On behalf of Susan Simon and other VisiNet customers, on February 27, 2009 two law firms have filed a class-action lawsuit against behavioral advertising (a/k/a targeted advertising) vendor Adzilla, Conducive Corporation (its parent company), CoreTel (a local telephone service), and several Internet Service Providers (ISPs) including Continental VisiNet Broadband. The lawsuit, brought in U.S. District Court in Northern California alleges that Adzilla violated consumers' privacy and data security rights:
"... by the undisclosed and unconsented to interception, Deep Packet Inspection and copying and/or alteration of their internet communications."
The suit also alledges that the above companies, acting as marketing affiliates,:
"... jointly and severally, engaged in a scheme to spy-for-profit on the internet communications of unwitting internet users."
This is particularly troubling since Adzilla couldn't have conducted this behavioral advertising program alone. It needed the detailed cooperation and collaboration with a local phone company and one or several ISPs:
"Deep Packet Inspection of internet communications accesses, acquires, and discloses sensitive information personal identifying information, personal information, and non-personal identifying information. The Deep Packet Inspection... was made possible through the utilization of an Adzilla device referred to as a “Zillacaster,” installed at either the ISP infrastructure, or at the Competitive Local Exchange Carrier infrastructure. All of this was accomplished without any notice to and without any consent obtained from the plaintiff or any ISP subscribers.
To me, Simon and the other affected VisiNet ISP customers must have felt like there were "mugged" by their ISPs. When Conducive bought Adzilla in 2006, Mediapost reported Adzilla's penetration into ISPs and advertisers as:
"... Conducive has signed up 16 ISPs to use the device, including regional ISPs like Champion and Millennium. Sixteen of the top 30 publishers by ad traffic have also been signed..."
To learn more, download a copy of the Adzilla complaint filed with the court. Late in 2008, Adzilla reportedly withdrew from marketing behavioral advertising programs in the U.S. due to the threat of legislation. Adzilla continues to market its services to companies in Asia.
ISPs occupy a unique position in the marketplace. Consumers need ISPs to access the Internet. An ISP with Deep Packet Inspection installed on its servers can monitor the following about its customers:
- Every web site visited
- Every page visited within a web site
- The time, date, and duration of the visits
- The search terms entered at search engines (e.g., Yahoo, Google, etc.)
- The text of e-mail, instant message, and Twitter messages consumers send
Consider the web sites you visit. Would you be comfortable knowing that other companies know ever site and web page you read online? That can include highly sensitive web sites for your doctor, your dentist, your child's school, medical resources (e.g., WebMD), health insurance, and so forth.
In my view (and hopefully your view, too), ISPs and advertisers do not have an automatic right to collect consumers' sensitive personal data. Companies need to know that they should and must gain consumers' express consent before they can collect and use this sensitive consumer data. This is based on trust, and a company that collects it without obtaining consumers' consent first is clearly untrustworthy.
I've blogged previously about behavioral advertising, and one thing that bothers me: companies and advertisers refuse to make the effort to prove to consumers first the benefit of contextual ads. Companies and advertisers can easily modify their web sites to provide a clear demonstration or tutorial about their targeted advertising program. This demo could show consumers what their online experience would be with and without contextual ads.
Why don't companies offer these demos? The race for revenues and profits. Maybe also laziness, or a feeling they can do it and get away with it. Instead, advertisers seem to take the easy way and install secretive targeted advertising programs. Maybe they fear that consumers won't agree to a targeted advertising program.
To me, it's important to hold ISPs, advertisers, and companies accountable when they abuse consumers' privacy and sensitive personal data. In this case, Adzilla and its affiliated ISPs weren't transparent. They allegedly conducted a behavioral advertising program without notifying consumers, without obtaining consumers' express consent, and without providing consumers with a mechanism to decline the program.
I watch the actions of ISPs and behavioral advertising companies also because data breaches happen. Companies must also make extra efforts to protect the sensitive consumer data collected in behavioral advertising programs. This sensitive data would be like gold in the hands of spammers, scammers, and identity thieves.
Thanks to Privacy Crusaders for acting again to protect the rights and interests of consumers!