Are Marketers Crossing the Line with Online Tracking?
Kimberly Miller and Mari Gottlieb
How would you feel if a complete stranger followed you around with a video camera while you shopped, documenting your every move? At first thought it may not seem too harmful. So what if people know what groceries you buy or what car you are looking to purchase? Consider a different scenario--how would you feel if that stranger followed you into the adult section of the local video store? While marketers cannot follow customers’ every move in the real world, they can on the Internet—and they do. Marketers track online behavior to customize their advertising to specific users. It may not seem harmful for marketers to know what consumers buy but there is the issue of consumers’ privacy.
Consumers have three primary concerns with online tracking. One concern regarding consumer privacy is the lack of understanding the numerous ways companies can track online consumer behavior. Even though recent litigation requires companies to make their tracking activities and privacy policies more visible, there is still a general lack of knowledge about online tracking. Thus, the less knowledgeable people are on the topic, the easier it is for marketers to take advantage of them. The second concern is how marketing companies use this information. The third concern is that there are no current laws that strictly regulate online tracking companies. Where should the line be drawn between privacy and online habit tracking?
How Do Marketers Track Our Online Behavior?
Spyware is one of the most prevalent ways that marketers track consumers online. It is software that is usually bundled with freeware (free copyrighted software) or shareware (copyrighted software for sale) designed to gain access to a computer. Spyware gathers information from a computer, many times without the users’ knowledge, while it monitors keystrokes, browsing history, chat programs, and scans files on the hard drive (Eschelbeck). Three types of propagation techniques for advanced spyware include: Internet browser exploits, site redirects or misleading browser pop-ups, and piggybacking. A browser exploit is a short piece of code that attaches itself to a computer’s browser and exploits a software bug. It then causes the browser to do something unexpected, such as crash or install spyware onto the computer. Site redirects and misleading browser pop-ups occur when a user accidentally mistypes a website domain name or clicks on a window that suddenly opens in their screen, redirecting them to a site which automatically installs spyware onto the the computer. Finally, piggybacking occurs when a company attaches spyware to a particular software download option. Thus, consumers believe they have downloaded an innocent program, when they have actually downloaded spyware. The consumers give up their privacy by involuntarily allowing companies to track their online activity. When tracking consumer behavior, companies find out how close a consumer is to making purchases, and send out advertisements and special promotions to that person to further entice them to buy their product. Spyware producers earn revenue by offering marketing companies the data that was collected, which provides the opportunity to display these tailored ads.
One specific form of spyware is cookies. A cookie is a small piece of data that is sent to a web browser, such as Internet Explorer, from a web server . This allows for easy and systematic tracking of a computer’s IP address, brand of browser used, operating system, and URLs visited. When a specific browser revisits the server, it passes the cookie back allowing the server to identify that particular browser. Cookies were originally developed to allow web pages to store user specific information allowing computers to remember login names and provide quicker Internet usage (Stein 2007) but are now used for more malicious purposes.
Today, marketers use third party cookies, or “tracking cookies,” to trace online behavior. Marketing firms contract with client sites, such as Sony, to advertise on their pages. The client sites then place tags on these advertisements containing the URL of the marketer’s advertisement server and the URL of the client’s page. When a browser opens the client’s web page, the ad displayed comes directly from the marketer’s site. At that point, the browser receives a cookie. The next time the browser views any page with one of the marketing company’s ads, the cookie is sent back to the company. This enables the marketing company to track a person’s browsing path or click-stream and see the pages visited and the frequency of the visits. Over time, data is collected, and companies infer consumers’ habits and interests.
Marketers use this information to tailor their advertising to specific browsers. For example, when someone fills out a form online specifying that his or her favorite color is green, the server sends that information to the browser in the form of a cookie. The next time the user visits the site, the browser sends the cookie back to the server, and it alters its background color to green to please the consumer (Stein). For consumers, a privacy issue arises when they fill out a form and provide their name. The marketing company can associate their IP address with their name; therefore, not only is the company tracking their behavior, they can now link their behavior to their name. For example, “John Smith” would most likely not like his porn browsing history linked to his name and kept on record, readily available for distribution to other companies.
Are Consumers Concerned About Online Habit Tracking?
A survey was conducted among 100 random University of Colorado students in Boulder, Colorado, to find out their feelings about online tracking and their privacy. According to the survey, 87% of the students shop online and are concerned about personal information being held and sold to other companies. An overwhelming 93% of students are bothered by the thought of someone seeing every site they visit while surfing the Internet. Interestingly, the 7% that answered “no” were men, showing that women are more concerned with their personal privacy online. This corresponds to the question, “does it bother you if a marketing company could link your name to your tracking history?” to which 87% of students answered “yes.” Furthermore, a much smaller 73% responded yes when asked if they were “bothered if marketers could get a hold of the sites you look at and use it to tailor their online marketing.” This result is likely due to the fact that people are more concerned with their personal information and privacy. Most believe it is more acceptable for companies to use browsing history for marketing reasons rather than to discover their particular name and use it to send targeted e-mails and direct mail. Because the lists of names and e-mail addresses are often sold to other companies, the students revealed further concern about the availability of their personal information to marketing companies.
To further investigate this topic, a larger sample size is ideal to obtain a better representation of the total population’s concerns with online tracking. The sample included only University of Colorado at Boulder students, whereas a more diversified sample would be preferable. Time constraints were also an issue that hindered the results.
The Legalities of Internet Advertising Companies
In the U.S., Internet based companies are self-regulated with little government oversight. Because of this, the current laws fail to address the concerns expressed in the research. A common misconception is that Title II of the Electronic Communications Privacy Act (the Stored Communications Act) protects users from spyware and cookies (Khan). The act actually prevents hackers from tampering with electronic communications and provides sanctions for “any person who gains unauthorized access to communications facilities and thereby accesses electronic communications stored incident to their transmissions” (H.R. 229-109th Congress). This act is intended to guard information stored on computers, but it is important to note that the act does not regulate the use of spyware or cookies, which is one of the primary concerns of consumers.
Government officials attempted to address consumer concerns regarding online tracking by creating bills to regulate the use of spyware, but all failed to become laws. Individual states let companies regulate themselves. Two examples of bills written to govern spyware are H.R.29 [109th]: Spy Act and H.R.29 [109th]: I-Spy Act (Khan). The purpose of the Spy Act is, “to protect users of the Internet from unknowing transmission of their personally identifiable information through spyware programs and for other purposes” (H.R. 229-109th Congress). The Spy Act also “prohibits use of spyware to collect personal information and to monitor the behavior of computer user’s without user’s consent.” It states consumers must receive a "clear and conspicuous" notice prior to the downloading of software, but the act gives numerous exceptions to downloading disclosure. It punishes violators for modifying a browser’s home page, or disabling antivirus software without proper authorization. The Spy Act attempted to set boundaries for software that transmits information across the Internet, where The Federal Trade Commission would regulate, and fine violators up to $3 million. This bill passed in the House of Representatives but did not become a law. An amendment added to the Spy Act made cookies, including third-party cookies, exempt from any spyware legislation that passes in the House of Representatives. This further limits consumer protection against online tracking.
The I-Spy Act differs from the Spy Act in that it focuses on punishment of spyware abusers instead of the protection of consumers (Khan). It amends the criminal code as follows:
To prohibit intentionally accessing a protected computer without authorization, or exceeding authorized access, by causing a computer program or code to be copied onto the protected computer and intentionally using that program or code: (1) in furtherance of another federal criminal offense; (2) to obtain or transmit personal information (including a Social Security number or other government-issued identification number, a bank or credit card number, or an associated password or access code) with intent to defraud or injure a person or cause damage to a protected computer; or (3) to impair the security protection of that computer” (H.R. 229-109th Congress).
The House of Representatives passed this bill in 2005, but it was not ratified.
In 2005, another public case accused the New York based company, Intermix Media, Inc. of alleged illegal use of spyware (Livingston). The attorney general, Eliot Spitzer, claimed the company’s use of spyware software went against New York state law. Intermix put hidden spyware on users’ computers creating pop-up ads. Spitzer’s suit against the company claimed Intermix used deceptive acts and practices, false advertising, and trespasses to chattels . It was deceptive because adware was secretly installed when users downloaded screensavers. Additionally, it was hard to remove. Intermix also falsely advertised the software as “Free from Spyware.” New York law prohibits the “intentional intermeddling with a chattel” that results in “the deprivation of the chattel or impairment of the condition, quality, or usefulness of the chattel.” The software Intermix used caused the computer system to slow down, and therefore, violated this law as long as the user did not give consent to the spyware. In the end, Intermix Media Inc. agreed to pay the state of New York $7.5 million over three years as a settlement. This case shows that even without specific laws governing spyware, it is possible to make a case with existing laws. “Spitzer is saying he doesn't need a state anti-spyware law to take action against spyware promoters” (Livingston). As long as it is regulated with existing law, the government sees little need to create new laws. However, the level of consumer concern about online tracking implies that the laws are not sufficient in protecting privacy.
What Do Internet Advertising Companies Do With Users’ Information?
According to research, a major concern consumers have is what advertising companies do with the information that is collected. When companies track Internet users, they are able to find out an abundant amount of information about a particular person. Companies understand a person’s tastes by observing what kinds of sites the person visits, and what the person types in search engines. For example, if a company started tracking “Katie” through spyware, and she types “discount trips and vacation get-a-ways” into Google search engine, the marketing company could instantly begin displaying ads for a discount flight to California rather than an extravagant trip to Fiji, based on her interests in a discount vacation.
Sybase, a global enterprise software company specializing in data management and mobile security, is an example of a company benefiting from tracking customers by finding out the most advantageous marketing techniques. An interview conducted with a marketing associate of Sybase explained that sending out e-mails to potential leads or people registered to receive information regarding the company’s web seminars, and inviting them to attend an upcoming seminar offers a source to gain tracking rewards (Rogers). Sybase sends e-mails through an e-mail generator called Eloqua, which is linked and sent to leads through SalesForce.com, a sales management tool. Sybase finds the most influential wording in the subject line, the most dominant way to enter the registration page, and which presentation style of e-mails should be used again through SalesForce.com. Via their registration page, they find the best target markets by asking the registrant their company and position title, enabling them to target similar positions of other comparable companies. Sybase easily finds out information for developing a target market, potential leads, and perfect e-mail marketing techniques by tracking their e-mails and registration page. These opportunities increase companies’ interest in online tracking.
Due to the use of emerging technology, companies often struggle to keep their websites updated. The online tracking company, Omniture, offers a solution. Omniture is a company specializing in offering online business optimization services. It helps companies answer questions such as “how to increase revenue from their homepage, how to decrease customer acquisition costs, and how to evaluate and optimize the efficiency of keyword buys” (Omniture). The company’s offering consists SiteCatalyst, Data Warehouse, Discover, and SearchCenter. The four facets of Omniture offer the ability to transform a website to make it more lucrative. They find the most profitable paths through a company’s website, examine how different types of visitors interact throughout the website, generate re-marketing lists, track click-stream history, understand cost-effective content placement and site navigation, and determine beneficial search engine marketing. Omniture is an effective company known for providing solutions to prominent companies such as DaimlerChrysler, Microsoft, Visa, Pepsi, Ebay, and The New York Times. Omniture analyst Brian Haven commented,
As the number of broadband users grow and digital content distribution takes hold, tracking users’ behavior on a Web site will be critical for tracking site performance and customizing content, marketing, and services. Use of these tools will become a core competency for any media company, driving marketing and product development (Omniture).
This statement is evidence of the importance and value of online tracking for companies who advertise online.
Online ad serving and management technology companies, such as DoubleClick, sell their software to numerous advertising agencies and media companies. DoubleClick developed the software called DART, which uses tracking cookies to target, track, and analyze the promotions on their clients’ sites. DART allows a server to send cookies with specific identification numbers, simplifying the tracking process (Stein). Because they contract with a large number of companies, they collect large amounts of information about consumers online. Each time a user visits a site that does business with DoubleClick, every article they read and every ad they click will be tracked. This allows companies to find out where users travel on their sites, improve their online merchandising strategies, adjust their offers and ad placements, analyze users’ purchasing and drop off behavior patterns, and tweak many other marketing techniques. Over time, DoubleClick creates profiles of a person’s interests and selects ads they think that person might find appealing.
With this wealth of information, they have the potential to collect personal information as well, such as names, e-mail addresses, home addresses, and phone numbers. DoubleClick states that, “the personal information collected is used only for the purpose for which it is requested” (Stein). While this may be true, the company still legally gives click-stream information to its member websites to use for audience profiles and to judge rating effectiveness of advertising. Contractually, DoubleClick’s clients say they will not use information that “could recognize as either sensitive or personally identifiable” (Stein). DoubleClick’s opt-out policies are clearly stated, and their cookies are easy to identify; however, inexperienced users rarely know how to view these options.
Another company that tracks consumers is Genius.com Inc. This leading Web analytics company created a program that alerts a sales representative when their client is online. This program allows the rep to not only see what their client is doing in real time, but to also record the client’s Web session for later viewing (Goldman). With real-time viewing ability, the sales rep sends e-mail and Web advertisements to correlate with what the client is currently viewing. In addition, the sales force receives updated reports on the main activities a specific client performed online. The implications of this technology for marketers are substantial. They observe and predict the behavior of their customers much faster and more precisely. They know exactly how much time and energy a user expends on certain sites (including their competitor’s sites) and can see exactly how long it takes to get a customer response to customer communication (ads). In the marketing world, this is hitting the jackpot. However, this growing technology further interferes with our privacy, and consumers show a great deal of concern.
The ethicality of behavioral marketing and online tracking is a difficult issue because when contemplating the consumer side, there are both positive and negative outcomes. The consumer receives targeted ads from the marketers based on his or her tracking history and interests, which are either convenient or bothersome, depending on the consumer. Often, the marketers keep the users’ information on file and can use it for re-marketing material years later. For the consumer, this is also seen as either convenient or bothersome. An example is if a user types, “study abroad programs” into the Google search engine, a marketer continually sends out advertisements for their particular program for years, long after the consumer considers the trip. Another issue is the idea of stored personal information. Privacy policies are put into place to put Internet users at ease, but the extent to which the information is guarded is often uncertain. Some consumers do not want their information stored; however, by offering their personal information online, their privacy instantly becomes an issue. Therefore, people’s privacy is measured against a convenience factor, and it is hard to say where the line is drawn in an ethical sense because so much depends on the individual. As research shows, people are aggravated with online tracking and take steps to battle against the loss of privacy that comes with it.
Marketers, on the other hand, only gain through the use of online tracking. They receive more information to help define their target markets, implement product strategies, and send targeted advertisements. Although it is expensive to implement the tracking devices, it is extremely profitable and valuable. Therefore, to ensure consumers are not taken advantage of, it is necessary to put restrictions on marketing companies’ use of online tracking.
Online tracking is a critical issue on the Web. It has many implications for users’ privacy and for advertising companies. As the research demonstrated, marketers use people’s personal information and tracking history to make profit. The information helps them solidify their online merchandising strategies, using tracking to adjust offers and ad placements, implement more profitable paths through a company’s website, and provide beneficial search engine marketing. For marketers, online tracking is a dream come true, as it holds the key to consumers’ thoughts with a reduction in time, costs, and efforts. While this is beneficial to marketers, research shows that consumers are not comfortable with the current protection of their privacy. As long as Internet users express a high level of concern about online tracking, there will be no shortage in lawsuits against advertising companies. In order to alleviate concerns, the government should begin regulating online tracking more closely.
Research shows an overwhelming 93% of students in the survey were bothered by the thought of someone seeing every site they visit. A smaller, but still significant percentage of 73%, agreed that the idea of marketers using their browsing history to tailor their advertisements is bothersome. Consumers are concerned with their personal information being used and stored by marketing companies. The respondents are not in favor of companies watching their every move. Nonetheless, they welcome the idea of targeted ads, because they are convenient and helpful. Each consumer is different in how much privacy they are willing to give up in order to gain an easier Internet experience. The personal attitudes of individual consumers make it difficult to draw the line between convenience and privacy.
Andrews, Walter J. Berk, Lon A. Winston, Frank Jr. “Cookies Remain Intact While Plaintiffs’ Claims Crumble.” Shaw Pittman Newsletter (April 2001).
Eschelbeck, Gerhard. “Webroot: Anti-Spyware.” University of Colorado. Boulder. 15 Feb. 2007.
Goldman, Larry. "Customer Intelligence." DM Review Magazine Oct. 2006. 23 Feb. 2007 http://www.dmreview.com/article_sub.cfm? articleId=1064638.
H.R. 29-109th Congress (2005): “Securely Protect Yourself Against Cyber Trespass Act” and “Internet Spyware Prevention Act.” Accessed March 11, 2007. http://www.govtrack.us/congress /bill.xpd?bill=h109-29.
Khan, Mickey Alam. “DoubleClick Settles With States on Privacy Standards for Online Tracking.” D.M. News (2002).
Livingston, Brian. “Is spyware Illegal Under Existing Laws?” JupiterMedia: Datamation.24 May 2005. http://itmanagement earthweb.com/columns/executive_tech/article.php/3507261.
"Omniture Home Page." Omniture. 2007. 10 Mar. 2007 http://www. omniture.com/.
Rogers, Makenzie. Personal interview. 3 Mar. 2007.
Stein, Lincoln, and John Stewart. "FAQ." 26 Feb. 2007. World Wide
Web Consortium. 23 Feb. 2007 www.w3.org/security.html.
A web server is a computer that manages and shares web based applications, and stores HTML documents that are retrievable by any web browser.
Chattel is someone’s movable personal property.
Back to Top