Skip to main content

tv   [untitled]  CSPAN  June 19, 2009 2:30am-3:00am EDT

2:30 am
certain risks. therefore we must continue to examine ways tone sure consumers don't have their personal information compromised. the technology industry is one of the most advanced and competitive industries in our country. it is also one of the most beneficial both for consumers and for our economy. we're able to share information, exchange ideas and conduct commerce in way that is were never imagined just a few decades ago. the industry also provides millions of good high-paying jobs for people all across this country. one thing that i think we must -- that must be pointed out is that industry has evolved and grown on its own with little regulation from the federal government. as some would say that government's failure to regulate this industry is one of the reasons it's grown and provided so many goods. yes, there have been bad actors in the industry and there are issues we must address in protecting consumers' personal information. but i hope that we would proceed with caution when stepping in or when drafting legislation in this area. i hope the focus of today's hearing is how we can protect
2:31 am
consumers and their personal information and what steps the industry will take to do that. i hope today's hearing does not focus on how the government can improve the industry. as we continue to delve into this industry and this issue today in future hearings we should focus on the consumer and what will offer consumers the greatest transparency into the online practices and give them meaningful control over their personal information. for this reason i believe that self-regulation is sufficient and privacy regulatory requirements are needed they should be consistent across the industry and not be greater for one technology compared to another. everyone involved in online advertising, isp's, search engines, advertising networks, web site publishers and others, should all be subject to the same requirements and congress should not try to pick winners and losers. after all, consumers are not always aware that their internet activities are being tracked. they care about what information is collected and what it's used for. they want to know if this is
2:32 am
going on, and if so they should be able to opt out if they so choose and be assured that a breach of their personal information will not occur. i look forward to the hearing and the comment from our panelists today, particularly on self-regulation and what changes they will make tone sure that protection of personal information and what changes they plan on making moving forward. it is important that these commitees and socks understand their positions and activities as well as all the imimplications of these new advertising practices. thank you and i yield back. >> the chair thanks the gentleman. as i i underkated earlier, there's a vote occurred on the house floor. it's a series of votes. and so we will recess the committee until the completion of those votes. and we will reconvene 15 minutes after the commotion of those votes. the -- the committee now stands
2:33 am
in recess. >> the committee will reconvene. i certainly want to thank each and every one of you for your patience. i want to also apologize for the time that you have been forced to spend here.
2:34 am
this is i think an abnormal day with a lot of abnormal activities. and i might add it's been a record-breaking day, according to some notes we've had at least 54 consecutive votes one after another, that's never happened before that we know. so it's not that we're proud of it but the fact that it's been that kind of a day. and we're going to proceed right through our witnesses. i want to start on my left -- to the right we will proceed with introducing witnesses. mr. jeffrey chester is the executive director for the center for digital -- let me --
2:35 am
all right. let me -- ok. this is the correct. we'll start of here. mr. edward with. felten is professor of computer science at princeton university. next to mr. felten is ms. anne toth. she's the vice-president of policy and head of privacy for yahoo! miss napol wong is deputy general counsel responsible for privacy for google. mr. christopher r. kelly is the chief privacy officer at facebook. mr. jeffrey chester now is the executive director of the center for digital democracy.
2:36 am
mr. charles d.corran is. that how you pronounce that? is executive director of network advertising initiative. and mr. scott cleland is the president of the precursor, llc. again we want to thank the witnesses for their patience and for their appearance before the subcommittee this morning. it is the practice of this subcommittee now that we will swear in all the witnesses. so will you please stand and raise your right hand? >> do you solemnly swear to tell the truth, the whole truth and nothing but the truth? >> let the record reflect that all the witnesses have in the affirmative. -- have responded in the affirmative. and now we ask the witnesses to enter into opening statements. and mr. felten, you are recognized for five minutes or
2:37 am
thereabouts, ok? so hold the mic in front of you, turn it on and let her rip. thank you. >> thank you, chairman rush, chairman boucher for the opportunity to testify today. my name is edward felten. i'm a professor of computer science and public affairs at princeton university. i'm here as the technologist. i'm a computer science professor and i'd like to explain some of the technology behind behave yearal advertising. the most serious privacy concerns are raised not by the presence of advertising but by the gathering of information about users that can be used either to target ads or for other purposes. i'd like to describe what technology makes possible. responsible ad sr. voices do not do everything that's possible. and i don't mean to imply otherwise. others on the panel can describe what their own systems do do. to explain what this technology allows i'd like to walk through a scenario illustrated by the
2:38 am
diagram on the left page of my written testimony. and if i could have the display, please, of the powerpoint. >> i think they're trying to bring that up. scu ises. >> whaled like to describe, mr. chairman, is a scenario involved in behave yearal advertising. thank you. in the beginning of the scenario irgo to a weather web site and look up the forecast for washington. the web site sends me a page with the forecast information and a hole where the ad should be. and along with that page it sends my computer a command telling it how to find the ad. following these instructions, my
2:39 am
web browser connects to an ad service shown here at the bottom a. and asks for an ad. along with this request, information is sent to the ad service about me. the fact that i'm looking up thursday's forecast for washington and the fact that i normally look up the forecast in princeton, new jersey. the ad service remembers this information. the ad service sends an ad which is inserted into the page. the service also sends an ad in this case related to travel to washington because i looked up the washington, d.c. forecast. the service also send along a so-called cookie which contains a small unique code which in this example in the diagram is 7592 and my computer scores this cookie. later i visit a social network page which also con taint an ad. again page has a blank space for the ad and my computer contacts the ad service to get an ad. my computer automatically send along the cookie that service provided earlier.
2:40 am
this request for an ad carries more information about me. it says that i'm interested in baseball and jazz which the social network site knows, and that my name is edward felten. the ad service recognizes that the cookie is the same as before so it knows that i'm the same person who looked up d.c. weather earlier. and it adds the new information to its profile of me. the service sends back an ad. this time it's an ad for a washington nationals ticket because i looked up washington weather earlier and i'm interested in baseball. notice that the ad is connectin -- the ad service is decking the dots between things that i did on different sites between something i did on the weather site and something i did on the social network site. this allows it to better target ad and also to build up a more extensive profile about me. next go to a bookstore and look up books about travel in hawaii. the bookstore site sends this information to the ad service along with another ad request. again the cookie allows the ad service to link together my
2:41 am
bookstore activities with my earlier activities on other sites. the ad service sends back an ad for jazz c.d.'s because it knows i like jazz because the social network site told it. by this point the ad service knows enough to identify me. it knows i live in princeton and it knows that my name is edward felten. the ad service buys access to a third-party commercial data base. using what it knows about my identity to get more information about me. in this example the ad service gets my credit report and my insurance history, which it adds to my profile along with the other information it had. and finally go to a news site that uses the same ad service. my computer again requests an ad. the ad service in this case sends an ad for budget hawaiian vacations. it knows that i'm interested in visiting hawaii because i looked at hawaii books at the bookstore. and it knows i'm interested in a low-cost trip because it has my credit report.
2:42 am
the news site send information about what i was reading. in this example i was reading about cancer treatments. this information is added to my profile as well. in this scenario the ad service got information in three-ways. first, content providers sent along information about what i was doing on their sites and what i had done in the past. second, the ad service connected the dots to link my activities across different sites at different times. and third, the ad service accessed third-party commercial data bases. all of this information ended up in my profile. the result was well-targeted ad but also the creation of an electronic profile of me containing sensitive information which could in principal be reused or sold for other purposes. ad services are not the only parties who can assemble such profile but large ad services do have a prime tonight to build profiles due to their relationships with many content
2:43 am
providers who can pass along information about users. and due to the ad service's ability to connect the dots by linking together an user's activities across different websites. all of this is possible as a technical matter which is not to say that responsible ad services do all of it or even most of it. ad services may be restrained by law, by self-regulation or by market pressures. what is clear is that technology by itself cannot protect users from broad gathering and use of information. >> i'm embarrassed to say this but would you please bring your statement to a close? we've extended your time. >> thank you, mr. chairman. i was just wrapping up. i just wanted to thank the committee for holding this hearing and for giving me the opportunity to testify. thank you. >> thank you so very much. mrs. toth? is it toth or toth? >> it's toth. >> mrs. toth, you are recognized for five minutes for the purposes of opening statements.
2:44 am
>> chairman boucher and rush, ranking members stearns and rodanovich, members of the subcommittees, i appreciate the opportunity to appear before you today at this important hearing. my name is anne toth and i am yahoo!'s vice-president of policy. i joined the company over 11 years ago and became one of the very first dedicated privacy professionals at any online company. my job is making sure yahoo! maintains and earns its user's trust every day. yahoo! was founded by -- who were trying to help people find information that was useful and informative to them among the early clutter of the worldwide web. what began as popular websites quickly grew into a widely recognized brand which began as an innovative products and services to 500 million users worldwide. the internet has changed a great deal and this hearing recognizes its importance in our global economy. gone are the days of one size fits all internet content. our consumers expect not only that yahoo! will meet their needs but that we will
2:45 am
anticipate those needs as well. the same is true for advertising. consumers are more likely to click on advertising that speaks directly to them and their interests. for example, yahoo! might deliver ads featuring hybrid cars if the users spend a great deal of time on yahoo! green or has recently browsed car reviews on yahoo! autos. put sickfully, cut tomorrowized -- customized advertising -- yahoo! offers these services for free. our business also depends almost entirely on the trust of our users. it has been paramount to our growth and is critical for our future's success. our approach to privacy couples front end transparency, meaningful choice and user education with back-end protections for data that limit how much information and how long personal identifiers are maintained. let's start by talking about transparency. our leading edge privacy center which you can see in the slides that's being projected provides easy navigation, information on
2:46 am
special topics and gives prominence to our opt out page. and actually if we could move to the next slide. making it simple for users to find and exercise their privacy choices. we have also experimented with a number of ways to provide notice and transparency outside of standard privacy policies, giving users multiple privacy touch points. we number also put control in the hands of our users. we have an opt out that now applies to interest based advertising both on and off the yahoo! network of websites. whether an user touches us as a first party publisher or third-party network we want them to have a choice. we also didn't want users to have to redo their opt outs again and again and took the further step of making our opt out persistent for users who registered for a yahoo! account. this means that these user whose clear chair advertently clear their privacy choices at the same time. the final aspect of the front end of privacy protection is user education. for over a year yahoo! has displayed on average 200 million ads per month that explain our
2:47 am
approach to privacy. all of these front end steps are complimented by back end protections. we focus on security and data retention as core aspects of protecting back end privacy. we recently announced the industry's leading data retention policy. under this policy we will retain the vast majority of our web logged data in identifiable form for only 90 days. this dramatically reduces the forward of time we will hold log file data in identifiable form and vastly increases the scope of data covered by the policy. the limited exceptions to this policy are explained more fully in my written testimony. we believe that our front end back end approach to privacy build a circle of trust with users, providing transparent circumstances meaningful choice and extensive education coupled with strong security and minimum data retention. much attention has been recently fade to the question of whether an opt out or an opt in approach for user control in the area of interest based advertising is best. the answer is both. the decision about whether toe
2:48 am
ask for opt in consent or give users the opportunity to opt out depends on the individual services being provided and the information being collected. most advances in online privacy protection have come as a result of industry initiative and self-regulation. market forces drive companies like yahoo! to bring privacy innovations to customers quickly as one company leads many others follow or leap frog by innovating in new ways. so as congress considers its role in helping protect consumer privacy online, yahoo! hopes that legislators will consider an approach that enables providers to keep pace not only with technological advances but with customer demand and expectations as well. i am very proud of yahoo!'s record of trust and commitment to privacy and the industry's history of responsible self-regulation. i look forward to sharing our experience with you in more depth and i'm happy to answer your questions. thank you. >> thank you, ms. toth. now the chair recognizes
2:49 am
ms. long. ms. long, you have five minutes or thereabouts. ed. >> thank you. chairman rush and boucher, ranking members rodanovich and stearns and members of the committee, i'm pleased to appear before you this evening to discuss online advertising and the ways that google protects our use ers' privacy. online advertising is critically important to our economy. it promotes freer, more robust and more diverse speech, it enables many thousands of small businesses to connect with consumers across the nation and around the world. it helps support the hundreds of thousands of blogs, online newspapers and other web publications that we read every day. over the last decade the industry has struggled with the challenges of providing behavioral advertising. on the one hand well-tail order ad benefit consumers and advertisers alike. on the other hand we recognize the need to develop relevant ads by respecting use ers privacy.
2:50 am
in march google entered the space and announced our release of interspace advertising for our partners sites and for youtube. -- people visit to make the online ad space seem more relevant. relevant advertising has fueled much of the content products and services available on the internet today. as google prepared to roll out interspace advertising we talked to many users, privacy and consumer advocates and government experts. those conversations led us to realize that we needed to solve three important issues in order to provide consumers with greater transparency and choice which are core design principles at google. first, who served the ad? second, what information is being collected and how is it being used. and finally, how can consumers be given more control over how their information is used? this evening i'd like to show you how we answered each of those questions with the launch of interspace advertising which includes innovative, consumer friendly features to provide meaningful transparency and choice for our users.
2:51 am
when you see an online ad today you generally don't know much about that ad. it's difficult to tell who provided the ad and how your information is being collected and used. google is trying to solve this problem by providing a link to more information right in the ad. as you can see where it's labeled ads by google. this is very different from but we believe that it is important to provide users with more information about the ad right at the point of interaction. we believe this is a significant innovation that empowers consumers, and we think that this is the direction that many in the industry are going. if you're curious about getting information about the ad, you can click on the google link and navigate to an information page about google ad which you can see here. on this page, you're invited toughie's ut our ads preference manager which helps explain in plain language user friendly format what information is being collected, how it's being used and how you can exercise choice and get more information about how this advertising product works.
2:52 am
here's the ad's preference manager. this innovative tool allows you to see what interests are associated with an advertising cookie, the double click cookie, that is set in the browser you're using. in this case, google has inferred that -- should be associated with hybrid cars, movie rentals and sales and real estate. this is because i visited sites using the browser about hybrid, movies and real estate. ads preference manager most users had no idea what interests were being associated with their cookies online by advertising companies. we're the first major company to introduce this kind of transparency. now you can see those interests. and if you don't agree with those interests maybe you're not a movie fan or simply don't want to see ads about movies you can delete many of them or as few or as many as you want. for example if you want to delete movie rentals and saleious can do that with one click and i've just done. that likewise you can add any interests you like. note that google does not use
2:53 am
sensitive categories so there's nothing in here about sexual orientation, religious affiliation, health status or the like. but there are many many other options. for example, if you're a sports fan you can associate your cookie with sports. and with a click i've decided that i'd like to receive ads personal identified for sports fans. if you prefer not to see interspace ads from google you can opt out at any time with one click. after you opt out, google won't collect information for interspace advertising and you won't receive interspace ads from us. you'll still see ads but they may not -- may not be as relevant. the opt out is achieved by adding an opt out cookie to your browser. these cookies in the industry have not been persistent. that is they're they're often deleted from the browser when the user deleads the cookies. so developers have developed a tool that was not previously available that makes google's opt out cookie continue. after you opt out click the
2:54 am
download button and follow the instructions that save your opt out settings even when you clear your cookies. i hope this gives you a better idea of how google shows interspace ads and how we provide consumers with transparency in the right place at the right time as well as using meaningful granular and choices for opting out. thank you very much for your time. >> we welcome mr. kelly. mr. kelly you're recognized for five minutes. >> thank you very much. chairman rush and boucher and ranking members rodanovich and stearns and members of the subcommittees, thank you for the opportunity to address important privacy matters on the internet. we' degree with you that protecting privacy is critical to the future growth of the internet economy. facebook now serves more than 200 million active users worldwide, roughly 700 million are in the united states. we are a contingency company that gives people the power to share their lives and experiences in an authentic and trusted environment, making the world more open and connected.
2:55 am
facebook's privacy settings give users control over how they share their information, allowing them to choose the friends they accept, the affiliations they choose and how their information is shared with their friends and if they desire the world at large. today i would like to make four key points. first, facebook's user centric approach to privacy is unique, innovative and empowers consumers. our privacy centric principles are at the core of our advertising model. second, in offering its free service to users facebook is dedicated to developing advertising that is relevant and personal without invading use ers' privacy and to giving users more control over how their personal information is used in the online advertising environment. third, we primarily achieve these objectives by giving users control over how they share their personal information that model real world information sharing and providing them transparency about how we use their information in advertising. and fourth, the federal trade commission's behavioral
2:56 am
advertising -- recognize facebook in its ad targeting in the use of aggregate, non-personally identifiable information that is not shared or sold to third parties versus other sites and company's surreptitious harvesting and sales to third-party companies. facebook understands few of us want tor her mits sharing information with anyone. or some people want to share everything with everyone. most people want to share with friend family and others that they share social context on a regular bagses seeking to control who gets our information and how they have access to it. people come to facebook to share information. we give them the technological a tools to manage that sharing. contrary to some popular misconceptions, full information on facebook users isn't even available to most users on face book lot alon all users on the internet. if a friend is searching for our users on facebook all she might see is the limited information
2:57 am
that those users have decided to make available. most of our users choose to limit what profile information is available to non-friends. they have extensive and precise control available to who cease what among their networks and friend as well as tools that give them the choice to make a limited set of information available to search engines and other outside entities. we are constantly refining these tools to allow users to make informed choices. everyday use of the sited kates users as to the power though have over how they share their information and user feedback informs everything that we do. facebook is transparent with our users about the fact we are an advertising-based business and we explain to them fully the use of their personal data they are authorizing by interacting with facebook either on facebook facebook connect sites throughout the web. ads targeted to user preferences and demographics have always been part of the advertising industry. but critical distinction that we embrace in our advertising policies and practices and that
2:58 am
we want this committee to understand is between the use of personal information for advertisements in personally identifiable form and the use, disaccept nation or sharing of information with advertisers in non-personally identifiable form. user's should choose what information they share with advertisers. this is a distinction that few companies make and facebook does it because we believe it protects user privacy. ad targeting that shares or sells personal information to advertisers, name, e-mail or other contact information without user control is materially different from targeting that only gives advertisers the ability to present their ads based on aggregate data. so to take in dr. felten's example, if you were to navigate to the social networking site in his example if it were facebook, we would not be sharing with the ad provider that he was edward felten or that he likes jazz. so on facebook a feed is established where people know what uploading and receive timely reactions from their friends. the privacy policy and users
2:59 am
experience inform them about how advertising on the service works. advertising that enables us to provide the service free to yearses is targeted to the expressed attributes of a profile and presented in the space on the page allocated for advertising without granting an advertiser access to any individual userrer's profile. unless an user decides otherwise by directly and voluntarily sharing information with an advertiser, advertisers can only target facebook advertisements against non-personally identifiable attributes of an user derived from profile date too. facebook builds and supports products founded on the principles of transparency and user control and we thank you very much for the opportunity to present our philosophy in the approach to online advertising before this committee. >> the chair thanks the gentleman. the chair now recognizes mr. chester for five minutes. >> i want to thank the chairs and ranking members and members of the committee for their interest in privacy

248 Views

info Stream Only

Uploaded by TV Archive on