Saturday, July 12, 2008

Can Internet Activity Ever Be Truly Anonymous?

Buzz up!on Yahoo!

How much information should Internet companies be able to collect about your Web activity in order to serve you more relevant and targeted advertising? An IP address? Search queries? Your system settings and browser of choice?

For most companies like Google and Microsoft, the collection of that type of data is de rigeuer. Though it is typically deleted 18 months after its collection, and executives swear that personally identifiable information will not be found in their databases, many have their doubts.

My IP address may not reveal my name or location, but if I happen to be Googling my own name, address, or place of employment, and Google retains those search terms, am I inadvertently telling the search engine exactly who I am?

"If my ISP said, 'Is it ok if we give everything you do to another company?' I'd say of course it's not ok," Sen. Byron Dorgan, a North Dakota Democrat, said during a Wednesday hearing before the Senate Commerce Committee. "Online advertising is important; I understand that [but] there are so many unanswered questions about [online] information and how people navigate the Web."

Dorgan grilled Bob Dykes, CEO of NebuAd, an online advertising company that aggregates information to serve up targeted ads. "Maybe an ISP comes in and [says], 'Whenever anyone does something on our system, we're going to shovel all that information to you as its being done. What's the difference between that and wiretapping?"

"We're compliant with the law," Dykes responded. "The information we're looking at as people surf the Web doesn't include any personally identifiable information. [We are taking] an IP address and transforming that into an anonymous number with a one-way hash. All we're keeping is the qualifications from the market segments" NebuAd is targeting.

Leslie Harris, president and CEO at the Center for Democracy and Technology (CDT), was skeptical about the anonymity of the collected data. At best, the data collected by companies like NebuAd is "pseudo-nonymous," she said.

Harris pointed to AOL, which in 2006 mistakenly released 20 million search queries that included indentifiable data. Dykes argued that that was basically because people were doing searches on houses in their neighborhoods using particular names and addresses. That is exactly the point, according to Harris.

Sen. David Vitter, a Louisiana Republican, asked the two panelists if they believed that anyone data collection process on the Internet could ensure true anonymity. Dykes said yes, but Harris did not believe so.

"If pure privacy is what you want, the Internet is probably the wrong thing for you," countered Clyde Wayne Crews Jr., vice president for policy at the Competitive Enterprise Institute, a conservative think tank.

Original here

No comments: