Cursor software tracks customers
Comet's software reports certain site visits back to company
By Will Rodger, USATODAY.com
The Gore campaign Monday yanked a feature from its Web site after activists raised
concerns it could compromise users’ privacy.
The high-tech gizmo looked innocent enough: a customizable computer cursor that would
change from a simple pointer to a Gore 2000 button anytime a Net surfer visited the site.
But the software download that made it possible also tracks the online movements of its
users -- a real no-no for a candidate slated to tout the virtues of Internet
self-regulation later this week.
"To the best of our knowledge no personally identifiable information was ever
divulged," Gore campaign Spokesman Chris Lehane says. "But even this very benign
data collection doesn’t meet the Gore campaign standard. As a result, once it was
brought to our attention it was removed from the Gore 2000 Web site."
Richard Smith, a Cambridge, Mass., computer consultant who first discovered the
tracking mechanism last week, says cursor developer Comet Systems Inc. needs to disclose
more about what it does online.
"A piece of software get installed on your computer and you go to this site and
they know it. It’s weird."
Comet Systems Marketing Director Ben Austin says his company designed its Comet Cursor
specifically to protect privacy when it first appeared 15 months ago. To date, the company
claims some 15 million users at sites including some Time Warner properties and the Comedy
Central cable network, where Comet Cursors morph to look like characters featured in its
programming.
Austin says Web site operators like the cursor because it gives their visitors
something fun to play with. Sites can also customize cursors to encourage users to click
on ads; a site featuring a spot for a basketball tournament, for instance, could change
the cursor into a basketball.
In return, Web sites can get statistics that measure how many people download the
software and which parts of the Web site they visit. A unique ID number separates new
visitors from return visitors.
However, Comet does not use that data to assemble dossiers on individual users, Austin
says. Revealing more, he says, would invite problems.
"We are not going to create user profiles and we are not going to sell any of this
information to third parties," he says.
But, critics answer, Comet could. And no one could stop them.
"They’re keeping a detailed database of every visitor," says David
Banisar, Washington D.C. attorney and author of The Electronic Privacy Papers.
"That’s a pretty big database. What happens next week if they decide we’re
going to go out of business if they don’t sell this information to someone?"
What might happen, Banisar asks, if a lawyer in a divorce case subpoenaed the surfing
activity of an errant husband?
"In the absence of laws protecting people’s information, where’s the
protection?"
Comet’s Austin dismisses Banisar’s speculation.
"The rules of privacy and in fact the rules of etiquette are being set in real
time," he says. "If the companies don’t act responsibly, governments and
privacy advocates are going to get involved."
Indeed, they already are -- and with a vengeance.
Consider:
 FTC officials
earlier this month held a workshop to discuss the practices of so-called advertising
networks that track the movements of Internet users across thousands of sites with
electronic tags called cookies.
Ad networks,
responding to pressure from the FTC, Congress and activist groups, launched their own
"self-regulatory" Web site (www.networkadvertising.org
) Nov. 8. Although the sponsors promised users a way to opt out of their services, the Web
site as of this writing includes only testimony industry officials offered at the FTC
workshop plus a promise to do more.
Online
retailers are looking to this year’s Christmas season to help double the $8 billion
in online sales they made in 1998. But surveys over the past four years have shown
increasing dissatisfaction with the absence of Internet privacy and a resulting reluctance
to shop online.
President
Clinton in a radio address Saturday told Americans he would shop online for the first time
ever this year. He encouraged citizens to patronize sites that subscribed to
self-regulatory principles like those espoused by TrustE, the Online Privacy Alliance and
Network Advertising Initiative.
Other
companies like IBM, Compaq and Microsoft have scrapped similar online identifiers in the
past when Smith and others discovered they were being used without consumers’
knowledge.
In response to the latest controversy, Comet designed a privacy policy for its Web site
over the Thanksgiving weekend and posted it Monday morning. The policy pledges not to
gather or sell personally identifiable information from Web surfers. Nonetheless, the
policy doesn’t guarantee officials there won’t change their mind.
Comet’s Austin says the company will never gather the data critics fear it will.
"That’s what everybody says in these cases," Smith says. "The issue
is what happens over time. The way companies become valuable is through what they know
about people." Building the individual profiles, he says, "is just a matter of
changing software at their end."
| 
