, Washington Post 2003-07-03
To parents interested in buying the popular Hooked on Phonics learn-to-read
sell or rent their personal information to other marketers.
But that pledge was empty. In the pages of a marketing trade publication,
Gateway Learning Corp., the product's California-based parent company, was
advertising to rent the list of Hooked on Phonics buyers to other marketers.
At a price of $95 per 1,000 names, companies could arrange to have
unsolicited advertising sent to 105,936 people who bought Hooked on Phonics
in the past year. Included in the information made available to other
marketers: ages of the buyers' children.
After inquiries from The Washington Post, the company changed its privacy
policy and is no longer promising to keep such data from being offered to
others. A company spokeswoman said the firm was simply slow to update its
policy. Previous customers would be notified of the change and offered the
chance to remove themselves from the list, she said.
Hooked on Phonics is one example of retailers, marketers and an array of
service providers expanding their collection and use of consumers' e-mail
addresses and other personal information, despite broad assurances to protect
individual privacy and honor consumers' choices about how much marketing they
want to receive.
Many firms use tactics designed to hide their intent to gather and profit
from the data they collect, information that grows in value as more and more
people use the Internet for information and shopping.
"Companies continually troll for, and exploit, personally identifiable
information," said Joseph Turow, a media professor at the University of
Pennsylvania who specializes in mass marketing. "Some Web sites unabashedly
collect all the information they can about visitors and market [it] as
aggressively as they can to advertisers and other marketers."
But these techniques have drawn scant attention as the flood of unwanted
commercial e-mail has reached tidal-wave proportions. Instead, retailers,
advertisers and Internet service providers such as Microsoft Corp., America
Online and Yahoo Inc. have so far successfully lobbied government regulators
to put the spotlight on deceptive practices of the most unsavory purveyors of
scams and pornography.
Mallory Duncan, senior vice president and general counsel of the National
Retail Federation, argues that mainstream corporations can police their own
marketing practices. "The concern with spam is not with the Gap coupon you
receive," said Duncan, who represents the largest lobbying and trade group
for store owners. "It's the huge amount of porn and other things that were
unsolicited."
With the onslaught of spam, almost all companies promise not to sell consumer
data. But many don't mention that such information is rented. This means that
the list owner won't release the data to an outside marketer, but it will
send messages to the list on the outsider's behalf. Targeted lists available
for rent number in the thousands, including those from magazines,
professional organizations and even political interest groups such as
Republicans for Jesus.
Recently, for example, the Christopher Reeve Paralysis Foundation advertised
that its list of donors, including postal addresses, was for rent.
A charity spokeswoman said that the rental list includes data only from
donors who gave through direct-mail appeals, not online. But she acknowledged
that those people were provided no privacy information; the charity's Web
site says it will never sell or share e-mail addresses of donors. Direct-mail
donors will now be given a chance to remove their names from the donor list,
the spokeswoman said, adding that the organization's lists are offered only
to "like-minded" groups.
Sometimes, consumers may not be aware they are handing over information to
vendors working behind the scenes at certain Web sites.
Take CartManager, a Provo, Utah, company that is one of many providers of
"shopping cart" software used by online retailers. Merchants use the service
to manage their transactions. Customers select items, put them in virtual
shopping carts, and provide appropriate billing and shipping information to
complete the order.
The company, which handles transactions for dozens of small Web retailers,
last month offered for rent its list of 781,000 postal and e-mail addresses
of consumers who "regularly buy online." CartManager's privacy policy states
that it might share such information. But a consumer might not even notice
the fine print stating that a retailer's shopping cart is "powered by"
CartManager, let alone look at the firm's privacy policy. The transaction is
done through the Web site of the retailer, whose privacy policy is more
likely to be scrutinized by concerned consumers.
CartManager executives did not respond to requests seeking comment.
In some cases, marketers are open about their intent, if people take the time
to read the privacy policies on Web sites closely.
Some sites essentially exist to collect e-mail addresses and other personal
data to allow future marketing. To entice people to hand over the data, they
offer discounts on products or entry into sweepstakes.
But in a research study Turow supervised for the University of Pennsylvania,
57 percent of 1,200 adults who use the Internet at home thought that if a Web
site merely has a privacy policy, their information would not be shared with
others.
To expand their databases even further, some marketers employ a controversial
technique known as "e-mail append."
List brokers, who buy and sell consumer data for companies, take names and
physical addresses in one firm's database and look for corresponding e-mail
addresses in outside lists that might contain enough information to match
them up.
Columnist Jay Gibson explained the process in a recent edition of Opt-In
News, an online publication for marketers. For example, a pizza restaurant
cannot send e-mails about new services to a customer who orders over the
phone because an e-mail address is not provided, Gibson wrote. "But they can
take my name, physical address and telephone number, submit this information
to an e-mail append service, and acquire it."
Paul Chachko, chief executive of Datagence, a firm that provides e-mail
append, said the service can be performed properly by reconfirming with all
consumers on the lists that they wish to receive marketing messages.
"The whole industry that we're involved with relies on . . . integrity and a
self-policing environment," Chachko said. "But there are a lot of people out
there that don't play by the rules. We've got to weed those people out."
Marketing executives say they have instituted strict self-policing
guidelines, including ensuring that consumers have the ability to "opt out"
of receiving future advertising marketing messages.
But opting out is not always easy.
Bluefly Inc., an online retailer, has an extensive privacy policy.
"We take this matter very seriously, and have instituted many policies and
procedures to insure that none of your privacy rights as stated herein are
ever violated," the policy says.
The policy tells users that anytime they e-mail the company, they consent to
receive messages from the company. But to be removed from future messages,
users must e-mail the company.
A spokesman said the company would not send marketing messages to people who
e-mailed requesting to be removed from future advertising.
Citibank's parent, Citigroup Inc., requires customers of any of its hundreds
of affiliates to tell each one that it wants to stop receiving marketing
messages. Citibank has been the object of more than 30 complaints to the
Federal Trade Commission over the past year by consumers charging that the
company has failed to honor their requests to remove their names from lists,
or made it nearly impossible to do so.
An FTC spokeswoman said the agency has not acted on the complaints, adding
that it has received more than 1,000 similar complaints about a range of
companies.
In a statement, Citibank said, "We continually review our performance, and
believe our procedures have been extremely effective in providing for the
privacy preferences of our customers."
Marketing and retailing executives want any anti-spam legislation to treat
affiliates as separate entities, on the theory that customers of different
products don't always pay attention to corporate relationships among
companies.
Microsoft, which like many Internet providers markets to its members,
recently proposed a system in which industry would agree to an electronic
seal-of-approval process that e-mail networks could recognize and allow
legitimate marketing through. Among the criteria for such a seal would be
that requests of users to be removed from marketing lists would be honored.
But privacy advocates and anti-spam groups are dubious about industry
governing itself. Instead, they want computer users to be free of commercial
e-mail unless they specifically request it, a system known as "opt-in."
Marketing and Internet industry lobbyists have successfully warded off this
approach, while at the same time co-opting the phrase. In marketing parlance,
opt-in means that consumers have not specifically asked to be removed from
mailing lists.
Thus, nearly all available e-mail lists are advertised as opt-in lists. But
according to some in the industry, opt-in is at best a sliding scale.
"If you forget to check a box [asking to be eliminated] from further
marketing, that's technically opt-in," said Sherri Jones, a vice president at
TKL Interactive, a Southern California marketing firm. She said her firm
sends e-mails to all list members asking them to confirm that they want to
receive further advertising, a process known as "double opt-in."
Jones said that to regain credibility, her industry must move to a true
opt-in system, in which no marketing occurs before a user requests it.
"The opt-in procedure puts the control of the transaction in the hands of the
consumer," she said, separating herself from her industry's trade groups.
"That's a dramatic paradigm shift that I think a lot of old-school marketers
are resisting."
Industry officials counter that if they don't have the right to approach
consumers at least once, people will be deprived of potentially valuable
offers that they would otherwise not hear about.
Marketers also insist that they maintain the right to send messages to
customers with which they have "existing business relationships."
Consumer groups say that this makes sense if that means a customer has
recently purchased a product, but it should not apply if he or she merely
requests information.
"Some companies, like psycho ex-boyfriends, tend to see relationships where
they don't exist," said Chris Murray, legislative counsel for Consumers
Union.
