acm - an acm publication


Demographic profiling
a euphemism for corporate spying

Ubiquity, Volume 2002 Issue December, December 1 - December 31, 2002 | BY John Hudson 


Full citation in the ACM Digital Library

Hands-on adoption of a multi-agent production planning technology in the manufacturing industry.

Hands-on adoption of a multi-agent production planning technology in the manufacturing industry.

If recent figures on PC and Internet usage are any indication, many of us spend as much time with our computer as we do with our spouse. We bank with it, shop with it or just kill time with it. And, like a digital paparazzi, it could be collecting information about you and your family's web surfing habits, and clandestinely forwarding it to marketers, software developers, or anyone else who might find the information useful. A shameful practice, indeed, but it is nothing new. Software companies and marketing firms have been using "spyware" for years, but a recent New York court ruling may mean that future invasions of your privacy will carry a higher cost for those who cross the line.

A little over two years ago, a class action lawsuit was launched against America Online's Netscape subsidiary, alleging that the company's SmartDownload software was spying on its users by recording and reporting their Internet surfing habits. Members of the class claimed that SmartDownload, bundled with the widely used Netscape web browser, was capturing uniquely identifiable information on the user�s machine whenever software was downloaded from any Web site, anywhere on the Internet. More disturbing still, was the allegation that the captured information was then transmitted, on the sly, to Netscape's Web servers. It now seems likely that there is more than a grain of truth to the allegations, after AOL/Netscape lost an important appeal in the action against it on October 1, 2002, in New York's second circuit court. The next part of this sordid equation will now be to determine if the activities of their spyware violated the Electronic Communications Privacy Act, and a host of other computer abuse and fraud statutes.

Much of the spyware in use by corporations today is relatively benign. Web sites often collect data about their visitors, usually in the form of coded "cookies" that provide information about what pages on their Web site you visit, and how often. Such information is then used to improve the site for its visitors, and provide information tailored to their wants or needs. Indeed, the demographic information you provide to marketers, merely by using your customer loyalty card at the local grocery or department store, often provides a more detailed snapshot of you and your personal preferences than your computer currently does. As soon as that bar-coded discount card is swept across the scanner at the checkout, you instantly provide the merchant with information on what products you buy and how often, even the prices at which you are willing to buy them. Coupled with information you already provided on the application form for the loyalty program, such as your name, address, marital status, etc., a powerful demographic profile emerges about you and your buying habits. This information is worth a king's ransom to marketing companies and retailers, which is why they are willing to give you "big" discounts on the things you buy, in exchange for knowing more about you.

The hidden functions of AOL/Netscape's SmartDownload software were, however, far from benign. The software was closely monitored using advanced "packet-sniffing" technology, which allows examination of the exchange of information taking place between a computer and the Internet. Repeated monitoring of SmartDownload, most notably by Steve Gibson of Gibson Research Corporation, indicated that the software was producing detailed information, in plain text format, about each file downloaded from anywhere on the Internet by the user. This information included not only the complete IP address of the user's computer, but also the name and the URL address of the downloaded file. This download history was then sent, unbeknownst to the user, directly back to Netscape's Web servers. Therein lies the difference between a benign attempt at demographic profiling and illegal eavesdropping. The Web site that places the coded cookie on your computer is, in most cases, only attempting to collect information that is directly related to customizing your visit to their site only, by perhaps presenting the content of greatest interest to you, according to your preferences during your last visit. By contrast, the actions of the SmartDownload software demonstrated, at the very least, an obscene invasion of personal privacy, and an attempt to spy on an unwitting user. A more sinister possibility is that AOL/Netscape perpetrated a theft of private information, for reasons which remain unclear.

A pivotal legal issue in the New York court proceedings dealt with "clickwrap" licensing agreements for downloaded software. This terminology refers to the user's acceptance of the vendor license agreement upon breaking the package seal of physical software, an idea which has been modified somewhat for software that is acquired through Internet downloads. AOL/Netscape attempted to force arbitration upon the members of the Class in the lawsuit, in accordance with its rather invisible license agreement presented to users who downloaded Netscape and the accompanying SmartDownload software. The court struck down any agreement binding upon the Class to arbitrate, based on the argument that any licensing terms attached to the invitation to download the software were not presented prominently enough to constitute a contract. The license agreement for SmartDownload was hidden below the "download" button on a separate screen, rendering itself unnoticed by anyone wishing to try the software. In its conclusion, the court stated that: "Reasonably conspicuous notice of the existence of contract terms and unambiguous manifestation of assent to those terms by consumers are essential if electronic bargaining is to have integrity and credibility." This means that AOL/Netscape has nowhere to hide in this case, and cannot use the terms of its so-called license agreement as a legal shield against further court proceedings. As the legal action continues, further probing of SmartDownload has the potential of uncovering damning evidence of privacy violations and computer abuses. Obviously, this is not where AOL/ Netscape wanted to be.

In conclusion, one can only hope that AOL/Netscape will be punished severely if found guilty of the charges levied against it. Consumers, whose privacy is already under constant attack from big business and bloated government agencies, need reassurance and a voice of their own. Businesses, who perpetrate abuses of the electronic marketplace, must be prevented from cloaking themselves in the dark robe of ambiguous legalities. Equally important, it must be demonstrated that there will be absolutely no tolerance for those who abuse the digital construct that has emerged as a new economy. In the absence of integrity and credibility, the bright future of e-business will evaporate, and the electronic marketplace will become a minefield for unwitting consumers.

About the Author John Hudson is a science writer based in Winnipeg, Manitoba, Canada.


Leave this field empty