The Congressional Privacy Caucus plans to kick off its session in the 107th Congress with a hearing later this month on Web bugs, also known as clear GIFs. Web bugs are graphics embedded in Web pages or in e-mail messages that can track site visitors or readers of e-mail.
The CPC is a bipartisan group of Congress members that plans to look into privacy issues. The CPC is co-chaired by Sen. Richard Shelby, R-AL; Sen. Christopher Dodd, D-CT; Rep. Edward Markey, D-MA; and Rep. Joe Barton, R-Texas. A date for the hearing has not been set yet.
According to Barton, Web bugs are used by companies for financial gain and put individual privacy at risk.
“They are used as a tool for tracking individual users' movements on the Internet and what sites they view,” he said in a statement. “Through this method, a user's profile can be 're-created' over time, allowing advertisers to direct information specifically to an individual user.”
One company that acknowledged using Web bugs is online advertising firm DoubleClick Inc., New York.
The company was forced to disclose that fact recently as a result of its settlement with the Federal Trade Commission, which in January ended its nearly yearlong investigation into DoubleClick's data practices.
The investigation began in February 2000 to determine whether the company merged offline consumer data with its anonymous online consumer data. Although DoubleClick had planned to merge the data when it acquired Abacus Direct in 1999, privacy concerns and a lack of industry standards forced it to abandon those plans.
As part of the agreement with the FTC, DoubleClick said it would modify its privacy policy to disclose its use of Web bugs, create an opt-out for cookies and clarify its Internet address finder e-mail practices.
A spokeswoman for the company said DoubleClick is drafting the changes and plans to have them in place by late February or early March.
The company this week appointed Nuala O'Connor, formerly its deputy general counsel for privacy, as vice president of data protection and chief privacy officer for e-mail and emerging technologies. In that role, O'Connor will focus on developing consumer information policies for e-mail and new products and on enhancing internal privacy policies, no doubt with an emphasis on Web bugs.
Meanwhile, the Privacy Foundation, Denver, a nonprofit consumer education group and privacy watchdog, said the use of Web bugs is tantamount to illegal wiretapping.
“It's very illegal,” said Richard Smith, chief technology officer at the Privacy Foundation. “But it's also very easy to do. The possibility of e-mail wiretapping is one of the most egregious violations imaginable and therefore opens up a nefarious business opportunity that should be watched closely.”
In August last year, the Privacy Foundation issued an advisory on its Web site to raise consumer awareness of Web bugs. In December it began beta testing software that it claimed can detect Web bugs when they appear on Web pages or in e-mails and can inform users that they are being tracked.
The group also proposed guidelines for the use of Web bugs and sent them to 40 Internet marketing companies and trade groups. Those guidelines call for icons indicating that Web bugs are present; identification of their origin; full disclosure of the bugs' functions; the ability for the visitor to opt out; and the exclusion of bugs from pages of a sensitive nature, such as those containing medical or financial data.
Smith said the fear among privacy advocates is that unscrupulous marketers could use Web bugs to easily harvest thousands of e-mail addresses. That data could then be used to spam the owners of those addresses.
Web bugs allow a user's movements online to be tracked by using JavaScript, a programming language developed by Netscape Communications, now a division of AOL Time Warner. Users of America Online's Internet service are not vulnerable to Web bugs. Neither are people who use Web-based e-mail programs such as Microsoft Corp.'s Hotmail. Users of Netscape Messenger 6 are vulnerable to Web bugs.
Philip Gordon, an attorney at the Denver law firm Horowitz & Wake and an expert on wiretap law, said the use of Web bugs to obtain data from unsuspecting Web surfers is illegal and could carry civil and criminal penalties.
“Anyone considering the e-mail wiretap as a new tool for collecting 'payload' from the unsuspecting should think twice,” Gordon said. “The potential civil and criminal penalties are severe.”
Gordon, who is also a fellow of the Privacy Foundation, said the Federal Wiretap Act outlaws the interception of e-mail without the consent of at least one party to the communication. He also said the illegal use of Web bugs could be considered a violation of the Computer Fraud and Abuse Act. Fines for these violations range from $10,000 to $500,000, he said, and they also could carry jail time of up to five years.
