Law in the Internet Society

View   r8  >  r7  >  r6  >  r5  >  r4  >  r3  ...
JoshuaSimmonsPaper2ISPSideAdvertisingUnlikely 8 - 20 May 2009 - Main.JoshS
Line: 1 to 1
 
META TOPICPARENT name="WebPreferences"

ISP Side Advertising Unlikely

Line: 12 to 12
 In response, both houses of Congress conducted hearings, and by September 3 NebuAd? was cracking under the pressure: its co-founder and CEO resigned, various ISPs either canceled or suspended trials of the device, and it fired its PR firm and some of its staff. Despite NebuAd? ’s collapse, however, broadcast providers are adamant that they should be allowed to regulate themselves and are “[not] prepared to embrace legislation.”
Changed:
<
<
While the media and congressional pressure seems to have quieted NebuAd? and its brethren for the moment, it is unlikely that deep packet inspection will ever truly be gone. The benefits to the corporate whores involved are too high, and the costs involved are all paid by consumers, most of whom have no meaningful choice when it comes to their ISP, and are far too willing to give up their privacy without thinking. When these companies return, they will not only face the same political pressure (unless, of course, they bribe Congress) and government regulator (of course, the FTC is fairly toothless), but legal claims, such as potential wiretapping charges. However, I see an additional hurdle for NebuAd? and its ISP stooges: copyright holders.
>
>
While the media and congressional pressure has obliterated NebuAd? and quieted its brethren for the moment, it is unlikely that deep packet inspection will ever truly be gone. The benefits to the corporate whores involved are too high, and the costs involved are all paid by consumers, most of whom have no meaningful choice when it comes to their ISP, and are far too willing to give up their privacy without thinking. When these companies return, they will not only face the same political pressure (unless, of course, they bribe Congress) and government regulator (of course, the FTC is fairly toothless), but legal claims, such as potential wiretapping charges. However, I see an additional hurdle for NebuAd? and its ISP stooges: copyright holders.
 Copyright holders have been trying to hold ISPs secondarily liable for the infringement of the ISPs’ users for years. It was the prospect of such ruinous liability that urged the ISPs to lobby Congress for exemptions from copyright liability, and, in 1998, have Congress pass the Digital Millennium Copyright Act.
Line: 26 to 26
 First, it is possible to construct two sets of arguments against ISP surveillance. The privacy-based arguments, such as wiretapping, have been discussed by privacy advocates, and are beyond the scope of this piece. However, one could construct a DMCA-based argument from § 512(a)(4), which requires that transient storage be maintained “in a manner ordinarily [not] accessible to anyone other than anticipated recipients.” Providing NebuAd? copies of the material even for merely surveillance purposes would cause the ISPs copyright liability to reassert itself.
Changed:
<
<
Second, although products such as AdBlock? are able to block advertising, they do so based on links to aggregation websites (e.g., ad.adlegend.com, and googlesyndication.com). NebuAd? , on the other hand, resides inside the network, which means it can choose advertising without directing users to a centralized website, and can monitor clicks based on page views. From AdBlock? ’s perspective, these advertisements will simply look like regular content from the website’s author.

  • No. From AdBlock's perspective, the ads substituted by NebuAd will look like URIs for advertising content to be requested by the browser, as though they had been embedded in the HTTP stream sent to the user by the original ad server, which in some sense they were. In either event, the browser has to turn around and re-request these URIs, because that's what puts useful information in the server logs of the ad server. That request, however, is blocked by the proxy like Privoxy or the browser plug-in like AdBlock. From the user's point of view, the result is no ad in either case.
>
>
Second, although products such as AdBlock? are able to block advertising, they do so based on links to aggregation websites (e.g., ad.adlegend.com, and googlesyndication.com). NebuAd? , on the other hand, resides inside the network, which means it can choose advertising without directing users to a centralized website, and can monitor clicks based on page views. If NebuAd? is able to make its advertising look like regular content from the website's author, AdBlock? will be unable to detect and block it. An example of advertisers circumventing AdBlock? is Google's latest trend of cycling the id tags for its text-based advertising. By doing so, some of Google's advertising slips through AdBlock? and is displayed until the user uses the Element Hiding Helper to block that tag, which is a temporary fix until the next rotation. It is important to note, however, that the same strategy would not work for image-based advertising.
 Without a change in the DMCA, which seems unlikely given Congress and the public’s reticence, ISPs would be opening themselves up to an unquantifiable legal risk by joining up with a NebuAd? -type company.
Line: 64 to 62
  AdBlock to remove anyway.
Added:
>
>
  • No. From AdBlock's perspective, the ads substituted by NebuAd will look like URIs for advertising content to be requested by the browser, as though they had been embedded in the HTTP stream sent to the user by the original ad server, which in some sense they were. In either event, the browser has to turn around and re-request these URIs, because that's what puts useful information in the server logs of the ad server. That request, however, is blocked by the proxy like Privoxy or the browser plug-in like AdBlock. From the user's point of view, the result is no ad in either case.

    • Doesn’t that depend on the nature of the advertising placed by NebuAd? ? If the advertiser wants to use images, I can understand it being difficult to obfuscate AdBlock? . However, if the advertising is text based like Google’s there would be no need to make a request from an advertising server to get the content. Right now you can use the Element Hiding Helper, but that requires the advertising to use the same tag name, which even Google has begun rotating so that some of its advertising will come through. As for needing the requests to put useful information in the server logs, if NebuAd? is sitting inside the network, why would it need a user to request URIs from its advertising servers? NebuAd? would be able to see where users were visiting and from what referring website.
 
 
<--/commentPlugin-->

META TOPICMOVED by="JoshS" date="1231362356" from="LawNetSoc.ISPSideAdvertisingUnlikely" to="LawNetSoc.JoshuaSimmonsPaper2ISPSideAdvertisingUnlikely"

JoshuaSimmonsPaper2ISPSideAdvertisingUnlikely 7 - 20 Apr 2009 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="WebPreferences"

ISP Side Advertising Unlikely

Line: 28 to 28
 Second, although products such as AdBlock? are able to block advertising, they do so based on links to aggregation websites (e.g., ad.adlegend.com, and googlesyndication.com). NebuAd? , on the other hand, resides inside the network, which means it can choose advertising without directing users to a centralized website, and can monitor clicks based on page views. From AdBlock? ’s perspective, these advertisements will simply look like regular content from the website’s author.
Added:
>
>
  • No. From AdBlock's perspective, the ads substituted by NebuAd will look like URIs for advertising content to be requested by the browser, as though they had been embedded in the HTTP stream sent to the user by the original ad server, which in some sense they were. In either event, the browser has to turn around and re-request these URIs, because that's what puts useful information in the server logs of the ad server. That request, however, is blocked by the proxy like Privoxy or the browser plug-in like AdBlock. From the user's point of view, the result is no ad in either case.
 Without a change in the DMCA, which seems unlikely given Congress and the public’s reticence, ISPs would be opening themselves up to an unquantifiable legal risk by joining up with a NebuAd? -type company.

-- JoshS - 01 Dec 2008


JoshuaSimmonsPaper2ISPSideAdvertisingUnlikely 6 - 11 Feb 2009 - Main.JoshS
Line: 1 to 1
 
META TOPICPARENT name="WebPreferences"

ISP Side Advertising Unlikely

Changed:
<
<
A little over a year ago was the official launch of NebuAd, a company that, from the very beginning, saw itself as partnering with Internet service providers to produce targeted advertising based on the ISPs’ users’ use of the Internet. They claimed to be creating data-driven marketing without gaining access to the identities of the ISPs’ users. In fact, while they were hashing the users’ identities, Bob Dykes, co-founder and CEO, admitted that “[they] can see that same user coming back onto the Internet.” They accomplished this act of spying, by convincing ISPs to allow them to install an appliance inside the ISPs’ own networks, which allowed them to “get a 360-degree, multidimensional view over a long period of time of all the pages users visit….taking a totality of…behaviors.” In other words, they got us. They got our search terms, our page views, our page and ad clicks, our time spent on specific sites, our zip codes, our browser info and our connection speed. Using this information, NebuAd chose what it considered the optimal ad, and would display it.
>
>
NebuAd and companies like it have two purposes: (1) spying on the customers of ISPs, and (2) using that information to add behavioral advertising to the packets coming through the ISPs’ servers. These companies pick up search terms, page views, page and ad clicks, time spent on specific sites, zip codes, browser information and connection speeds; and using this information, they choose an “optimal ad” to display. While commentators and congressmen have struggled to find a means of stopping these companies based on the privacy concerns involved, no arguments have addressed the ruinous liability that ISPs would expose themselves to if they permitted these companies to change the packets coming through their servers.
 
Changed:
<
<
For NebuAd and its advertisers, this was a boon. Up until NebuAd’s entrance into the market, the only sites that targeted advertising companies could use to determine who you were and what you would be likely to purchase were the limited number of sites that contracted with the advertising company. NebuAd’s deep packet inspection technology allowed them to track everything you did while on the internet regardless of what websites you visited. NebuAd was also a windfall for the ISPs, they received, in exchange for installing the NebuAd device, their 30 pieces of silver in the form of $2–4 per subscriber.
>
>
When NebuAd? came on the market, it claimed to be creating data-driven marketing without gaining access to the identities of ISPs’ users. However, it quickly became apparent that while they were hashing user identities, “[they] could see that same user coming back onto the Internet” by installing an appliance inside the ISPs’ networks, which allowed them to “get a 360-degree, multidimensional view over a long period of time of all the pages users visit….taking a totality of…behaviors.”
 
Changed:
<
<
The outcry from the privacy community was fairly immediate. For John Palfrey of Harvard’s Berkman Center and many other privacy advocates, transparency was essential: "Consumers need to know exactly what is going on and they need to know it at all times….Today they say they are using consumer information for ads, but it could be something completely different tomorrow. The ISPs and the companies they are working with need to share as much information as possible."
>
>
Before these companies, advertisers could only create behavioral ads based on the activity of users on sites that contracted with them. Deep packet inspection technology changed that by allowing the tracking of everything done on the Internet regardless of the websites visited. In exchange for this information, ISPs received their 30 pieces of silver in the form of $2–4 per subscriber.
 
Changed:
<
<
In July of this year, the House opened an investigation of a trial of NebuAd’s service conducted by Embarq. The hearing ended with an open letter from Congressmen Markey and Barton urging ISPs to stop using such services. By September 3, the social pressure proved too much for NebuAd. Dykes resigned, various ISPs either cancelled or suspended trials of the device, and the company fired its PR firm and some of its staff. Additionally, various legal arguments were made regarding NebuAd’s service, including that the technology might be considered wiretapping.
>
>
Privacy advocates cried out immediately by insisting that transparency was essential: "Consumers need to know exactly what is going on and they need to know it at all times….Today they say they are using consumer information for ads, but it could be something completely different tomorrow. The ISPs and the companies they are working with need to share as much information as possible."
 
Changed:
<
<
At the end of September, the Senate Committee on Commerce, Science, and Technology held a hearing focused on broadband providers and consumer privacy. At that hearing, AT&T, Verizon and Time Warner Cable admitted that behavioral tracking shouldn’t be used without the meaningful consent of web users. However, they also stated that they would prefer to regulate themselves (who wouldn’t) stating that, “[They weren’t] prepared to embrace legislation.”
>
>
In response, both houses of Congress conducted hearings, and by September 3 NebuAd? was cracking under the pressure: its co-founder and CEO resigned, various ISPs either canceled or suspended trials of the device, and it fired its PR firm and some of its staff. Despite NebuAd? ’s collapse, however, broadcast providers are adamant that they should be allowed to regulate themselves and are “[not] prepared to embrace legislation.”
 
Changed:
<
<
While the media and congressional pressure seems to have quieted NebuAd and its bretheren for the moment, it is unlikely that deep packet inspection will ever truly be gone. The benefits to the corporate whores involved are too high, and the costs involved are all paid by consumers, most of whom have no meaningful choice when it comes to choosing their ISP, and are far too willing to give up their privacy without thinking. When these companies return, they will need to smooth over relations with the appropriate congresspeople (read: bribe them), and insure that if there is a government regulator involved, it is sufficiently toothless (read: the FTC). However, I see an additional hurdle for NebuAd and its ISP stooges: copyright holders.
>
>
While the media and congressional pressure seems to have quieted NebuAd? and its brethren for the moment, it is unlikely that deep packet inspection will ever truly be gone. The benefits to the corporate whores involved are too high, and the costs involved are all paid by consumers, most of whom have no meaningful choice when it comes to their ISP, and are far too willing to give up their privacy without thinking. When these companies return, they will not only face the same political pressure (unless, of course, they bribe Congress) and government regulator (of course, the FTC is fairly toothless), but legal claims, such as potential wiretapping charges. However, I see an additional hurdle for NebuAd? and its ISP stooges: copyright holders.
 Copyright holders have been trying to hold ISPs secondarily liable for the infringement of the ISPs’ users for years. It was the prospect of such ruinous liability that urged the ISPs to lobby Congress for exemptions from copyright liability, and, in 1998, have Congress pass the Digital Millennium Copyright Act.
Line: 22 to 22
 Once the ISPs are no longer under the 512(a) shield, copyright holders will only need to establish that the ISPs (1) materially contributed to the infringing conduct, and (2) knew of infringing activity. It should be a simple matter to show that the ISP materially contributed to the infringing conduct since without the ISPs aid the user would be unable to access the copyrighted material. Furthermore, the standard has generally been applied loosely. As for the second prong, given that NebuAd and the ISPs would be touting their ability to inspect every aspect of their users’ online activity, it shouldn’t be difficult to establish the requisite knowledge.
Changed:
<
<
If the ISPs see such liability as a viable threat, they may attempt to turn to Congress for further amendment of the Copyright Act to extend their protection. However, given the DMCA’s concern for the protection of personally identifying information (Copyright Act § 1201(i)), Congress and the public’s new found crusade for privacy protection, and the wealth that copyright holders could squeeze from ISPs, that fight may turn out to be politically infeasible.
>
>
This argument leaves two questions unanswered: (1) how do you address the spying in the first place, and (2) is this business model really viable when technology exists to block web-based advertising.

First, it is possible to construct two sets of arguments against ISP surveillance. The privacy-based arguments, such as wiretapping, have been discussed by privacy advocates, and are beyond the scope of this piece. However, one could construct a DMCA-based argument from § 512(a)(4), which requires that transient storage be maintained “in a manner ordinarily [not] accessible to anyone other than anticipated recipients.” Providing NebuAd? copies of the material even for merely surveillance purposes would cause the ISPs copyright liability to reassert itself.

Second, although products such as AdBlock? are able to block advertising, they do so based on links to aggregation websites (e.g., ad.adlegend.com, and googlesyndication.com). NebuAd? , on the other hand, resides inside the network, which means it can choose advertising without directing users to a centralized website, and can monitor clicks based on page views. From AdBlock? ’s perspective, these advertisements will simply look like regular content from the website’s author.

Without a change in the DMCA, which seems unlikely given Congress and the public’s reticence, ISPs would be opening themselves up to an unquantifiable legal risk by joining up with a NebuAd? -type company.

 -- JoshS - 01 Dec 2008
Added:
>
>

Further Reading

Comments

 
  • When you find that you need to use multiple "may" clauses and "might" suppositions in your conclusion, you have probably
Line: 51 to 62
  AdBlock to remove anyway.
Deleted:
<
<

Further Reading

Comments

 
 
<--/commentPlugin-->

META TOPICMOVED by="JoshS" date="1231362356" from="LawNetSoc.ISPSideAdvertisingUnlikely" to="LawNetSoc.JoshuaSimmonsPaper2ISPSideAdvertisingUnlikely"

JoshuaSimmonsPaper2ISPSideAdvertisingUnlikely 5 - 03 Feb 2009 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="WebPreferences"

ISP Side Advertising Unlikely

Changed:
<
<
A little over a year ago was the official launch of NebuAd, a company that, from the very beginning, saw itself as partnering with Internet service providers to produce targeted advertising based on the ISPs’ users’ use of the Internet. They claimed to be creating data-driven marketing without gaining access to the identities of the ISPs’ users. In fact, while they were hashing the users’ identities, Bob Dykes, co-founder and CEO, admitted that “[they] can see that same user coming back onto the Internet.” They accomplished this act of spying, by convincing ISPs to allow them to install an appliance inside the ISPs’ own networks, which allowed them to “get a 360-degree, multidimensional view over a long period of time of all the pages users visit….taking a totality of…behaviors.” In other words, they got us. They got our search terms, our page views, our page and ad clicks, our time spent on specific sites, our zip codes, our browser info and our connection speed. Using this information, NebuAd? chose what it considered the optimal ad, and would display it.
>
>
A little over a year ago was the official launch of NebuAd, a company that, from the very beginning, saw itself as partnering with Internet service providers to produce targeted advertising based on the ISPs’ users’ use of the Internet. They claimed to be creating data-driven marketing without gaining access to the identities of the ISPs’ users. In fact, while they were hashing the users’ identities, Bob Dykes, co-founder and CEO, admitted that “[they] can see that same user coming back onto the Internet.” They accomplished this act of spying, by convincing ISPs to allow them to install an appliance inside the ISPs’ own networks, which allowed them to “get a 360-degree, multidimensional view over a long period of time of all the pages users visit….taking a totality of…behaviors.” In other words, they got us. They got our search terms, our page views, our page and ad clicks, our time spent on specific sites, our zip codes, our browser info and our connection speed. Using this information, NebuAd chose what it considered the optimal ad, and would display it.
 
Changed:
<
<
For NebuAd? and its advertisers, this was a boon. Up until NebuAd? ’s entrance into the market, the only sites that targeted advertising companies could use to determine who you were and what you would be likely to purchase were the limited number of sites that contracted with the advertising company. NebuAd? ’s deep packet inspection technology allowed them to track everything you did while on the internet regardless of what websites you visited. NebuAd? was also a windfall for the ISPs, they received, in exchange for installing the NebuAd? device, their 30 pieces of silver in the form of $2–4 per subscriber.
>
>
For NebuAd and its advertisers, this was a boon. Up until NebuAd’s entrance into the market, the only sites that targeted advertising companies could use to determine who you were and what you would be likely to purchase were the limited number of sites that contracted with the advertising company. NebuAd’s deep packet inspection technology allowed them to track everything you did while on the internet regardless of what websites you visited. NebuAd was also a windfall for the ISPs, they received, in exchange for installing the NebuAd device, their 30 pieces of silver in the form of $2–4 per subscriber.
 The outcry from the privacy community was fairly immediate. For John Palfrey of Harvard’s Berkman Center and many other privacy advocates, transparency was essential: "Consumers need to know exactly what is going on and they need to know it at all times….Today they say they are using consumer information for ads, but it could be something completely different tomorrow. The ISPs and the companies they are working with need to share as much information as possible."
Changed:
<
<
In July of this year, the House opened an investigation of a trial of NebuAd? ’s service conducted by Embarq. The hearing ended with an open letter from Congressmen Markey and Barton urging ISPs to stop using such services. By September 3, the social pressure proved too much for NebuAd? . Dykes resigned, various ISPs either cancelled or suspended trials of the device, and the company fired its PR firm and some of its staff. Additionally, various legal arguments were made regarding NebuAd? ’s service, including that the technology might be considered wiretapping.
>
>
In July of this year, the House opened an investigation of a trial of NebuAd’s service conducted by Embarq. The hearing ended with an open letter from Congressmen Markey and Barton urging ISPs to stop using such services. By September 3, the social pressure proved too much for NebuAd. Dykes resigned, various ISPs either cancelled or suspended trials of the device, and the company fired its PR firm and some of its staff. Additionally, various legal arguments were made regarding NebuAd’s service, including that the technology might be considered wiretapping.
 At the end of September, the Senate Committee on Commerce, Science, and Technology held a hearing focused on broadband providers and consumer privacy. At that hearing, AT&T, Verizon and Time Warner Cable admitted that behavioral tracking shouldn’t be used without the meaningful consent of web users. However, they also stated that they would prefer to regulate themselves (who wouldn’t) stating that, “[They weren’t] prepared to embrace legislation.”
Changed:
<
<
While the media and congressional pressure seems to have quieted NebuAd? and its bretheren for the moment, it is unlikely that deep packet inspection will ever truly be gone. The benefits to the corporate whores involved are too high, and the costs involved are all paid by consumers, most of whom have no meaningful choice when it comes to choosing their ISP, and are far too willing to give up their privacy without thinking. When these companies return, they will need to smooth over relations with the appropriate congresspeople (read: bribe them), and insure that if there is a government regulator involved, it is sufficiently toothless (read: the FTC). However, I see an additional hurdle for NebuAd? and its ISP stooges: copyright holders.
>
>
While the media and congressional pressure seems to have quieted NebuAd and its bretheren for the moment, it is unlikely that deep packet inspection will ever truly be gone. The benefits to the corporate whores involved are too high, and the costs involved are all paid by consumers, most of whom have no meaningful choice when it comes to choosing their ISP, and are far too willing to give up their privacy without thinking. When these companies return, they will need to smooth over relations with the appropriate congresspeople (read: bribe them), and insure that if there is a government regulator involved, it is sufficiently toothless (read: the FTC). However, I see an additional hurdle for NebuAd and its ISP stooges: copyright holders.
 Copyright holders have been trying to hold ISPs secondarily liable for the infringement of the ISPs’ users for years. It was the prospect of such ruinous liability that urged the ISPs to lobby Congress for exemptions from copyright liability, and, in 1998, have Congress pass the Digital Millennium Copyright Act.

For the purposes of this discussion, it is only one safe harbor that need concern us: § 512(a) of the Copyright Act, which protects ISPs from liability for the transmission of copyrighted material. That protection is provided to any service provider who acts as a mere conduit for the copyrighted material. However, the only ones who get this relief from liability are service providers, and § 512(k)(1)(A) defines a service provider for purposes of subsection (a) as “an entity offering the transmission…of material of the user’s choosing, without modification to the content of the material as sent or received.”

Changed:
<
<
It is important to note that modification is mentioned twice. When it is mentioned in 512(a)(5) it involves the specific material being transmitted, but when it is mentioned in 512(k)(1)(A) it refers to material generally. Thus, if ISPs use NebuAd? , in any way, to track their users and then change or adapt the content seen by those users to better fit their behavioral profile, they are no longer mere conduits in the system and no longer protected by the DMCA safe harbor. This is true whether or not they purchase media or ad space on the original websites.
>
>
It is important to note that modification is mentioned twice. When it is mentioned in 512(a)(5) it involves the specific material being transmitted, but when it is mentioned in 512(k)(1)(A) it refers to material generally. Thus, if ISPs use NebuAd, in any way, to track their users and then change or adapt the content seen by those users to better fit their behavioral profile, they are no longer mere conduits in the system and no longer protected by the DMCA safe harbor. This is true whether or not they purchase media or ad space on the original websites.
 
Changed:
<
<
Once the ISPs are no longer under the 512(a) shield, copyright holders will only need to establish that the ISPs (1) materially contributed to the infringing conduct, and (2) knew of infringing activity. It should be a simple matter to show that the ISP materially contributed to the infringing conduct since without the ISPs aid the user would be unable to access the copyrighted material. Furthermore, the standard has generally been applied loosely. As for the second prong, given that NebuAd? and the ISPs would be touting their ability to inspect every aspect of their users’ online activity, it shouldn’t be difficult to establish the requisite knowledge.
>
>
Once the ISPs are no longer under the 512(a) shield, copyright holders will only need to establish that the ISPs (1) materially contributed to the infringing conduct, and (2) knew of infringing activity. It should be a simple matter to show that the ISP materially contributed to the infringing conduct since without the ISPs aid the user would be unable to access the copyrighted material. Furthermore, the standard has generally been applied loosely. As for the second prong, given that NebuAd and the ISPs would be touting their ability to inspect every aspect of their users’ online activity, it shouldn’t be difficult to establish the requisite knowledge.
 If the ISPs see such liability as a viable threat, they may attempt to turn to Congress for further amendment of the Copyright Act to extend their protection. However, given the DMCA’s concern for the protection of personally identifying information (Copyright Act § 1201(i)), Congress and the public’s new found crusade for privacy protection, and the wealth that copyright holders could squeeze from ISPs, that fight may turn out to be politically infeasible.

-- JoshS - 01 Dec 2008

Added:
>
>
  • When you find that you need to use multiple "may" clauses and "might" suppositions in your conclusion, you have probably been hyperventilating for a couple sentences already. Your point about the DMCA safe harbor is interesting, and, so far as I know, fresh. It would have been sufficient to call attention to an additional and unquantifiable legal risk run by any ISP who gives the behaviorial marketers the power to change the packet coming through. This is not quite the same as saying he has a liability if he permits the surveillance and sells the resulting information to someone else. This point should be remembered before claiming that the usually-black-hat DMCA is here the white-hat cavalry coming to the defense of privacy.

  • Other reasons to doubt the long-term effectiveness of the Phorm model also exist, and for now the immense plunge in consumer demand is likely to restrain business' mad desire to pay substantial amounts of money for the eyeballs of people who don't spend much. So perhaps rather than getting all alarmed about this we could step back and ask just how much damage can be done by guys trying to show me ads I'm going to use AdBlock to remove anyway.
 

Further Reading


JoshuaSimmonsPaper2ISPSideAdvertisingUnlikely 4 - 07 Jan 2009 - Main.JoshS
Line: 1 to 1
 
META TOPICPARENT name="WebPreferences"

ISP Side Advertising Unlikely

Line: 34 to 34
 

 
<--/commentPlugin-->
\ No newline at end of file
Added:
>
>
META TOPICMOVED by="JoshS" date="1231362356" from="LawNetSoc.ISPSideAdvertisingUnlikely" to="LawNetSoc.JoshuaSimmonsPaper2ISPSideAdvertisingUnlikely"

JoshuaSimmonsPaper2ISPSideAdvertisingUnlikely 3 - 30 Dec 2008 - Main.JoshS
Line: 1 to 1
 
META TOPICPARENT name="WebPreferences"

ISP Side Advertising Unlikely


JoshuaSimmonsPaper2ISPSideAdvertisingUnlikely 2 - 11 Dec 2008 - Main.JoshS
Line: 1 to 1
 
META TOPICPARENT name="WebPreferences"
Deleted:
<
<
 

ISP Side Advertising Unlikely

A little over a year ago was the official launch of NebuAd, a company that, from the very beginning, saw itself as partnering with Internet service providers to produce targeted advertising based on the ISPs’ users’ use of the Internet. They claimed to be creating data-driven marketing without gaining access to the identities of the ISPs’ users. In fact, while they were hashing the users’ identities, Bob Dykes, co-founder and CEO, admitted that “[they] can see that same user coming back onto the Internet.” They accomplished this act of spying, by convincing ISPs to allow them to install an appliance inside the ISPs’ own networks, which allowed them to “get a 360-degree, multidimensional view over a long period of time of all the pages users visit….taking a totality of…behaviors.” In other words, they got us. They got our search terms, our page views, our page and ad clicks, our time spent on specific sites, our zip codes, our browser info and our connection speed. Using this information, NebuAd? chose what it considered the optimal ad, and would display it.


JoshuaSimmonsPaper2ISPSideAdvertisingUnlikely 1 - 01 Dec 2008 - Main.JoshS
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="WebPreferences"

ISP Side Advertising Unlikely

A little over a year ago was the official launch of NebuAd, a company that, from the very beginning, saw itself as partnering with Internet service providers to produce targeted advertising based on the ISPs’ users’ use of the Internet. They claimed to be creating data-driven marketing without gaining access to the identities of the ISPs’ users. In fact, while they were hashing the users’ identities, Bob Dykes, co-founder and CEO, admitted that “[they] can see that same user coming back onto the Internet.” They accomplished this act of spying, by convincing ISPs to allow them to install an appliance inside the ISPs’ own networks, which allowed them to “get a 360-degree, multidimensional view over a long period of time of all the pages users visit….taking a totality of…behaviors.” In other words, they got us. They got our search terms, our page views, our page and ad clicks, our time spent on specific sites, our zip codes, our browser info and our connection speed. Using this information, NebuAd? chose what it considered the optimal ad, and would display it.

For NebuAd? and its advertisers, this was a boon. Up until NebuAd? ’s entrance into the market, the only sites that targeted advertising companies could use to determine who you were and what you would be likely to purchase were the limited number of sites that contracted with the advertising company. NebuAd? ’s deep packet inspection technology allowed them to track everything you did while on the internet regardless of what websites you visited. NebuAd? was also a windfall for the ISPs, they received, in exchange for installing the NebuAd? device, their 30 pieces of silver in the form of $2–4 per subscriber.

The outcry from the privacy community was fairly immediate. For John Palfrey of Harvard’s Berkman Center and many other privacy advocates, transparency was essential: "Consumers need to know exactly what is going on and they need to know it at all times….Today they say they are using consumer information for ads, but it could be something completely different tomorrow. The ISPs and the companies they are working with need to share as much information as possible."

In July of this year, the House opened an investigation of a trial of NebuAd? ’s service conducted by Embarq. The hearing ended with an open letter from Congressmen Markey and Barton urging ISPs to stop using such services. By September 3, the social pressure proved too much for NebuAd? . Dykes resigned, various ISPs either cancelled or suspended trials of the device, and the company fired its PR firm and some of its staff. Additionally, various legal arguments were made regarding NebuAd? ’s service, including that the technology might be considered wiretapping.

At the end of September, the Senate Committee on Commerce, Science, and Technology held a hearing focused on broadband providers and consumer privacy. At that hearing, AT&T, Verizon and Time Warner Cable admitted that behavioral tracking shouldn’t be used without the meaningful consent of web users. However, they also stated that they would prefer to regulate themselves (who wouldn’t) stating that, “[They weren’t] prepared to embrace legislation.”

While the media and congressional pressure seems to have quieted NebuAd? and its bretheren for the moment, it is unlikely that deep packet inspection will ever truly be gone. The benefits to the corporate whores involved are too high, and the costs involved are all paid by consumers, most of whom have no meaningful choice when it comes to choosing their ISP, and are far too willing to give up their privacy without thinking. When these companies return, they will need to smooth over relations with the appropriate congresspeople (read: bribe them), and insure that if there is a government regulator involved, it is sufficiently toothless (read: the FTC). However, I see an additional hurdle for NebuAd? and its ISP stooges: copyright holders.

Copyright holders have been trying to hold ISPs secondarily liable for the infringement of the ISPs’ users for years. It was the prospect of such ruinous liability that urged the ISPs to lobby Congress for exemptions from copyright liability, and, in 1998, have Congress pass the Digital Millennium Copyright Act.

For the purposes of this discussion, it is only one safe harbor that need concern us: § 512(a) of the Copyright Act, which protects ISPs from liability for the transmission of copyrighted material. That protection is provided to any service provider who acts as a mere conduit for the copyrighted material. However, the only ones who get this relief from liability are service providers, and § 512(k)(1)(A) defines a service provider for purposes of subsection (a) as “an entity offering the transmission…of material of the user’s choosing, without modification to the content of the material as sent or received.”

It is important to note that modification is mentioned twice. When it is mentioned in 512(a)(5) it involves the specific material being transmitted, but when it is mentioned in 512(k)(1)(A) it refers to material generally. Thus, if ISPs use NebuAd? , in any way, to track their users and then change or adapt the content seen by those users to better fit their behavioral profile, they are no longer mere conduits in the system and no longer protected by the DMCA safe harbor. This is true whether or not they purchase media or ad space on the original websites.

Once the ISPs are no longer under the 512(a) shield, copyright holders will only need to establish that the ISPs (1) materially contributed to the infringing conduct, and (2) knew of infringing activity. It should be a simple matter to show that the ISP materially contributed to the infringing conduct since without the ISPs aid the user would be unable to access the copyrighted material. Furthermore, the standard has generally been applied loosely. As for the second prong, given that NebuAd? and the ISPs would be touting their ability to inspect every aspect of their users’ online activity, it shouldn’t be difficult to establish the requisite knowledge.

If the ISPs see such liability as a viable threat, they may attempt to turn to Congress for further amendment of the Copyright Act to extend their protection. However, given the DMCA’s concern for the protection of personally identifying information (Copyright Act § 1201(i)), Congress and the public’s new found crusade for privacy protection, and the wealth that copyright holders could squeeze from ISPs, that fight may turn out to be politically infeasible.

-- JoshS - 01 Dec 2008

Further Reading

Comments

 
<--/commentPlugin-->

Revision 8r8 - 20 May 2009 - 17:05:59 - JoshS
Revision 7r7 - 20 Apr 2009 - 20:59:57 - EbenMoglen
Revision 6r6 - 11 Feb 2009 - 21:17:46 - JoshS
Revision 5r5 - 03 Feb 2009 - 02:35:54 - EbenMoglen
Revision 4r4 - 07 Jan 2009 - 21:05:56 - JoshS
Revision 3r3 - 30 Dec 2008 - 07:22:45 - JoshS
Revision 2r2 - 11 Dec 2008 - 21:27:03 - JoshS
Revision 1r1 - 01 Dec 2008 - 05:11:17 - JoshS
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM