ISPs to Congress: Let us regulate our own privacy practices

Broadband service providers are perfectly capable of setting up appropriate safeguards for users who may be targeted by behavioral ad platforms, said ISPs' executives this morning. It's the content providers we should be worried about.

It was an eerie setting on Capitol Hill this morning, as representatives from three of the nation's largest broadband ISPs -- Verizon, Time Warner, and AT&T (Comcast was conspicuously absent) -- plus the founder of Public Knowledge, noticed the hearing taking place in front of them very nearly suggested the absence of a quorum. Not that the subject of ad targeting methodologies for broadband users wasn't important. But with the Senate Commerce Committee's own chairman absent from this morning's hearing, and with only three senators present at any one time -- the bare minimum -- you definitely got the feeling something bigger was going on next door.

The looming debate over the nation's pressing economic crisis, which has now reached a critical state, couldn't have come at a better time for this morning's witnesses, some of whom argued -- one from Verizon quite vehemently -- that further Congressional legislation was not necessary to ensure that ISPs institute best practices to protect the safety of users' private information. In fact, perhaps no one was happier that today's hearing ended up lasting just over one hour.

"At this juncture, we aren't prepared to embrace legislation," stated Tom Tauke, Verizon's Vice President of Public Affairs. He was responding to a question from Sen. Amy Klobuchar (D - Minn.), asking him if there's any models he would look to for basing potential legislation that would restrict service and content providers' ability to collect and utilize personal information from users without their consent, for use in advertising.

Tauke argued that the US Federal Trade Commission -- an agency of the executive branch, not Congress -- is already the enforcement agency for business practices, and he clearly preferred it to remain that way.

"One of the reasons why we are a little unsure about legislation at this juncture is because this technology is developing so rapidly," Tauke testified. "And there are different technologies that are being used to do different things. As I think all of us have alluded to in one way or another, the technology isn't in and of itself bad. The technology can do terrific things, in order to enhance online experiences. It's how it's handled, and what the consumer role is."

Earlier, Verizon's Tauke put forth his company's opinion that consumers should be given direct control over how and when their personal data is being collected and used, and that the controls a service gives them should make obvious sense to them.

In a recent formal assessment by Verizon officials on this subject, he testified, "it seemed clear to us that consumers want information so that they know what's going on. They want to be in control of their online experience, and they want to be able to choose whether or not their online usage is tracked and used to send them targeted advertising. Secondly, we concluded that any policy governing online advertising should be centered around the notion of meaningful consent by the consumer. We had a lot of discussion about 'opt-in' and 'opt-out.' We concluded that those terms aren't particularly meaningful in the online world. Most consumers, I suspect, are like me. We're trying to do something online, the screen pops up, we hit 'OK' or 'Continue' and move on, not really aware of what we've just opted into.

"So we focused on the concept of meaningful consent and what that means," Tauke continued. "Our sense is that meaningful consumer consent in this content requires three elements: One, transparency. That means, conspicuous and clearly explained disclosure to consumers about what types of data are collected, for what purposes, and how it will be used. Affirmative choice is the second principle. With knowledge of what they are choosing, consumers would have to affirmatively agree to permit tracking of their online activity. Third, consumer control. Consumers should have the ongoing ability to change their choice."

All three ISPs present this morning presented a multiple-bullet-point framework for their respective best practices. AT&T senior vice president and chief privacy officer Dorothy Attwood explained hers: "transparency, customer control, privacy protection, and customer value. More specifically, we believe that a forward-looking advertising practice requires a forward-looking customer notice and consent model. For this reason, AT&T will not use consumer information for online behavioral advertising without an affirmative advance action by the customer that's based on a clear explanation of how the consumer's action will affect the use of her information. This means that a consumer's failure to act will not result in any collection and use of that consumer's information for online behavioral advertising purposes by default."

Attwood left the door wide open for ISPs to use behavioral targeting, joining her counterparts in arguing that technology should not be regulated so much as the use of that technology.

Speaking on behalf of Time Warner Cable, its senior vice president and chief strategy officer, Peter Stern, followed suit by leaving the same door open just as wide, and by presenting a best practices framework that sounded...intriguingly familiar at this point.

"Presently, Time Warner Cable does not engage in targeted Internet advertising as an ISP or as a Web site operator," Stern testified. "If Time Warner Cable decides to engage in such activities, our customers' privacy will be a fundamental consideration. The protection of subscriber privacy is not only important as a matter of public policy. Our ability to succeed depends on winning and retaining the trust of our customers.

"Accordingly, we support a framework that would provide consumers that would provide consumers with the opportunity to affirmatively consent to receive online targeted advertising," he continued. "We believe that achieving and sustaining our subscribers' trust requires adhering to a privacy framework that addresses four principles: first, giving customers control; second, providing transparency and disclosure; third, safeguarding personal information; and fourth, providing customers with value."

Next: ISPs call upon Congress to worry about the other guy...