Note: This piece was published on this blog last week, but disappeared during migration to a new server! So bear with me if you’ve already read it.

One month ago, I predicted that the currently-accepted-as-standard behavioral targeting model doesn?t stand a chance. Simon Levine was kind enough to point out that ISP-based targeting isn?t standard ? it?s a new, wrong model, so let?s re-posit it: ISP-based behavioral targeting doesn?t stand a chance.

That was after NebuAd had pretty much ceased all activity, when Phorm was still doing okay. Here?s what?s happened since then:

Last week, 15 people filed suit against NebuAd for privacy violations.

?The collection of data by the NebuAd device was wholesale and all-encompassing,? the lawsuit alleges. ?Like a vacuum cleaner, everything passing through the pipe of the consumer?s internet connection was sucked up, copied, and forwarded to the California processing center. Regardless of any representations to the contrary?all data?whether sensitive, financial, personal, private, complete with all identifying information, and all personally identifying information, was recorded and transmitted to the California NebuAd facility.?

?Consumer advocates also were alarmed by the sheer scope of information available to NebuAd. Unlike older behavioral targeting companies that only collected data from a network of publishers, Internet service providers have access to everything?including activity at search engines and at non-commercial sites, such as sites operated by religious groups.

?The plaintiffs, who are seeking class-action status, allege that NebuAd violated a federal wiretap law, California privacy law and computer fraud law, among others.

Wendy Davis reported further on the story:

?It could be a landmark case,? said attorney Bennet Kelley, founder of the Internet Law Center in Santa Monica, Calif. and former privacy director at ValueClick. He added that a victory for the plaintiffs could mean that broadband providers will be left with no choice but to seek users? affirmative consent before selling information about people?s Web activity to ad companies.

?privacy advocates say that the case doesn?t invite courts to make new standards as much as to clarify that existing laws already prevent Internet service providers from selling users? clickstream data without their consent.

?There?s a very high likelihood that some of these new advertising proposals that take advantage of Web traffic are illegal,? said Marc Rotenberg, executive director of the Electronic Privacy Information Center.

Across the pond, Virgin Media publicly dismissed the idea of working with Phorm, even though they were one of three ISPs slated to use the platform. Orange, the ISP, also rejected any collaboration.

?perhaps the ISPs are realizing that the proposition might be a public relations disaster should angry subscribers voice complaints.

With so many rats making their way off the ISP-based BT ship, who would be foolish enough to go in the other direction?

What do you think the companies, courts and governments should do? Should they put a stop to ISP-based BT now?

Holy moley. From the Daily Online Examiner:

In a comically inept move, U.K. Internet service provider BT Group has decided to delete posts on its forums about its deployment of Phorm?s controversial behavioral targeting platform.

The ISP removed all current and prior comments, which dated back to at least February. One of the prior threads in the BT Beta forums went on for more than 200 pages, according to The Register.

A moderator for BT Group posted this explanation online: ?Our broadband support forums are designed to be a place where customers can discuss technical support issues and offer solutions. To ensure that the forums remain constructive we?re tightening up our moderation policies and will be deleting threads that don?t provide constructive support.?

Now, knowing what you know about user-generated content and Web 2.0 and the blogosphere, what do you think the likely reaction to this little ’sweep-it-under-the-rug’ tactic will be?

If you answered, “Well, Kaila, I think it will only draw more attention to the issue,” you’re right. After all, you’re reading this blog post, aren’t you? And I read the Daily Online Examiner one, and who knows what other posts are being written as we speak.

If you answered, “Well, Kaila, I think it will serve as evidence that BT thinks they did something wrong,” you’re right again. After all, why would you hide the complaints if you had a legitimate answer for them that you wanted people to know?

If you answered, “Well, Kaila, I think this is another nail in the coffin for ISP-based behavioral targeting,” I’d be hard-pressed to disagree. Certainly any model that knows everywhere you’ve been doesn’t pass the privacy threshold.

Beyond the behavioral targeting issue, though, lies another lesson. Have you heard that quote, “Speak the truth, even if your voice shakes”? It’s good advice, but we all get to choose whether to follow it or not.

What’s happening online, though, is that ease of communication is forcing everyone to live by that motto, all the time. If you’ve got a problem that’s playing itself out online, the only way to deal with it is directly — even if your voice shakes.

I think this is a great turn of events for our planet. We say that integrity is how you behave when you don’t think anybody’s looking, and that’s fine, but sometimes we need somebody to be looking to figure out the right thing to do. And, thanks to the Internet, somebody’s always looking.

BT, like any infant, seems to think that we can’t see it if it can’t see us. So it deletes the comments and covers its eyes, while all over the world people are saying, “Wow! Look at BT with its hands over its eyes! How silly.”

How do you think BT should have handled this situation?

In my last post, I wrote about what I perceive to be the fundamental problem with behavioral targeting: the value proposition to consumers is less than the cost to consumers.

The post received highly thoughtful comments from Pete and Jim. Both of these people are from anti-Phorm websites (as you’ll see if you click through), and both of them have interesting perspectives on the behavioral targeting problem. I thought I’d aggregate them here and add my spin. So, without further ado, I present my Three Behavioral Targeting Keys to Success.

BT Key to Success #1: Data about an interaction with one supplier, taken without consent, should not be used to promote a new interaction with a different supplier
Trust me, when I explain this one it’s going to be more than obvious.

Imagine for a moment that you go to a Target store. As you’re walking through the store picking out goodies (including, let’s say, diapers), a fellow shopper is surreptitiously observing what you buy. As soon as you pay, that so-called ‘fellow shopper’ ditches her bogus shopping cart, runs outside, and calls Walmart to give them a full report. Walmart then sends you coupons for baby food.

This scenario sounds lousy. But the idea of ISP-based behavioral targeting is even worse, because there’s no existing trust relationship with that phony fellow shopper, while there is one with your ISP. Imagine if the post office read your mail, found out which books you bought from Amazon and how much you paid for them, and then sold that information to Barnes & Noble.

BT Key to Success #2: Recognize that certain ’safe havens’ of communication have to exist for a healthy society
Facebook got a taste of this with the backlash from its Beacon advertising system. People became enraged at the idea that they couldn’t control which activities were kept private.

In that case, the ramifications were generally small — a wife found out too soon about a surprise gift from her husband. In other cases, though, the ramifications may be quite large, manifesting not only in tangible repercussions (consider political communications in repressive countries), but also in a diminished sense of stability and security in society at large.

BT Key to Success #3: Make sure that consumers not only want what you’re offering, but have a clear and transparent choice to accept or reject it
Jim pointed out that Google’s model is easily controlled by the user, as contrasted with ISP-based behavioral targeting:

You don’t want to be tracked by google? Fine, block google’s cookies. Don’t want google to profile your e-mail? Don’t use Gmail. Don’t want them recording your searches? Use a different search engine. You don’t have that kind of assurance when companies start intercepting all your traffic. They take control, not you. You have to rely on their promises to behave fairly, to honour your preferences and you have *no way to make sure they’re doing it*. This makes users uneasy. They feel as though they can’t trust their service providers, something I have to say most service providers have brought upon themselves through years of silly money-grabbing schemes like this and generally deplorable levels of customer care.

In fairness, Phorm is now opt-in only, although I’m not certain how thoroughly they explain what they do at time of opt-in. My understanding is that their technology is presented as protection from phishing sites, which it may well do in addition to its other uses.

Further, you could also make the argument that, just as you could choose to not use Google or Gmail, you could also choose to use a different ISP. This one is a bit trickier, however, and brings some other considerations into play. If ISP-based behavioral targeting were to become the de facto standard, choosing a different one wouldn’t make a difference. And, ultimately, the issue is one of invasion of sensitive information.

When professional service providers gain access to sensitive areas of your life, it is encumbent upon them to behave with corresponding sensitivity. You don’t want your mammogram tech telling you you’ve got nice tits. The privilege of access to sensitive areas of our lives carries with it the responsibility of appropriateness.

Okay, enough for today… I hope I’ve given you some food for thought! That’s what your comments always do for me; I welcome them below.

Last week, I summarized the current sorry state of the behavioral targeting industry. Adzilla in the chilla. NebuAd looking sad. Phorm facing scorn.

Okay, Eminem I’m not.

Nonetheless, I think there is a fundamental problem in the behavioral targeting industry, a problem that is being reflected across all of these companies and the problems they’re facing:

The cost to the consumer is greater than the value proposition for the consumer.

The FUNDAMENTAL premise of these companies is that they improve ad relevance. That’s fine and dandy — I’d rather see an ad for rock climbing gear than one for men’s hair dye.

On the other hand, it doesn’t really cost me anything to see the men’s hair dye ad. In fact, you could make the argument that I benefit more, because I don’t spend money on climbing gear that I want but don’t need. (This is of course in an alternate universe where it isn’t our patriotic duty to buy as much stuff as we can.)

OK, so there are arguments for relevant ads and arguments against them. Either way, it’s not a big pain point for individuals. Irrelevant search results? Big pain point. Irrelevant ads? Ho-hum.

Ad relevance is, however, a big pain point for the companies creating, paying for, and publishing those ads. Clearly, if the ads aren’t relevant, people don’t click on them. If people don’t click on them, none of the entities in that chain get paid. That’s a problem.

So behavioral targeting provides a solution that offers a powerful benefit to advertisers and publishers, but only a so-so benefit to consumers.

Unfortunately, in order to deliver their solution, the consumers have to pay almost as much as the advertisers and publishers, albeit in a different currency. Advertisers and publishers pay with dollars; consumers pay with data. In our attention economy, the data may even be worth more than the cash.

So advertisers and publishers have to pay cash for a powerful benefit they really want, while consumers have to pay data for a so-so benefit they aren’t exactly clamoring for.

In addition, under the model of these ‘traditional’ BT companies, it is impossible for them to provide advertisers a powerful-benefit-for-cash unless consumers go for the so-so-benefit-for-data.

This means that companies have come up with all sorts of creative ways to push the so-so benefit, or, at times, making an end run around the problem by not telling customers about the exchange. Phorm tried exactly this tactic in its initial trials, but has since capitulated to government pressure and now has an opt-in system.

So that’s the core of the problem: the moneymaking value proposition businesses’ll pay for relies on a non-moneymaking transaction with consumers who don’t want it.

What is the solution? It’s elementary, my dear: get back to basics and put the user first.

• What do web users care about?
• What are you offering them?
• Do they value what they’re getting as much as they value what you’re asking from them?
• What don’t they like about what you’re offering?
• What don’t they like about what you’re asking them to pay?
• How can you change what you’re offering, what you’re asking them to pay, or both, so that you’re creating value for the consumer?

Forget about maintaining surfing history, whether it’s anonymized or not. Forget about dangling the dubious carrot of ‘more relevant ads’.

Worry about what the consumer wants, and what the consumer doesn’t want — then worry about pleasing your advertisers.

What do you think about this idea?

The ISP-based behavioral targeting industry is about as shaky as the Dow Jones Industrial Average these days. While UK-based Phorm has been making some headway, it’s still fighting a significant battle of public opinion, while US companies like NebuAd and Adzilla are waving the white flag of surrender.

If you’re just joining us, these are companies that partner with ISPs to track user behavior across the entire Internet in order to offer more targeted advertising.

The last time I wrote about these guys, it was to point out how much better Phorm was doing than NebuAd. Subsequent events seemed to support that observation; on October 1st, Wendy Davis reported that Phorm was going to expand into other countries including the US. Despite the company’s ambitious plans, Wendy was clear about the potential negatives of their ISP-based system:

ISP-based behavioral targeting has been criticized by privacy advocates, who are wary of the practice because ISPs have access to users? entire clickstream data. But Web publishers also have reason to be wary of ISP-based targeting. If Phorm?s platform works as intended, the company will be able to harvest data from publishers without paying them for the information.

For instance, if a user searches for iPods on Google, Phorm can arrange to send that user an ad for a portable music player later, when the user is on some other site. While that site that served the ad would be a Phorm partner, and would presumably be able to charge a higher CPM for the targeted ad, it?s hard to see what Google would get out of the transaction.

In fact, it wouldn?t be surprising if Google ? or other publishers that serve as involuntary sources of data ? finds some way to challenge this type of targeting.

There are a couple of other things to add to the privacy advocates and the no-you-can’t-use-my-data publishers. One is the public attitude. Evangelists are always out there fighting tooth and nail for data portability and other things of disinterest to the general population, but will the public care about these systems? Will they vote with their behavior and their wallets?

For example, Wendy’s article drew a comment from Paula Lynn:

It is a horrible, stalked feeling when this happens. Big brother is closer than you think. And no, people do not usually think for themselves when someone else will do it for them. There are a zillion examples of mind bending influence peddlers who are posing to sell you more than shampoo. Caveat emptor.

The question is, does Paula represent the privacy extreme or mainstream? Because the mainstream are the people who will determine if this technology has any legs.

The other big issue is government regulation, one of the key factors in the downfalls of NebuAd and AdZilla. In fact, it wasn’t even regulation; it was the threat of regulation that made them suffer so. And just yesterday, Wendy published an update that shows Phorm is starting to face similar pressure across the pond:

In the latest development, the European Commission’s Information, Society and Media division, headed by Viviane Reding, last week sent a second letter questioning U.K. authorities about Phorm. “The European Commission takes data privacy of citizens very seriously and therefore is asking the UK authorities to ensure that they fully comply with their obligations under EU law,” according to Martin Selmayr, spokesperson for Reding’s office, in an e-mail to Online Media Daily. The Commission asked the U.K. officials to explain how they “have protected the privacy of U.K. citizens with regard to Phorm in the past, and how they intend to do so in the future,” Selmayr stated. The regulators requested an answer within one month.

So, to summarize:

• Privacy.
• Proprietary data.
• Creepiness factor.
• Government regulation.

Looks like the currently-accepted-as-standard behavioral targeting model doesn’t stand a chance.

So what is at the core of the problem, and what is the solution? Tune in to my next post for my opinion. In the meantime, feel free to share yours in the comments.

Phorm is requiring that users opt in to the latest test of its ISP-based behavioral targeting platform, according to Online Media Daily:

Unlike the case in previous trials, BT will only deploy the platform, “Webwise,” with subscribers who have affirmatively agreed to receive targeted ads. For the initiative, BT intends to intercept 10,000 users with a Web page asking whether they wish to sign up for Webwise, which it touts as offering “more relevant” ads. The company also promises that it will help protect users from online fraud by alerting them when they land on suspected malware sites.

I think this is the appropriate move — that people get to choose whether they want it — but what I’m really interested in is how many will? How compelling is the ‘relevant ad’ offer? What percentage of the 10,000 will go for it?

Personally, I think anything better than 100 could be considered a success for the company. 1% acceptance of an untried and uncommon service is a pretty good return.

Phorm’s uptake is critically important, because it will represent the best test to date of how people value privacy and relevance.

We Internet users have shown ourselves more than willing to trade privacy for functionality: think Google or Facebook. When we are the ones who want the access, no data price is too high.

But the Phorm test doesn’t dangle a functionality demanded by consumers. What’s on offer from them is more relevant ads, something that is more of an active pain point for underperforming advertisers than for us users.

We complain about egregiously bad advertisements (see David Berkowitz’ The Chutzpah of Facebook’s Jewdar for a superb example), but are we willing to pay the price of privacy for something different?

We’ll soon find out. In the meantime, would you agree to the Phorm test if it popped up on your machine?