As you might recall, last Friday, we took a look at a deal made between Internet service provider (ISP) Charter and NebuAD, a company that specializes in “highly-targeted” advertising. In a nutshell, NebuAD installed Deep Packet Inspection (DPI) devices on Charter's network, in order to harvest user data, which was then used to serve ads to specific users based on their surfing habits. This, of course, raised a number of privacy concerns and furthermore, served as a disconcerting reminder that non-neutral or “tiered” networks are very much technologically feasible.
Well, in the days since our last post on the topic, a number of folks have taken notice of NebuAD and Charter's actions–and we're not just talking about the usual suspects in the blogosphere. On Friday, Representatives Edward Markey (D-MA) and Joe Barton (R-TX) sent a letter (PDF link) to Charter's President and CEO, Neil Smit, asking the company to put a hold on its venture with NebuAD pending a “discussion” of the privacy issues that the program raises. Specifically, they cite the Communications Act of 1934, which categorically states that companies that are involved in the transmission of communications should not knowingly divulge the contents of those communications. “Any service to which a subscriber does not affirmatively subscribe and that can result in the collection of information about the web-related habits and interests of a subscriber…without the 'prior written or electronic consent of the subscriber,' raises substantial questions related to Section 631 [of the Communications Act],” the Congressmen write.
Did Charter acquire the consent of its users before deploying its NebuAD-assisted advertising service? Considering that the company simply notified its users of the opt-out program via a form letter, the answer seems to be a resounding “no”. What's more, even the opt-out nature of the program is currently in question: as Ryan Singel at Wired's “Threat Level” blog noted last Friday, it's unclear whether opting-out of the service actually prevents your personal information from being collected by NebuAD's DPI sniffers or if it simply prevents you from seeing the ads associated with the service.
Clearly, the folks at Charter and NebuAD have a lot of explaining to do. But the Communications Act is far from being the last of their worries. As Cnet's Declan McCullagh pointed out earlier this week, NebuAD's service might also run afoul of the Electronic Communications Privacy Act of 1986 (ECPA), which states that providers of electronic communication services “shall not intentionally divulge the contents of any communication.” Meanwhile, others are calling for either the Federal Trade Commission or the Federal Communications Commission to open up an investigation into NebuAD's business practices. To that end, the Center for Democracy and Technology filed comments with the FTC in April (PDF link), asking the Commission to address the issue of advertising-related monitoring and to clarify that an opt-out mechanism does not constitute user consent.
Clearly, the case against Charter and NebuAD is mounting. And just in the nick of time too: as it turns out, NebuAD's deal with Charter is just the tip of the iceberg. A number of regional ISPs have inked deals with NebuAD–and are either currently testing their services or plan to do so in the near future–including Wide Open West, Knology, CenturyTel and Embarq. And that's not to mention NebuAD competitors like Phorm and Front Porch, both of which are actively marketing similar services to ISPs. Here's hoping that NebuAD gets a slap on the wrist sooner, rather than later–otherwise we could all soon find DPI gear peeking over our shoulders.