![[Politech logo]](http://www.politechbot.com/image/logo.gif){kind=logo}
Politech is the oldest Internet resource devoted to politics and technology. Launched in 1994 by Declan McCullagh, the mailing list has chronicled the growing intersection of culture, technology, politics, and law. Since 2000, so has the Politech web site.
In this unusually long politech message, I'm including three parts: 1. A brief statement from Doubleclick, forwarded to me by apfn@apfn.org, who had sent the politech message to the company. 2. A lengthy response to the Brill's Content piece by Allan Rogers of iFriends 3. A response to Rogers from Mark Boal, author of the Brill's Content article I forwarded to politch last week. -Declan *********** -------- Original Message -------- Subject: FW: [Fwd: FC: DoubleClick tracks porn sites, from Brills Content,by MarkBoal] Date: Wed, 5 Jul 2000 16:21:44 -0400 From: "Blum, Jennifer" <jblum@doubleclick.net> To: "'apfn@apfn.org'" <apfn@apfn.org> About 99% of this article is completely inaccurate. We will be responding to Brills. Jennifer Blum Corporate Communications DoubleClick Inc. (NASDAQ: DCLK) 450 W.33rd St. 16th Floor New York, NY 10001 http://www.doubleclick.net direct # 212-381-5705; fax 212-287-9755 jblum@doubleclick.net DoubleClick is the leading provider of comprehensive Internet advertising solutions for web advertisers and publishers. ********** Date: Sat, 01 Jul 2000 19:17:37 -0400 To: declan@well.com From: Allan Rogers <arogers@ifriends.net> Subject: Brill's Content Privacy Article on Politech list To: Declan McCullagh, Wired Declan, Allan Rogers at iFriends here. We noticed that you forwarded Mark Boal's privacy article for Brill's Content to the Politech list. (http://www.politechbot.com/p-01250.html ) You may be interested in the *entirety* of the email correspondence exchange between iFriends and Mark Boal (reproduced at bottom), which ... tells a quite different story than the final Brill article. In short, Mr. Boal mischaracterized in the extreme. (The email interview/exchange took place a few months ago and was limited to email; there were no phone calls, so Boal had no additional opportunity to distort beyond what the email record below reflects) In his article, it's noteworthy that Mr. Boal found it necessary to use a "porn site" -- Boal's characterization (obviously not our own) -- to paint his research with the dark and devious hues that his *facts* failed to portray. (When the evidence isn't on your side, demogogue and spin) At the end of the day, Mr. Boal's thesis rests upon two crucial assumptions, the first of which *may* be valid (the world awaits DoubleClick's answer), and the second of which is simply impossible on this planet, and with this internet: Brills Content and the author Boal are *right* if the following two conditions are true: 1.) IF DoubleClick logs the referrer, i.e., "http://www.ford.com/default.asp?pageid=471" when a 1x1 doubleclick-served gif link exists within such a page. <and> 2.) *IF* DoubleClick is retaining the logged referral URL, then the only way to *harness* *useful* information from the referral URL is to employ thousands of employees that do nothing more than translate the referral gibberish into meaningful information, without any assistance from the third-party websites themselves. Since there are 5,000 corporate website clients in the doubleclick umbrella, each with their own URL gibberish and tracking codes specific to each site's internal purposes (see example URL list below) and which none of the sites will bother to actually *decipher* for DoubleClick's sake, DoubleClick's referralURL-analyst department must consist of thousands. (And what happens when one of the 5,000 websites changes internal codes that they use? What happens when Amazon makes an internal change from "store=1" (books) to "store=b" (books)? How is DoubleClick informed of the change? Answer: They're *NOT*.) In a world where even search engines can't get relevancy engines to produce useful results pages, does anyone other than the clueless actually believe that DoubleClick drones (computers or humans) are actually capable of *understanding* the gibberish presented in the following referral URLs and translating it to database information that reflects the surfer's tastes, likes, dislikes, etc? (domain names themselves notwithstanding) http://www.ford.com/default.asp?pageid=471 http://www.amazon.com/exec/obidos/subst/home/home.html/103-8217645-7053444 http://www-1.ibm.com/servlet/support/manager?rt=1&rs=0&v=9&m=k&lang=en&cc=us&realm=Support&q=mainframe http://nbc.snap.com/search/directory/results/1,61,nbc-0,00.html?keyword=friends&category=60975%3Ad-et%3ANBC&rfr=60975%3Ad-et%3ANBC&tag=nbc.com http://apps7.ifriends.net/~wsapi/ifBrowse.dll?filter=a&style=norm&room=7 (Again, reminder, none of the above sites disclose to DoubleClick what anything in the above URLs actually means. No rosetta stones are furnished!) As the iFriends/Brills transcript reveals, we made several other points with Mr. Boal, *disproving* his hypothesis that "Doubleclick knows you like Fetish chatrooms on iFriends, etc", but Mr. Boal apparently felt that such *facts* did not support his pre-formed conclusion, so these aspects of the interview were discarded. We'd love to see DoubleClick speak to these issues, but until their lawyers permit them to do so, we're stuck in a world where many people *think* "webbugs" are being used to collect "personal information" but they're *not*. All iFriends is trying to accomplish is to have DoubleClick tell us which banners produce more customer signups, and that's all that DoubleClick is *capable* of telling us. Hopefully, someone with a clue will speak up someday and explain the technical nuances to the masses. Boal concludes that iFriends exposes to DoubleClick "information about [its users] sexual preferences". All we expose to DoubleClick is a gibberish referral URL, and our contract with DoubleClick forbids them from doing anything with this or other information (see PS below). There may very well be *serious* privacy issues underlying DoubleClick's plans for the integration of Abacus Direct data, and these need to be explored by regulators. iFriends will certainly abide by any regulations that evolve. But this "web bug" issue is being *dreadfully* misunderstood, misreported and miscommunicated. I'm at your service if ever you should be in the mood for clues about *why* advertisers like iFriends use this stuff, *what* information gets collected, and *how* it is actually *used*. Call me, email me, etc, I'm all yours. Regards, Allan Rogers (with a little help from the executive & tech staff) iFriends Spokesperson 800-243-9726 x140 PS: iFriends' contract with DoubleClick gives ownership of all data to iFriends and forbids DoubleClick to mine it for any purposes other than for reporting aggregate information to us. (i.e., which ads get clicked more often & which ads produce more customers). Is that a crime? > >From mboal@nyc.rr.com Mon May 22 14:26:40 2000 >Reply-To: "Mark Boal" <mboal@nyc.rr.com> >From: "Mark Boal" <mboal@nyc.rr.com> >To: "Allan Rogers" <arogers@ifriends.net> >Subject: Re: press interview >Date: Mon, 22 May 2000 14:24:47 -0400 >X-Mailer: Microsoft Outlook Express 5.00.2314.1300 >X-SLUIDL: 424FF142-2FDF11D4-82EB0060-083E0560 > >allan, >hi there -- my story is closing today. i've incorporated your responses in >these emails. >thanks for the help. > > > > > > > > > >_________________________________ >Mark Boal > Senior Writer > Brills Content >p1: 212-366-4348 >cell: 646-325-7230 >fax: 212-366-1939 ><mailto:mboal@nyc.rr.com>mboal@nyc.rr.com >>----- Original Message ----- >>From: <mailto:arogers@ifriends.net>Allan Rogers >>To: <mailto:mboal@nyc.rr.com>Mark Boal >>Sent: Friday, May 12, 2000 6:06 PM >>Subject: Re: press interview >> >>Hi Mark, >> >>Sorry for the super-late reply. I have been out of the >>office for most of the day. (recovering from spending >>too much time with programmers learning the mind-numbing >>intricacies of "referral urls", "parameter strings" and >>cookies, I suppose ;-). I'm at 1-800-243-9726 x140. >>I'll also be in and out of the office over the weekend >>for voice mails and emails. >> >>- Allan >> >>At 04:47 PM 5/11/00 , you wrote: >>>allan, >>>yes, sorry for the delay. can we talk tomorrow just to get closure on >>>the doubleclick issue. i'll also have some softball questions about the >>>site and- >>>-its backers >>>-number of hits >>>-vistors >>>-strategic partners >>> >>>stuff like that. >>> >>>pls. tell me when and how to call you. >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>>_________________________________ >>>Mark Boal > Senior Writer > Brills Content >>>p1: 212-366-4348 >>>cell: 646-325-7230 >>>fax: 212-366-1939 >>><mailto:mboal@nyc.rr.com>mboal@nyc.rr.com >>>>----- Original Message ----- >>>>From: <mailto:arogers@ifriends.net>Allan Rogers >>>>To: <mailto:Mark Boal (by way of Tim )>Mark Boal (by way of Tim >>>><Tim@webpower.com>) >>>>Cc: <mailto:apleven@brillscontent.com>apleven@brillscontent.com >>>>Sent: Thursday, May 11, 2000 3:05 PM >>>>Subject: Re: press interview >>>> >>>>Mark, are we still communicating? Let me know if you >>>>want to move it to phone. >>>> >>>>- Al >>>> >>>>cc: to Anick Pleven >>>> >>>>================================================ >>>> >>>>Mark, I did not get a response to my email at 6pm last >>>>night. Please confirm your receipt, and let me know if >>>>there is more than I can help with. >>>> >>>>I believe we have demonstrated the flaw in your thesis >>>>that DoubleClick is privy to the various rooms >>>>and categories of rooms that iFriends users visit. >>>>(Doubleclick has no mechanism for deciphering the >>>>referral gibberish, and iFriends does not furnish >>>>DoubleClick with a rosetta stone). >>>> >>>>Please let me know if this issue is resolved to your >>>>satisfaction, and please advise if my 6pm response >>>>to you last night missed deadline (in which case >>>>I need to have someone in corporate contact your >>>>editor) >>>> >>>>Thanks again, >>>> >>>>Al >>>> >>>>================================================= >>>> >>>>(Mark .. how's the deadline picture?) >>>> >>>>Thanks for the technical walkthrough. Now >>>>we see where you're coming from. >>>> >>>>Two items: >>>> >>>>First, it was just brought to my attention that >>>>our contract with DoubleClick provides iFriends with a password-protected >>>>area where WebPower can examine data, and that no other party -- >>>>not even DoubleClick -- can examine this data. (Obviously, >>>>if you need more on this topic, I will need to involve legal >>>>as there are no doubt non-disclosure issues). >>>> >>>>Second, we think #1 is academic, for the following reasons: >>>>While DoubleClick does indeed record, as a part of the *referer* >>>>line exposed by 1x1 IMG SRC syntax you observed, >>>>certain elements that iFriends recognizes as "Girls Home Alone" >>>>(room=5), DOUBLECLICK DOES NOT KNOW THAT ROOM=5 IS EQUIVALENT >>>>TO GIRLS HOME ALONE. IFriends has not furnished DoubleClick >>>>with an index of what the room numbers correlate to, which based >>>>on what you have shared so far, can be your only rationale to justify >>>>your thesis (which presumably is that "DoubleClick knows you like >>>>Fetish, and God knows with whom they will share this information") >>>> >>>>As noted before, the purpose of this mechanism is not to >>>>alert Doubleclick about the surfing interests of visitors >>>>to iFriends, but to give iFriends a very sophisticated, >>>>sliced-and-diced picture of the general non-personally-identifiable >>>>characteristics of the same audience (i.e., what browsers they >>>>are running, what resolutions their monitors are set at, etc). >>>> >>>>When you ran your packet sniffer, DoubleClick noted what >>>>browser you were running and other basic information. >>>>Doubleclick also (probably) recorded the referral URL, >>>>which contains the "room=5" notation. But iFriends >>>>has never provided anyone at DoubleClick with an index >>>>of what the room numbers relate to, so DoubleClick has >>>>no way of knowing where you were surfing iFriends. >>>> >>>>...Unless you're suggesting that DoubleClick employs >>>>a dedicated staff of thousands to study the internal >>>>linking nomenclature used by the tens of thousands of sites >>>>that use DoubleClick -- a nomenclature system that >>>>will be extremely diverse from site to site --- >>>>*changes* their internal nomenclature "mirror" every >>>>time the site changes its own mechanisms (iFriends >>>>has undergone dozens of such changes over the years), >>>>and, last but not least, actually *does* anything with the >>>>data produced by such a Herculean and Sisyphean effort. >>>> >>>>Mark, let me know if we need to do more to get >>>>the correct facts to you -- I can make programmers >>>>and technicians available to you (or your team >>>>of programmers and technicians) -- to better >>>>elucidate if I am failing in my effort to >>>>correct your misinformation. >>>> >>>>Regards, >>>> >>>>Al >>>> >>>>- Al >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>At 05:05 PM 5/9/00 , you wrote: >>>>>Allan, I still don't understand how your response about the type of >>>>>pages can be that the information does get sent to DoubleClick. >>>>>Below, you can see the output from a packet sniffer running while >>>>>visting your site. You can see it in the referring URL. DoubleClick >>>>>tracks the click-thru on the banner ad: >>>>> > > >>>>> > > GET >>>>> > >>>>> /jump/altavista.digital.com/result_front;kw=sex;cat=totext;ord=9461269? >>>>> > > HTTP/1.0 >>>>> > > Referer: >>>>> > > >>>>> > >>>>> &hl=on&kl=XX&pg=q&text">http://www.altavista.com/cgi-bin/query?sc=on&hl=on&kl=XX&pg=q&text >>>>> >>>>> > =yes&q=sex >>>>> > > &search=Search >>>>> > > Host: ad.doubleclick.net >>>>> > > Cookie: id=852de2b1 >>>>> > > >>>>> > > DoubleClick redirects the click-thru to ifriends.net: >>>>> > > >>>>> > > HTTP/1.0 302 Moved Temporarily >>>>> > > Content-Type: text/html >>>>> > > Location: http://www.ifriends.net/warning/altavista/test1.htm >>>>> > > >>>>> > > Ifriends.net passes the AltaVista search string off >>>>> > > to Webpower.com (the parent company of ifriends.net) >>>>> > > using a Web Bug: >>>>> > > >>>>> > > GET >>>>> > > >>>>> > /cgi/iftrack.exe?ref=http://www.altavista.com/cgi-bin/query?sc=on&; >>>>>hl=on&kl=X >>>>> > > >>>>> > X&pg=q&text=yes&q=sex&search=Search[qry&IFSE=AltaVista&IFSEArea=Ke >>>>> > ywords&IFS >>>>> > > kip=Standard&IFSESpecial=General&IFaff=None HTTP/1.0 >>>>> > > apps.webpower.com >>>>> > > >>>>> > > Webpower records this information in their cookie: >>>>> > > >>>>> > > >>>>> > IFTRACKFIRST=dt=20000116&tm=19:09:01&ip=199.3.129.167&ref=http://a >>>>> > d.doublecl >>>>> > > >>>>> > ick.net/adi/altavista.digital.com/result_front:kw=xxx:cat=stext:or >>>>> > d=50342703 >>>>> > > >>>>> > 2[qry&IFSE=AltaVista&IFSEArea=Keywords&IFSkip=Standard&IFSESpecial >>>>> > =General&I >>>>> > > Faff=None; >>>>> > > >>>>> > IFTRACKRECENT=dt=20000502&tm=12:22:52&ip=141.154.81.154&ref=http:/ >>>>> > /www.altav >>>>> > > >>>>> > ista.com/cgi-bin/query?sc=on&hl=on&kl=XX&pg=q&text=yes&q=%2Bimage% >>>>> > 3Ahitbox.c >>>>> > > >>>>> > om+%2Bsex&search=Search[qry&IFSE=AltaVista&IFSEArea=Keywords&IFSki >>>>> > p=Standard >>>>> > > &IFSESpecial=General&IFaff=None >>>>> > > >>>>> > > A DoubleClick Web page tracks at the ifriends.net >>>>> > > home page: >>>>> > > >>>>> > > GET >>>>> > /activity;src=104085;type=views;cat=ifapge;ord=957371490140? HTTP/1.0 >>>>> > > Referer: http://www.ifriends.net/homeSE.htm >>>>> > > Host: ad.doubleclick.net >>>>> > > Cookie: id=852de2b1 >>>>> > > >>>>> > > Now DoubleClick sees us at the Web Cam directory >>>>> > > page: >>>>> > > >>>>> > > >>>>> GET /activity;src=104085;type=views;cat=ifdpge;ord=%2000503123326924? >>>>> > > HTTP/1.0 >>>>> > > Referer: http://apps6.ifriends.net/~wsapi/ifbrowse.dll >>>>> > > Host: ad.doubleclick.net >>>>> > > Cookie: id=852de2b1 >>>>> > > >>>>> > > Now DoubleClick tracks us to room #5 (Girls home alone): >>>>> > > >>>>> > > >>>>> GET /activity;src=104085;type=views;cat=ifdpge;ord=%2000503123511464? >>>>> > > HTTP/1.0 >>>>> > > Referer: >>>>> > > >>>>> &type=L&filter=e">http://apps6.ifriends.net/~wsapi/ifbrowse.dll?room=5&type=L&filter=e >>>>> >>>>> > > Host: ad.doubleclick.net >>>>> > > Cookie: id=852de2b1 >>>>> > > >>>>> > > Room #7 (Girl-Girl): >>>>> > > >>>>> > > >>>>> GET /activity;src=104085;type=views;cat=ifdpge;ord=%2000503123704587? >>>>> > > HTTP/1.0 >>>>> > > Referer: >>>>> > > >>>>> &type=L&filter=e">http://apps6.ifriends.net/~wsapi/ifbrowse.dll?room=7&type=L&filter=e >>>>> >>>>> > > Host: ad.doubleclick.net >>>>> > > Cookie: id=852de2b1 >>>>> > > >>>>> > > Room #9 (Couples): >>>>> > > >>>>> > > >>>>> GET /activity;src=104085;type=views;cat=ifdpge;ord=%2000503123745726? >>>>> > > HTTP/1.0 >>>>> > > Referer: >>>>> > > >>>>> &type=L&filter=e">http://apps6.ifriends.net/~wsapi/ifbrowse.dll?room=9&type=L&filter=e >>>>> >>>>> > > Host: ad.doubleclick.net >>>>> > > Cookie: id=852de2b1 >>>>> > > >>>>> > > Room #10 (Groups): >>>>> > > >>>>> > > >>>>> GET /activity;src=104085;type=views;cat=ifdpge;ord=%2000503123902817? >>>>> > > HTTP/1.0 >>>>> > > Referer: >>>>> > > >>>>> &type=L&filter=e">http://apps6.ifriends.net/~wsapi/ifbrowse.dll?room=10&type=L&filter=e >>>>> >>>>> > > Host: ad.doubleclick.net >>>>> > > Cookie: id=852de2b1 >>>>> > > >>>>> > > Room #13 (Interracial): >>>>> > > >>>>> > > >>>>> GET /activity;src=104085;type=views;cat=ifdpge;ord=%2000503123944327? >>>>> > > HTTP/1.0 >>>>> > > Referer: >>>>> > > >>>>> &type=L&filter=e">http://apps6.ifriends.net/~wsapi/ifbrowse.dll?room=13&type=L&filter=e >>>>> >>>>> > > Host: ad.doubleclick.net >>>>> > > Cookie: id=852de2b1 >>>>> > > >>>>> > > Room #16 (Fetish): >>>>> > > >>>>> > > >>>>> GET /activity;src=104085;type=views;cat=ifdpge;ord=%2000503124018235? >>>>> > > HTTP/1.0 >>>>> > > Referer: >>>>> > > >>>>> &type=L&filter=e">http://apps6.ifriends.net/~wsapi/ifbrowse.dll?room=16&type=L&filter=e >>>>> >>>>> > > ad.doubleclick.net >>>>> > > Proxy-Connection: Keep-Alive crunch! >>>>> > > Cookie: id=852de2b1 >>>>> > > >>>>> > > >>>>> >>>>>_________________________________ >>>>>Mark Boal > Senior Writer > Brills Content >>>>>p1: 212-366-4348 >>>>>cell: 646-325-7230 >>>>>fax: 212-366-1939 >>>>><mailto:mboal@nyc.rr.com>mboal@nyc.rr.com >>>>> >>>>>>----- Original Message >>>>>>----- From: <mailto:arogers@ifriends.net>Allan Rogers To: >>>>>> title=mboal@nyc.rr.com>Mark Boal Sent: Tuesday, May 09, 2000 >>>>>>3:17 PM Subject: Re: press interview >>>>>> RE: "Also, the cookie was tracking the *type* of page I went >>>>>> to, whether it was girl-girl or fetish or whatever. I don't see >>>>>> how that fits under the list mentioned above. Can you explain?" >>>>>>Mark, >>>>>> >>>>>>I am not sure which cookie you observed, but >>>>>>there are two kinds of cookies in use on iFriends, as >>>>>>illustrated below (view your email in text-only mode, >>>>>>if possible): >>>>>> >>>>>> >>>>>><PRE> >>>>>> >>>>>>A.) DoubleClick Cookie: >>>>>> >>>>>><IMG >>>>>>SRC="http://ad.doubleclick.net/activity;src=104085;type=views;cat=ifdpge;ord= >>>>>>00509151332318?" WIDTH=1 HEIGHT=1 BORDER=0> >>>>>> >>>>>>B.) iFriends Cookie: >>>>>><IMG >>>>>>src="http://apps.webpower.com/cgi/iftrack.exe?ref=http://search.yahoo.com/bin/search?p=bbw[qry&IFSE=YahooKeywords&IFSEArea=BBW&IFSkip=BBW&IFSESpecial=BBWKyWds&IFaff=None" >>>>>>width=1 height=1 border=0 align=right> >>>>>> >>>>>>As you can see, it's the iFriends cookie (B) -- and not the >>>>>>Doubleclick >>>>>>cookie (A) - makes note of the *area* of iFriends that you may be >>>>>>surfing. This information is used by IFriends management to compare >>>>>>with iFriends signup and iFriends sale information to determine which >>>>>>areas of iFriends produce greater revenue. None of this data >>>>>>is available or otherwise exposed to DoubleClick. Every top-1000 >>>>>>e-commerce site in the world uses similar techniques as in >>>>>>example A. (iFriends is one of the most popular 1000 sites in the >>>>>>world, according to PCDataOnline.com) >>>>>> >>>>>>The DoubleClick cookie, as I observed earlier, is of greater utility >>>>>>in the areas of determining broad-sweep, non-personally-identifiable >>>>>>demographic information. >>>>>> >>>>>></PRE> >>>>>> >>>>>>I hope this has shed greater light on the subject for you. >>>>>>If you have an interest in pursuing the technical nuances >>>>>>further, I will be happy to help you, but I would recommend >>>>>>pushing the deadline off until at least tomorrow. >>>>>> >>>>>>Regards, >>>>>> >>>>>>Al >>>>>> >>>>>> >>>>>>============================================ >>>>>> >>>>>>Mark, >>>>>> >>>>>>I just now realized I didn't address the *type*-of-page >>>>>>concern you raise. I am getting with management and >>>>>>programmers and will respond within 10 minutes. >>>>>> >>>>>>Thanks, >>>>>> >>>>>>Al >>>>>> >>>>>>At 02:12 PM 5/9/00 , you wrote: >>>>>> >>>>>>>size=2> Allan, >>>>>>>Thanks. >>>>>>> >>>>>>>You wrote: >>>>>>> >>>>>>>""broad-sweep" non-personally-identifiable esoterica as >>>>>>>browser type, computer OS, etc, and the information is >>>>>>>shared with no other entity other than iFriends. " >>>>>> >>>>>>>This part I don't understand since it was a DoubleClick cookie >>>>>>>in play on iFriends pages which means that DoubleClick gets the >>>>>>>info and iFriends gets it as well. Or by "no other entity" did >>>>>>>you mean to include DoubleClick? >>>>>>> >>>>>>>Also, the cookie was tracking the *type* of page I went to, >>>>>>>whether it was girl-girl or fetish or whatever. I don't see how >>>>>>>that fits under the list mentioned above. Can you explain? >>>>>>> >>>>>>> >>>>>>>Your prompt reply is appreciated. >>>>>>> >>>>>>>thanks again, >>>>>>>mark boal >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>_________________________________ >>>>>>>Mark Boal > Senior Writer > Brills Content >>>>>>>p1: 212-366-4348 >>>>>>>cell: 646-325-7230 >>>>>>>fax: 212-366-1939 >>>>>>>mboal@nyc.rr.com >>>>>>> >>>>>>>>----- Original Message ----- >>>>>>>>From: >>>>>>>><<mailto:arogers@ifriends.net>mailto:arogers@ifriends.net>Allan Rogers >>>>>>>>To: Mark Boal >>>>>>>>Sent: Tuesday, May 09, 2000 1:38 PM >>>>>>>>Subject: Re: press interview >>>>>>>> >>>>>>>>Hi Mark, >>>>>>>> >>>>>>>>To reiterate clause three of our privacy policy posted >>>>>>>>at >>>>>>>>eudora="autourl">http://www.ifriends.net/legal/privacy.htm, >>>>>>>> >>>>>>>>"Non-Personally-Identifiable Information Collected >>>>>>>>Automatically: In some cases, we may collect information >>>>>>>>about you that is not personally-identifiable. Examples of >>>>>>>>this type of information include the type of Internet Browser >>>>>>>>you are using, the type of computer operating system you are >>>>>>>>using, and the domain name of the website from which you >>>>>>>>linked to our site." >>>>>>>> >>>>>>>>To iFriends knowledge, any DoubleClick link mechanisms >>>>>>>>embedded within iFriends pages meet this criteria, because >>>>>>>>the information collected is limited to such general >>>>>>>>"broad-sweep" non-personally-identifiable esoterica as >>>>>>>>browser type, computer OS, etc, and the information is >>>>>>>>shared with no other entity other than iFriends. >>>>>>>> >>>>>>>>As to DoubleClick's privacy controversy, I'm sure you recognize >>>>>>>>that there are many, many thousands of sites that >>>>>>>>participate in >>>>>>>>the DoubleClick network, and I assume that each of these >>>>>>>>thousands >>>>>>>>of sites anxiously awaits DoubleClick's ultimate response to >>>>>>>>concerns expressed by Privacy advocates. To our knowledge, any >>>>>>>>limitations in the DoubleClick ad-serving methodology also >>>>>>>>exist >>>>>>>>in other marketing networks. >>>>>>>> >>>>>>>>The foregoing is on the record. If you quote me, >>>>>>>>the appropriate >>>>>>>>designation is iFriends' spokesperson. >>>>>>>> >>>>>>>>Good luck with the story, and I hope I got this to >>>>>>>>you before >>>>>>>>deadline. >>>>>>>> >>>>>>>>Regards, >>>>>>>> >>>>>>>>Allan Rogers >>>>>>>> >>>>>>>>At 08:23 AM 5/9/00 , you wrote: >>>>>>>>> A, >>>>>>>>>I'm writing about ifriends and privacy on the site. I was >>>>>>>>>recently running some privacy tests on various pages on >>>>>>>>>ifriends and found that information was being sent >>>>>>>>>to Doubleclick. This is not mentioned in the site privacy >>>>>>>>>policy. So I'd like to know what the company's policy is >>>>>>>>>regarding this sort of disclosure. >>>>>>>>> >>>>>>>>>My deadline is today. >>>>>>>>> >>>>>>>>>Thanks. >>>>>>>>>mark >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>_________________________________ >>>>>>>>>Mark Boal > Senior Writer > Brills Content >>>>>>>>>p1: 212-366-4348 >>>>>>>>>cell: 646-325-7230 >>>>>>>>>fax: 212-366-1939 >>>>>>>>>mboal@nyc.rr.com >>>>>>>>> >>>>>>>>>>----- Original Message ----- >>>>>>>>>>From: >>>>>>>>>><<mailto:arogers@ifriends.net>mailto:arogers@ifriends.net>Allan >>>>>>>>>> Rogers >>>>>>>>>>To: >>>>>>>>>><<mailto:mboal@nyc.rr.com>mailto:mboal@nyc.rr.com>Mark Boal >>>>>>>>>>Sent: Monday, May 08, 2000 3:58 PM >>>>>>>>>>Subject: Re: press interview >>>>>>>>>> >>>>>>>>>>Hi Mark, >>>>>>>>>> >>>>>>>>>>How goes it? I am on the run today, but drop me a note >>>>>>>>>>with the nature of the story (thesis) and the site that >>>>>>>>>>interests you (we have several), and I can get back in >>>>>>>>>>touch >>>>>>>>>>with you ASAP, armed with the facts you may need. >>>>>>>>>> >>>>>>>>>>Regards, >>>>>>>>>> >>>>>>>>>>- Al >>>>>>>>>> >>>>>>>>>>At 01:53 PM 5/8/00 , you wrote: >>>>>>>>>> >>>>>>>>>>>Hi, >>>>>>>>>>>I'm writing a reporter with Brills Content, the >>>>>>>>>>>media magazine, and I'm writing a story that deals >>>>>>>>>>>with your site, among other things. >>>>>>>>>>> >>>>>>>>>>>Can we talk telephonically? >>>>>>>>>>> >>>>>>>>>>>My number below. >>>>>>>>>>> >>>>>>>>>>>thanks, >>>>>>>>>>>mark >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> size=2>_________________________________ >>>>>>>>>>>Mark Boal > Senior Writer > Brills Content >>>>>>>>>>>p1: 212-366-4348 >>>>>>>>>>>cell: 646-325-7230 >>>>>>>>>>>fax: 212-366-1939 >>>>>>mboal@nyc.rr.com *********** From: "Mark Boal" <mboal@nyc.rr.com> To: "Declan McCullagh" <declan@well.com> Subject: Brill's Story Date: Tue, 4 Jul 2000 00:55:44 -0400 Declan, I'm glad Mr. Rogers forwarded our entire email exchange, for it reveals his past strategies of obfuscation in vivid detail. Mr. Rogers initially denied DoubleClick had ANY presence on his site. But when I presented him with log files proving the contrary, his story changed. Unfortunately, his latest letter follows the same pattern. What I reported--that iFriends sends information to DoubleClick, and that the information can be used to interpret the sexually identity of a person browsing its site--still stands. Let's begin with the obvious misstatements. Mr. Rogers says I never called him, but I did. My message was not returned. He complains about my characterization of iFriends as a porn site, but it *is* a porn site. On iFriends, one sees naked men and women in sexually suggestive poses. If that's not porn, what is? He says that only the "clueless" believe DoubleClick is capable of translating referring URL coding. I, for one, translated the relevant portions of iFriend's coding in about the time it takes to read this sentence. So clearly, DoubleClick can do it, too. Remember that DoubleClick was contractually obligated not to glean mortgage data from Intuit's Quicken site, but was discovered to be doing precisely that. The uncontested conclusion here is that according to commonly accepted privacy practices sensitive information should never be routed to DoubleClick in the first place, or at least not without disclosure to the public. But I fear Mr. Roger's position as the spokesperson for a company that uses web bugs without disclosure makes his agreement with this conclusion unlikely. --Mark Boal p.s. For those who asked, below and attached, is the original article, hopefully without the ligatures problem. ============================================================== Brills Content, July 2000 Click, Click, Trick DoubleClick Web Bugs on Porn/Medical Sites By Mark Boal We all know by now that when we log on to the Internet and surf the World Wide Web from the privacy of our homes, such privacy is largely an illusion. After all, websites keep track of their visitors, bulletin-board postings are archived, and even e-mail is not safe from prying eyes. But the state of privacy on the Web may be worse than you imagine. A new generation of technology is making it easier for marketers and Web hosts to track us without our knowledge. Moreover, these tracking devices are showing up in places where many people may be most sensitive about guarding their privacy: pornography and medical sites. I realized how hard it is to keep up with the rapidly changing online privacy terrain when I paid a visit recently to Richard Smith, an expert on computer privacy who prides himself on uncovering Internet practices he considers abusive. Turns out even Smith was surprised by what we would discover. Smith was tutoring me on what you might call online countersurveillance, giving me a lesson in how to watch the watchers on the Web. We were in his of ce overlooking downtown Boston. Our laptops were on. On screen, we were looking at a popular porn site called iFriends. We looked at the coding that creates the page, when suddenly a line jumped out at Smith: IMGSRC="http://ad.doubleclick.net/activity; src=104085;type=views;cat=ifdpge;ord= 00509100200118?" WIDTH=1 HEIGHT=1 BORDER=0 "It s a Web bug!" he exclaimed. Web bugs are the latest innovation in the art of monitoring people moving through websites. They are computer code, nearly identical in structure to the code for a picture or a banner ad. Except they are invisible, due to that last line: WIDTH=1 HEIGHT=1 BORDER=0. That describes an image one pixel wide and one pixel high, with no border. (The period at the end of this sentence would be represented on a typical screen as a four-pixel square.) A one-by-one pixel square can not be seen by the naked eye. Smith had found a Web bug, but what really struck him was that rst line of code: IMGSRC="http://ad.doubleclick.net/activity. That clued him in to the fact that DoubleClick Inc., the most successful Internet advertising agency, was collecting information about our visit to a porn-related site. DoubleClick is an online advertising agency that buys and places banner-ad space for its clients. But it adds another layer of service, too it keeps track of who views and clicks on those banners, and now, with Web bugs, it can track people on pages without banner ads. DoubleClick s pioneering role on the Internet has earned it the adoration of Wall Street, but the enmity of privacy advocates, who are concerned that the company is building a mammoth database that pro les people s lives on the Web in elaborate detail. "In general, DoubleClick s whole strategy of tracking Internet users invades the expectation of privacy people have when they re browsing," says Andrew Shen, a policy analyst at the watchdog Electronic Privacy Information Center. "But when you re talking about particularly sensitive areas such as health or pornography sites, which are only accessed under the assumption that the person s visit remains unknown, tracking is especially objectionable. These are places where the preservation of privacy is vital." Indeed, DoubleClick s reach is so broad that even casual browsing in the most sensitive corners of the Net leaves a data trail the company can follow, as Smith and I discovered. Head over to the search engine at the Internet portal Lycos, the fth-most-popular destination on the Web in May, and type the word sex into the query box. DoubleClick takes note. Or click on About.com, a site that gathers many pages under one umbrella and is one of the Web s most popular destinations, with about 4.4 million visitors in April. Thousands of sites are listed under About.com s adult section, and DoubleClick has the ability to monitor many of them. Smith and I also discovered that DoubleClick operates Web bugs at procrit.com, a site for the HIV-related drug Procrit, and that it monitors mentalwellness.com, an online resource for schizophrenia. Both sites are owned by Johnson & Johnson. The question for privacy advocates is what does DoubleClick do with the data it collects? Company of cials say emphatically that it won t link information about an individual s website visits with his or her name. Yet the sort of Web bug coding Smith found DoubleClick using on various porn and health sites is ideally suited to linking a person s name to his or her computer. This use of Web bugs, also sometimes called transparent GIFs (for graphics interchange format) seems to violate DoubleClick s own privacy pledge to be "fully committed to offering online consumers notice about the collection and use of personal information about them, and the choice not to participate." (The italics are DoubleClick s.) Jules Polonetsky, DoubleClick s chief privacy of cer and a former New York City consumer-affairs commissioner, says the company s privacy policy was "in no way" contradicted by DoubleClick s deployment of Web bugs, because names are not linked to sensitive online activities such as health and porn sites. Polonetsky stresses that the company has "made a commitment that we won t ever use sensitive information to target ads or to build a pro le," although he says that could change with the development of government standards. In the meantime, he adds, it s the clients responsibility to disclose DoubleClick s Web bugs. "All the sites we do business with," he says, "we wish [them] to be as transparent as possible in explaining what happens on their site." However, none of the sites where we found Web bugs revealed that fact in their privacy policies. When asked about this, iFriends initially denied that DoubleClick had Web bugs on the sensitive parts of the site. But when presented with a log le showing that DoubleClick recorded a visit to a "girl-girl" fetish room, labeled in the computer code as room "5," Allan Rogers, a company spokesman, replied by e-mail, "While DoubleClick does indeed record, [it] does not know that room 5 is equivalent to girls home alone." This explanation comes down to saying that while DoubleClick collects the information, it does not have the technical skill to understand it an assertion that Smith and others nd hard to believe. The other sites where Smith and I found Web bugs also downplayed their privacy implications. A Johnson & Johnson spokesman says the information gathered by Web bugs is used in-house to help the company re ne and manage its sites. Consumers have nothing to worry about because DoubleClick is contractually prohibited from using the information for any other purpose, says the spokesman, Josh McKeegan. "The contract that Doubleclick signed with us speci cally stipulates that they won t use it for any of the purposes which have gotten them into trouble which is tying the aggregate data to speci c cookies. That is speci cally banned within our contract," says McKeegan. Similarly, John Caplan, general manager of About.com, acknowledges that DoubleClick collects data on About.com users, but said "DoubleClick does not have the right to use any data it has on About.com users in any way. They serve our ads that s it." But critics note that DoubleClick s deal with its clients could change and it could acquire the right to disseminate data it currently collects. Moreover, a subpoena in a divorce proceeding, a warrant from a law enforcement agency, a malicious hacker, a mistake on DoubleClick s part to name just a few scenarios could drag DoubleClick s les into public view. And regardless of who uses the data under which circumstances, the practice of covert data collection violates standards of online privacy endorsed by the Federal Trade Commission and by the industry-supported watchdog group TRUSTe. These guidelines specify that data-mining ought to occur only when the user is fully informed, and individuals are given some control over the information gathered about them. One popular medical site, drkoop.com, took these concerns so seriously that in March it severed a long-standing relationship with DoubleClick. "We had a lot of concerns. There was also a perception problem," explains Laura Hicks, a spokeswoman for drkoop.com. "So we made a decision...that for the protection of our consumers, we would not use any third-party ad networks." For many privacy advocates, the very existence of Web bugs and the data collection they facilitate constitute an invasion of privacy, leaving aside questions about how that information could be disseminated. Think of a Peeping Tom who installs a video camera in a clothing-store dressing room. Even if he never views the footage, the people captured on lm will feel invaded. "It s unacceptable for DoubleClick to be monitoring people s movements without their consent," says privacy advocate Jason Catlett, of the Junkbusters Corp., a group that opposes the proliferation of commercial messages. "If they tried this in the physical world it would be like having men in white coats standing outside X-rated movie theaters taking down your license plate number." Catlett is particularly concerned about the lack of disclosure at porn sites, but a lawsuit led against DoubleClick in California alleges that the rm s deployment of Web bugs at a great many sites is a violation of consumer-protection statutes. The class-action suit, led in January by San Rafael, California, lawyer Ira Rothken, seeks an injunction to force DoubleClick to stop data mining via Web bugs and to give people a chance to see their dossiers. "If DoubleClick doesn t change their strategy of attempting to tie name and address information with private click stream data...it will have a chilling effect on all Web users no one will take risks in viewing sensitive sites, and Web users First Amendment rights will be impaired," Rothken says. While the suit has garnered little press attention, it is being closely watched by privacy groups. If the case gets to the discovery stage, DoubleClick could be forced to reveal the business deals and strategy behind its data warehousing, and the nature of the les it has gathered on millions of Californians. That, in turn, could open the rm to a host of new questions that the lawsuit raises. What is in the log les? How far back do they go? Do they contain every website you or I have ever visited on the DoubleClick network? When asked for a response to these questions, a company spokeswoman repeated DoubleClick s assurances that it is "absolutely committed to protecting the privacy of all Internet users." Why would a Wall Street darling like DoubleClick get involved in monitoring porn sites and health sites at the risk of alienating privacy advocates even more? To answer that we need to rewind to 1996. That was when Kevin O Connor founded the rm, with the idea of cashing in on the rush to all things e. Back then, companies were curious about advertising online, but few knew how to navigate the Web. It was unpredictable and chaotic, and choosing the right advertising format was like throwing darts blindfolded. DoubleClick simpli ed the task by gathering hundreds of the most popular sites in a network and then offering the ability to place banner ads across all, or some, of the network. The idea t the times like a latex glove. The Fortune 500 turned their ad accounts over to DoubleClick, and soon it became the one-stop shop for online ads. Today, DoubleClick s client roster reads like a who s who of corporate America. The company places ads on websites for AT&T, CBS, Ford Motor Company, Motorola, Inc., and hundreds of others. And its revenue is up sharply; in the rst quarter of this year, it took in $110 million, a 179 percent increase over the same period last year, according to the company. Every month, DoubleClick places 50 billion banner ads across its network, which the company says covers about half of the Internet s total traf c. As the company s annual report boasts, "Move your mouse over any ad on the Web, and there s a good chance you ll see ad.doubleclick.net at the bottom of your browser window. DoubleClick didn t create the ad, but we did place it there." And all of those ads are automatically monitored; DoubleClick gauges their effectiveness by tracking the number of people who click on them versus the number who view them. This so-called click-through rate is a metric only the Internet can offer, and it is the argument for why online advertising is more precise than TV, print, or radio advertising. But click-through tracking yields another dividend, too. As DoubleClick quickly discovered after it began marketing the service, click-through technology opens the door to tracking individuals as they move from one site to another. If you can track whether someone clicks on one ad, why not track whether the same person clicks on any ad in a given network? Why not see exactly what an individual does online, where she goes, what she buys? It s no wonder that from the start, privacy advocates objected to such tracking, but DoubleClick and other rms in the online marketing world pressed ahead. To make the tracking work, DoubleClick used cookie les. Cookies are random number strings like ngerprints that identify one computer to another. As you visit a page with a DoubleClick ad, the company places a cookie on your computer. After that, DoubleClick can track your movements through its network even if you do not click on its banner ads. And now, with Web bugs, DoubleClick can track you even when there are no banner ads on a page. And if you make a purchase or ll out a questionnaire on a site with a DoubleClick ad, the rm will more than likely collect that information from the Web bug and link it to your cookie. Last year, DoubleClick tried to take the next step, and link its cookie les with actual names and identities. It merged with the consumer-database rm Abacus Direct, and announced a new division designed to create elaborate pro les of more than 90 percent of American households. The plan attracted an army of critics, including privacy advocates, who said DoubleClick would usher in a new age of surveillance. The Federal Trade Commission began investigating the company; investors, who got skittish, started to dump DoubleClick stock. When the blows and bad PR had cost DoubleClick half its market value, CEO O Connor backpedaled. "I made a mistake," he said. O Connor pledged to delay the database until there was "agreement between government and industry on privacy standards." Despite its public disavowals, DoubleClick nevertheless continues to lay the groundwork for the database by collecting vast amounts of information about where people go online. And the news that they are employing their invisible tracking devices on health and porn sites could cause them new political, public relations, and legal woes. The FTC has asked Congress for more authority to sue companies who are in violation of consumer privacy, although Congress is not expected to enact new laws anytime soon. If DoubleClick ever chooses to merge the data from the Web bugs and cookie les with its existing consumer dossiers, it will create a database of unprecedented depth. The rm will not only have purchasing history and demographic information of some 100 million Americans at its ngertips, but also information about their sexual preferences and health conditions. For now, the records are not merged. But they lie there on servers, waiting. e _________________________________ Mark Boal > Senior Writer > Brills Content p1: 212-366-4348 cell: 646-325-7230 fax: 212-366-1939 <mailto:mboal@nyc.rr.com>mboal@nyc.rr.com -------------------------------------------------------------------------- POLITECH -- the moderated mailing list of politics and technology To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ --------------------------------------------------------------------------