Browser targeting for ads generates uproar in Britain
How can an advertising platform best target its readers without knowing something personal about them? Today in the UK, there's a growing public outcry for the details on what, from one coalition's perspective, may be a trade secret.
A cooperative advertising platform being built by three of the UK's largest ISPs, including British Telecom and Richard Branson's Virgin Media, has become the target of intense scrutiny by rights advocacy groups there, and lately by government officials. What was first presented to the public as an anonymity protection measure for ads that can be targeted to individual browsers, is now being called into question as a potential tool for spying on their users.
Two weeks ago, the UK Information Commissioner's office, which oversees data privacy matters, announced it had received information from the Open Internet Exchange group concerning its so-called Phorm platform, in response to its request. Since that time, advocacy groups have swelled in opposition from a dull roar to a loud uproar; and even one of the country's favorite sons, World-Wide Web creator Sir Tim Berners-Lee, has spoken out sharply against the concept of behavior tracking in any form.
The way the Phorm system is planned to work, participating Web publishers would reserve space on their pages for ads that can be supplied later through a separate channel. The Financial Times will be one of these publishers. It still receives revenue, though just which ad gets placed in its reserved areas is determined partly by the browser. Phorm sends certain information it has collected, presumably from the pages it has seen before and possibly from a log of search queries, and perhaps in aggregate form, though the concept is still presumably a trade secret.
That information is sent to the platform provider, which fills the space with a targeted advertisement on behalf of the publisher. While Google's ad platform tailors placements based on the context of the page they're being dropped into, Phorm's system will tailor them to data collected from monitoring its users.
The question at hand is, how can Phorm monitor its users without access to some kind of a collective database from which behavioral data can effectively be mined?
Yesterday, in an open letter to Information Commissioner Richard Thomas, two directors of the UK-based Foundation for Information Policy Research (FIPR) argued that the Phorm system would give a private collective unencumbered access to "sensitive personal data, because it will include the search terms entered by users into search engines, and these can easily reveal information about such matters as political opinions, sexual proclivities, religious views, and health."
As an FAQ on the Phorm platform's Web site explains, "No private or personal information, or anything that can identify you, is ever stored -- and that means your privacy is never at risk...Phorm only stores advertising categories that match a user's areas of interest. There is no sensitive data stored."
In multiple locations elsewhere throughout the site, the OIX coalition explains that personally identifying data is never collected. The FAQ goes on to say that strings of digits, for instance, are discarded from collection as they may contain credit card numbers or other ID information.
But FIPR argues that, among the data that the system keeps, there will inevitably be terms that could be used by more sophisticated analysis to help identify the browser's user, including such things as addresses. "Many users will also be identifiable from the content of the data scanned," FIPR writes, "since it will include e-mail sent or retrieved by users of Web-based e-mail, and messages viewable by those authorised to gain access to individual pages of social networking sites."
Next: If it's declared illegal in Britain, is that it?