U.S. Senate to grill tech industry over online privacy

Executives from major internet players Microsoft Corp., Google Inc. and Facebook Inc. are due for a grilling about online privacy in a Senate committee Wednesday, but the company likely to get the most scrutiny is a small Silicon Valley startup called NebuAd Inc.

NebuAd has drawn fierce criticism from privacy advocates in recent weeks for working with internet service providers to track the online behaviour of their customers and then serve up targeted banner ads based on that behaviour.

According to Ari Schwartz, vice-president of the Center for Democracy & Technology, a civil liberties group, NebuAd's business model raises many of the same concerns as an earlier generation of "adware" companies.

Those companies developed software programs that when downloaded to a computer could track where a user went on the internet and mine that information to deliver customized online ads. Several NebuAd executives in fact were once employed by Gator Corp., an adware company that later renamed itself Claria Corp.

Privacy activists say adware companies duped many web surfers into downloading their software programs by bundling them with free screen savers, online games and other internet applications. But NebuAd has a new twist: It works directly with internet service providers to scan their customers' web-surfing habits and deliver ads presumed to be of interest to them.

'This is analogous to AT&T listening to your phone calls all day in order to figure out what to sell you in the middle of dinner.' Technology consultant Robert Topolski

By injecting its monitoring in between consumers and the websites they visit, NebuAd's technology could violate a 1986 U.S. federal wiretapping law that requires at least one party to a communication to consent to a wiretap, according to an analysis released Tuesday by the Center for Democracy & Technology.

British technologists have levelled similar criticisms against a NebuAd-like system being prepared in that country by Phorm Inc.

"This is analogous to AT&T listening to your phone calls all day in order to figure out what to sell you in the middle of dinner," said Robert Topolski, a technology consultant to Public Knowledge and Free Press, two other public interest groups that have raised concerns about NebuAd.

Although no major internet service providers are known to have partnered with NebuAd so far, a number of smaller ones have worked with the company, including Wide Open West, a privately held broadband company based in Denver.

Software use on hold by some ISPs

Amid the publicity surrounding NebuAd, however, Wide Open West has stopped using the company's advertising software. And other ISPs that had been planning to conduct trials with the technology, including Charter Communications Inc., have put those plans on hold.

For its part, NebuAd has stressed that it does not collect any personally identifiable information about consumers and that it requires internet service providers to notify their subscribers about its advertising system. On Tuesday, however, the Redwood City, Calif., company unveiled a new set of privacy protections, including an online notification system and an opt-out mechanism for consumers.

"NebuAd is committed to driving innovation in online advertising while pioneering industry-leading privacy practices," NebuAd chief executive Bob Dykes said in a statement.

Besides NebuAd, Wednesday's hearing in the Senate Commerce Committee may also examine Facebook's "Beacon" monitoring tool, which tracked online purchases made by Facebook members and sent alerts to their friends on the site.

In addition, the committee will explore the need for stronger online privacy protections in general. Among the issues on the table: whether internet companies should be expected to make their programs "opt-in" (you're automatically excluded from a service unless you sign up) or whether "opt-out" (you're automatically in unless you speak up to say no) is acceptable.

While the committee has no online advertising legislation pending, the hearing could lead to new bills.

The committee will also examine the potential role of agencies such as the Federal Trade Commission or the Federal Communications Commission. Last year, for example, the FTC released a set of proposed self-regulation guidelines for online advertising companies.

Witnesses testifying Wednesday include:

• NebuAd's Dykes.
• Microsoft associate general counsel Mike Hintze.
• Google chief privacy counsel Jane Horvath.
• Facebook chief privacy officer Chris Kelly.
• Lydia Parnes, director of the consumer bureau for the Federal Trade Commission.
• Leslie Harris, chief executive of the Center for Democracy & Technology.
• Clyde Wayne Crews Jr., vice-president for policy at the Competitive Enterprise Institute.