IP: UST on Cookies: Takes DoubleClick to Task

[Dave Farber <farber () cis upenn edu>]

> http://www.usatoday.com/life/cyber/tech/cth203.htm
>
> Cookies: How sites know what they know
> By Will Rodger, USATODAY.com
> 1/25/00- Updated 03:17 PM ET
>
> Take a look inside a text file or folder labeled "cookies" on your
> computer. If you've never seen it before, you may be surprised.
>
> There you'll find many, perhaps hundreds of short strings of text placed
> there by as many online companies. In all but a handful of cases, you will
> see a unique identifier -- a bunch of gibberish to the untrained eye --
> appended to an Internet address like doubleclick.com. That text identifies
> your computer to the company that placed the cookie on your hard drive.
>
> Marketers say cookies hold the promise of customization: Users can see what
> they want when they want it by using cookies to tell Web sites about their
> online preferences. Companies that ask users to register at their sites
> know instantly when their old customers come back -- note, for instance,
> the cheery hello Amazon.com gives you if you register or buy something from
> them and go back again.
>
> But cookies also serve as cookie crumbs on the Web surfer's trail. By using
> cookies on their Web sites, companies can watch not just what you bought,
> but what you looked at along the way, and how long you stayed there. And
> they can keep that information for as long as they want.
>
> Ad networks like DoubleClick, moreover, take that market research to
> another level by correlating your movements and actions across many sites.
> As the company builds an increasingly detailed dossier of your online
> activities, it can target advertisements all the more accurately,
> predicting what you will and won't react to.
>
>  As time goes by, Web sites will make changes to your cookies to reflect
> what they know about you. Even so, the bulk of your actions as a consumer
> will stay in databases maintained not on your computer, but on those of the
> companies that run the Web sites in the first place.
>
> All of this makes some people yawn.
>
> Others, fearful of abuse, inadvertent disclosure or even blackmail, say
> these databases are the making of a surveillance state in the hands of big
> business, big government -- anyone except the people.
>
> Is this paranoia? Maybe. Then again, maybe not. Online data can reveal more
> than some people would like:
>
> * The Seattle Times and Boston Globe each reported separate divorce
> proceedings in which America Online was served with subpoenas for data
> about members' activities. AOL turned over those e-mail messages and
> chat-room records that had not already been purged from their systems.
>
> * A Spokane, Wash., judge ruled earlier this month that e-mail messages and
> private chats between police running a sting operation and a suspect could
> be used as evidence in a criminal trial without requiring police to seek a
> warrant to gather the evidence.
>
> * The GeoCities Web site, after stating it would never give customer data
> to others, recently transferred data about thousands of its subscribers to
> an in-house advertising division for direct-marketing purposes. GeoCities
> admitted the practice in a consent decree with the Federal Trade
> Commission, but argued its privacy statement had been amended to inform
> users how their data was being used.
>
> Whatever happens with online profilers like DoubleClick, activists say the
> Clinton administration is quietly giving the green light to big business.
> They point to increasing assertiveness by profilers to back up their claims.
>
> Consider the comments of DoubleClick CEO Kevin O'Connor to Forbes.com in
> November 1996.
>
> Back then, O'Connor promised his company would never try to unmask the
> real-world identities of the people it tracks with its "anonymous" cookies.
>
> "If we do that, it would be voluntary on the user's part, and used in
> strict confidence," he said. "We are not going toŠmatch information from
> other sources."
>
> Less than three years later, O'Connor paid $1 billion for Abacus Direct to
> do exactly that.