Privacy: It’s More Than An ISP Issue


Any new online privacy law should include Web services like Google and Yahoo to avoid confusing consumers about their level of protection while surfing the Web, Internet-service providers told Congress last week.

High-speed data providers like AT&T, Verizon Communications and Time Warner Cable fear Congress might adopt an online privacy law as soon as next year that would apply to network providers, but not to ad networks and search engines.

“Quite simply, it makes no difference to a consumer whether a targeted online ad is based on data collected by an ISP, an ad network or applications provider,” Peter Stern, Time Warner Cable’s executive vice president and chief strategy officer, said in testimony last Thursday before the Senate Commerce Committee.

Stern called for “common rules … to insure that all businesses can compete on a level playing field.”

AT&T senior vice president of public policy and chief privacy officer Dorothy Attwood agreed.

“A policy regime that applies only to one set of actors will arbitrarily favor one business model or technology over another,” she said.

Both Stern and Attwood said their companies would secure the affirmative consent of consumers before tracking their movements across the Internet as a way of reaping advertising revenue.

Verizon executive vice president of public affairs, policy and communications Tom Tauke said a new law was unnecessary. He called for self-regulation, with the Federal Trade Commission enforcing “best practices” that the industry had agreed to follow.

“Everyone should embrace policies that put the consumer in control of the online experience,” Tauke said.

Strict privacy mandates against network owners could cede the lucrative online advertising world to Web-based providers. Network owners have the ability to know what every subscriber is doing on the Internet, comprehensive knowledge that could give them an advantage over Google and Yahoo.

Some ISPs have employed a technology called deep-packet inspection (DPI) to track Internet users’ movements and create distinct user profiles. Such highly personal information is used to deliver targeted advertisements to those consumers.

Privacy advocates fear that DPI could be abused if consumers are unaware that private and personal information is being collected and potentially sold to third parties for profit.

“The use of DPI technology has serious implications for the privacy rights of Americans. Simply put, DPI is the Internet equivalent of the Postal Service reading your mail,” said Gigi Sohn, president of Public Knowledge, a group that supports tough privacy protections for online users.

She also said “any solution should strive to be comprehensive in scope and ensure that the basic principles of privacy protections are applied across the entire Internet ecosystem.”

Earlier, House Telecommunications and the Internet Subcommittee chairman Rep. Edward Markey (D-Mass.) and Rep. Joe Barton (R-Texas) pressured Charter Communications into scuttling a DPI trial using the NebuAd service to create anonymous user profiles.

In August, Cable One and Bresnan Communications conducted separate DPI trials in 2008, according to letters they sent in response to an inquiry by the House Energy and Commerce Committee.

Some lawmakers are concerned that rigid controls on the use of DPI technology could harm innovation in the targeted advertising market.

“I hope we don’t charge into legislating in this area before we do understand what is possible, what isn’t possible, what is helpful and what isn’t helpful,” said Sen. Kay Bailey Hutchison (Texas), the most senior Republican on the commerce panel.

Sen. Byron Dorgan (D-N.D.), who supports passage of a new online-privacy law, suggested that he was not prepared to start drafting a bill quiet yet.

“It’s a complicated area and we need to understand it,” he said.