The Iconoclast Subscribe to The Iconoclast
May 15, 2008 12:30 PM PDT

Q&A with Charter VP: Your Web activity, logged and loaded

Posted by Declan McCullagh

Charter Communications is planning to monitor its customers' Web surfing and then, anonymously, display relevant advertisements.

What the third-largest U.S. cable operator, headquartered in St. Louis, Mo., probably wasn't planning on was a privacy-fueled Internet backlash that began a few days ago after it began notifying customers of its intentions. For its part, Charter describes its behavioral profiling plans this way: "innovative new technology in the field of online advertising enables Charter to provide you with an enhanced online experience that is more customized to your interests and activities."

Ted Schremp, Charter's senior vice president of product management and strategy, who says there's a lot of 'misinformation' about his company's plans to monitor users' activity so appropriate ads can be displayed.

(Credit: Charter Communications)

The disclosure led to a flurry of criticism, with Consumerist.com reprinting a letter from a Charter subscriber and speculation on DSLReports.com that existing Web advertisements would be intercepted and replaced by targeted ones. Slashdot called it "spying on" customers.

Missing were details about how Charter's system works, which we've tried to remedy with the following conversation that took place on Thursday with Ted Schremp, Charter's senior vice president of product management and strategy. Schremp confirmed that Charter is using technology from Redwood City, Calif.-based NebuAd--which is reminiscent of how British broadband providers have been working with Phorm, which uses deep packet inspection with "anonymized ISP data to deliver the right ad to the right person at the right time."

Now, there's nothing particularly novel about free Internet services that look at what you're doing and display relevant advertisements. Google.com and Gmail.com do just that. Nor is there anything novel about ad-supported Internet connectivity: Juno has offered this for years.

But, culturally speaking, Internet users have grown to expect broadband providers to provide mere pipes and not be involved in monitoring Web activity for advertising purposes. (There's also a difference between making monitoring a feature of the service from the beginning and adding it after you have millions of customers. Expectations have already been set.) So how to convince customers that monitoring is useful and sufficiently privacy-protective? How to handle requests to opt-out? Keep reading to see how Charter answers those questions.

Q: How does your "enhanced" Web browsing experience work?

We're sort of piloting the service in four markets. What's generated the activity is that we've proactively informed customers in these markets via letters. The trial hasn't actually started but it will shortly.

We're partnering with a third-party company called NebuAd. The system is designed to protect our customers' privacy. Their information is never shared with NebuAd. The way the system works is that it tracks URL information, again in an anonymous way, and uses it essentially to build a model that infers the customer's interests based on the URL visited. I can give you an example.

Q: Sure.

The easiest example is someone shopping for a car and visiting Honda.com, Toyota.com, Ford.com, Chevrolet.com. As our end user does that, the model becomes informed based on the notion that the end user may be shopping for a car. Let's say they go to a Web site that utilizes an ad network that NebuAd is part of. An ad may be served based on that model.

It doesn't sort of sit on top of advertising that's there. Most Internet advertising, as I'm sure you know, is served through ad networks (and NebuAd works with them).

Q: Do you know what ad networks it partners with?

That's a better question for NebuAd.

Q: Let's say NebuAd has a relationship with DoubleClick, and let's say CNN.com uses DoubleClick for advertising. If you visit car Web sites and then visit CNN.com, you're more likely to see a car ad as a result, right?

Yes. If you look at the transaction flow, if CNN has a relationship with DoubleClick, we, through this anonymous model, have provided information to NebuAd.

The ads that are already being served are being served on an informed basis. We're informing the model to an additional degree. There is a level of misinformation about how that works.

Q: There's been speculation that you're delivering additional ads through pop-ups or pop-unders or replacing existing ads. But you're not doing that, are you? Charter customers would see a more targeted ad instead of an existing generic ad.

What you said is correct. What's being said is incorrect. We're not serving additional ads. We're not replacing ads.

Q: Do you know how many sites are participating, how much of your customers' attention you can capture? How big is this?

My understanding is that NebuAd has partnered with ad companies that represent the majority of Internet advertising. The majority of Internet advertising is syndicated.

Q: What other ISPs are doing this, as far as you know?

We really don't know. We can really only speak to Charter.

Q: If you're conducting deep packet inspection, that means you know what data your customers are transferring. Are you going to look for evidence of copyright infringement, child pornography, and so on as well?

The enhanced advertising solution does not utilize deep packet inspection. It looks at URL level information only. That's another point of misinformation on the Net.

Q: You're saying that URL-level information is not deep packet?

Suffice it to say that we're using URL-level information only.

Q: Maybe this is a confusion over terminology. To obtain the domain name to route the packet, you need to look at only the headers through shallow packet inspection. Obtaining the URL means unpacking and understanding one more level, the Hypertext Transfer Protocol. Are you looking beyond the domain name to the URL, say ford.com/mustang and ford.com/focus?

The way the model's built is that they're trying to inform what's essentially a preconstructed model. We're looking at the complete URL. How often that URL-level information is utilized in the context of building a model, I don't know.

There are a number of categories, call them all sensitive in nature, that are clearly exempted from any (inspection) including items of a sexual nature, medical nature.

Q: If you're getting a new stream of revenue from NebuAd, does that mean lower prices for your customers?

As we've gone into these pilots, we've conducted a series of focus groups to help us understand from their perspective, does this technology add value to their Internet experience, talk through privacy concerns, and so on. What our customers have shared with us is that they understand the fact that advertising is part of the Internet model. To the extent that fuels the economics behind the Internet, they understand that. They appreciate the notion that ads that are being served are attuned to their interests or potential interests.

We view it the same way as offering faster Internet speeds. This is no different. It's about taking the latest technology and applying it as a way to be useful to our customers.

Q: One point of criticism has been the way your opt-out mechanism currently works. In the future, are you going to allow a customer to opt-out their entire household, without having to set a browser cookie for each user account on each computer?

The cookie-based opt-out was arrived at on the basis of our focus groups and the nature of the Internet household at this point. The majority of households are becoming multi-PC households. The users are a variety of folks, be it spouses, kids, etc. The way we've done it is very consistent with Internet use in the household. The notion of a cookie-based opt-out supports a variety of choices.

The intent of pilots and the intent of being very forthcoming with our customers is to let us fine-tune the deployment.

Q: Do you have any plans to fine-tune it and make any changes?

At this point it's very early. I think it's consistent with the way we've rolled out any other product.

Q: Can you disclose how much you expect to receive in terms of revenue?

We don't disclose the terms of our agreements or this sort of detail.

Q: If NebuAd gives you a box or boxes that you place on your network, these devices will have access to all of your customers' traffic. Have you independently verified that privacy protections are in place and the boxes act the way you think they will?

Absolutely. What we heard from customers is that No. 1, ensure that my privacy is being protected and give me an opt-out should I choose that path. When we picked a partner, that was (important). We're confident that all baseline privacy regulations are accommodated in the engineering of the solution.

Q: Though it's still going to be a box on your network. You're going to have to trust them to some extent to get the privacy safeguards right.

In any relationship there's always a level of trust. But there's also a level of rigor and selection and testing and we've applied that here.

Q: What reaction have you received from your customers?

It's still pretty early. As I said before, our objective from day one has been to be very proactive and forthcoming with the information. We've had some levels of calls and inquiries and so on, and it's mostly "Try to help me understand how my privacy is (protected) in the engineering of the solution."

Q: Is there anything else you'd like to add?

The key from our perspective is that we're very customer-oriented in everything we do. The privacy concerns and the ability of our customers to opt-out and the fact that we're talking today is indicative of that as well. We want to be very clear that they have a choice.

Recent posts from The Iconoclast
Housing bill and fingerprint registry encounter Senate setback
Judge sets Facebook hearing status to 'private'--hmm
Verizon offers details of Usenet deletion: alt.* groups, others gone
ISPs: We're limiting our own Usenet groups, not blocking others
Secretive D.C. firm says corn growers' anti-Google letter is legit
Add a Comment (Log in or register) 22 comments (Page 1 of 3)
by Save_Me_from_my_Govt May 15, 2008 1:40 PM PDT
What part of "I don't WANT my web-surfing monitored and my 'experience' modeled" do these clowns not understand??? I'm going to block their ads anyway, and if they continue to "monitor" and "model", I'd use another vendor.
Reply to this comment
by umbrae May 15, 2008 1:41 PM PDT
Thank you Cnet. I will never get services from Charter Communications now. Any sort of Deep Packet inspection data mining is bad news. They should be ashamed of themselves.
Reply to this comment
by RobertAPierce May 15, 2008 2:32 PM PDT
This is absolutely crazy, anyone who is a charter customer should either drop their service immediately or (if they don't have a valid alternative) complain to let charter know you don't want them snooping on all your traffic. Suffice it to say that I would never consider a charter customer as long as this program is in place.......
Reply to this comment
by JRude667 May 15, 2008 2:58 PM PDT
I'm not market driven. I pay almost NO attention to ads...especially the jittering obnoxious high CPU ones! There IS such a thing as bad publicity! I know what I'm looking for when I search and will target my OWN sites and products! Ads for sites I frequent are a necessary evil for paying the freight. I do not need ''targeted'' ads for ANY reason. I do not need another entity snooping on what I do! How long til NSA hooks into all the Packet Inspection hardware...they already ARE!? What a blow for privacy and Freedom.
Reply to this comment
by JRude667 May 15, 2008 3:01 PM PDT
I'm not market driven. I pay almost NO attention to ads...especially the jittering obnoxious high CPU ones! There IS such a thing as bad publicity! I know what I'm looking for when I search and will target my OWN sites and products! Ads for sites I frequent are a necessary evil for paying the freight. I do not need ''targeted'' ads for ANY reason. I do not need another entity snooping on what I do! How long til NSA hooks into all the Packet Inspection hardware...they already ARE!? What a blow for privacy and Freedom.
Reply to this comment
by Earl Benzar May 15, 2008 3:27 PM PDT
Excellent questions. There is no way in hell I want my ISP monitoring my web surfing. What part of "invasion of privacy" does this clown not understand?
Reply to this comment
by jake_n May 15, 2008 3:53 PM PDT
Don't forget FiOS is moving accross the country and may be near you soon. The heck with these guys tracking us. of course Verizon may have the same idea. Using firefox which dumps your cookies every time you close it would also help
Reply to this comment
by zeroplane May 15, 2008 4:51 PM PDT
Ok so what is going to stop me from: a) Paying a 3rd party to provide a 256-bit encrypted proxy over port 80 for all of my requests. b) Using vendors that provide encrypted connections nntp/pop3/SSL c) Using the free anon-network and also dumping all cookies on browser close may help. But these guys are tracking your movement by your account/IP address through their routers.. they don't just use cookies.
Reply to this comment
by scoosdad May 15, 2008 6:34 PM PDT
I'm a Charter customer in one of the affected markets, and two things were not addressed in this article/interview: 1. Why, when setting the cookie to opt-out, did Charter require us to fill in our name, address, account number, email address, etc. on a web form? Once for every browser, in each PC or laptop. Why on earth was all that information needed in order for the cookie to be set? 2. Does Charter (and its customer) realize that the cookie is only good for 12 months? According to my cookie file, the cookie that was set by connect.charter.com (cookie name "knanpro") expires exactly one year from the day it was set. Great opt-out, Charter. In a year we're all going to be seeing the ads again (if we're still subscribing). The letter that was sent to us made it all sound so beneficial to me, like it was almost something I'd pay more money to get: "an enhanced online experience".... "innovative new technology". Charter, I'd actually pay for innovative new technology if it helped me more than it helped you. That letter did absolutely nothing but cover their legal butts. I laughed out loud when I read the BS in it. It's posted in its entirety on dslreports, go read it for a chuckle. "Focus group", bah. "Yes please, I want to see your targeted ads, it sounds great to me!" I'm lucky to have other options, and I'm one long-time Charter customer who intends to follow through with my threat to cancel my Charter internet, phone, and HD cable TV if they don't back off on this plan. This CNET article did nothing to reassure me. Someone needs to ask them again, this time with some tougher questions than these softballs.
Reply to this comment
by loserguy3000 May 15, 2008 6:43 PM PDT
"We view it the same way as offering faster Internet speeds. This is no different." And thus the dance continues. I could barely make it through the interview...if you could even call it that. Seldom have I ever felt to dirty in watching a company spin a destructive and potentially illegal activity towards it customers. This is data collection and dissemination. This is clearly nothing more than a dominant communications company leveraging their customer base to increase profitability in the what should be the most secure of environments - their privacy. Stating that certain areas would be off-limit (sexual, medical) implies filtering, which further implies data-mining. The question here isn't technical, but lawful and intrusive. When the company states that collecting data and using that to modify the browsing experience based on paths well traveled, this clearly implies a degradation in overall service parallel with Pay TV vs. standard cable, with sprinkles of invasive behavior thrown in for good measure. As the interviewee stated, there's nothing new or fundamentally wrong with allowing a company to inspect and display advertising based on targeted key-words or the like, but this usually comes at the expense of the company offering (namely free) service. Suspecting a paying client base to not only pay full price for the pleasure of inviting increased marketing into their homes - and then making them swallow the idea its a service UPGRADE (again "We view it the same way as offering faster Internet speeds. This is no different") is beyond despicable and atrocious. It borders on criminal. I would encourage each and every Charter member to abandon ship pronto, to seek their internet provider elsewhere. You may pay more and experience slower speeds, but please respect companies that respect your patronage, and not squeeze you further under the assumption they're doing you a favor. Absolutely shameful.
Reply to this comment
1 | 2 | 3 | Next 10 Comments >>
Powered by Jive Software
advertisement
Click Here

  • About The Iconoclast

  • Declan McCullagh has covered politics, technology, and Washington, D.C. for over a decade, which has turned him into an iconoclast and a skeptic of anyone who says: "We oughta have a new federal law against this."

Add this feed to your online news reader
Google
Yahoo
MSN

The Iconoclast topics

Most popular stories

  1. Photos: Top 10 newly discovered species

  2. Photos: Army designates year's best inventions

  3. Photos: Cracking Open the Apple Macintosh Classic

  4. Photos: Top 10 reviews of the week

  5. Source: Protective order will keep Viacom out of sensitive YouTube user data

Latest tech news headlines

All News.com headlines »

Featured blogs

Beyond Binary by Ina Fried

Coop's Corner by Charles Cooper

Defense in Depth by Robert Vamosi

Geek Gestalt by Daniel Terdiman

Green Tech

One More Thing by Tom Krazit

Outside the Lines by Dan Farber

The Social by Caroline McCarthy

Underexposed by Stephen Shankland

advertisement
Welcome (log out) |View profile
Log in | Sign up Why join?
On MovieTome: SEX AND THE CITY clips are here!
Advanced
search
Advanced
search
Visit other CBS Interactive sites