Ad network barred from online snooping

An online advertising network used by CNN, Orbitz and the Red Cross has agreed to stop snooping on consumers’ website activity to target them with ads about incontinence, impotence and bankruptcy.

In its privacy policy, Epic Market claimed that it would collect information only about consumers’ visits to sites in its network. However, according to the Federal Trade Commission,  ittook advantage of a security flaw in popular web browsers and used cookies to covertly detect which other websites had been visited by users.

However, according to the FTC, Epic was employing history-sniffing technology that allowed it to collect data about sites outside its network that consumers had visited, including sites relating to personal health conditions and finances.

It was able to determine whether a consumer had visited any one of more than 54,000 domains, including pages relating to fertility issues, impotence, incontinence, debt relief and personal bankruptcy.  

“Consumers searching the internet shouldn’t have to worry about whether someone is going to go sniffing through the sensitive, personal details of their browsing history without their knowledge,” says FTC chairman Jon Leibowitz.  “This type of unscrupulous behavior undermines consumers’ confidence, and we won’t tolerate it.”

The settlement bars Epic from such activity in future and orders the company to destroy the information it gathered illegally.

But the American Civil Liberties Union believes that the FTC has failed to ensure that such activity couldn’t happen again.

“The FTC’s reliance on its ‘deception’ authority (in which Epic has been punished not for abusing a browser flaw, but for not telling consumers about it in its privacy policy) raises serious questions about whether another ad network could lawfully engage in similar harvesting of private consumer data if it merely disclosed the activity in the small print of a privacy policy that no one reads,” says principal technologist and senior policy analyst Chris Soghoian.

He also criticizes the companies that partnered with Epic.

“Epic’s behavior reflects a failure by CNN, Orbitz and the Red Cross to police the behavior of the advertising companies they partner with, and an unwillingness to protect the privacy of their own customers,” he says.