Citing privacy concerns, the Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection will hold a hearing tomorrow (December 2, 2010) on the feasibility of establishing a “Do Not Track” registry for the Internet.

Today, the Federal Trade Commission (FTC) will release its much-anticipated privacy report calling for a “do-not-track” tool for Web browsers (see “New Media Privacy Issues & Online Health Marketing” media advisory).

Also today, privacy wonks are meeting in Washington, DC at the National Press Club conference “The Future of Online Consumer Protections.” Topics for discussion include:

  • Protecting consumers while they surf the web: How to make a “Do Not Track Me” list work and other ideas.
  • How costs can be cut with electronic medical records while still maintaining patient privacy.
  • Is online health and drug marketing deceptive? Does it invade consumers’ privacy?

One of the people presenting at that meeting is Jeff Chester, Founder and Executive Director of the Center for Digital Democracy (CDD). CDD and other privacy groups recently submitted a brief to the FTC citing “unfair and deceptive” online health and drug advertising practices (see, for example, “Center for Digital Democracy Challenges FTC to Reign In Online Pharma Marketing” and here).

Chester will be a guest on my Pharma Marketing Talk BlogTalkRadio show next Thursday and I’m currently hosting a survey on the issues (see below).

New Media Tracking Technologies: Implications for Online Consumer Privacy
A conversation with Jeff Chester, Founder and Executive Director of the Center for Digital Democracy, about his organization’s recently filed brief with the FTC requesting an “Investigation, Public Disclosure, Injunction, and Other Relief” regarding the array of sophisticated and non-transparent interactive marketing applications utilized by healthcare companies and the pharmaceutical industry to promote drugs online.

While lawmakers and regulators are focused on “do not track” laws and web browser fixes, online advertising technology is already being “unleashed” that will make such laws, regulations, and fixes obsolete before the ink is dry. That’s because these laws all focus on Web tracking cookies, which according to BlueCava CEO David Norris, “are a joke.”

BlueCava and other companies are developing “digital fingerprint technology to identify how we use our computers, mobile devices and TV set-top boxes,” according to this Wall Street Journal article. Here are some excerpts:

Device fingerprinting is a powerful emerging tool in this trade. It’s “the next generation of online advertising,” Mr. Norris says.

It might seem that one computer is pretty much like any other. Far from it: Each has a different clock setting, different fonts, different software and many other characteristics that make it unique. Every time a typical computer goes online, it broadcasts hundreds of such details as a calling card to other computers it communicates with. Tracking companies can use this data to uniquely identify computers, cellphones and other devices, and then build profiles of the people who use them.

Tracking companies are now embracing fingerprinting partly because it is much tougher to block than other common tools used to monitor people online, such as browser “cookies,” tiny text files on a computer that can be deleted.

It’s tough even for sophisticated Web surfers to tell if their gear is being fingerprinted. Even if people modify their machines—adding or deleting fonts, or updating software—fingerprinters often can still recognize them. There’s not yet a way for people to delete fingerprints that have been collected. In short, fingerprinting is largely invisible, tough to fend off and semi-permanent.

Blue Cava also is seeking to use a controversial technique of matching online data about people with catalogs of offline information about them, such as property records, motor-vehicle registrations, income estimates and other details. It works like this: An individual logs into a website using a name or e-mail address.

The website shares those details with an offline-data company, which uses the email address or name to look up its files about the person.

The data company then strips out the user’s name and passes BlueCava information from offline databases. BlueCava then adds those personal details to its profile of that device.

As a result, BlueCava expects to have extremely detailed profiles of devices that could be more useful to marketers. In its privacy policy, BlueCava says it plans to hang onto device data “for the foreseeable future.”

Pretty scary, huh?