Congressional Group to Study Web Bugs
With support by groups like the Privacy Foundation, legislative backing for greater awareness of cookie technology could be in the works.
A Congressional group has indicated that it will look into “Web bugs,” and judging from the group’s pro-consumer privacy stance so far, legislation might not be too far off.
Several pending bills in Congress deal with online privacy issues, but the bipartisan, bicameral Congressional Privacy Congress aims to tackle what it thinks has become a specific problem not fully covered in more wide-ranging bills.
“Web bugs” are tiny, often-transparent embedded graphics in Web pages that can report a visitor’s IP address, cookie information, and referring URL to the site’s owner or a company hosting advertising on the site, like DoubleClick or MatchLogic. Since many email clients can read HTML email, Web bugs can sometimes be inserted in email. That makes it possible for the company that set the Web bug to match up an email address — considered personally identifiable information — with a previously-set cookie. Online advertising company DoubleClick raised the ire of privacy advocates by planning to do just that — to combine previously-anonymous data profiles with personally identifiable information.
What troubles some members of Congress, however, is that consumers might not be aware that they’re being monitored using Web bugs.
Some publishers and the major ad network firms say in their privacy policies that they are delivering cookies to users, but don’t specify the means. Others, such as Microsoft.com, disclose that they use Web bugs (referred to as a “clear gif” or “Web beacon”) for cookie purposes. Still other publishers and email marketers may not disclose anything — since no clear legislation exists on the matter.
CPC co-chair Rep. Joe Barton, R-Texas, said in a statement that he aims to clear all this up for consumers. Beginning with its first meeting March 1, the group’s chairs said they plan to hold forums and discussion panels to educate the public, and could eventually propose legislation on the matter.
“I expect that we’ll be successful in passing substantial privacy legislation this Congress,” Barton said in a statement. “The business community has come a long way in the past two years toward policing and protecting the privacy of our citizens, but there is still much work ahead for the Caucus.”
The CPC defines “Web bugs” as methods used by organizations to make financial gains by tracking user behavior on the Web. Through this method, advertisers can build a user’s profile, allowing them to target ads or marketing messages on banner ads, email messages, or dynamic Web content.
“Just as consumers lock their homes’ doors and windows — we ought to put a deadbolt on financial, medical, and other personal information to protect basic privacy,” said CPC co-chair Sen. Chris Dodd, D-Conn., in a statement. “This caucus can be critically important in helping protect the privacy rights of all Americans.”
Last year, the Privacy Foundation, a Washington, D.C.-based consumer advocacy group, warned consumers about Web bugs and began testing technology that could intercept Web bugs on the Web or in email.
The Privacy Foundation also drafted guidelines restricting Web bugs’ use to gather only non-personally identifiable information and called for Web sites and emails to disclose that they’re using Web bugs, and to identify their origin. The group’s chief technology officer, Richard Smith, will give a presentation on Web bugs during the CPC’s first meeting.
Samantha Jordan, a spokesperson for Rep. Barton’s office, said he aims to “make consumers more aware” of Web bug technology, “or to create a system in which they’re notified when they’re being tracked.”
“Their concerns are for the future of what this could mean — such as the tracking you on secure sites, taking your username and password,” she said.
Before the caucus’ first meeting, Jordan said Barton and the others were going to research the issues, with an eye to possible legislation.
“His concern level is definitely raised,” Jordan said. “If marketers are going to use tracking technology, then they should at the very least make consumers aware that they’re being tracked, so that user can opt-out — or, even better, opt-in.”
Note: This article corrects a factual error in a previous version.
