Law in the Internet Society

Privacy and the Private Sector

-- By AndreiVoinigescu

Privacy advocates are up in arms about the recent explosion in the monitoring, recording and analysis of people's online activities. The private sector, meanwhile, is investing heavily in compiling behavioral profiles of Internet users: In 2007, AOL, Yahoo and Google spent $3.6 billion to purchase behavioral targeting firms Tacoda, BlueLithium? and DoubleClick? , while Microsoft spent $240 million for a 1.6% share of Facebook. In the wake of senate hearings into web privacy, a number of large ISPs have backed away from partnerships with behavioral advertising networks which would have seen them deploying deep packet inspection to snoop on users' surfing habits, stressing that any future monitoring for advertising purposes will be on an opt-in basis with express consent from the users being watched. So what is all the fuss about?

The All-Seeing Eye

Monitoring and analyzing user's online activities is not new. Behavioral advertising companies like NebuAd? and Phorm track keywords on visited websites and search engine queries (with ISP cooperation), creating profiles (linked to individual computers) used to infer likely purchase interest in each of the rougly 1000 "useful but innocuous" product categories. NebuAd? and Phorm can categorize users quite narrowly. They can identify users interested in a vacation to a particular destination, or in buying a particular brand of used car. But while the ISP-Ad Network partnership allows for unprecedented comprehensiveness in monitoring a user's online behavior, individual e-commerce websites have been analyzing visitor's behavior at a high level of granularity for years now., for instance, tracks clickstream data--the pages users visit, the time they spend there, and how they interact with each page--down to the level of individual scrolls, clicks and mouse-overs.

An alarming erosion of privacy and autonomy?

Should we be worried that the private sector may soon know us better than we know ourselves? That depends on how the data being collected about our online behavior is used. Will our online nakedness merely allow the market to better cater to our needs and desires?

Behavioral advertising networks use the profiles they generate to facilitate more nuanced audience segmentation. Where ads before were often targeted based on crude demographics like location, age or gender, NebuAd? and Phorm allow advertisers to carve out their audience according to temporally salient interests. While this is a clear win for marketers, a recent survey reveals that 57% of internet users are uncomfortable with advertisers using their browsing history--even if anonymized--to serve relevant ads. Can this result can be attributed to luddite fear-mongering?

It is hard to make a case that targeted ads themselves are a threat to privacy or autonomy. While there is something offensive about the push nature of advertising in general--a reaction potentially exacerbated when you know an unsolicited ad is directed specifically at you--internet advertising is easily blocked. And whatever the actual empirical effect of advertising on purchase decisions, most people believe that they retain full control over whether or not to buy. In their current categorical classification based form, the NebuAd? and Phorm ad networks don't really provide much finer-grained audience segmentation than specialty magazines have been providing for years. Perhaps, as some analysts suggest, consumer unease only reflects underlying doubts about how useful the targeted ads actually are. After all, consumers seem quite willing to trade away privacy in return for valuable services like free webmail and storage.

Behavioral Profiling and the Pocketbook

While targeted advertising might be of dubious value to consumers, corporations are now exploiting the wealth of data they collect for ends are harder to characterize as mutually beneficial. In the past, marketing was largely the domain of 'common-sense' knowledge. Although business-focused academics were certainly influenced by findings in the social sciences and even conducted their own research, the limitations and cost of traditional experimentation and field research meant that much of their insight into persuasion was often generalized rather than specific. This is no longer the case. Companies like are increasingly relying on data mining techniques to identify trends in the detailed behavioral data they collect from visitors. Dynamic website content allows online retailers to directly and cheaply test specific hypothesis about effective marketing techniques, increasing their ability to profit from the behavioral trends they observe.

E-commerce websites contend that they use automatic monitoring and analysis of clickstream data to provide customized shopping experiences tailored around the user's interests. Leaving aside research that suggests users often find such customization inaccurate or misleading, there is evidence that websites use prior behavioral data for price discrimination. While practices like offering new customers lower prices might be easily uncovered and outed once awareness of them spreads, other, more subtle uses of targeted content to maximize profits probably are not. Suppose's automatic recommendation system recommends hardcover versions of a book to customers identified as less price sensitive based on prior purchase history, and the paperback to everyone else. Would anyone notice?

Loyalty programs from brick and mortar establishments show just how creative the private sector can be in exploiting even relatively sparse data about how customers have behaved in the past. Harrah's Entertainment--the world's largest gaming company--deploys member reward cards and specialized software in its casinos to identify each member's personal loss threshold based on previous gambling sessions. The system alerts casino staff when a patron is approaching a level of losses at which she usually quits for the night, allowing them to take action. Frustrated patrons are often offered free meals or show tickets to keep them happy and keep them in the casino, increasing the amount they ultimately spend.

A loss for everybody?

Successes like Harrah's tend to inspire imitation. And as more businesses collect or purchase data for predictive analytics, it is not just the success of their behavioral models that raises concerns. The worst a flawed predictive model employed by Phorm or NebuAd? can do is bombard web-surfers with irrelevant ads; shoddy predictive models in other areas can be downright dangerous: poor modeling of borrowers' ability to repay mortgages played an important role in the current recession. The effects of a corporation's mistakes are not always limited to its bottom line.

If costly mistakes and the use of behavioral data to subtly nudge people towards more spending and consumption does not seem like a direct enough threat to autonomy, consider that, once collected, the data never goes away. The information can be co-opted by the government, or subpoenaed during private litigation. Behavioral data can only exacerbate the imbalance of power between a state and its citizens, between wealthy litigants and those not so lucky. Perhaps the dominant uses of this data today are innocuous--but they're just the tip of the iceberg.



Webs Webs

r14 - 16 Jan 2009 - 18:10:08 - AndreiVoinigescu
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM