Epic Promises To Destroy 'History-Sniffing' Data

Privacy-ShutterstockEpic Media Group has agreed to destroy all data it collected via "history-sniffing" technology in order to settle Federal Trade Commission charges, the agency announced on Wednesday.

Epic, which didn't admit wrongdoing in the case, also promised that it won't use that technology in the future. Epic no longer operates, but the settlement agreement provides that any successor company will refrain from using history-sniffing techniques.

The FTC's complaint against Epic, made public on Wednesday, accuses the ad network of using history-sniffing technology in order to create marketing profiles of users based on sites they had visited -- including medical and financial sites. History-sniffing technology exploits a browser feature that changes the color of links after users visit them. Ad networks and other companies that use the technology are able to determine which sites users have previously visited.

Epic used that data to place consumers into marketing segments, including "sensitive categories such as 'incontinence,' 'arthritis,' 'memory improvement,' and 'pregnancy-fertility getting pregnant'," according to the complaint.

Epic allegedly placed history-sniffing code within ads it served to visitors at sites including cnn.compapajohns.com, and orbitz.com.

The FTC didn't allege that history-sniffing was in itself an unfair or deceptive practice. Instead, the agency contends that Epic deceived users by failing to state in its privacy policy that it used history-sniffing techniques. That omission could have affected consumers' decision about whether to use Epic's opt-out tool, the FTC says.

Justin Brookman, director of consumer privacy at the Center for Democracy & Technology, says the FTC's reasoning could apply to other companies who omit to list their tracking methods. For instance, he says, companies that use browser-fingerprinting techniques to recognize repeat visitors, might engage in deceptive practices by failing to mention those techniques in their privacy policies.

Epic's use of history-sniffing was brought to light in July of 2011 by Stanford graduate student Jonathan Mayer. At the time, Epic defended the technique, stating on the company blog that history-sniffing "provides companies with a way to measure the accuracy of the data that a company purchases from data vendors without compromising consumer privacy." (That post was no longer available as of Wednesday afternoon.)

Epic added that it doesn't capture exact URLs, but uses information about people's Web history to confirm that they are in the right marketing segments. The company also said it doesn't collect so-called "personally identifiable information," and that it stops using the technique when users opt out of online behavioral targeting.

The company stopped using the technology in August of 2011. The company folded earlier this year, according to the Network Advertising Initiative. Former acting CEO Don Mathis now serves as CEO of the company Kinetic Social, according to its Web site.

Efforts on Wednesday to reach former Epic executives were unsuccessful.

"Privacy Keyboard from Shutterstock"

Next story loading loading..