Q&A with Charter VP: Your Web activity, logged and loaded
Charter exec Ted Schremp talks about the ISP's plan to "model" your online interests for ad purposes and also protect your privacy.
Declan McCullaghFormer Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Charter Communications is planning to monitor its customers' Web surfing and then, anonymously, display relevant advertisements.
What the third-largest U.S. cable operator, headquartered in St. Louis, Mo., probably wasn't planning on was a privacy-fueled Internet backlash that began a few days ago after it began notifying customers of its intentions. For its part, Charter describes its behavioral profiling plans this way: "innovative new technology in the field of online advertising enables Charter to provide you with an enhanced online experience that is more customized to your interests and activities."
The disclosure led to a flurry of criticism, with Consumerist.com reprinting a letter from a Charter subscriber and speculation on DSLReports.com that existing Web advertisements would be intercepted and replaced by targeted ones. Slashdot called it "spying on" customers.
Missing were details about how Charter's system works, which we've tried to remedy with the following conversation that took place on Thursday with Ted Schremp, Charter's senior vice president of product management and strategy. Schremp confirmed that Charter is using technology from Redwood City, Calif.-based NebuAd--which is reminiscent of how British broadband providers have been working with Phorm, which uses deep packet inspection with "anonymized ISP data to deliver the right ad to the right person at the right time."
Now, there's nothing particularly novel about free Internet services that look at what you're doing and display relevant advertisements. Google.com and Gmail.com do just that. Nor is there anything novel about ad-supported Internet connectivity: Juno has offered this for years.
But, culturally speaking, Internet users have grown to expect broadband providers to provide mere pipes and not be involved in monitoring Web activity for advertising purposes. (There's also a difference between making monitoring a feature of the service from the beginning and adding it after you have millions of customers. Expectations have already been set.) So how to convince customers that monitoring is useful and sufficiently privacy-protective? How to handle requests to opt-out? Keep reading to see how Charter answers those questions.
Q: How does your "enhanced" Web browsing experience work?
We're sort of piloting the service in four markets. What's generated the activity is that we've proactively informed customers in these markets via letters. The trial hasn't actually started but it will shortly.
We're partnering with a third-party company called NebuAd. The system is designed to protect our customers' privacy. Their information is never shared with NebuAd. The way the system works is that it tracks URL information, again in an anonymous way, and uses it essentially to build a model that infers the customer's interests based on the URL visited. I can give you an example.
The easiest example is someone shopping for a car and visiting Honda.com, Toyota.com, Ford.com, Chevrolet.com. As our end user does that, the model becomes informed based on the notion that the end user may be shopping for a car. Let's say they go to a Web site that utilizes an ad network that NebuAd is part of. An ad may be served based on that model.
It doesn't sort of sit on top of advertising that's there. Most Internet advertising, as I'm sure you know, is served through ad networks (and NebuAd works with them).
Q: Do you know what ad networks it partners with?
That's a better question for NebuAd.
Q: Let's say NebuAd has a relationship with DoubleClick, and let's say CNN.com uses DoubleClick for advertising. If you visit car Web sites and then visit CNN.com, you're more likely to see a car ad as a result, right?
Yes. If you look at the transaction flow, if CNN has a relationship with DoubleClick, we, through this anonymous model, have provided information to NebuAd.
The ads that are already being served are being served on an informed basis. We're informing the model to an additional degree. There is a level of misinformation about how that works.
Q: There's been speculation that you're delivering additional ads through pop-ups or pop-unders or replacing existing ads. But you're not doing that, are you? Charter customers would see a more targeted ad instead of an existing generic ad.
What you said is correct. What's being said is incorrect. We're not serving additional ads. We're not replacing ads.
Q: Do you know how many sites are participating, how much of your customers' attention you can capture? How big is this?
My understanding is that NebuAd has partnered with ad companies that represent the majority of Internet advertising. The majority of Internet advertising is syndicated.
Q: What other ISPs are doing this, as far as you know?
We really don't know. We can really only speak to Charter.
Q: If you're conducting deep packet inspection, that means you know what data your customers are transferring. Are you going to look for evidence of copyright infringement, child pornography, and so on as well?
The enhanced advertising solution does not utilize deep packet inspection. It looks at URL level information only. That's another point of misinformation on the Net.
Q: You're saying that URL-level information is not deep packet?
Suffice it to say that we're using URL-level information only.
Q: Maybe this is a confusion over terminology. To obtain the domain name to route the packet, you need to look at only the headers through shallow packet inspection. Obtaining the URL means unpacking and understanding one more level, the Hypertext Transfer Protocol. Are you looking beyond the domain name to the URL, say ford.com/mustang and ford.com/focus?
The way the model's built is that they're trying to inform what's essentially a preconstructed model. We're looking at the complete URL. How often that URL-level information is utilized in the context of building a model, I don't know.
There are a number of categories, call them all sensitive in nature, that are clearly exempted from any (inspection) including items of a sexual nature, medical nature.
Q: If you're getting a new stream of revenue from NebuAd, does that mean lower prices for your customers?
As we've gone into these pilots, we've conducted a series of focus groups to help us understand from their perspective, does this technology add value to their Internet experience, talk through privacy concerns, and so on. What our customers have shared with us is that they understand the fact that advertising is part of the Internet model. To the extent that fuels the economics behind the Internet, they understand that. They appreciate the notion that ads that are being served are attuned to their interests or potential interests.
We view it the same way as offering faster Internet speeds. This is no different. It's about taking the latest technology and applying it as a way to be useful to our customers.
Q: One point of criticism has been the way your opt-out mechanism currently works. In the future, are you going to allow a customer to opt-out their entire household, without having to set a browser cookie for each user account on each computer?
The cookie-based opt-out was arrived at on the basis of our focus groups and the nature of the Internet household at this point. The majority of households are becoming multi-PC households. The users are a variety of folks, be it spouses, kids, etc. The way we've done it is very consistent with Internet use in the household. The notion of a cookie-based opt-out supports a variety of choices.
The intent of pilots and the intent of being very forthcoming with our customers is to let us fine-tune the deployment.
Q: Do you have any plans to fine-tune it and make any changes?
At this point it's very early. I think it's consistent with the way we've rolled out any other product.
Q: Can you disclose how much you expect to receive in terms of revenue?
We don't disclose the terms of our agreements or this sort of detail.
Q: If NebuAd gives you a box or boxes that you place on your network, these devices will have access to all of your customers' traffic. Have you independently verified that privacy protections are in place and the boxes act the way you think they will?
Absolutely. What we heard from customers is that No. 1, ensure that my privacy is being protected and give me an opt-out should I choose that path. When we picked a partner, that was (important). We're confident that all baseline privacy regulations are accommodated in the engineering of the solution.
Q: Though it's still going to be a box on your network. You're going to have to trust them to some extent to get the privacy safeguards right.
In any relationship there's always a level of trust. But there's also a level of rigor and selection and testing and we've applied that here.
Q: What reaction have you received from your customers?
It's still pretty early. As I said before, our objective from day one has been to be very proactive and forthcoming with the information. We've had some levels of calls and inquiries and so on, and it's mostly "Try to help me understand how my privacy is (protected) in the engineering of the solution."
Q: Is there anything else you'd like to add?
The key from our perspective is that we're very customer-oriented in everything we do. The privacy concerns and the ability of our customers to opt-out and the fact that we're talking today is indicative of that as well. We want to be very clear that they have a choice.