WASHINGTON, DC — Google, Microsoft, and Yahoo are among the internet service providers that track users’ behavior without consent, according to letters released Tuesday by the House Energy and Commerce Committee. The committee has been investigating how and under what circumstances ISPs track users and what they do with the data they collect and may consider legislation to regulate the practice in the interest of consumer privacy.Google indicated it uses “the DoubleClick ad-serving cookie” — part of the technology Google obtained when it acquired advertising network DoubleClick earlier this year — to track users’ behavior in order to determine how they move around the Web and behave on affiliated sites. Google denied using the most intrusive form of behavioral tracking, known as deep-packet inspection, which allows ISPs to see virtually every keystroke a user makes online. Google also said it does not yet engage in behavioral targeting of ads and allows users to opt out of cookies delivered by both Google and Double-Click.
Observers are not so sure Google is wearing a white hat.
“Google is slowly embracing full-blown behavioral targeting over its vast network of services and sites,” Jeffrey Chester, executive director of the Center for Digital Democracy, told The Washington Post. He added that Google, because of its vast network and sophisticated technologies, “knows more about consumers than practically anyone [else].”
Microsoft and Yahoo also admitted tracking users, although Microsoft is among the eight ISPS that have yet to respond formally to the committee’s request for information from 33 ISPs. Yahoo said earlier this week it is instituting a program that will allow users to opt out of tracking.
More than a dozen of the ISPs denied engaging in user tracking, but Chester said some of them employ forms of “interactive marketing” that amount to the same thing. Comcast, one of the deniers, offers advertisers the ability to target their messages based on “over 3 billion page views” from “15 million unique users.”
Broadband ISPs Knology and Cable One admitted they recently ran tests using deep-packet inspection services provided by NebuAd, which has come under fire from privacy advocates for its methods. Consumers weren’t notified of the tests but no personally identifiable information was inspected, Knology and Cable One revealed.
Congress has become increasingly concerned about online privacy in recent months. Rep. Edward J. Markey [D-Mass.], a member of the House Energy and Commerce Committee, said he and colleagues plan to introduce next session a bill requiring ISPs to inform consumers about what kinds of data they collect and share and to track only those consumers who opt in to tracking programs.
“Increasingly, there are no limits technologically as to what a company can do in terms of collecting information … and then selling it as a commodity to other providers,” Markey told the Post. “Our responsibility is to make sure that we create a law that, regardless of the technology, includes a set of legal guarantees that consumers have with respect to their information.”
Other committee members, notably Republican Cliff Stearns of Florida, have said they favor industry self-regulation because federal regulation could stifle corporate innovation and economic development.
However, another Republican committee member, Rep. Joe L. Barton of Texas, sides with the privacy protection group.
“A broad approach to protecting people’s online privacy seems both desirable and inevitable,” Barton told the Post. “Advertisers and data collectors who record where customers go and what they do want profit at the expense of privacy.”
