By Gustavo Arellano
By R. Scott Moxley
By Alfonso Delgado
By Courtney Hamilton
By Joel Beers
By Peter Maguire
By Charles Lam
By Charles Lam
Illustration by Bob AulI'd like to run a little analogy past you. Let's say one day you're walking down the street when a store catches your eye. You go inside and browse for a while and then leave without buying anything. But as you're walking out, a salesperson sneaks up behind you and slaps a homing device on you.
That store can now track you whenever you visit it or one of its friends' stores. It knows what you buy, what you don't buy, how long you spend in the menswear department and what your underwear preference is. And it does all this without you even being aware it's happening.
Sound like an implausible violation of your constitutional right to privacy? Unfortunately, it's probably happening to you every time you go online.
Banner ads—those little rectangular ads that pop up at the top of most Web pages these days—are a huge business on the Internet. One of the largest online-advertising firms is New York-based DoubleClick (www.doubleclick.net), which runs ads on 11,000 Web sites worldwide. And if you've visited any of those sites—including Irvine-based Autobytel.com, a leading online auto dealer—chances are DoubleClick knows a lot more about you than you might like them to.
The key to online advertising—to any advertising, really—is making sure your ad reaches only those people most likely to be interested; anyone else is a waste of money. Catalog firms, for example, routinely swap names with similar catalogs to get a mailing list of likely shoppers. But on the Internet, the amount of data a company can gather on potential customers is breathtaking. The first time you visit a site that carries DoubleClick ads (note: you don't actually have to click on the ad; being on the site is enough), they slap a cookie containing an ID number onto your computer. The next time you visit one of DoubleClick's 11,000 sites, their system recognizes you and dumps more data into your file: IP address, browser type, operating system, service provider, search terms and so on.
All this had privacy advocates nervous enough already. But in November, DoubleClick completed its merger with marketing database firm Abacus Direct, thus giving itself access to Abacus' vast collection of names, addresses, phone numbers, purchasing preferences and more. It subsequently announced the formation of a new program, Abacus Online. On some of their Web sites (they won't say which ones), they're going to link up their online tracking information with the real-world information in their database. In other words, you're no longer #NX3415 or whatever—you're Bob Smith of Anaheim, California. And they'll know pretty much everything: where you live, what your phone number is, what books and videos you buy, what you search for on Altavista, and so on.
Needless to say, this has made a number of people very cranky. On Jan. 27, a Marin County woman filed suit against DoubleClick, alleging that the firm is unlawfully obtaining and selling consumers' private information. Several other parties have since filed similar suits. The Electronic Privacy Information Center (EPIC; www.epic.org) filed a complaint with the Federal Trade Commission on Feb. 10, arguing that DoubleClick's tracking of online users is illegal and asking the FTC to intervene.
"Tracking users' movements online is fairly common, but when DoubleClick began linking profiles with your name and address and other personal information, it crossed a very sharp line in the sand," said EPIC's Andrew Shen. "It's a little unfair and very deceptive to expect all consumers to be aware of what DoubleClick is doing—in many cases it's so invisible that consumers are left at the mercy of these very invasive techniques. We're not neo-Luddites trying to shut down e-commerce, but we do think companies have to behave responsibly."
DoubleClick, naturally, sees it differently, arguing that by tracking consumers online, they're targeting ads to those consumers' interests, which they see as beneficial to said consumers. Spokeswoman Jennifer Blum pointed out that the company offers consumers the opportunity to opt out of their program and stated that any consumer who signs up for the Abacus Online program is given notice of how their information will be used on the same page (although that notice can be rather inconspicuous—see www.netdeals.com for an example).
But there's some evidence to suggest that even if you don't willingly hand over your personal information, DoubleClick is getting it anyway. Security consultant and privacy watchdog Richard Smith, who has painted more than a few corporate logos on his fuselage, announced on Feb. 14 that he had tracked information being sent from his computer to DoubleClick's servers when he visited sites carrying the company's ads: it included such sensitive information as his e-mail address, his full name, his mailing address including ZIP code, and his phone number. (You can view his full report at www. tiac.net/users/smiths/privacy/banads.htm.)
I'd like to tell you what Autobytel has to say about all this, but they seemed a teensy bit reluctant to talk to me. And I can understand why: Would you want to get dragged into this boiling stewpot, out of all the 11,000 sites DoubleClick is associated with, just because you happen to be based in Irvine? But when you hang out with the devil, you've got to expect a little sulfur to rub off.