NebuAd grilled over hot coals in Congress on privacy

NebuAd has made few friends, thanks to a business built on monitoring broadband customers' Web surfing to deliver advertisements. It certainly found none on Capitol Hill on Thursday.

The Redwood City, Calif.-based start-up was forced on the defensive during a hearing in which politicians charged that deep packet inspection of Internet traffic was far too privacy-invasive. Only if customers gave affirmative consent by opting in, they said, might the practice be acceptable.

Texas Rep. Gene Green called NebuAd's opt-out procedures "contemptible." To Pennsylvania Rep. Mike Doyle, the practice "goes against everything the country's been founded on." Michigan Rep. Bart Stupak wondered: "Why do I have to opt out? Why should the burden be on the American consumer?"

Subcommittee Chairman Ed Markey, a Massachusetts Democrat, suggested the business model was, without opt-in, flatly illegal. "We need to have remedial legal courses for some corporate general counsels," Markey said.

This was hardly a pleasant experience for NebuAd CEO Robert Dykes--who has already seen paying customers including Charter Communications pull the plug on his company's deep packet inspection service in response to pressure from politicians. Markey and his Republican counterpart, for instance, complained to Charter about NebuAd two months ago.

Dykes first claimed he was misunderstood. "I feel like Galileo when he was viewed with skepticism on demonstrating that the Earth revolved around the sun," Dykes said. "The science exists today and NebuAd is using it to create truly anonymous profiles that cannot be hacked or reverse-engineered."

But, under questioning from Markey, Dykes refused to answer whether he thought an opt-in standard should be applied. "I really must protest...I think you're forcing me into a 'Have you stopped beating your wife recently?'," he said. (Markey replied, to laughter: "No, no, no, it's 'Have you stopped beating the consumer?' is the question.")

The U.S. Congress, of course, has no direct role in regulating whether or not Charter and other broadband companies including CenturyTel, Wide Open West, and Embarq sign up with NebuAd or not. But as I wrote in an article on a Senate antitrust hearing this week, research has confirmed what common sense suggests: Congress sets the budget for federal agencies, and a congressional hearing makes them significantly more likely to bring lawsuits or other enforcement actions. And politicians can always rewrite the laws to explicitly outlaw NebuAd's business model.

NebuAd's potential legal problem is that what it's doing--intercepting a broadband customer's communications and determining what kind of ads may be relevant to display--looks a lot like wiretapping under existing law. And a wealth of complex and arcane state and federal laws specify when wiretapping is and is not legal, practically inviting federal regulators or state attorneys general to take action.

We published a detailed analysis two months ago, but the summary is that the Electronic Communications Privacy Act of 1986 (ECPA); the Communications Act of 1934; and the Cable TV Privacy Act of 1984 all may apply. Cable providers may need to obtain affirmative opt-in consent from customers, putting them at a competitive disadvantage to, say, AT&T and Verizon. The Center for Democracy and Technology's subsequent analysis published on July 8 reviews state laws as well.

For its part, NebuAd has posted a legal memo designed to defuse those criticisms. It argues that the 1986 changes to wiretap law have not been clarified by courts, and that the Cable Act may not apply to "any record of aggregate data which does not identify particular persons."

[rcrusoe]

If NebuAd or anything like shows up on my Internet provider, I'll opt out by changing ISPs. We may not be able to do anything about the Feds domestic spying program, but we sure don't have to put up with this kind of commercial spying. Now where did I put that list of offshore anonymizing service companies.

[humanssssss]

I wouldn't want anyone spying on me and any company deliberately misleading me to instead a third party agent that I'm not aware of is installed. And if installed, does not give me an easy way to remove much like how Microsoft did with IE.

If I get to choose between the government tracking me vs commercial company, I prefer the latter as the latter only takes my money, the former takes my life and liberty.

[SixVodkas]

What baffles me, is that online advertising (of any sort), accomplishes anything at all.

Mebbe I'm too old school (I was the 1st kid on the block to scrape up enough funds for a 14.4k), but I've NEVER EVER EVER EVER even CONSIDERED buying anything targeted to me, whether it be by TV, radio or internet.

[173xb7]

No, I am not to be viewed as a consumer automatically. I am not a consumer if I have not chosen to use a specific product or service. It is unseemly to force this kind of thing down unsuspecting users throat. People shouldn't have to opt out because they should definately not be mass-herded into an automatic opt-in. (Don't tread on me!)

[umbrae]

I hope the US government makes a stand on this now. Regardless, this is an illegal wiretap and I would hope anyone using any ISP that uses this technique would sue. The EU is currently fighting this battle since almost every major ISP there uses a similar company called PHORM. This deep-packet inspection method is built upon fraud because they know anyone that really knows what it is doing would be offended.

[MSSlayer]

Now if only congress can see the need of forcing Google's effort to catalog everything and everyone to be opt-in.