UPDATED: This version adds and corrects some facts from my original August 21 piece. My source claims Google admitted to condoning behavioral targeting on its content network. However, he says Google never told him they were using deep packet inspection to enhance behavioral targeting efforts.
The House Energy and Commerce Committee August 1 sent Google and other companies a list of questions regarding their online advertising practices.
One of the questions was: “Has your company at any time tailored, or facilitated the tailoring of, Internet advertising based on consumers Internet search, surfing, or other use?” In other words, does Google engage in behavioral targeting to bolster its online ad efforts?
Google responded to the House’s letter with its own August 8, noting that though behavioral targeting is not currently the focus of its business — contextual advertising is — the company believes it can be done in such a way as to preserve consumer privacy.
Saying that something is not currently the focus of its business is not an outright denial, nor is it an admission. Noting that behavioral advertising can be done without threatening consumers means that Google is open to it.
Indeed, Google added in its letter to the House that to ensure responsible behavioral targeting practices, it supports efforts to establish self-regulatory principles for online advertising that involves the collection of user data for behavioral and demographic profiles. This includes efforts by the Federal Trade Commission and the Network Advertising Initiative.
In fact, Google has admitted to the New York Times that it is testing ways to use the information it gathers from its tracking of Web users’ most recent searches. This would fall under the mantle of behavioral advertising.
One source who bangs the drum for consumer privacy feels Google wasn’t as forthcoming in its letter to the House as it should have been, and noted that recent moves suggest Google is inching closer toward practicing behaviorally targeted advertising. How so?
The source said that when Google opened up its content network to third-party ad servers in May, some of those companies practiced behavioral targeting while on Google’s network.
The source then argued with Google that by condoning behavioral targeting on their network, they were actually engaging in behavioral targeting. The source said Google confirmed this.
So, what’s the big deal? The source said Google should have stated as much in its letter to the House Energy and Commerce Committee.
“That’s what annoyed me about that letter [to the House Energy and Commerce Committee]. They could have said, ‘we’re collecting personal data in DoubleClick, YouTube, Feedburner.’ What Google is brilliant at, is in controlling the message, controlling the incremental strategy. They’re moving very slowly toward admitting they do behavioral targeting. They are doing behavioral targeting but they can’t admit it.“
The source’s position brings up the issue of the fine line. Google may not be doing behavioral advertising outright, but what does it mean if it enabling other ad-serving companies who do leverage behavioral targeting to do so on its network. This is the type of quandary that sticks in privacy advocates’ craws.
Google declined to comment about the source’s comments for this post; a spokesperson referred me to the letter and said the company stands by its statement.
I suspect it may be only a matter of time before Google, who does not pre-announce products, will officially roll out a behavioral advertising.
To be sure, parts of Google’s letter to Congress read like a seed for behavioral advertising efforts that are to come. Google has search keywords sewn up, but it, Microsoft and Yahoo are also considering new behavioral ad methods to help them better target Web users through keyword, video, mobile and social ads.
My source also said he wouldn’t be surprised if Google using DPI to collect more data on users to hone its forthcoming behavioral targeting practice. His contention is this: If Google is privately practicing behavioral targeting, how can anyone be sure the company isn’t testing ways to use DPI?
Deep packet inspection, or DPI, is a form of computer network packet filtering that examines the data and/or header in a data packet. It’s typically used in security practices to find viruses and worms, but it can also be used to mine Internet data.
Some privacy advocates suspect Google, other search engines and ISPs are leveraging DPI to learn more about us, specifically, what we search for, who we communicate with, pretty much anything we do online. Indeed, this prompted the House to ask Google and others several questions related to DPI.
Google denied it to Congress; until anyone can prove otherwise, that is where it stands.