This is Professor Michael Rappa from North Carolina State University in Raleigh, North Carolina, and I’m here today to talk about my course, Managing the Digital Enterprise.
There’s one area of web-based advertising that raises some particular concerns with respect to the privacy of web users and consumers, and one organization in particular, although, by no means, not the only one that tends to attract attention in this regard, is DoubleClick. DoubleClick is one of the leading providers of tools for advertisers and direct marketing folks and web publishers to help them plan, execute and analyze marketing programs online, and it’s important to understand sort of how advertising networks like DoubleClick work in order to fully appreciate what risks, if any, they represent in terms of user privacy and privacy related issues.
From a practical point of view, as you surf the web and look a little bit more closely at what’s going on when you visit web pages, you’ll get a better appreciation for how third‑party advertising networks like DoubleClick actually work, and so this something very practical you can do. You can visit your favorite, let’s say news web site; you can go somewhere like TheNewYorkTimes.com, for example, and like every other web page that you visit, as we’ve discussed in earlier conversations, web pages are constructed of a number of files, so there may be a basic text file or HTML based file that includes the various text that the page is composed of and gives structure to the page.
But many of the images that are associated with that page are delivered as separate files when a request to the page is made. All of the associated image files are requested as well, and those are what give the page its look and feel, and some of those images, if you look at any number of web sites that have advertising on them; some of those images may or may not come from the site of origin, so what I mean by this is to say if you take the example and visit TheNewYorkTimes.com, and then you take a close look at some of the advertising banners that are part of that homepage to the New York Times; if you use a browser like Firebox, for example, you’ll be able; if you bring the mouse over the image, you might be able to see the destination URL to that image.
That is where it would take you if you clicked on that image, and you might also be able to learn what’s the source URL of that image itself, and so if you sort of do this little experiment, what you’ll notice is that the source image URL is coming from a server location that is typically, if it’s an advertisement, not coming from that home web site itself; not coming from, in this example, TheNewYorkTimes.com, but maybe coming from any of a number of other sites, and usually, it’s hard to decipher what the site is. It may be simply a number; it may be an acronym that you don’t recognize.
If you do a look up on it, what you’ll find is that the image for the advertising is being pulled from a server of a third-party advertising network, and it might be DoubleClick; it might be any of a handful of other ones, and the destination URL; that is, if you clicked on that image, it would take you through, for example, a DoubleClick server to the final destination, so if you look at the destination URL, you’ll see something that begins with a kind of DoubleClick.com URL, and it will usually go on for a long string of characters that ends with the ultimate destination URL, and so whatever the product or service being advertised is.
What’s happening here then; what you need to understand is that when you pull up a web page and the associated images with that web page, those images are potentially coming from another server that’s not directly the server of the site you visited to, and that third-party server that’s serving up the images is typically an organization like DoubleClick, and DoubleClick will serve up advertising images to a large constellation of major web sites that it has agreements with as part of it’s advertising network.
If you’re someone who wants to advertise on the Internet and you want to advertise across a significant number of web sites and you want to have banner images served up millions of times in a given period of a month or three months, whatever it may be, you’re typically going to go to a third-party advertising network like DoubleClick to manage that campaign, and DoubleClick is going to place those advertisements on the set of sites that fall within it’s network that makes sense for the advertising.
Now, what does all this mean; why is it important; what’s significant about it? Well, if you step back for a second now and imagine yourself surfing from, let’s say the TheNewYorkTimes.com to the WashingtonPost.com to cnn.com and onward, and each of those sites, if you look very closely and see that you’re being severed up advertising images that are originating from a third-party network, and let’s say it’s DoubleClick, then what’s happening as you surf across web site to web site to web site across the Internet is you’re making requests to that distant advertising network server at DoubleClick.
And so your location and your behavior is, in a sense, now actually being tracked from location to location to location, even though if you’re at the New York Times, when you leave the New York Times, the New York Times has no idea where you’ve left to or gone to on the Internet necessarily and doesn’t know necessarily where you’re coming from, a third-party advertising network like DoubleClick is able to, in a sense, reconstruct an individual surfing history across a fairly large constellation of web sites, and so if you kind of think about that for a second and say okay; there’s one organization out there then who is reconstructing a click path that, unlike normally when we talk about click paths, we’re talking about surfing through a given a web site in the case of advertising networks like DoubleClick, they’re collecting click paths of users across web sites as they go across the Internet to the extent that they are touching upon the major web sites that are a collection of their advertising network.
So that’s something, if you start to think about that and let it seep in a little bit, you’ll start to fully appreciate that a third-party advertising network is a really in a very interesting position in terms of the kind of information that it’s basically compiling on web users that gives it a very unique perspective of behavior that travels from site to site to site.
So unlike an individual web site, like the New York Times or the Washington post, that may have a fairly significant amount of information about you and your preferences and what kind of news you like to read and how you set your preference in terms of the things that you want to learn about to the extent that you are a registered user, a third‑party network has another facet of understanding in terms of you as an Internet user and your behavior across web sites
And now, that’s a very useful thing from an advertiser’s point of view, and one can kind of debate whether that’s helpful to the consumer or not, but clearly, there’s a motivation there from the point of view of marketing to be able to understand a user and to, in a sense, track their behavior across a number of web sites that might help optimize what kinds of advertising offers are delivered to them, so that’s all worthy of debate, and people on the marketing side can argue that this is all useful and valuable and leads to higher degrees of consumer satisfaction, better-targeted advertising and so forth.
But on the other side, I think there’s a certain degree of discomfort, particularly among privacy advocates, but I think any reasonably minded individual, once they understand how the process works, may develop a certain degree of discomfort with this notion that there are individual organizations that create profiles of their surfing behavior, and then sell that information to advertisers and others who want to market goods and services to you, so clearly, there’s a tradeoff there. There may be some positives, but certainly, we also need to consider the negative downside of this in terms of what are reasonable expectations on the part of users in terms of just the privacy that they have as they surf from site to site. One could argue that there’s not much privacy, and this is just that much less privacy, but I think it’s certainly worthy of debate.
Now, part of what makes this process all possible and what helps DoubleClick really kind of connect you as an individual user to your surfing pattern is the cookie process, which we discussed earlier in the conversation on analytics, so when you point your browser to a web site, the first thing that the web site does is to ask your browser whether it has a cookie that has been collected from that web site, and if it has had a cookie before, then that cookie is sent to the web site and a new one is sent back, a process somewhat like that.
If the browser doesn’t already have a cookie, then the cookie is sent, and if the browser accepts cookies, then that little string of data is added into cookie cache file of the user’s browser, so now, when an advertiser like DoubleClick is sending advertising banners to its various web sites, you, as a user, move from web site to web site to web site; that server is basically ID’ing you as the same individual through that cookie process, and so cookies are a very important part of how third-party advertising networks work, and it’s one of the primary reasons why privacy advocates have long been somewhat uncomfortable with the whole cookie processing and how cookies work and the lack of awareness that users have about cookies being passed back and forth between servers and browsers with very little awareness or knowledge by the users themselves.
Now, unless you can configure your browser to alert you when cookies are being transferred or when cookie requests are being made, this is all transparent in the background. Unless you’re a knowledgeable user and you’ve read about cookies and you understand how they work, then you really don’t know what’s happening there because there is no real indication to you, as the user, of what’s going on.
I think it’s interesting that a lot of the debate and, certainly, controversy about cookies over the past decade has really helped people understand; 1.) why they’re necessary in some instances in order to actually do things on the Internet, but also when they’re used in conjunction with third-party marketing networks, advertising networks, why they may present a certain degree of privacy issues that people should understand, and this has really become an interesting thing, and research, more recently, has shown that as awareness of cookies has gone up among web users that there’s been more a growing proportion of web surfers who, with some degree of frequency, have begun to manage the cookie process more carefully, and, in particular, going into the cookie cache within their browser and either deleting their cookies or selectively deleting cookies that are not helpful to them or don’t do things that are useful or that they don’t know what they do.
And so this whole issue of cookie deletion has kind of come to the forefront and what impact that that may have as more and more users begin to manage cookies in terms of how third-party advertising networks work and how attempts to optimize marketing based around cookies will succeed or fail based on how much cookies are really being kept or deleted, so to the extent that cookies remain kind of a ongoing and viable process in terms of as people surf the Internet and advertising networks are able to use the cookie process, will have a kind of ongoing issue in terms of the kind of information that a third-party ad network is able to collect, and there’s some, I think, legitimate concern that these networks are able to create fairly detailed and significant profiles of surfing behavior that to the extent they go so far as to be able to identify individual users and to use that information and sell that information; that this overall process may need some closer inspection and, indeed, may need some oversight in terms of what are acceptable business practices and kind of what may cross the line.
Now, the case study of DoubleClick is a worthwhile example, if only because it’s really kind of been a leader in this whole process, and that kind of cuts both ways in terms of being able to advance the technology, but also to really come up against those lines between what might be considered acceptable or unacceptable to the broader community, and a few years back, DoubleClick had acquired a very large database of consumer information based on credit card purchases called Abacus, and at the time, some people felt that the potentiality of tieing together actual people and their purchase activities and a lot more of the detail about them that gets bound up in a data set that Abacus had with - it’s a sort of an online surfing profiling that DoubleClick was already doing, really went potentially too far, and that’s really what kind of propelled DoubleClick into the limelight, like none other of the third-party advertising networks.
There was, I think, a very keen perception by privacy advocates that this whole thing was going too far now; that being able to have fairly significant dossiers on individual consumers that tied their purchase habits in with their surfing habits; was just too much of an exposure or going too far, really, in terms of their ability to know so much more about us than most people really understood or most consumers understood.
And so DoubleClick kind of served as a lightening rod for privacy advocates to show just what some of the, the kind of downside exposure is to the privacy levels of individuals as they use the Internet, and certainly, everyone has a kind of mutual interest in the overall health and growth and productive usage of the Internet, such that we want to be sure that we’re doing things that people understand and are comfortable with. Whether we’re individual consumers or whether we’re businesses, we really want to make sure that our customers are comfortable with the medium so that they come back and continue to use it.
And so understanding how do these things work and what kind of data is being collected and how that data is being collated with other data really becomes a very important issue. Now, to DoubleClick’s credit, I think; they became much more sensitized to privacy issues through this process, and I think turned around and really tried to work hard to allay peoples fears and to start to sort of draw up and become part of the whole process by which we think about privacy guidelines and privacy policies and notifications to users and consent of users and so forth.
Now, clearly, there are going to be some people on the privacy advocates side, who are still not happy, still think we need to go further in protecting individual users and their right to surf the Internet without their activities being monitored to some great extent, and there may be people rightfully on the other side, downplaying these exposures to some extent, but I think that conversation and that debate still has to continue because this is an evolution in technology, and as we go forward, I think the worst thing that we could do is top talking about what are we doing on the Internet; to what extent does is create benefits or exposures for individual users, and how do we keep users educated and informed about the decisions that they can be making to protect their own privacy and to be knowledgeable about when they are divulging data about themselves and when they can choose not to.
Certainly, the more education that users have, the better off we’ll all be in terms of where things head into the future, but I think there is a really important responsibility on the part of managers in digital enterprises to also have an appreciation of what’s going on; what kinds of information are being collected; to what extent information is being collected by third parties like advertising networks; what’s happening with that data; how is the data being used; to what extent is it used for their marketing purposes; that the manager of the digital enterprise really needs to have a keen understanding of what’s going on so that they can be proactive in making decisions about what really has business value; what has a business exposure to it in terms of the extent to which my customers are comfortable with the data that’s collected and how its being used. I think that the dangers here with respect to data collection and data privacy issues is that when consumers are ignorant of what’s going on; the extent to which they are surprised when they learn about what’s happening in the background, I think, is what creates the kind of downside exposure.
As a manager, I’d rather not have surprises. If I have customers who are knowledgeable and educated and understand upfront the kinds of things which are happening and how that information is being used and consent to its use to the extent that they see those things viable, then I think that puts us in a better position in terms of managing the enterprise, and also warding us off from doing things that may be have less value and greater exposure with our customers in terms of what their comfort levels are.
So whatever we can do to educate the consumer; to make sure that their aware of the kinds of data that are being collected about them and how these advertising networks work, I think are all helpful things moving into the future.
Now, the other thing that we need to understand is that advertising networks and the nature of advertising on the Internet, the whole evolution around rich media as we move from relatively simple imaged-based banner advertising to much more rich, flash-based and animated advertising with the video embedded and sound, and other kinds of elements which can be embedded, such as tracking of mouse-overs and other kinds of things; that as we move to these more rich and complex forms of media for advertising and all of the associated ability for that media to collect even more information about what the user is doing when they’re interacting with such media; I think it shows that we’re still very much in a period of rapid evolution, where efforts to provide better targeting and better advertising and more effective advertising need to be balanced with greater awareness and understanding and sensitivity to the kinds of privacy issues, which emerge with respect to the information that’s being collected, and to make sure that there are continued efforts to inform and educate web users and customers or customers in particular about how their interaction with such rich media may play a role in how they’re marketed too.
As a user of the Internet, I think it’s incumbent upon you to become much more of an active and aggressive privacy-aware individual, one that starts to look a little bit more closely at privacy policies that are posted on their favorite web sites; that look closely at the kinds of third-party data-sharing arrangements, which may exist between that web site and others and take a much closer look at what you’re doing in the background with respect to what kinds of cookies you’re collecting and what the expiration dates on those cookies are and to the extent that a certain cookies provides you with useful service, such as; for example, making it easy to for you to be recognized as a return visitor on a web site so that you don’t have to log in versus cookies, which you feel may unnecessarily be exposing yourself to advertising that you don’t want or simply have no purpose or you don’t understand why they exist in your cookie browsers, and to start to manage that process more closely; keep the cookies you want; delete the ones you don’t want; regularly delete the whole set if its not an inconvenience to you.
But just to take a proactive stance on managing your own privacy as you surf around the Internet, and I think between the two, between managers becoming more sensitive to making sure that their customers are knowledgeable and educated about some of these processes of what’s going on and users, themselves, becoming better educated and more aggressive about protecting their privacy interest; that between the two of those, we’ll be moving into a much better place with respect to the Internet.
The worst thing that we could do is simply to ignore the situation and to pretend it doesn’t exist and to pretend and to allow consumers to the extent that they are to remain ignorant about what’s happening with respect to data that’s being collected about them. It might seem like clever marketing, but I think, ultimately, in the end, when such techniques come to the light of day and are looked with much more careful scrutiny that the backlash from consumers won’t be worth the benefits gained, and, ultimately, to the extent that we really don’t achieve the goals of becoming more knowledgeable, both from the business side and the consumer side, and then, ultimately, we may be faced with greater and greater degrees of government regulation over the process in order to protect consumers where that protection is seen as necessary.
So as you surf the web, take a closer look the next time. When you visit your favorite web sites, deconstruct some of those images; look at where the images are coming from; what destination’s they’re taking you to, and then think about the process by which you share that information, and make decisions knowledgably about what information you want to share as you surf the Internet.
This is Professor Michael Rappa. Until next time, wishing you all the best with your studies.
(Music)
[End of Audio]
Unedited transcript of audio podcast produced on November 15, 2005.
Audio source file: http://digitalenterprise.org/podcasts/doubleclick.mp3
Michael Rappa is the Alan T. Dickson Distinguished University Professor of Technology Management at North Carolina State University.
For more information, please visit: digitalenterprise.org
Copyright 2006 Michael Rappa. All rights reserved. Please do not reproduced, distribute or quote without written permission of the author.