"Matchcode" technology sparks privacy flames.....

Will Rodger rodger at worldnet.att.net
Sat Sep 20 12:19:10 PDT 1997



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One of the main assertions made by both sides in the privacy battles 
is people must be informed when a third party is gathering "personal" 
information about them.

But what constitutes personally identifiable information, anyway? 
Where do "real" privacy concerns begin? Below is a story I wrote  
about Imgis Inc. - a little-noticed company whose cookies are among 
the most common on the Net. If you don't them now, look in your 
cookie file. Chances are you'll find several marked "imgis.com."

Imgis thought it knew what the privacy concerns were with its 
technology. Others thought otherwise. Within two days of hearing 
about impending opposition, the company apparently changed its views.

Note that the technology described is not yet in use.

from http://www.zdnet.com/zdnn/content/inwo/0919/inwo0006.html

Ad tracking technology sparks new privacy war
By Will Rodger
September 19, 1997
11:42 AM PDT
 Inter at ctive Week Online

An effort supported by two of the world's largest advertising brokers 
to tailor advertising to individual Internet users may pose the 
greatest threat yet to the protection of privacy in cyberspace, 
activists said.

Under a system due for rollout in the first half of 1998, the Web 
advertising service Imgis Inc. will begin comparing detailed 
demographic information about Internet users to its stock of Web-
ready ads, sending Net users only those ads Imgis determines are best 
matched to their interests. The company, based in Los Angeles, will 
use a system of "match codes" to identify individual users.

Match codes are unique identifiers used to pick information about 
consumers out of databases, much as banks use Social Security numbers 
to identify customers.

Under the plan, when Internet users visit Web sites carrying Imgis 
ads, participating Internet service operators would send Imgis a 
match code corresponding to a demographic database of 140 million 
consumers maintained by database marketer Metromail Corp.

Imgis would then compare users' names, addresses, estimated incomes 
and automobile ownership against an inventory of advertisements. 
Thus, a white, single 25-year-old man living in Dubuque, Iowa, could 
see an ad that differs from that seen by a 65-year-old American 
Indian woman living in Manhattan.

Yet, at the same time, the system has the ability to track the 
movements of any Internet user across participating sites, 
potentially revealing a dizzying array of confidential information, 
including users' reading habits, health concerns, political 
inclinations and religious affiliations. Imgis executives insist they 
won't do so, but the danger remains, critics said.

Shelley Pasnik, an analyst with the Washington, D.C.-based Center for 
Media Education, slammed the proposal.

"This is huge. This is the most detailed proposal I've seen and 
probably the most significant threat to privacy I've heard of," she 
said.

"This is a really big deal; this is a real step back," added Tara 
Lemmey, chief executive officer of Narrowline Inc., a San Francisco-
based Internet advertising firm and a member of the TRUSTe privacy 
consortium. "This is a case where it's really important to step back 
and say we've really crossed the line."

Imgis, which specializes in Internet advertising, will place ads sold 
by Petry Media Corp. and Katz Media Group Inc.

Exposure of the plan follows four days of hearings on cyberspace 
privacy at the U.S. Federal Trade Commission last June. Though direct 
marketers were often on the defensive over their use of surreptitious 
techniques in gathering consumer information in cyberspace, the FTC 
tentatively concluded that the industry should police itself before 
the government takes action to protect privacy on the Internet.

But the Imgis case "accentuates all the concerns we've been talking 
about," said David Medine, associate director of credit practices at 
the FTC and moderator of most of the sessions. "Up until today, I 
think that users naturally assumed that users were anonymous through 
their Internet service providers when they surfed the Web. I don't 
think that you can say that anymore. If that has changed, it 
represents a dramatic shift in the relationship between the user and 
the Internet."

Medine said the FTC would expect Imgis to disclose all aspects of its 
data gathering through participating Web sites and ISPs if it begins 
using match codes to tailor ad delivery.

In an interview Tuesday, Imgis Chief Executive Officer Chuck Berger 
told Inter at ctive Week that his company had signed two Internet 
service providers, GTE Corp. and Netcom On-Line Communication 
Services Inc., to carry the service sometime in the first half of 
1998.

At the time, Berger said he believed there were no privacy concerns 
with "anonymous match codes," since Imgis had decided not to record 
which sites users visit.

"Once we pull your ad out of our database, we're done," Berger said. 
"We're not following you around the Web."

Imgis abruptly altered its story Thursday after Inter at ctive Week 
found that privacy advocates were up in arms over the technology. 
Marisa Verson, a principal with San Francisco public relations firm 
Interactive Communications Inc., which represents Imgis, said Imgis 
never had agreements with GTE or Netcom.

"GTE is nothing," she said. "If Chuck communicated that, I don't know 
how he even thinks that. This thing isn't even in the speculative 
stage until the privacy thing is down."

GTE spokesman Bill Kula confirmed Thursday morning that "we do use 
Imgis - or plan to - related to using actual public billing files." 
But "there's not a contract between the two companies today."

Netcom officials said they spoke with Imgis more than a year ago 
about the match code proposal but had discarded the idea over privacy 
concerns.

"I have absolutely zero plans to be involved with this," said Netcom 
advertising director Terry Pittman. "Whatever we do needs to be in 
synch with some rules of the road so that people know what we do with 
their information."

Imgis officials, stung by criticism of their plan, said they are 
moving swiftly. Though Berger earlier described Netizens who worry 
about their privacy online as a "vocal minority," Imgis marketing 
director David Kopp said the company is moving to develop some way of 
disclosing how it gathers information online and what it does with 
it.

"We'll come up with a policy that makes sense," Kopp said. "These 
issues are very big issues. The main reason we haven't pursued the 
product is we're not entirely confident we have a set of standards 
that would work. Without informed consent you can't do this sort of 
thing."

Kopp said the company would soon contact TRUSTe for guidance.

TRUSTe Chairman Lori Fena said she hoped to hear from Kopp soon.

"We mandate full disclosure," she said. "We expect full disclosure at 
all the Web sites, so this would no longer be a back-door deal."

The FTC's Medine agreed.

"It's going to take enough firms getting beat up in the press to make 
people realize they have to think about this first - before they 
develop the technology," he said.

Imgis can be reached at www.imgis.com

The FTC can be reached at www.ftc.gov



-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBNCQghdZgKT/Hvj9iEQLu5ACfSVkRIbX8iYE7EgKnwV2FIZK82fUAoIBl
2TyMisA624IB1nWUwhI3qx54
=08lI
-----END PGP SIGNATURE-----







More information about the cypherpunks-legacy mailing list