InfoTech and Public Policy

My first encounter with web cookies back in the mid 90’s was accompanied with joy, admiration and fear. Joy, because I was no longer obligated to put my login information every single time to authenticate myself, while I was more than happy to learn that - finally - ads will depict sports cars instead of pregnancy pills. Admiration was only natural, given how this small piece of data achieved so much without significant complexity or effort from my part. And fear, because I could see a future where I would no longer be the poor lonesome cowboy surfing the world wild web carefree and certain that no one knows what I am doing without my consent. Almost ten years later, this future is finally here: Government agencies can clone and analyze private communications, malicious users attack me daily with worms and viruses, while advertising companies try to predict what I like in order to deliver more relevant ads. At least in the case of ads, they can’t possibly track every single click I make. Or can they?

Custom tailored ads exist for quite some time now, almost immediately after web cookies started to appear in the web. In the next few months though, their power and predictive potential will be increased significantly thanks to the appearance of two new companies called NebuAd and Phorm. Both these companies want to enhance the effect of ads and marketing by installing devices on the networks of the participating ISPs. These devices will then monitor all unsecured WWW traffic that each user produces, including searches and Web page hits, and will look for ways to match want may interest you with a database of product and services. This way, participating vendors and websites will be able to display ads of higher relevance than before, potentially highly increasing their revenue. According to New York Times, already 3 major ISPs in UK have made deals with Phorm to implement its technology, and although NebuAd declines to reveal its partners (why is that I wonder ? Also read this New York Times blog entry on the same topic), Washington Post has revealed two of its ISP partners.

The implications of this technological partnership are tremendous. ISPs, who traditionally were out of the advertisement game, will now get a part of the multi-billion revenues related to internet advertisements. Internet advertising agencies and vendors are happy to be able to target the right market (according to Microsoft there is as much as 76% more chance that a visitor would click on an ad enhanced by behavioral targeting technology) with higher accuracy, while web site owners that will be able to charge more in order to host ads. As for the user, he will be able to get more relevant information about products that are closer to his interests than before. Nevertheless, all the above will come at a potentially high cost to user privacy, as each user action will be recorded by third party software, something that forced the Foundation of Information Policy Research (FIPS) to write an open letter to UK’s Information Commissioner urging to pass legislation that would render any technology of this kind illegal. Similar legislation, although with a much broader scope, is also sponsored by Democrat NY assemblyman Richard Brodsky who wants to make it a crime for certain Web companies to use personal information about consumers for advertising without their consent (New York Times Article).

Personally, I am up for any technology that enhances the user experience. I believe that systems like those discussed here can contribute to this, by enhancing the level of prediction that a content provider can have on your interests and character. Additionally this technology may have some beneficial side-effects, as for example Phorm software is able to identify fake websites and thus protect user privacy. It may also foster collaboration, innovation, internet entrepreneurship and emergence of free services, fueled by higher revenues in industry and internet markets. However, in order for me to wholeheartedly support such efforts, I need to be certain that certain conditions are satisfied. First, all parties involved must make sure that at no stage can the personal information of a person be associated with his identity. Given the way the current technology is implemented, I think it is very difficult for these companies to ensure that this will be the case, even with the randomization and no-storage policy assurances that they provide. This kind of association is what is dreadful to most people, from ordinary users to internet pioneers (for example see Sir Tim Berners-Lee BBC interview on net tracking). As a computer scientist I see a number of ways that similar results can be achieved with no such danger to privacy, but at the cost of higher bandwidth requirements.

Additionally, I believe that opting-in the service must be the default and not vice versa. Currently, this is not happening and even opting-out is painful according to this blog entry about Embarq ISP NebuAd opting out option. Legislation can make clear that users should have the option to opt-in and out, with the earlier to be the default mandatory practice and frankly a lot of other sectors would benefit from converting opt-out actions to their opt-in counterparts. This way, ISPs and companies like Phorm can even give monetary incentives to users in order to opt-in, returning some of the profits to the end-user base.

Finally, I have some ethical concerns over what kind of information such companies should be allowed to collect. Should they try to predict your need of cancer or funeral related services? You would be surprised on some of the choices that the coalition of marketing, advertising, ISPs and related software companies have agreed to (dis)allow. There is also the question of whether all the above will lead to increased utterly useless for the average user purchases, something that does not benefit the society as a whole. And since at the end of the day this is the only single objective function that we have to optimize, i.e. allow actions that increase short and long term social benefit, we have to ensure that the implementation and evolution of such techniques and technologies are leading to a more stable, humane and robust society rather than increasing the revenues of a selected few organizations and people.

For further reading there are several articles in the Bits blog of New York Times including what Saul Hansell calls “The Mother of All Privacy Battles“, interviews with Phorm and NebuAd chief executives, and more information on how Phorm cookies work.

This entry is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.