Michigan Prepares To Sue DoubleClick for Spying

Just days after becoming the subject of investigations by the U.S. Federal Trade Commission (FTC) and the New York State Attorney General’s office, controversial Internet advertising agency DoubleClick, Inc. has been threatened with legal action by the state of Michigan’s Attorney General’s office.

The state is alleging that by engaging in a form of secret cyber wiretapping, DoubleClick has violated Michigan’s Consumer Protection Act.

Michigan has served DoubleClick and two Web sites that it owns and controls, IAF.net and NetDeals.com, with a “Notice of Intended Action,” which is a warning that the company has 10 days to stop the alleged illegal behavior or face a lawsuit.

In a press release issued Thursday, Michigan Attorney General Jennifer M. Granholm said, “DoubleClick is systematically implanting electronic ‘cookies,’ or electronic surveillance files, on the hard drives of users’ computers without their knowledge or consent.”

Granholm continued, “DoubleClick is then compiling personal user profiles on consumers, which potentially, can be linked directly to a consumer’s name, home address and e-mail account. DoubleClick has collected 100 million consumer profiles, according to news reports.”

“Every time you use the Internet, DoubleClick is placing a bar code on your back — a user I.D. — so that it can identify your interests, habits and preferences,” Granholm added. “Because DoubleClick secretly implants additional surveillance files as you surf the Internet, DoubleClick is continually adding detailed personal information about you to its databanks. The average consumer has no idea that their online movements are being spied upon; this amounts to little more than a secret cyber wiretap.”

The Cookie Issue

Granholm made it clear that Michigan’s problem is with DoubleClick’s manner of using cookies, not with the use of cookies in general. She explained, “A consumer visiting a trusted national clothing retailer’s site, for instance, might expect that retailer to collect preference information so the site could customize the consumer’s next visit.”

“That consumer would have no idea, however, that a third party — DoubleClick — is also placing a surveillance cookie on their computer for the purpose of selling that profile information to other Web advertisers,” she continued. “Consumers never intend to interact with DoubleClick, nor do they know they are being surveilled by DoubleClick, yet DoubleClick is collecting their detailed personal information. Nor does a consumer know how to ‘opt out’ of being tracked unless they know that DoubleClick exists and how to find its Web site.”

Concern About Abacus

Granholm said that Michigan is also concerned about DoubleClick’s acquisition of Abacus Direct Corp., which “compiles, analyzes and markets ‘identifiable’ personal consumer information such as names, home addresses and phone numbers gathered primarily from catalog sales transactions,” according to the press release.

Granholm added, “DoubleClick recently indicated that it ‘can associate’ the ‘identifiable’ personal information with the ‘non identifiable’ profile information it gathers from the surveillance cookies it is surreptitiously placing on computers.”

Moving Target

Granholm said that Michigan is also concerned about what it considers to be an “ambiguous” privacy policy. She warns, “DoubleClick’s privacy policy is a moving target and consumers should be extremely cautious about relying on the company’s vague promises. Today, the policy says one thing, but tomorrow, it may say another; we can’t be certain that tomorrow’s policy won’t allow the company to sell the information concerning your Internet use to the highest bidder.”

DoubleClick’s Response

At press time, DoubleClick had not issued a response to Michigan’s Notice of Intended Action. It did, however, issue a response to the investigations by the FTC and New York State.

DoubleClick president Kevin Ryan said, “We are confident that our business policies are consistent with our privacy statement and beneficial to consumers and advertisers. The FTC has begun a series of inquiries into some of the most well-known Web companies, including DoubleClick, and we support their efforts to keep the Internet safe for consumers.”

He added, “DoubleClick has never and will never use sensitive online data in our profiles, and it is DoubleClick’s policy to only merge personally identifiable information with non-personally identifiable information for profiling, after providing clear notice and choice.”