WASHINGTON — Seeking to mute consumer and congressional concerns over possible online privacy violations, the media company NebuAd announced Tuesday that it will take new steps to protect Internet users' identities on the Web.
Consumer groups in Washington responded that this isn't enough, claiming the company may still be breaking federal and state e-privacy and wiretapping laws.
At stake is the future of a lucrative new trend in advertising in which online ads are targeted based on an individual's browsing patterns. Companies such as NebuAd, based in Redwood City, Calif., mine the patterns with the cooperation of Internet service providers and sell them to online advertisers.
The practice helps Internet advertisers reach potential customers at just the right time with products they want to buy.
Targeted advertising is no new trick. An airfare ticket offer might pop up, for example, immediately after someone e-mails a friend about an upcoming trip.
NebuAd's technique rachets up this practice with more sophisticated mining of consumer preferences. It works directly with Internet service providers, making it harder for users to avoid being targeted.
That's a violation of privacy, according to Leslie Harris, the president of the Center for Democracy and Technology, a Washington-based public interest group.
"The ISP sits in a different position than a Web site," she said. "In large parts of this country, you have one (option for an ISP network). They are the only trusted intermediary."
The Senate Commerce, Science and Transportation Committee takes up the issue Wednesday, along with other e-advertising privacy matters. NebuAd Chief Executive Bob Dykes has been called to testify, along with representatives from Google, Facebook, Microsoft and the Center for Democracy and Technology's Harris.
In a move that seemed to meet some of the demands of privacy advocates such as Harris, NebuAd said Tuesday that it had revamped its privacy protections.
Users will be able to opt out of the Web monitoring system, and they'll be reminded periodically that they're signed on to it.
NebuAd has said that it uses encryption to safeguard users' identities and never releases them to advertisers. The exchange between an advertising data miner and an online advertiser doesn't name the consumer, according to NebuAd.
That's not enough for Internet privacy advocates. They interpret the Electronic Communications Privacy Act as requiring that NebuAd have the consent of users before it begins monitoring their browsing.
As it now stands, users — if they know that their Web sites are being monitored — can opt out of the program.
Law professor Wendy Seltzer, a fellow with Harvard University's Berkman Center for Internet and Society, said she was concerned that the advertising companies were potentially breaking contract laws as well as the wiretap act.
"They (the advertising companies) probably have different definitions of what they're claiming to be an invasion of privacy," Seltzer said in an interview. "I do have some concern if user information is being used in a way that a user of a service didn't anticipate and didn't expect."