• by Wendy Davis , Staff Writer @wendyndavis, July 17, 2008

At a Congressional hearing this morning led by Ed Markey of Massachusetts, NebuAd CEO Bob Dykes faced far more critical questioning than last week at the Senate. How critical? Consider this: He opened his testimony by comparing himself to Galileo -- yes, the same one who faced the Inquisition for asserting that the earth revolved around the sun.

Dykes has been attempting to persuade lawmakers that his behavioral targeting company, which gathers information from Internet service providers about users' Web-surfing history and then sends them ads, doesn't violate users' privacy. He stresses that NebuAd doesn't collect people's names or addresses, doesn't gather data about "sensitive" material, and that Web users can opt out.

But digital rights groups are skeptical on all fronts. Even if it doesn't collect people's names, NebuAd has access to IP addresses. The company says it encrypts those using an irreversible code, but critics aren't persuaded that the data will truly be safe. And they're not sure how they can trust that NebuAd doesn't gather information about medical conditions or other matters that people don't typically want to share.

Even Florida's Cliff Stearns -- who indicated in his opening statement that he was opposed to imposing new requirements on online ad companies -- questioned Dykes on this point. He asked how people could know that NebuAd wasn't inspecting such information. "We just take your word for it?" he asked.

Dykes' answer -- that the company was going to hire an accounting firm to conduct a privacy audit -- didn't reassure the lawmakers. "I don't know, Mr. Dykes, if that's going to calm the fears here," was the response.

Markey then wanted to know whether Dykes would be able to find an accounting firm that wasn't involved in the subprime mortgage mess, Enron or the dot-com bubble.

Regardless of the auditing question, Markey made it very clear that he thinks NebuAd shouldn't collect information about Web users who haven't provided opt-in consent. Dykes countered that requiring express consent would reduce the value of the service to advertisers.