Rejecting NebuAd's deep packet inspection model, Ed Markey calls for user permission before ISPs could deploy the DPI technology, which tracks Web users' complete travels over the Internet and serves up ads based on those patterns. ISP customers can opt out of the online advertising program but not online tracking.
It has not been a good few months for NebuAd, the Silicon Valley
startup pushing DPI, or deep packet inspection, as a source of new revenue for ISPs.
Without a user's consent, NebuAd collects information about the user's browsing
history and serves up ads based on those travels.
Privacy advocates have been relentless in their criticism of DPI and
Congressional pressure has already cost NebuAd a deal with Charter
Things didn't get any better for NebuAd CEO
Bob Dykes July 17 at a House hearing on behavioral advertising, particularly
after he compared himself to Galileo.
"I feel like Galileo when he was viewed with skepticism on
demonstrating that the Earth revolved around the sun," Dykes told
skeptical lawmakers. "The science exists today and NebuAd is using it to
create truly anonymous profiles that cannot be hacked or reverse-engineered."
Rep. Ed Markey, chairman of the House Subcommittee on Telecommunications and
the Internet, was unimpressed.
"From a privacy perspective, given the sheer sophistication of the
technology's capability and the obvious sensitivity of the personal information
that can be gleaned from a consumer's Web use, I believe broadband providers
deploying deep packet inspection technologies must adopt clear privacy
policies," Markey said.
regime when deploying NebuAd's DPI technology, a notion Dykes said would dilute
the effectiveness of the program. "No one, not even the government, can
determine the identity of our users," Dykes argued.
NebuAd allows users to opt out of the customized ads program but not online
"That's basically saying silence is consent and as a result you can do
whatever you want with their information," Markey said. "I don't
think, unless you've got clear affirmative permission, that you should be able
to take this incredible leap into the breaching of the privacy of Americans."
According to a technical report (PDF)
Free Press and Public Knowledge, NebuAd uses special equipment that "monitors,
intercepts and modifies the contents of Internet packets" as consumers go
online. The report found that NebuAd inserts extra hidden code into users'
Web browsers that was not sent by the Web site being visited.
In turn, the code directs the browser to another site not requested or even
seen by the consumer, where more hidden code is downloaded and executed to add
more tracking cookies. Using the secretly collected information, NebuAd
serves up ads based on the user's browsing habits.
"NebuAd breaks the rules of acceptable behavior on the Internet,"
Robert Topolski, the report's author, wrote. "It monitors what you do and
see on the Internet, it breaks in and changes the contents of your private
communications, it keeps track of what you've done, and if you even know that
it's happening, it is impossible to opt out of it."
In May, Ed Markey and Joe Barton, the ranking member of the subcommittee, wrote (PDF)
to Charter Communications President
and CEO Neil Smit asking him to stop NebuAd
testing until the subcommittee has had time to review the program.
"Any service to which a subscriber does not affirmatively subscribe and
that can result in the collection of information about the Web-related habits
and interests of a subscriber, or a subscriber's use of the operator's services
... without the 'prior written consent or electronic consent of the subscriber'
raises substantial questions related to [privacy]," Markey and Barton
Charter, the nation's fourth-largest broadband
from its proposed deal with NebuAd June 24.
Markey and Barton have also
sent a similar a letter to Embarq. NebuAd claims to also have deals in place
with Broadstripe, CenturyTel, Metro Provider and other ISPs. NebuAd pays
ISPs to install monitoring boxes on their networks.