CONSUMER ALERT

MIKE COX
 ATTORNEY GENERAL

The Attorney General provides Consumer Alerts to inform the public of unfair, misleading or deceptive business practices, and to provide information and guidance on other issues of concern. REVISED:   11/30/2001

WHO LEFT THE COOKIES IN THE CYBERJAR?

While consumers speed about the Internet, few realize that they may be "under surveillance."

In the last few years and even months, we have seen an explosive increase in the collection and compilation of intelligence on consumer behavior. Our personal information is gathered and refined into detailed, individual profiles, largely without our consent or our awareness. Now, more than ever, the profiling industry threatens to strip us of our right to choose:

• What personal information we wish to disclose;
  
• To whom;
  
• And for what purpose.

As you surf the Web, the sites that you visit receive various pieces of information about your computer, including:

• the name and IP number (a unique number assigned to you, either temporarily or permanently) provided by your internet service provider (ISP);
  
• your operating system (Macintosh, Windows, Linux, etc.);
  
• the browser software you are using (Netscape, Internet Explorer, etc.);
  
• the URL (address) of the web site you were last visiting, or "jumped" from to reach the site you are now viewing.
  
  

But web sites can also collect information about your behavior on-line by placing a small text file known as a "cookie" on your computer's hard drive while you are browsing.

Cookies can be used to store any type of information. Some cookies enable counting the number of times you have visited a particular site, or recording your preferences, such as the categories of information you're interested in viewing when you arrive at a site. Cookies can also help an Internet retailer store your purchase selections. These uses of "first-party cookies" can enhance your on-line shopping experience.

Some "third-party cookies," however, are used to watch your travels on the Internet by keeping track of sites you have visited and monitoring your actions while visiting. These surveillance, or tracking, cookies are typically placed on your computer by on-line advertising companies -- third-party companies that are distinct from the company whose site you have chosen to visit. The third-party advertising company sends banner advertisements to you when you land on one of its affiliated web sites and then places a cookie on your system with a unique identification number. These cookies can be placed even if you don't click on the banner advertisement. Because the advertising company can read the cookies it leaves on your computer, it can monitor future visits you make to other, affiliated sites. In this way, the company can create a profile of your browsing behavior.

If your identity becomes known to the advertising company, it can associate what it has learned about your on-line behavior with information available to it through other databases, for example, databases that contain demographic information culled from mail order companies' records. The line between your on-line and off-line behavior starts to erode as technology is used to generate sophisticated profiles about you.

The on-line advertising/profiling industry threatens to turn us into unwitting generators of sensitive but valuable data, not only for businesses that engage in e-commerce, but also for other third parties who seek specific information about individuals.

It is not just marketing that generates money for the data warehousers; anyone with a computer and a credit card can pay for information about us with a few clicks of a mouse. And you can be sure that employers, insurance companies, pharmaceutical companies, banks, genealogists, hackers - and other people who are just plain curious -- are not ignoring these opportunities.

Clandestine appropriation of our private information will not be stopped or even slowed unless consumers who care about their privacy take all available precautions to guard their information.

Steps You Can Take To Protect Your Privacy

While consumer education, awareness and vigilance are usually the keys to protecting yourself in the marketplace, when it comes to protecting privacy on-line consumers must be especially diligent.

• Take the time to learn what options your browser has that allow you to control the placement of cookies on your computer. Different versions and platforms (Macintosh, Windows) of Netscape and Microsoft's Internet Explorer require users to follow different steps to reject or warn before accepting cookies. See "Controlling Cookies" [revised]
  
• If you use Internet Explorer for Windows, visit Microsoft’s web site to download a software patch that will close a dangerous security hole that allows intruders to gain access to your cookie files.  Details and download instructions are available at Microsoft's web site.  For further information, see the Attorney General’s Internet Security Advisory, "Patch the Hole in Your Cookie Jar!"
  
• Refusing to accept third-party cookies from a site other than the one you are visiting is one way to reduce the likelihood of receiving a cookie from a company you've never heard of and whose "privacy" policy you haven't even had the opportunity to study.
  
• While many web sites' "privacy" policies are almost impossible to decipher and often offer little, if any, assurance of privacy, consumers should nevertheless be aware of the policy of any site requesting personal information.
  
• When in doubt, refuse to give out personal information. Many contests, sweepstakes, and other promotions are nothing more than vehicles to elicit personally-identifiable information from you. In light of the vast amount of information available to marketers, even giving details such as your birth date and zip code may be enough to identify you personally.
  
• Be cautious! If you choose to give out personal information, make sure the site you are visiting is secure.
  
• Visit sites with information on privacy in order to learn more.
  
  

While cookies can enhance your on-line experience, they can also compromise your privacy and personal information. If you choose to share your personal information on-line, it should be your choice.