Behavioural advertising may breach US wiretapping laws

Richard Clayton ukcrypto at chiark.greenend.org.uk
Wed, 9 Jul 2008 00:50:16 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


CDT have just published an opinion suggesting that behavioural
advertising (such as the NebuAd and Phorm systems) will breach US
wiretapping laws.

The illegality will be fixed in some states with the permission of the
end-user (rather as it would have been in the UK until Oct 2000 under
IOCA 1985). However, some states require both ends of the communication
to give permission (as is the case under RIP 2000 now in the UK). In
particular California also has an extra-territoriality provision so it
would apply if only one end of the communication was in California...

Of course there's hardly any websites in California....

CDT have some interesting remarks about permission:

  Consent is context-based. It is one thing to imply consent in the
  context of a prison or a workplace, where notice may be presented as
  part of the daily log-in process. It is quite another to imply it in
  the context of ordinary Internet usage by residential subscribers,
  who, by definition, are using the service for personal and often
  highly sensitive communications. Continued use of a service after a
  mailed notice might not be enough to constitute consent. Certainly,
  mailing notification to the bill payer is probably insufficient to put
  all members of the household who share the Internet connection on
  notice.

  Thus, it seems that an assertion of implied consent, whether or not
  users are provided an opportunity to opt out of the system, would most
  likely not satisfy the consent exception for the type of interception
  or disclosure under consideration here. Express prior consent (opt-in
  consent) is clearly preferable and may be required. While meaningful
  opt-in consent would be sufficient, courts would likely be skeptical
  of an opt-in consisting merely of a click-through agreement -- i.e., a
  set of terms that a user agrees to by clicking an on-screen button.if
  it displays characteristics typical of such agreements, such as a
  large amount of text displayed in a small box, no requirement that the
  user scroll through the entire agreement, or the opt-in provision
  buried among other terms of service.

http://cdt.org/press/20080708press.php

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSHP9OJoAxkTY1oPiEQITPwCfTCPL+fMKn2e6ujM4OgKAqdyZOD0AoLag
SoU2Eaccpm6nPXEe7uVHRl6Q
=5r66
-----END PGP SIGNATURE-----