DoubleClick Software is fighting to save its business life.
That's because a subcommittee of the Internet Engineering Task Force (IETF) has written a standards draft for tracking cookies that would threaten the ability of DoubleClick and other Web ad agencies to silently track user movements between sites run by clients on their advertising networks. Without this information, DoubleClick said it can't count unique users, and therefore cannot send its custom-picked ads to users.
Backed into a corner, DoubleClick wants to reopen the now-closed discussion on the standards draft, as the subcommittee is already rewriting the spec to accommodate Microsoft's finding that the new cookies were not backward compatible. As long as the committee is reconsidering the draft for Microsoft, reasoned DoubleClick, why not reconsider it for our business model. The company had only recently became aware of the extent to which its business would be affected by the specification.
"[If this specification becomes standard], I think ... it makes our life more difficult," said Dwight Merriman, chief technology officer for New York-based DoubleClick. "We have to do a significant amount of work to maintain the same functionality."
That functionality includes constructing a profile of Web users accessing different sites along DoubleClick's client network.
Cookies are small files that serve as unique identifiers for tracking user movements across the Web. These files, which reside on a user's machine, were intended to reside within a single Web site and serve as markers indicating where a user last visited or, if the site provides shopping, what a user last purchased or put in an electronic shopping basket. Sites such as Wired News use this information to provide a customized experience for each visitor and therefore help ensure return patronage.
But cookies can also be used to track users between distinct sites. Such targeting provides a potential bounty for Web advertising agencies such as DoubleClick and NetGravity. By stealthily tracking user movements between sites run by their respective clients on their advertising networks, DoubleClick is able to serve up a unique ad for each user, depending upon a user's interests as expressed via their Web surfing.
DoubleClick's reach is extensive. In just over a year of operation, the ad agency has issued more than 40 million cookies to users, most of whom receive them without their knowledge.
It is this very issue of user privacy that the IETF subcommittee wishes to address, said David M. Kristol, member of the technical staff at Bell Labs.
"We wanted to give users control over cookies," he said.
The specification would somehow provide users a way to determine what cookies, if any, they would accept. Such tools are already on the market, including PGPcookie.cutter. The specification would give browser developers such as Netscape and Microsoft the license to write in a user-configurable way to allow surfers to disable tracking technologies.
Merriman took issue with the notion that DoubleClick's user profiles violate privacy. "I don't know this for a fact, but I'm not aware of anybody doing anything like this," he said.
DoubleClick is interested in preserving user privacy as well, Merriman contended. "We want to protect user privacy, but we also want to make the Web a valuable medium for advertising. This will increase investment in Web sites, and everybody benefits," he said.
Most of all, a worried Merriman wants to keep from having to rethink DoubleClick's primary means of gathering information. Without it, he said, the company would have to resort to developing a new method that could include thunking, a method of tracking users by embedding identification numbers in URLs.
"We'd have to distribute software to all our ad sites," he said. "It would create programming problems."
