- The Washington Times - Monday, June 23, 2008


Traditionally, “wiretapping” refers to listening in on a phone conversation without permission - the current Capitol Hill conflict over civil immunity for phone companies that took part in the government’s warrantless wiretapping program comes to mind - but, not surprisingly, the practice has taken on a new meaning in the digital age.

A report by consumer watchdog groups last week accused an online advertising company, NebuAd, of not only wiretapping consumers but of “hijacking” Web sites. The distinction, of course, would mean that unlike ad-serving firms that monitor an Internet user’s activity to serve relevant ads, NebuAd intercepts and alters Internet code to load behavior-tracking “cookies” on the Web browser.

Redwood City, Calif.-based NebuAd does this, charges D.C. consumer groups Free Press and Public Knowledge, without the knowledge or consent of Web users.

“NebuAd breaks the rules of acceptable behavior on the Internet,” said Robert M. Topolski, chief technical consultant to the groups and author of the report. “It monitors what you do on the Internet, it breaks in and changes the contents of your private communications, it keeps track of what you’ve done, and if you even know that it’s happening, it’s impossible to opt out of it.”

Doing so violates standards put forth by the Internet Engineering Task Force, under which Internet service providers (ISPs) transmit information packets “without inspecting or interfering with them,” Mr. Topolski wrote in the report, which also criticized ISPs that do business with NebuAd.

The conclusions were released last week, a month after two members of Congress, Reps. Edward J. Markey, Massachusetts Democrat, and Joe L. Barton, Texas Republican, sent a letter to Charter Communications asking the company not to implement NebuAd’s service. The lawmakers warned: “Any service to which a subscriber does not affirmatively subscribe and that can result in the collection of information about Web-related habits and interests of a subscriber, or a subscriber’s use of the operator’s services, or the identification of an individual subscriber, and achieves any of these results without the ‘prior written or electronic consent of the subscriber’ raises substantial questions related to” the federal Communications Act.

Charter has since postponed its implementation of NebuAd, whose customers include ISPS Wow, Embarq, Broadstripe, CenturyTel, Metro Provider.

What sayeth NebuAd?

“We are disappointed with the misleading characterization of NebuAd … transparency and consumer privacy protection are core to our business. Reasonable review of materials that have been made available online would have educated the organization that NebuAd requires its ISP partners to provide robust notice to their subscribers prior to deployment of the service,” company spokeswoman Janet McGraw said in an e-mail.

She added: “NebuAd allows users to opt out of NebuAd’s information collection and targeted ads at any time, and such choice is provided in both robust advanced notice and on an ongoing basis.”

In December, the Federal Trade Commission issued four voluntary online behavioral advertising privacy principles calling for considerable disclosure to consumers. A Senate hearing on online advertising and privacy scheduled the day the report was released was postponed.

Mail to: krowland@washingtontimes.com.