ISP Justifies, But Doesn't Explain Secret Customer Eavesdropping - Via Threat Level:

Just last week, a trio of powerful federal lawmakers asked the large ISP Embarq to answer questions about the company's secret testing of technology that spied on its customers' web habits in order to serve them targeted advertisements.

To Embarq's credit, they wrote back quickly, delivering a reply (.pdf) within a week to inquisitive members of the House Commerce committee, including chairman John Dingell (D-Michigan) and top Republican Joe Barton (R-Texas) and telecom subcommittee head Reps. Edward Markey (D-Massachusetts).

Embarq - a Fortune 500 telecom provider -- looked to escape the wrath of the trio, explaining that its test of technology from NebuAd was small and that it added a paragraph to its privacy policy to let its customers know about the test. It added it wasn't going to use the technology further due to privacy issues.

NebuAd pays ISPs to let it monitor their customers, watches where they go to build marketing profiles and then uses that intelligence to show targeted ads on other websites. The company's controversial technology has already led the same lawmakers to all but force Charter Communications to cancel a proposed test of the technology.

But oddly, Emnbarq's letter was almost devoid of answers to the basic questions. For instance, the lawmakers wanted to know where the test was tried out and why that community was picked.

Other questions included knowing how many subscribers were involved, how they were notified and what percentage opted out. Embarq's reply didn't say.

The Congressman wanted to know what Embarq's lawyers thought of the test. Embarq called that attorney-client privilege, though did note that it has always been Embarq's belief that "its conduct of the test was lawful and otherwise permissible."

Most of the letter consisted of Embarq -- an ISP -- trying to convince the lawmakers that total online awareness of its paying customers complied with the Federal Trade Commission's proposed rules about behavioral advertising and longstanding privacy rules.

Which is to say that Embarq was arguing that it was following industry-agreed upon rules that websites like Yahoo! or sites with cookies from ad-serving giant DoubleClick follow.

But the FCC principles were designed for websites and not ISPs, according to the Center for Democracy and Technology's Ari Schwartz.

ISPs are controlled by anti-eavesdropping law known as the Electronic Communications Privacy Act, according to CDT's analysis, making web tracking without notice and consent a likely violation of law.

Moreover, Schwartz noted that the FTC principles require sites that track users to serve targeted ads to say so on the website, which would be impossible for an ISP to comply with since it would need to have that information on every site any of its customers visited.

"The FTC principles don't apply to Embarq, and even if they did, they didn't follow them," Schwartz said.

One expects that the lawmakers will not be very happy with Embarq's answers, but on Tuesday, a spokeswoman for Markey would only say that the Congressman was evaluating the letter and possible responses.

See Also:

• Report: NebuAd Forges Packets, Violates Net Standards
• Lawmakers Target Second ISP for Web-Tracking Tech
• Charter Freezes Web Eavesdropping Plan - Update
• Charter to Snoop on Broadband Customers' Web Histories for Ad Networks

(Read Original Article - Via Threat Level.)