Ad targeting, privacy lines drawn

“We understand this [inquiry] to be focused primarily on the implementation of deep-packet inspection advertising practices by a small number of U.S. ISPs. Google does not deliver advertising based on deep-packet inspection.”
— Alan Davidson, director of public policy and government affairs
GOOGLE

“Ad networks and other non-ISPs employ these methodologies at the individual browser or computer level, and they are as effective as any technique that an ISP might employ at creating specific customer profiles and enabling highly targeted advertising.”
— Dorothy Attwood, senior vice president of public policy and chief privacy officer
AT&T

Responding to a recent request from a House committee, a slew of telecom and Web firms recently provided on-the-record details of how they use their sites and networks to target individuals with advertising.

The responses at turns seemed to address and miss the point in question, with Web firms such as Google stressing that they don't use deep-packet inspection (DPI) — which, of course, they can't because they don't own a network — while minimizing the privacy impact of the wide range of personal information to which they do have access.

Carriers such as Comcast and Verizon, meanwhile, said they don't use DPI for ad-targeting — conveniently skirting the issue of traffic management for the moment, while ignoring that targeted advertising is key to success of the business models of next-generation TV offerings.

The House Energy and Commerce Committee published the letters in mid-August, about a week after requesting more than 30 Internet and telecom companies to respond to questions about their data gathering and targeting practices. The committee is expected to spearhead an attempt to legislate a consumer privacy bill of rights sometime within the next year.

Unlike previous FCC and Congressional hearings on the use of DPI technology to manage peer-to-peer and other high-bandwidth services on carrier networks, the House committee investigation into ad targeting and privacy cuts a much wider swath. After the initial responses, it is clear that two camps are emerging: network-based and non — network-based ad network providers, with each trying to set up the other as a potential fall guy.

Web-based advertising firms such as Double-Click have drawn Congressional attention before, but industry practices such as anonymous cookies and opt-out privacy policies have stalled government intervention. But network-based DPI and behavioral advertising techniques from firms such as NebuAd and Phorm have drawn increased scrutiny to issues around online- and network-based targeted ads.

Without any prodding, the terms of the next online privacy battle appear to be set: Which is worse, software-based targeting (cookies and online profiles) or network-based targeting (packet inspection and stream analysis)? For the foreseeable future, the public policy debate looks to be structured around this false either/or equation rather than what makes sense for customers — and for the companies that serve them.