AI ,URES DoubleClick As you learned

AI ,URES
DoubleClick
As you learned in Chapter 5, DoubleClick is one of the largest banner advertising net-works in the world. DoubleClick arranges the placement of banner ads on Web sites. Like many other Web sites, DoubleClick uses cookies, which are small text files placed on Web client computers, to identify returning visitors. Most visitors find the privacy risk posed by cookies to be acceptable. The Web servers at Amazon.com, for example, place Amazon.com cookies on the computers of visitors to the site so the visitors can be recognized when they return. This can be useful, for example, when a visitor who has placed several items in a shopping cart before being interrupted can return to Amazon.com later in the day and find the shopping cart intact. The Amazon.com Web server can read the client's Amazon.com cookie and find the shopping cart from the client's previous session. The Amazon.com server can read only its own cookies; it cannot read the cookies placed on the client computer by any other Web server. There are two important differences between the Amazon.com scenario and what happens when DoubleClick serves a banner ad. First, the visitor usually does not know that the banner ad is coming from DoubleClick (and thus, does not know that the DoubleClick server could be writing a cookie to the client computer). Second, DoubleClick serves ads through Web sites owned by thousands of companies. As a visitor moves from one Web site to another, that visitor's computer can collect many DoubleClick cookies. The DoubleClick server can read all of its own cookies, gathering information from each one about which ads were served and the sites through which they were served. Thus, DoubleClick can compile a tremendous amount of information about a user's actions on the Web. Even this amount of information collection would not trouble most people. Double-Click can use the cookies to track a particular computer's connections to Web sites, but it does not record any identity information about the owner of that computer. Therefore, DoubleClick accumulates a considerable record of Web activity, but cannot connect that activity with a person. In 1999, DoubleClick arranged a $1.7 billion merger with Abacus Direct Corpora-tion. Abacus had developed a way to link information about people's Web behavior (col-lected through cookies such as those placed by DoubleClick's banner ad servers) to the names, addresses, and other information about those people that had been collected in an offline consumer database. The reaction from online privacy protection groups was immediate and substantial. The FTC launched an investigation, the Internet's privacy issues e-mail lists and chat rooms buzzed with furious conversation and, in the end, DoubleClick abandoned its plans to integrate its cookie-generated data with the identity information in the Abacus database. Although DoubleClick is still one of the largest banner advertising networks, it had been counting on generating additional revenue by using the information in the combined database that it was unable to create. When the FTC probe concluded two years later, DoubleClick was not charged with any violations of laws or regulations. The lesson here is that a company violates the Internet community's ethical standards at its own peril, even if the transgression does not break any laws.