Double Clicks

Electronic Monitoring and Privacy Issues in Business-Marketing: The Ethics of theDoubleClick ExperienceAuthor(s): Darren ChartersSource: Journal of Business Ethics, Vol. 35, No. 4 (Feb., 2002), pp. 243-254Published by: SpringerStable URL: http://www.jstor.org/stable/25074677 .

Accessed: 06/08/2014 22:41

Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at .http://www.jstor.org/page/info/about/policies/terms.jsp

.JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range ofcontent in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new formsof scholarship. For more information about JSTOR, please contact [email protected].

.

Springer is collaborating with JSTOR to digitize, preserve and extend access to Journal of Business Ethics.

http://www.jstor.org

This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions

http://www.jstor.org/action/showPublisher?publisherCode=springer

http://www.jstor.org/stable/25074677?origin=JSTOR-pdf

http://www.jstor.org/page/info/about/policies/terms.jsp


Electronic Monitoring and Privacy Issues in Business-Marketing:

The Ethics of the DoubleClick

Experience Darren Charters

ABSTRACT. The paper examines the ethics of

electronic monitoring for advertising purposes and

the implications for Internet user privacy using as a

backdrop DoubleClick Inc's recent controversy over

matching previously anonymous user profiles with

personally identifiable information. It explores various

ethical theories that are applicable to understand

privacy issues in electronic monitoring. It is argued that, despite the fact that electronic monitoring always constitutes an invasion of privacy, it can still be

ethically justified on both Utilitarian and Kantian

grounds. From a Utilitarian perspective the emphasis must be on minimizing potential harms. From a

Kantian perspective the emphasis must be on giving users

complete information so that they can make

informed decisions as to whether they are willing to

be monitored. Considering the Internet advertising

industry's current actions, computer users and gov

ernment regulators would be well advised, both prac

tically and ethically, to move to a user control model

in electronic monitoring.

KEY WORDS: business marketing, computer ethics,

cookies, electronic monitoring, privacy

Darren Charters is a Lecturer in business law in the School

of Accountancy, University of Waterloo. He is a member

of the Law Society of Upper Canada and holds degrees in arts and law, as well as a graduate degree in business

administration. He has also practiced as a

corporate/

commercial lawyer.

If we wouldVe known we wouldn't have done it.

We moved into a grey area where there's a tremen

dous amount of confusion and that's not good.

We're a very innovative company and sometimes

you get ahead. We made a mistake.1

Mr. Kevin O'Connor

CEO DoubleClick Inc.

Introduction

Businesses have long been aware of the value

of targeted advertising. DoubleClick Inc.

(DoubleClick) is an advertising company that

operates in the Internet banner and pop-up

advertising business space. The ability to contin

ually tailor Internet advertising to the interests of

a user is an advance on previous advertising mediums and represents an opportunity to

develop a competitive advantage in the industry. Once trends are detected in a user's Internet

activity advertising can be customized to the

user's revealed interests.

A company such as DoubleClick sits between

the advertiser and the end user and acts as a facil

itator between companies who want to adver

tise to specific types of users and users who may be interested in receiving such advertising. End

users arguably benefit as they obtain the advan

tages of customized advertising content while the

receipt of unwanted advertising is minimized.

Until November 1999, DoubleClick had always tracked user activity by attaching user histories

to anonymous user identifications.2 Accordingly, while user activity could be tracked the actual

identity of the user was unknown. However, the

W Journal of Business Ethics 35: 243-254, 2002.

? 2002 Kluwer Academic Publishers. Printed in the Netherlands.



244 Darren Charters

ability to further refine data profiles was made

possible through a series of acquisitions of other

companies and their proprietary databases.

In November 1999 DoubleClick announced

an amendment to its existing practice. DoubleClick intended to match anonymous

existing data with specific user names, personal

information, and e-mail addresses. There was no

initial public response to the proposed activity.

However, in February 2000 the Electronic

Privacy Information Center, a privacy advocate,

publicly stated that the linkage of such informa

tion might have negative implications for users.

The negative public response after the statement

was immediate and forceful. DoubleClick was

forced to back away from the proposed activity. Doubleclick's CEO offered the comment

preceding the introduction in response to

DoubleClick's failed proposal. Mr. O'Connor's statement suggests that

DoubleClick did nothing wrong from an ethical

perspective. Rather, if DoubleClick was guilty of

anything, it was just of being too far ahead in

anticipating customer tolerance for such activity.

Reflecting on the aborted initiative, Mr.

O'Connor indicated that DoubleClick would not

combine personally identifiable information with

anonymous user activity profiles until such time

as industry-wide privacy standards exist.3 Once

again, however, there was no suggestion that

DoubleClick will not engage in such activity,

only that it would wait until some standards are

developed before doing so.

This paper will discuss electronic monitoring from an ethical perspective. The discussion will

deal generally with ethical issues involved in

electronic monitoring for business-marketing

purposes, and the DoubleClick experience

specifically. The analysis will begin with a brief

overview of the basic technology that has per mitted the development of such monitoring and

move into a discussion of three general concepts of privacy relevant to electronic monitoring. The

paper will continue with an examination of the

two primary ethical foundations, Utilitarianism

and Kantianism, which underpin the various

privacy concepts. Once completed, the various

privacy principles and ethical foundations will be

discussed in the specific context of electronic

monitoring. The paper will conclude with an

ethical evaluation of Doubleclick's response to

the situation in which it found itself and a sug

gested alternative approach for ethically justifying electronic monitoring.

It will be argued that electronic monitoring is almost always an invasion of the right to

privacy regardless of how the right to privacy is

conceived. However, it can still be ethically

justified on a Utilitarian basis provided its

benefits exceed realizable harm. In fact, elec

tronic monitoring was ethically justified on a

utilitarian basis in Doubleclick's initial situation

because of how it was conceived and imple mented. There was increased convenience and

measures were taken to minimize potential harm.

However, privacy advocates should have been

aware from the outset that companies would have

difficulty resisting the opportunity to exploit

potential gains made possible by attaching generic user profiles to identifiable individuals. If

DoubleClick had implemented its proposal it

would have completely undermined its ethical

justification for engaging in electronic marketing since the potential for harm to individuals would

have increased substantially. It will also be argued that there is another

ethical justification for electronic monitoring

and, considering Doubleclick's recent conduct, it may be the most appropriate foundation upon

which to build future electronic monitoring activities. If Internet advertisers gave users the

option of permitting or rejecting electronic mon

itoring they could ethically justify the invasion

of privacy on a Kantian basis. Although this

may not be a favourable option from a business

perspective, it is an option that companies who engage in electronic monitoring for mar

keting purposes may have to contemplate. Mr.

O'Connor's comments do not provide faith that

Internet advertisers will exercise utmost diligence on behalf of users in protecting their privacy. Since companies appear to have limited incen

tive to properly regulate themselves at an indi

vidual or industry-wide level governments will

also need to take a more active role in regulating database amalgamation and forcing companies to

give individuals greater control over electronic

monitoring.



Electronic Monitoring and Privacy Issues in Business-Marketing 245

The following discussion will focus solely on

electronic monitoring in the business-marketing context. Electronic monitoring is also a relevant

issue in the business employment context.4

However, the nature of the employer-employee

relationship creates different issues in workplace electronic monitoring including the harm poten

tially caused to individual and organizational

morale, and the impact that the express contrac

tual right to conduct such activity may or may not have on the ethics of the issue. Accordingly this paper will not attempt to discuss the ethical

issues surrounding workplace electronic moni

toring. When the term electronic monitoring is

used throughout the remainder of the paper it

will refer only to electronic monitoring primarily for business-marketing purposes. To understand

how electronic monitoring is made possible on

the Internet one needs to understand "cookies",

which are the basic enabling technology.

Cookies and electronic monitoring

i. Cookie technology

Cookies are small data structures used by websites

or servers to store and retrieve information on

the user's side of the Internet connection.5 They are sent by a host website or server and reside in

the user's computer. A cookie allows websites and

servers to "remember" information about specific users. Cookies are a relatively recent phenom enon and were created with very early editions

of Internet browsers. In the brief period fol

lowing the introduction of cookies but prior to

the development of the Internet as a medium

for commerce the primary use for cookies was as

a tool of convenience. For example, cookies

could be used to store password codes so that a

user would not have to re-type a password when

re-entering a site. The intent behind cookies was

not to create a tool for gathering knowledge about users but to benefit users through increased

convenience. More recently this user conve

nience has also manifested itself in ability to

create customized content through personalized news service subscriptions and other services.

As business has developed on the Internet

cookies have been adapted for business purposes

including "shopping carts" for carrying elec

tronic purchases and tracking website activity. By

downloading a cookie, servers hosting a website

have the power to track and record information

such as the previous website from which the user

arrived, all web pages the user visits while on the

given site, and finally the website address to

which the user departs. This information is mul

tiplied in power if the user can be successfully

prompted to provide personal information and

data while at the site. The knowledge can then

be tied to a specific individual. This power has

been taken one step further by Internet mar

keters, who developed the ability to monitor and

profile user activity across thousands of sites.6 In

addition the ability to tie such history to a

specific individual has been achieved, not just

through the voluntary action of users, but also

through industry wide database consolidation.

ii. Browser capabilities

Practically speaking, most Internet users would

have no knowledge as to when their Internet

activity is being electronically monitored. The

normal practice is to download cookies onto a

user's hard drive without notice to the user. In

this respect there is no choice given to the user,

and the downloading and subsequent monitoring is involuntary from the user's perspective.

However, it must be acknowledged that software

already exists that can give users complete power with respect to what cookies, if any, are allowed

to be stored on a computer. More recent Internet

browser versions have given users the ability to

control cookies. Users can elect to prohibit all

cookie downloads or, alternatively, be notified of, and have the right to accept or reject, any

attempted cookie downloads by a server. Based

on this it might be asserted that user s cannot take

the position that there is an ethical issue created

by, or an invasion of privacy resulting from, elec

tronic monitoring when it is within their power to completely prohibit or selectively control the

activity. On a theoretical level this argument may have

some merit, but it fails for three practical reasons.



246 Darren Charters

First, Internet users may still be utilizing browser

software that does not contain such cookie

control options. Second, even if all users had such

browser software, it is a distinct possibility that

many users would still be unaware of the capa

bility such software contained. Many computer and Internet users regularly utilize, and only have

limited knowledge of, a minimal amount of a

software program's capabilities. Third, and most

important, the technology that enables electronic

monitoring is constantly evolving. Soon after technology was developed that gave

control of cookies to users, marketers seized on

new technologies, such as web "bugs", that can

evade user detection thus allowing continued sur

veillance. The ongoing tension between user and

marketer control in the development of surveil

lance technology ensures that the ethics of elec

tronic monitoring will be a relevant issue for the

foreseeable future. Further, while the technolog ical means to monitor electronically may differ

the same ethical issues are poised to play them

selves out, or are already emerging in other

spheres of business activity. For example the same

issues are already developing in the field of

telecommunications.7 In addition, the same issues

will likely surface in the context of location based

wireless Internet advertising, thus providing addi

tional incentive to develop a greater under

standing of the ethical principles involved in the

current Internet advertising debate.

Privacy

As a concept, the notion of privacy is grounded in individual rights. Most theorists agree that

privacy is a bona fide concept that is fundamen

tally important to human experience but there

is no unanimous agreement on what that concept means or exactly what it encompasses. This is

important because it essentially means that

privacy has developed as a weaker right. Strong

rights tend to have clear definitions and often

remain inviolable notwithstanding any other

ethical appeals to limit them. The protection of

the right to free speech by American courts is

one such example. Since the right to privacy is

a weak right it has not provided the quality of

individual protection that other rights might

provide.8 As a result, it is possible to justify an

invasion of the right to privacy on another ethical

basis. In effect, what results is an ethical invasion

of privacy. With respect to defining a right of privacy

some theories focus on the existence and delin

eation of a private sphere. Other privacy theories

concentrate on actions or conduct that, if carried

out, will result in a violation of privacy. No one

concept of privacy has been delineated that

suitably applies to every situation. The concept has been expanded and extrapolated over time

with the result that a number of acceptable

concepts of privacy now exist. The privacy issues

raised by electronic monitoring are not ground

breaking in that existing concepts of privacy ade

quately capture the current concerns surrounding electronic monitoring. The following discussion

on privacy definitions relies primarily on the

distillation of the various privacy concepts by

Boatright and McCloskey with the three general

conceptual approaches being those delineated by

Boatright.

i. Privacy as a right to be left alone

The initial concept of privacy established by Warren and Brandeis involves the right to be left

alone. The foundation of the definition is that

other people, groups, and entities should not act

in a way that intrudes on an individual's seclu

sion or solitude (McCloskey, 1980). It was this

concept of privacy that was initially established

as a legal right. However, the expansive nature

of the definition caused difficulties in its appli cation.

The right to be left alone is a distinct concept from the right to liberty. However, the concept of liberty has been frequently confused with the

Warren and Brandeis concept of privacy. At its

basic level, the right to liberty constitutes the

right to be free from physical interference and

coercion (McCloskey, 1980). However, a loss of

liberty is not a prerequisite to, or a condition of, an invasion of privacy (Boatright, 2000). The

above distinction is evident in the electronic

monitoring debate. The power to observe an




Internet user's activity in no way impairs the

ability of that individual to use the Internet in

any manner or way the person may elect.

However, the same power to observe an Internet

user's activity may well constitute an invasion of

privacy. Another weakness of the definition is that

people do not always have a basic right to be left

alone (Boatright, 2000). If one's actions are a

danger to him or herself or others there may be

reason to invade a person's privacy. Further, even

if imminent harm is not a concern, the state may still have cause to invade individual privacy. With

respect to the Internet, if individual conduct is

such that the state has an interest in it (i.e., the

storage and exchange of child pornography) the

state is entitled to invade individual privacy.

Accordingly, there should be limits to the Warren

and Brandeis definition and this is born out by the fact it has been continually refined by

jurisprudence. Without any limitations almost

no invasion of privacy could occur unless an

individual, organization or entity could provide a sufficient justification for doing so. The

threshold of justification would likely be very

high. As is evident from the foregoing it is prob lematic to define privacy solely as a right to be

left alone.

ii. Privacy as the right to control access to one's

personal information

There are a number of various privacy theories

that can, in their essence, be reduced to the right to control access to information about the self.

These more recent theories of the right to

privacy better address the distinction between

privacy and liberty (Boatright, 2000). The basic

theory represents a refinement of the Warren and

Brandeis definition in that it eliminates poten tial confusion with the right to liberty. It does

this by focusing on privacy of personal informa

tion. Privacy is conceived of as a right of an indi

vidual to determine to what extent, if at all, information about him or herself will be revealed

to others (McCloskey, 1980). In this respect

privacy is almost akin to a property right. It is

do be dealt with as the owner wishes and no

other individual has a right to exploit or appro

priate it (McCloskey, 1980). An individual is free

to be extremely conservative or cavalier with

respect publicizing or allowing access to their

personal information.

A variation of this concept of privacy is the

right to control access to the realm of the

individual. It is a variant on the above in that

it recognizes the private sphere does not solely include factual information. It includes elements

of individuality (i.e., private motivations) that

may not be recordable or quantifiable but are

capable of observation. Such information is

also considered private and individuals should

be able to control access to it (McCloskey,

1980). Upon initial examination, the idea of personal

control may seem an enviable concept as it places control of information with the individual. It is

a cohesive fit with western liberal-democratic

ideals of individualism and choice and finds

favour from that perspective. It is not, however, without criticism. As noted by McCloskey,

people may consent to significant invasions or

losses of privacy if they place low personal value

on the right, or have simply become apathetic due to the continual assault on the sanctity of

their personal affairs (McCloskey, 1980). It has

also been noted that this approach effectively

equates privacy with control when such a linkage is not appropriate. There could well be a loss of

privacy in the free disclosure of very personal information without any individual loss in

control (Boatright, 2000).

iii. Privacy as the right to withhold certain facts

from public knowledge

The final notion of privacy to be discussed here

is the concept of privacy that is premised on the

notion that there is a definable private sphere and

that a person is in a state of privacy when

information within this sphere is unknown to

others (Boatright, 2000). Parent defines this

private realm as, "the condition of not having undocumented personal knowledge about one

possessed by others" (Boatright, 2000, p. 68).9 Undocumented personal knowledge is conceived



248 Darren Charters

of as personal information that is not part of the

public record and that most individuals in a

society at a given time would not want widely known (Boatright, 2000). This approach implies that this private sphere should generally remain

so notwithstanding an individual's casual will

ingness to surrender it. Also implicit in this

approach to privacy is the recognition that there

is, at any given point in time, some general com

munity consensus as to personal information

individuals would prefer not be available for

public consumption. The foregoing definition attempts to refine the

preceding concept of privacy by focusing on

what information is, or should be, included in

the private sphere. If a sphere of private infor

mation based on a general community consensus

could be ascertained then most, if not all, actions

that intrude on this sphere would be a violation

of the right to privacy. This concept also has

application to the electronic monitoring debate

in the sense that if Internet activity were deter

mined to be in the private realm, there would

be few situations in which electronic monitoring could be ethically justified.

However, as with the other theories of privacy, there are difficulties with this definition. First, even within a single cultural community people have very different understandings of what is or

is not private which makes the likelihood of

ascertaining a general consensus elusive. Second, external factors continually impact the ability to

invade privacy and as a result the concept is

necessarily fluid. For example, It is foreseeable

that many activities that were formerly public in

nature (i.e., shopping purchases etc.) will become

increasingly private as technology gives individ

uals the ability to carry out such activities in

relative privacy. The countervailing trend is that

even this activity is increasingly capable of being monitored. If it is acknowledged that the sphere of what is private is fluid, and can be expanded or contracted, than delineating a private sphere is a venture fraught with significant difficulty.

Ethical principles underlying the right to

privacy

As with most, if not all, moral and legal rights there is an ethical basis underpinning the right.

The right to privacy is no exception. It is built

on both Utilitarian and Kantian foundations:

i. Utilitarian foundation

The Utilitarian basis for acknowledging a right to privacy is two-fold (Boatright, 2000). First, there is the concern that the invasion of privacy can result in significant actual harm to individ

uals. To evaluate whether a practice is ethical in

Utilitarian terms, the harm realized is measured

against the benefit flowing from the activity. The

ethical evaluation is based on the collective

benefits and collective harm resulting to society,

although each is experienced at the individual

level. If the overall harm exceeds the overall

benefit then the practice is deemed to be

unethical.

In the context of electronic marketing the

potential harm results from the fact that the orga nization developing user profiles can accumulate

potentially sensitive information about a user,

based on his or her Internet activities.10 For

example, a gay individual may have elected

not to publicly disclose his or her sexual orien

tation. However, the same individual may, with

presumed anonymity, visit websites with gay content or participate as part of a gay Internet

community. A company that is able to electron

ically monitor the individual's computer use

could potentially gain intimate knowledge of the

individual's situation as a result of the Internet

sites the individual visited. The organization

developing the profile may intend to use such

information solely for the purpose of advertising, however it is not difficult to see the potential harm to the individual's practical interests if such

information came into the hands of another

party. Another example is potentially sensitive

medical condition that might be accessed by

employers doing pre-hiring checks or insurers

contemplating the issuance of a policy.11 Profile




information generated by electronic monitoring has the potential to be used against the individ

uals in a manner that harms their personal prac tical interests.

Opponents of electronic marketing frequently dwell on potential harm but little mention is

made of an actual weighing of harms against benefits. The balancing in the electronic moni

toring context involves weighing potential serious harm to a limited number of people

against the marginal benefit, such as increased

convenience and knowledge of consumer

products, which might flow to many people from

such activity. If the total harm exceeds the total

benefit the invasion of privacy through electronic

monitoring cannot be considered ethical.

However, if it can be claimed that benefits

exceed harm the foundation exists for an ethical

invasion of privacy. The second utilitarian basis for acknowledging

a right to privacy is based on a wider concept of harm. As stated succinctly by Boatright, "a

certain amount of privacy is necessary for the

enjoyment of some activities, so that invasions

of privacy change the character of our experi ences and deprive us of the opportunity for

gaining pleasure from them" (Boatright, 2000,

p. 169). The "harm" resulting from the loss of

the ability to gain maximum pleasure is presumed to exceed any benefit, such as increased conve

nience in the electronic monitoring context,

such activity might have. A similar argument is

that invasions of privacy harm the development and maintenance of personal identity, and that

such harm exceeds all benefits (Boatright, 2000). There has been little reference to either of the

above arguments made by privacy advocates in

the electronic monitoring debate.

ii. Kantian foundation

The right to privacy can also be supported on

the basis of Kant's second categorical imperative. It provides that individuals should act in a

manner that treats other individuals as an end and

never as a means only (Boatright, 2000). This

imperative captures the themes that people

should be respected and treated as autonomous

individuals capable of rational choice. To quote

Stanley Benn:

Covert observation -

spying -

is objectionable

because it deliberately deceives a person about his

world, thwarting ... his attempts to make a

rational choice. One cannot be said to respect a

man ... if one knowingly and deliberately alters

his conditions of action, concealing the fact from

him (Boatright, 2000, p. 170).12

Arguments against electronic monitoring that are

premised on Kantianism base their position on

the argument that electronic monitoring violates

the principle of respect for individuals and pro hibits them from acting as autonomous beings

capable of rational choice.

To date, there has been little public opposition

expressed against electronic monitoring on the

foregoing basis. However, this is not surprising. In terms of generating public support against electronic monitoring, concerns over potential harm will have a greater mobilizing influence

than a more esoteric, albeit relevant, ethical

theory such as Kantianism. The fact that Kantian

theories supporting a right to privacy have not

been part of popular debate makes them no

less a valid basis on which to base an objection to, or alternatively support for, electronic

monitoring.

Privacy and ethical theories applied

i. Electronic monitoring and privacy

Reduced to its simplest form, electronic moni

toring as it is currently practiced amounts to

unauthorized observance. Many individuals using the Internet have no knowledge of when their

online activity is being monitored for the

purpose of developing an advertising profile. When discussing concepts of privacy theorists

have sometimes resorted to the analogy of one

individual watching another individual in a

shower without the showering individual's

knowledge or consent (McCloskey, 1980). Such

action is almost always considered an unethical



250 Darren Charters

invasion of privacy. The foregoing analogy gen

erally applies to the context of electronic mon

itoring. The fundamental similarity is that

Internet users can be observed without knowl

edge or express consent. That said, personal reaction to such observance by users has ranged from significant concern to complete disinterest.

Although many people consider their bodies to

be a very private aspect of themselves, they may feel less so about Internet activities that are

capable of being observed electronically.

Accordingly, this may account for the relative

indifference of some users.

When the previously discussed concepts of

privacy are considered, one would conclude that

electronic monitoring without consent consti

tutes an invasion of privacy. Electronic moni

toring violates the right to privacy if it is

conceived of as the right to be left alone, or the

right to control access to one's personal infor

mation. There is a possible argument that there

is no violation of the right to withhold certain

facts from public knowledge. It might be argued that if current user apathy about electronic mon

itoring is substantial, most users have little

concern over whether their activity is widely known. As such, electronic monitoring does not

meet the threshold test that most members of

society consider it to be information that should

not be widely known. However this argument can just as easily be made the opposite way. As

such, even considering the various understand

ings attached to the concept of privacy it is dif

ficult to argue that electronic monitoring does

not violate the privacy right.

ii Electronic monitoring and ethical foundations

The interesting fact is that electronic monitoring still occurs notwithstanding that it amounts to

an invasion of privacy. The justification for, and

tolerance of, electronic monitoring rests in

the minor differences that exist with the

shower analogy. With electronic monitoring the

observed information may be electronically

collected, organized, and distilled before another

individual views it. It is even possible that

another individual will never view such infor

mation and that any advertising that is tailored to

an Internet user will be done completely by elec

tronic intelligent agents. The possibility of harm

is minimized still further once Internet adver

tising companies such as DoubleClick make addi

tional efforts to ensure user profiles remain

anonymous.

From a Kantian perspective the minimization

of harm is relatively meaningless in terms of

ethically justifying the activity. If electronic

monitoring is carried out in such a way that it

fundamentally respected the autonomy of

individuals then it is ethically permissible on a

Kantian basis even with isolated incidents of

harm. It is still ethically permissible in instances

of significant harm provided the principle of

individual autonomy is respected. Using Benn's

quote above as the analytical tool, it is evident

that the guarantee that profiles will not be

matched against other identifying information is

meaningless in terms of making the practice of

electronic monitoring ethical from a Kantian

perspective. Most users still had no knowledge of

the situation and DoubleClick and other com

panies could not, from an ethical perspective, be

judged to be treating users as individuals capable of rational choice.

However, the minimization of harm is funda

mental to justifying electronic monitoring on a

Utilitarian basis. As noted above the right to

privacy is a relatively weak right. Accordingly, it

is open to being subverted based on an appeal to Utilitarianism. Utilitarian based arguments

would allow electronic monitoring regardless of

its design provided the harms do not exceed its

benefits to society as a whole. On this basis, the

argument is that any serious albeit intermittent

harm that comes to individuals (i.e., the example of the user and the medical condition) is more

than offset by the benefits that accrue to the

public. Advertising promotes economic effi

ciency, and advertising that can be tailored

directly to individuals, only serves to further

promote economic efficiency and thus, gener

ally benefits the public. Further, by initiating the

blind profile Internet advertisers could claim

that the potential for harm was significantly min

imized. Proponents of electronic monitoring could then claim the invasion of privacy was eth




ically justified. In reality, it was only justifiable based on one ethical perspective, Utilitarianism.

Further, in Doubleclick's situation, had it pro ceeded with its intention to link user profiles

with identified individuals it would have under

mined the very ethical foundation that justified its electronic monitoring practice.

DoubleClick^ response to opposition

It is apparent from the foregoing discussion

that linking user data to personally identifiable

information could result in a formerly ethical

invasion of privacy becoming unethical.

DoubleClick responded to the privacy concerns

in a variety of ways after aborting its plan. DoubleClick also initiated a significant media

campaign to explain how users could opt-out of

DoubleClick's service. DoubleClick had an

operable opt-out service for over three years pre

ceding the most recent controversy but had not

promoted it extensively. The opt-out mechanism

requires a user to visit a site and download a

cookie. This cookie serves as notice to

DoubleClick that they are not to download any cookies on the user's computer. DoubleClick

would be free to download a cookie onto a

hardrive as long as the "opt-out cookie" is not

present.

In theory, it could be argued that this gives autonomous individuals a choice with respect to

electronic monitoring and thus provides a

Kantian justification for the activity. However, this option is little known and is likely to

remain so notwithstanding advertising efforts.

Accordingly it is difficult to claim that this truly

gives control to users and respects their individual

autonomy.

A Chief Privacy Officer (CPO) was also hired

along a Privacy Advisory Board Chair to act as

a consumer ombudsman. Overall the response was indicative of a company that developed a

greater sensitivity to privacy issues (perhaps for

commercial reasons) but that had not developed a deeper understanding of the ethical issues at

stake. That is, the actions do not suggest that they have analyzed and understood the ethical issues

and tried to develop a principled response. To

give DoubleClick some benefit of the doubt, it

may be that the new CPO and privacy advisory board chair will infuse the organization with a

deeper understanding of the ethical issues at stake

and develop ethically based approaches to dealing with such issues. Doubleclick's share price

largely recovered after the implementation of the

foregoing measures suggesting that even if the

response was ethically unsatisfactory in the short

term, at least the market was satisfied with

Doubleclick's immediate response. As noted above DoubleClick indicated it

would not engage in such activity until such time

as industry wide privacy standards were devel

oped. This was relevant in that DoubleClick

could still justify its electronic monitoring on a

Utilitarian basis. That said, they probably lost

some degree of public trust on the issue.

DoubleClick has been directly involved in the

development of the Interactive Advertising Bureau's (IAB) recently developed Privacy Guidelines. The Privacy Guidelines are intended

to form the foundation of a self-regulatory

regime with respect to personally identifiable

information gathered by electronic means on the

Internet. Unfortunately, regarding the use of

cookies in electronic monitoring, the guidelines state only that IAB member organizations should

notify users, through privacy policies, of such

technologies in use and provide users the ability to disable such cookies or other information

gathering system. This represents no change from

the current situation and for the reasons outlined

above, does not provide a proper foundation

for the ethical use of cookies in electronic

monitoring. The Privacy Guidelines have also proposed

measures that allow individuals to place limits on

the use of personally identifiable information

that an organization may possess. Once again, it is premised on an opt-out format. That is,

organizations are generally free to collect and

use personally identifiable information in the

first instance subject to an individual informing an organization of limits to be placed on use of

such information. It is an ingenious approach that appears to place control of personally identifiable information in the hands in individ

uals that, realistically, requires minimal change



252 Darren Charters

in the current practices of organizations that

use electronic monitoring to gather such infor

mation.

Further, the Privacy Guidelines have a funda

mental problem in that their only real value is as

a tool of moral suasion. Although the Privacy Guidelines encourage Internet businesses to

adopt the practices established therein, there is

no mechanism whatsoever for disciplining busi

nesses who elect to ignore them. For all the effort

put into the exercise, the Privacy Guidelines

amount to nothing more than best practice sug

gestions for Internet marketers with respect to

privacy issues.

If DoubleClick respects the initial basis on

which it proceeded with electronic monitoring, it can claim to have an ethical basis for such

conduct. However, considering Doubleclick's

willingness to discontinue the previously protec tive practice one has to wonder how vigilant

DoubleClick, or other companies, will be about

supporting the privacy of Internet users in a

highly competitively market. Since DoubleClick

maintains profiles for their own business benefit, it is not possible to claim that they stand in a

position of trust with respect to managing such

information. However, their position is ethically more sensitive than they appeared to originally

comprehend. Based on this, there is cause to

argue that it is no longer sufficient to continue

to permit electronic monitoring in its current

state. This is buttressed by the inherent weakness

of relying on a self-regulatory regime that effec

tively has no sanctioning authority or disciplinary

power.

The alternative, and it is not a mutually exclu

sive option, would be move to a permission based form of electronic monitoring. This option

will be discussed below. The practice of elec

tronic monitoring would still be ethically justi fiable in such circumstance. However, it is

apparent that Doubleclick's current opt-out

practice is not the platform on which such per mission based electronic marketing should be

premised. This is due to the fact that users have

extremely limited knowledge of it and, more

fundamentally, it places the onus on the user to

take active steps to prevent electronic moni

toring. The same argument applies with respect

to the ethical suitability of building such capa bilities into Internet browser software.

An alternative ethical justification

If one accepts that privacy is the right to control

access to information about one's self then the

solution to electronic monitoring is apparent. The choice about whether or not to be moni

tored in the first instance should be made by the individual user. In fact, in the wake of the

DoubleClick experience many commentators

and privacy advocates have taken the position that express consent by a user should be a

regulatory precondition to downloading cookies

that enable electronic monitoring.13 Placing the

power to control electronic monitoring with

users is ethically justifiable on a Kantian basis.

First, giving users a choice to be monitored

gives individuals autonomy and appears to respect their capabilities of rational choice. However, it

could be argued in a wider sense that Internet

advertisers are still utilizing individuals as a

means to profit and that this violates Kant's

second categorical imperative. However, if an

individual knowingly and rationally elects to

permit such monitoring this must undermine, at

least to a minimum degree, such an argument.

Accordingly, any electronic monitoring that

occurs with express rational permission can be

claimed to be ethical on a Kantian basis. This

is a significant step, because it provides an alter

native basis for ethically justifying electronic

monitoring.

A corollary to the foregoing discussion is that

while electronic monitoring is most frequently

opposed on the basis of potential harm, which

is a Utilitarian concern, the permission-based

approach in no way guarantees an outcome that

will make the practice ethically justifiable on a

Utilitarian basis. In other words, the solution

being proposed by many commentators is at

ethical odds to the frequency stated concern of

potential significant harm. If everyone freely elects to permit electronic monitoring the poten tial for harm is no different than it was prior to

such a practice. For example, it is not difficult

to imagine that information based on website




usage, if in the hands of certain groups, could

be used to make decisions about individuals that

cause harm. The only difference is that now users

have voluntarily accepted the risk. It should also

be recognized however, that providing choice to

users necessarily undermines the concept that

there is a private sphere that should generally be

respected irrespective of individual opinion. As

such, it is a fundamental rejection of one concept of the right to privacy.

Even if the foregoing is accepted it has little

application to the profiles that have been gener ated to date. In fact there will likely be continual

pressure to exploit the marketing advantages that

such databases provide. Further, there appears to

be limited willingness for companies to zealously

regulate themselves at an individual or even an

industry-wide level. In this respect there is a

regulatory role for governments to play. There

is a possibility that individual harm will result

from such database consolidation. In addition,

regulations should be developed which aim to

provide at least minimal individual privacy pro tection with respect to such database manage

ment and/or consolidation. It is apparent that this

represents as much a threat to individual privacy as electronic monitoring in the first instance.

Conclusion

The reality of the present situation is that

DoubleClick has no intention of discontinuing an activity that provides its competitive advan

tage. However, it should not want to jeopardize itself by apparently engaging in conduct that

amounts to an unethical invasion of privacy. DoubleClick allayed initial concerns by ensuring that all profiles maintained individual anonymity.

By this action DoubleClick could claim that its

electronic marketing was in fact an ethical

invasion of privacy. However, DoubleClick

would have undercut its ethical position by using their databases to link user data with personal identification information.

The DoubleClick experience indicates that

businesses ignore ethical issues at their peril. While the general public may not be sensitive

to all the nuances of ethical issues it is fair to say

that people understand the concepts of potential harm and freedom to choose. Electronic moni

toring is an invasion of privacy that has poten tial for harm. Companies must be able to justify the practice from an ethical perspective whether

its through taking measures on behalf of users to

minimize harm or placing the choice to assume

the risk of harm with users themselves. Providing

guarantees with respect to individual anonymity

accomplished this. It gave companies an ethical

basis on which to engage in electronic moni

toring on a covert basis.

Unfortunately, casual regard for the sensitive

caretaker position occupied by such companies has given critics reason to support a form of elec

tronic monitoring premised solely on voluntary

acquiescence. It is not surprising to believe that

such an approach would yield less fruitful results

for Internet marketers. It is an outcome that

industry participants are attempting to avoid

through the establishment of a self-regulatory

regime. However, Mr. O'Connor's comments at

the outset of the paper along with current self

regulatory initiatives provide little reason for the

public to maintain its faith in the current pater nalistic environment. There is every reason to

believe, both practically and ethically, that gov ernment regulators should place control of elec

tronic monitoring directly and completely in the

hands of computer users.

Notes

1 McQueen, R., "How To Get Ahead in

Advertising", National Post, March 1, 2000, p. Dl.

Mr. O'Connor's quote, wherein he commented on

the failure of DoubleClick's proposed initiative, was

taken from a newspaper article that examined the

issue. 2

The facts of the abandoned DoubleClick initiative

provided herein are publicly available and were

gathered from multiple published news sources. 3

Mr. O'Connor provided the insight in the same

newspaper article from which the initial quote was

taken. 4

For a recent paper on electronic monitoring in

the employment context see Alder, G. S., "Ethical

Issues in Electronic Performance Monitoring: A

Consideration of Deontological and Teleological



254 Darren Charters

Perspectives", Journal of Business Ethics 17(7), May 1998, pp. 729-743. 5

Information regarding Internet cookies is also

publicly available from a wide variety of Internet resources. The U.S. Department of Energy Computer

Incident Advisory Capability has published a bulletin on the topic "1-034: Internet Cookies". It is avail

able at http://ciac.llnl.gov/ciac/bulletins/i-034.shtm. 6 Green, H., "Privacy Online: The FTC Must Act

Now", Business Week, November 29, 1999, p. 48. 7

Telecommunications companies have the techno

logical capacity to develop personally identifiable user

profiles based on the phone activities of customers.

Such profiles also have commercial value from a

business marketing perspective. 8 A good example of the subversion of the right of

privacy in favor of a strong right is the U.S. West, Inc. v. FCC case. The FCC attempted to impose regula tory restrictions on the ability of U.S. telecommuni

cation companies to use, disclose, or allow access to

customer proprietary network information (CPNI). U.S. West mounted a successful legal challenge against

the regulatory obligations imposed by the FCC. The Tenth Circuit held that, absent any clear evidence of

harm to an individual's right of privacy through the use of CPNI, the right of commercial speech pos sessed by corporate entities should be paramount. 9

Reproduced from Parent, "Privacy Morality and the Law", Philosophy and Public Affairs 12 (1983),

p. 269. 10

Julie Tuan in "US. West, Inc. v. FCC", Berkeley

Technology Law Journal 15 (2000), p. 353 discusses similar issues of privacy in her criticism of the Tenth

Circuit's decision. 11

The Interactive Advertising Bureau (IAB) has

attempted to address the collection, use, and redistri

bution of sensitive information in its Privacy Guidelines. However, the guidelines on this point are

poorly drafted containing both permissive and manda

tory language. Ultimately, the guidelines suffer from even more fundamental flaws that are discussed herein. 12

Reproduced from Benn, S., "Privacy, Freedom,

and Respect For Persons", in Pennock and Chapman, eds., Privacy, pp. 10-11.

13 Such a position was taken by Heather Green in

the commentary "Privacy Online: The FTC Must Act Now" wherein she discussed her concerns about

the DoubleClick proposal prior to the statements of the Electronic Privacy Information Center.

References

Alder, G. S.: 1998, 'Ethical Issues in Electronic

Performance Monitoring: A Consideration of

Deontological and Teleological Perspectives', Journal of Business Ethics 17(7) (May), 729-743.

Boatright, M.: 2000, 'Privacy', Ethics and the Conduct

of Business, 3rd ed. (Prentice-Hall, Saddle River New Jersey), pp. 159-183.

Culver, C, J. Moor, W. Duerfeldt, M. Kapp and M. Sullivan: 1994, 'Privacy', Professional Ethics

3(3 & 4), 3-25.

Green, H.: 1999, 'Privacy Online - The FTC Must

Act Now', Business Week, No. 3657 (Nov. 29), 48.

Introna, L. and A. Pouloudi: 1999, 'Privacy in the

Information Age: Stakeholders, Interests and

Values', The Journal of Business Ethics 22(1), 27-38.

McCloskey, H.: 1980, 'Privacy and the Right to

Privacy', Philosophy 55(211), 17-38.

Tuan, J.: 2000, 'U.S. West, Inc. v. FCC, Berkeley

Technology Law Journal 15, 353.

'1-034: Internet Cookies.' U.S. Department of Energy Computer Incident Advisory Capability. 1998.

<http://ciac.llnl.gov/ciac/bulletins/i-034.shtm> (March 1, 2000).

'IAB Privacy Guidelines.' Internet Advertising Bureau. 2000. <http//www.iab.net/privacy guide lines/htm> (August 7, 2000).

University of Waterloo School of Accountancy, 200 University Avenue West,

Waterloo, Ontario, N2L 3G1,

Hagey Hall, Room 155, Canada



Documents

Double Clicks