The New Meaning of Computer Monitor
From the very beginning, DoubleClick made a lot of people nervous. For those
unfamiliar with the company, DoubleClick's DART system serves banner ads,
and in the process builds up detailed profiles of exactly what web sites
individuals visit and when they visit them. These profiles are then used to
deliver more targeted advertising. What has thus far prevented this kind of
user profiling from being a threat to privacy has been the fact that
DoubleClick did not associate real-world names with their profiles.
It is hard to truly grasp how extensive DoubleClick's online reach has
become. Their DART system now serves over 5 billion ads every week at almost
12,000 websites, and they have built up a database of over 100 million user
profiles. To assuage public outcry, DoubleClick has always pointed to their
strict policy against collecting "any personally identifiable information
about you, such as your name, address, phone number, or email address."
Unassuaged outcry began last summer when DoubleClick announced that they
intended to buy Abacus Direct. Abacus tracks the buying habits of consumers
who purchase goods from any of over 1,100 mail-order catalog companies, and
they have a database of over 2 billion consumer catalog transactions; each
linked to a real name and address.
Although DoubleClick denied it at first, the intent was clear. DoubleClick's
"firm" policies about consumer privacy were about to be thrown out the
window. They would now be able to link their user profiles to real word
names and addresses and build a cross-lined database of individual's buying
habits and Internet activities.
Naturally, these developments worried a lot of people, but there was not
much that could be done. Consumers asked the Fair Trade Commission to
investigate, but the FTC claimed it had no jurisdiction in privacy matters.
Letters were sent to socially conscious mutual finds asking that they
divest, but DoubleClick's stock has been soaring. And just when privacy
advocates thought things could not get any worse, DoubleClick announced that
they will be releasing a spam tool called DARTmail. Now we will not only
receive banner ads based on our profiles but unsolicited email as well.
It's for Our Own Good
DoubleClick spokesmen, of course, have been trying to convince us that they
are doing us all a tremendous service by building detailed profiles of our
online activities. And although they publicly and frequently voice their
strong commitment to and deep concerns over consumer privacy, such claims
should be viewed as the nonsense they are.
Perhaps DoubleClick management honestly believes that consumers have an
overwhelming desire to see more advertising, but their attempts to
trivialize the privacy issues concern me deeply. DoubleClick CEO Kevin
O'Connor sums up the issue as "It's about delivering the right message to
the right consumer at the right time." I don't think I could disagree more.
The issues are not so superficial.
DoubleClick points to the fact that it allows individuals to "opt-out" of
their system, but such protections are woefully inadequate. As I understand
it, when an individual opts out, DoubleClick will refrain from sending ads,
but may still track their purchasing habits and movements through
cyberspace. Furthermore, the only way to prevent DoubleClick from building a
purchasing profile on you will be to provide them with a fair amount of
personal information. This is not privacy by any stretch of the imagination.
Warding Off Big Brother
All free societies grant their citizens a right to privacy, but we have yet
to closely examine privacy rights in light of recent technological
developments. It seems clear to me no company should have the right to
compile and sell detailed profiles on individuals unless those individuals
have given their consent to the enterprise. There is certainly a valid
business use for the database the DoubleClick is building, and there are
undoubtedly people who would not mind having their actions tracked in
exchange for more targeted ads or other remuneration.
That being the case, all that is really needed is simple accountability and
an acknowledgement that our personal information is our own. That it cannot
be resold without our explicit consent. Companies selling consumer profile
information should be able to demonstrate that such permission was obtained,
and an audit trail would have to be maintained. Furthermore, if a company
like DoubleClick is building a detailed profile on your activities, you need
to have the right to see those profiles and to request that corrections be
Anytime you received unsolicited mailings or email you should have the right
to demand to know how your name was obtained and provided with the audit
trail back to where you had given permission for its use. Companies unable
to provide such information or who are selling information without proper
permission would be subject to reasonable fines.
Much of this is simple common sense, and most companies pay lip service to
the idea of consumer privacy and are happy to state their commitment to it
in temporary non-binding policies. As DoubleClick shows us, however, such
policies will be abandoned as soon as technology allowing for more invasive,
pervasive or comprehensive monitoring becomes available. In a free society,
no one without either explicit permission or a proper warrant should be
permitted to put an individual under this kind of surveillance.
After this story was written, DoubleClick bowed to consumer pressure and
announced that they will not be correlating Internet activities and real
world purchases at this time. There were the predictable statements about
how consumer privacy is of paramount concern to DoubleClick, but in my
opinion, they are simply biding there time. The databases will be correlated
when DoubleClick deems the public is less sensitive. DoubleClick has
invested a great deal in this and stands to lose out on far too much money
if they keep the two databases independent.