That was one of the additional details Embarq revealed late Wednesday in a second letter responding to a Congressional inquiry about its test of NebuAd's platform.
The company posted the revision online, on its own corporate site -- a type of notice that seems designed to ensure as few people as possible read it. After all, subscribers who use the Web in typical ways -- to read newspapers, check e-mail, watch TV, read blogs or otherwise consume media -- could easily do so for months, if not years, without ever thinking to visit their ISP's home page to investigate whether the company had decided to start selling their data.
Rep. Ed Markey, who held a hearing last week about NebuAd, isn't satisfied. "I am still troubled by the company's failure to directly inform their consumers of the consumer data gathering test and the notion that an 'opt-out' option is a sufficient standard for such sweeping data gathering."
Privacy advocates say that ISP-based behavioral targeting violates wiretap laws unless subscribers consent. Some states additionally require that both parties to a conversation consent -- meaning that publishers seemingly also need to give permission to share the information. Advocates also are concerned because ISPs have access to users' entire clickstream histories, from every search conducted to every Web site visited. NebuAd says it doesn't collect "sensitive" information or store names, addresses or other information that could be used to identify individual users, but advocates are skeptical. After all, even without names or IP addresses, a detailed clickstream history can in itself provide clues to users' identities -- especially if people conduct searches on, say, their own names, hometowns, employers, and the like.
If NebuAd wants to convince lawmakers its program is legitimate, it needs to do a better job of making sure that subscribers know about it and can make a decision about whether to participate.