The Network Advertising Initiative (NAI) recently received a note from Time Warner's RoadRunner, its Internet Service Provider (ISP), warning the association that it would be kicked off the network
if it did not agree to stop sending out spam.
The NAI was founded on the principle that consumers need to be informed about Internet advertising practices and how it affects them and the
Internet. It's an organization respected by both the Federal Trade Commission (FTC) and the U.S. Department of Commerce. The NAI is not the type of organization that is interested in spamming
consumers.
Recently, an internal investigation revealed that a spyware program had actually infiltrated the NAI's Web site and sent spam messages out under the NAI's name. After some irksome
clean-up work, the problem was resolved, but this is just one example of many horror stories about Web site hijackings, browser setting alterations, and identity theft that pervaded Monday's FTC
workshop, "Monitoring Software on Your PC: Spyware, Adware and Other Software."
Web publishers, ISP representatives, search engine providers, advertisers, adware companies, IT security and
technology firms, government officials, and representatives from nearly every organization associated with Internet advertising were on hand Monday to hear first-person accounts like the one above
in an attempt to mobilize the industry toward technological, self-regulatory, and legislative action against the growing spyware problem.
In the end, about the only thing that was unanimously
agreed upon is that spyware is bad, and something needs to be done. As is often the case at such events, it's that next step that no one can agree upon.
Web publishers and Internet policymakers
urged legislators for more time to develop self-regulation and best practices. The NAI's executive director, J. Trevor Hughes, said that despite the urgency of the matter, it's "too early; [it's]
too premature to write best practices today" until all parties involved are on the same page.
Industry officials also advised caution against hasty legislation. "A legislative response is the
worst first response," said Hughes, adding that technology solutions and best practices must come first. The chief reason for caution, he said, is that past legislation has shown a tendency toward
"over-inclusiveness" when it comes to Internet privacy issues.
In other words, the government and consumer protection agencies tend to view data tracking as a bad thing. According to Chris
Hoofnagle, associate director, Electronic Privacy Information Center (EPIC), "the substantial majority of Americans do not want to be tracked. There are many wary consumers who won't even submit
their ZIP codes because of marketing invasiveness."
Cookies are not the same thing as spyware, which is not the same thing as adware. Many healthy Internet businesses depend on tracking consumer
behavior--including the entire Internet advertising industry. There are many different types and degrees of information tracking. Hoofnagle adds: "There is a growing body of recommendations made to
consumers to regulate their online security. I don't know that that's fair. Why should consumers have to become Ph.D.s in privacy?"
As several Web publishers, IT professionals, and other
industry advocates noted throughout the day, the recently passed Utah anti-spyware legislation demonstrates a fundamental lack of understanding of how the Internet advertising industry works.
Andrew McLaughlin, senior policy counsel for Google Inc.--citing the disparity in understanding between lawmakers and the online marketing industry--noted that: "We need to flag bills that are going
to make people's lives harder, not easier." McLaughlin pointed out that even the federal Spyblock legislation currently in review by a Senate committee carries a clause that would require notice
and consent every time information is extracted from online users. He pointed out that this would result in an unreasonable number of notice and consent forms.
However, EPIC's Hoofnagle asserts
that notice and consent may not sufficiently protect consumers from incursions into their privacy: "It's very important that privacy not be watered down to 'notice and consent' ... Ninety-four
percent of consumers believe they should have the right to access all the information that's collected about them."
McLaughlin and representatives from Web publishers and ISPs demonstrated
through examples of testimonies received from their customers that consumers don't understand that spyware, or malicious software, alters Web pages displayed by their browser. Often, consumers have
no idea that the software has been downloaded on their computers, or that they have downloaded an application inadvertently.
The FTC session was dominated by an urgent tone. "By far and away,
the greatest challenge we face," said John Schwartz, president and chief operating officer of Symantec Corp., "is the loss of consumer confidence in the Internet. We have seen cases where people
have actually gone back to dial-up due to lost confidence."
America Online unveiled its latest attempt to thwart spyware which--not surprisingly--is reserved for its members. The new spyware
detector to be deployed alongside its revamped version 9.0 will automatically scan hard drives for spyware when users log on, and then present them with a list of potentially harmful software and
an option for removal. The new tool is likely to draw the ire of adware companies like Claria, according to a software marketing industry executive.
Not surprisingly, industry accreditation
groups such as TRUSTe urged a common industry self-regulation approach as opposed to the individual efforts offered by players such as AOL. "Groups trying to do the right thing need to be very
transparent and open and willing to comply with industry efforts," said Fran Maier, president and executive director, TRUSTe.
Government officials agreed that industry self-regulation and
technology efforts are important, but remained unflappable about the urgency of passing legislation on spyware in the near future.
Jennifer Baird, legislative counsel to Mary Bono (R), the
California representative who recently introduced an anti-spyware bill, said "What we're hearing is that this is a problem--it should be solved, but we don't know how to do that, hold on. That's
not how it works in Congress."
The FTC's Mozelle W. Thompson stated that the agency's short-term intention is to let the industry cultivate a first response: "I would like to see the industry
come back with a set of best practices and develop consumer information about what spyware does and what it does not. He added, ominously: "We have an opportunity here, but consumer perception is
moving very quickly ..."