DoubleClick under email attack for consumer profiling plans

The Center for Democracy and Technology (CDT) unveiled the campaign yesterday, calling for a stop to what it describes as DoubleClick's efforts to use its relationships with prominent Internet companies to track the online activities of millions of individuals and tie them to those individuals' offline activities.

DoubleClick denied that it collects information on personally identifiable individuals in an email response to the campaign sent to it clients yesterday.

"DoubleClick does not use highly sensitive information for profiling such as health information, detailed financial information, information of a sexual nature and information on children," the email reads. "DoubleClick will not link personally identifiable information about a user to online behavior without first giving that user notice and the choice not to participate.

"DoubleClick does not and cannot know the identity of a user online unless that user has provided that information to an Abacus Online participant who has provided the user with the appropriate notice and choice."

Gregg Bishop, the vice president for technology operations at DoubleClick client TheStreet.com, said his company began receiving emails from the protest list at about noon yesterday. He said he had received 2,200 emails from the campaign by early this morning.

"The first thing we did was turn around and contact DoubleClick," he said. "We were told that what the CDT is doing is legal."

Bishop said TheStreet.com does not share information about its customers with DoubleClick. He said the company will post a policy regarding its relationship with DoubleClick on its Web site and refer people who complain through the CDT's email distribution list to that statement.

"I've only noticed one complaint that has come from our more than 100,000 actual customers," he said.

The protest comes after DoubleClick last week quietly published a new privacy policy that discloses plans to create a database of consumer profiles that would include each user's name and address; retail, catalog and online purchase history; and demographic data.

The database, which DoubleClick says will only be seen by the company itself, is intended to help the targeted marketing efforts of its nascent U.S.-based Abacus Alliance--an outgrowth of its recent acquisition of direct marketer Abacus Direct.

Until recently, DoubleClick's policy was to refrain from correlating personal information with its 100 million cookies, which are scattered worldwide. But the new database will rely on the cookies, which the company places on Net users' computers to record surfing habits and display pertinent advertising. Net users aren't informed when they are given a DoubleClick cookie unless their browser is preset to do so, but they can "opt out" through the company's Web site.

The CDT Web site gives consumers instructions on how to remove the cookies from their computers and opt out of the system. It also includes a form letter that visitors can elect to send to the public email addresses of DoubleClick's CEO and 60 of the company's clients.

CDT spokesman Ari Schwartz said the DoubleClick clients targeted in the campaign were culled from DoubleClick's Web site and SEC filings. The email is being distributed through a mailing list dubbed "doubleclickwatch." Targeted companies have the choice of opting out of the list by replying to the email, although companies that opt out may continue to receive individually addressed emails.

"To whom it may concern," the message begins. "I understand that you are a member of the DoubleClick network. This means that you allow DoubleClick to collect information about what I do at your Web site. I believe that this practice is objectionable and should not occur without my explicit permission."

Among the companies included on the email distribution list are AltaVista, Ask Jeeves, AuctionWatch, Blue Mountain Arts, Drkoop.com, Hewlett-Packard, Kozmo.com, Network Solutions and The New York Times Co.

Schwartz said that at least 500 emails went out from the site in the first five hours of the protest, which began at 10 a.m. PST. In that time, two recipients asked to be removed from the list, he said, although Schwartz declined to identify them.

Schwartz said the CDT did not know which sites might be involved in providing personal information to DoubleClick to link online and offline data about their customers' behavior. But he said the group wants to harness the public to put pressure on all of DoubleClick's estimated 11,500 clients to protect customers' privacy.

"We want these companies to be aware that their customers are concerned about this issue," he said.