd and six Internet service providers that tested the company's platform. The lawsuit, brought in federal district court in San Jose, Calif., alleges that NebuAd's platform violated Web users' privacy."
If you have been reading this blog, then you are aware of the problems and privacy violations with behavioral advertising (a/k/a behavioral targeting). Several Internet Service Providers (ISPs) have tested this new technology without informing their customers or getting their permission. Some of this was revealed during testimony before Congress. And, the FTC seems to advocate more for companies than for consumers' privacy concerns. Earlier this year, a survey found many adults uncomfortable with behavioral advertising.
The new technology, Deep Packet Inspection, is installed on the ISP vendor's computers and literally tracks every site, every site page, and every search the consumer visits or performs:
"The collection of data by the NebuAd device was wholesale and all-encompassing," the lawsuit alleges. "Like a vacuum cleaner, everything passing through the pipe of the consumer's internet connection was sucked up, copied, and forwarded to the California processing center. Regardless of any representations to the contrary--all data--whether sensitive, financial, personal, private, complete with all identifying information, and all personally identifying information, was recorded and transmitted to the California NebuAd facility."
All of this sensitive data any ISP -- intentionally or accidentally -- can easily match to a user's IP address (e.g., the string of unique digits that define each user's computer location on the Internet). ISPs view behavioral advertising as a new and lucrative revenue stream, which they desperately want a piece of.
Some ISPs have already tested the new technology without their customers' explicit consent:
"Congress held hearings this summer after learning of NebuAd's platform. As part of its investigation, the House Energy and Commerce Committee sent letters to 29 Internet service providers, asking if they had worked with the company. The six Internet service providers named in the lawsuit all answered that they had tested NebuAd's platform. One of the companies, the Washington Post Company's Cable One, acknowledged that it did not notify customers about the NebuAd test or allow them to opt out."
As a result, in their rush to make money NebuAd, Bresnan Communications, Cable One, CenturyTel, Embarq, Knology, and ISPs have already earned consumers' mistrust... and this resulting class-action lawsuit. Moreover, this sensitive personal data can be hacked or stolen like any other data. So far, ISPs and NebuAd haven't given any reassurances about effective data security methods.
If this abuse of privacy bothers you (and I sincerely hope that it does), I encourage you to write to your elected Congressional representatives and demand strict legislation regarding behavioral advertising: an opt-in basis, explicit consent, easily understandable opt-in and consent, data security, notification to consumers of data shared to specific vendors.