And Google Inc., the leading online advertiser, stated that it had begun using Internet tracking technology that enabled it to more precisely follow Web-surfing behavior across affiliated sites.
"Increasingly, there are no limits technologically as to what a company can do in terms of collecting information . . . and then selling it as a commodity to other providers," said committee member Edward J. Markey (D-Mass.), who created the Privacy Caucus 12 years ago. "Our responsibility is to make sure that we create a law that, regardless of the technology, includes a set of legal guarantees that consumers have with respect to their information."
Markey said he and his colleagues plan to introduce legislation next year, a sort of online-privacy Bill of Rights, that would require that consumers must opt in to the tracking of their online behavior and the collection and sharing of their personal data.
Google, in its letter to committee Chairman John Dingell (D-Mich.), Markey, Stearns and Rep. Joe L. Barton (R-Texas), stressed that it did not engage in potentially the most invasive of technologies -- deep packet inspection, which companies such as NebuAd have tested with some broadband providers. But Google did note that it had begun to use across its network the "DoubleClick ad-serving cookie," a computer code that allows the tracking of Web surfing.
Alan Davidson, Google's director of public policy and government affairs, stated in the letter that users could opt out of a single cookie for both DoubleClick and the Google content network. He also said that Google was not yet focusing on "behavioral" advertising, which depends on website tracking.
But on its official blog last week, Google touted how its recent $3.1-billion merger with DoubleClick provided advertisers "insight into the number of people who have seen an ad campaign," as well as "how many users visited their sites after seeing an ad."
"Google is slowly embracing a full-blown behavioral targeting over its vast network of services and sites," said Jeffrey Chester, executive director of the Center for Digital Democracy. He said that Google, through its vast data collection and sophisticated data analysis tools, "knows more about consumers than practically anyone."
Microsoft Corp. and Yahoo Inc. have disclosed that they engage in some form of behavioral targeting. Yahoo has said it will allow users to turn off targeted advertising on its websites; Microsoft has yet to respond to the committee.
More than a dozen of the 33 companies queried said they did not conduct targeted advertising based on consumers' Internet search or surfing activities. But, Chester said, a number of them engage in sophisticated interactive marketing. On Comcast's site promoting "interactive advertising," for instance, the company promotes its ability to receive users' monthly data: "over 3 billion page views, 15 million unique users . . . and over 60 million video streams."
Comcast declined to comment.
Broadband providers Knology and Cable One, for instance, recently ran tests using deep-packet-inspection technology provided by NebuAd to see whether it could help them serve up more relevant ads, but their customers were not explicitly alerted to the test. Cable One is owned by Washington Post Co.
Both companies said that they have ended the trials. Cable One has no plans to adopt the technology, spokeswoman Melany Stroupe said. "However, if we do," she said, "we want people to be able to opt in."
Ari Schwartz, vice president of the Center for Democracy and Technology, said lawmakers were beginning to understand the convergence of platforms. "People are starting to see: 'Oh, we have these different industries that are collecting the same types of information to profile individuals and the devices they use on the network,' " he said. "Internet. Cellphones. Cable. Any way you tap into the network, concerns are raised."
Markey said Monday that any legislation would require explicitly informing the consumer of the type of information that was being gathered and any intent to use it for a different purpose, and a right to say 'no' to the collection or use.
The push for overarching legislation is bipartisan. "A broad approach to protecting people's online privacy seems both desirable and inevitable," Barton said. "Advertisers and data collectors who record where customers go and what they do want profit at the expense of privacy."
As of Monday evening, the committee had posted letters from 25 companies on its website.