As it prepares for a Congressional pow-wow on the "Privacy Implications of Online Advertising," behavioral ad targeter NebuAd has vowed to eat its infamous opt-out cookie.

"NebuAd is...developing a network-based opt-out mechanism that is not reliant on web browser cookies," reads a company press release. "Leveraging this advanced technology, ISP partners can offer this to their subscribers in order to honor their opt-out choices in a more persistent manner than current systems widely used today."

In Phorm-like fashion, NebuAd tracks the online activity of net surfers from inside ISPs, before shuttling this data to various online advertising networks. The technology does not require an opt-in, and at the moment, the opt-out mechanism is rather crumbly.

If you opt-out, NebuAd places a cookie on your system so it knows you've opted out. And if that cookie disappears, you're no longer opted-out. Among other things, this makes life ridiculously difficult for those privacy-minded folk who regularly rid their machines of browser cookies.

It's nice to know that NebuAd plans to eat its opt-out cookie. But this solves only half a problem. There should also be an opt-in.

US Congressmen Ed Markey, chairman of the House Subcommittee on Telecommunications and the Internet, and Joe Barton, a ranking member of the House Committee on Energy and Commerce, say that if ad targeters like NebuAd don't move to an opt-in model, they could violate Section 631 of the US Communications Act.

"Any service to which a subscriber does not affirmatively subscribe and that can result in the collection of information about the web-related habits and interests of a subscriber, and achieves any of these results without the 'prior written consent of the subscriber,' raises substantial questions related to Section 631," the Congressmen say.

Markey has urged American ISPs to freeze their behavioral ad systems while Congress looks into the matter. And many have obeyed.

Meanwhile, the Center for Democracy and Technology (CDT) has unveiled a new report (PDF) that questions whether an opt-in-less NebuAd skirts federal wiretapping regulations laid down by he Electronic Communications Privacy Act (ECPA) of 1986 and the Cable TV Privacy Act of 1984.

"We believe [NebuAd] may run afoul of current laws, which prohibit copying or use of the internet communications without the consent of the subscriber," CDT vice president of public policy Jim Dempsey tells us. "We believe that in this case, consent means prior express opt-in consent."

It's worth noting, however, that these federal statutes were enshrined before the internet changed the universe. They may or may not apply to newfangled privacy invasions like Phorm and NebuAd.

"I'm not so easily convinced the wiretapping laws come into play here. The purpose and techniques of true wiretapping are really very different from tracking someone on the internet," says Jonathan Kramer, a telecoms-savvy attorney with the Kramer Telecom Law Firm. "These laws are like rubber bands. You can stretch them to new technologies - but they may pop right back at you."

Congress will tug a few rubber bands this very morning, when the Senate Committee on Science, Commerce, and Transportation meets to discuss Phorm and the Phormettes. NebuAd CEO Bob Dykes will be on hand to defend the Silicon Valley startup, which likes to call itself "an online media company that provides state-of-the-art online privacy protection for consumers."

He may be fighting for the company's life. With an opt-in in place, a NebuAd has little hope of corralling the web surfers it needs to make its ad-happy technologies commercially viable. Heck, if an opt-in is required, most ISPs won't even sign the contract. They're more than willing to pimp your data, but not without an ample return. ®

Bootnote

Like Charter Communications, CenturyTel, Bresnan Communications, Embarq, and others, Midwestern ISP WOW! has suspended its use of NebuAd amidst those Congressional conversations. And other ISPs have frozen their use of Front Porch, another behavioral ad targeter. Unlike NebuAd, Front Porch says its system is opt-in only. But it's unclear whether the company has used an opt-out model in the past.

Related stories

• Advertisers say new cookie law met by browser settings (25 November 2009)

  https://www.theregister.com/2009/11/25/cookie_law/

• Ex-NebuAd staff target behavioural data via websites (20 May 2009)

  https://www.theregister.com/2009/05/20/insight_ready_nebuad/

• NebuAd knocks at death's door (19 May 2009)

  https://www.theregister.com/2009/05/19/nebuad_shutting_down/

• Please kill this cookie monster to save Europe's websites (18 May 2009)

  https://www.theregister.com/2009/05/18/eu_cookie_monster/

• Netizens sue NebuAd, data pimping ISPs (12 November 2008)

  https://www.theregister.com/2008/11/12/nebuad_sued/

• Controversial ad serving firm Adzilla pulls out of the US (14 October 2008)

  https://www.theregister.com/2008/10/14/adzilla/

• American ISP giants: If we Phorm, we'll get consent (25 September 2008)

  https://www.theregister.com/2008/09/25/verizon_on_behavioral_ad_targeting/

• NebuAd CEO quits (3 September 2008)

  https://www.theregister.com/2008/09/03/bob_dykes_nebuad_quits/

• NebuAd jettisons PR firm, employees (6 August 2008)

  https://www.theregister.com/2008/08/06/nebuad_changes/

• Congress quizzes world+dog over data pimping (4 August 2008)

  https://www.theregister.com/2008/08/04/congress_sends_data_pimping_letter/

• American data pimper exposes ad equation (24 July 2008)

  https://www.theregister.com/2008/07/24/embarq_reveals_nebuad_test/

• Congress accuses American Phorm of 'beating consumers' (17 July 2008)

  https://www.theregister.com/2008/07/17/house_nebuad_hearing/

• Congress spotlights another American data pimper (16 July 2008)

  https://www.theregister.com/2008/07/16/congress_questions_embarq_over_nebuad/

• NebuAd plays cat and mouse with data pimping opt-out (10 July 2008)

  https://www.theregister.com/2008/07/10/nebuad_opt_out_revisited/

• ISPs laud their data pimping services but refuse to use them (7 July 2008)

  https://www.theregister.com/2008/07/07/massillon_and_newwave_use_frontporch/

• Midwestern data pimping alive and well (2 July 2008)

  https://www.theregister.com/2008/07/02/wow_sticks_with_nebuad/

• CenturyTel joins Charter in data pimping freeze (30 June 2008)

  https://www.theregister.com/2008/06/30/centurytel_suspends_nebuad_plan/

• Charter suspends NebuAd data-pimping experiment (25 June 2008)

  https://www.theregister.com/2008/06/25/charter_suspends_nebuad_pilot/

• Researcher: NebuAd forges Google data packets (23 June 2008)

  https://www.theregister.com/2008/06/23/topolski_takes_on_nebuad/

• NebuAd looks to 'spyware' firm for recruits (20 June 2008)

  https://www.theregister.com/2008/06/20/nebuad_claria/

• US Congress questions legality of Phorm and the Phormettes (16 May 2008)

  https://www.theregister.com/2008/05/16/congress_questions_nebuad/

• American cable giant joins data pimping club (15 May 2008)

  https://www.theregister.com/2008/05/15/charter_and_nebuad/

• Data pimping catches ISP on the hop (22 April 2008)

  https://www.theregister.com/2008/04/22/wide_open_west_users_with_nebuad/

• American ISPs already sharing data with outside ad firms (10 April 2008)

  https://www.theregister.com/2008/04/10/american_isps_embrace_behavioral_ad_targeting/

• The Phorm files (29 February 2008)

  https://www.theregister.com/2008/02/29/phorm_roundup/