Group items matching

in title, tags, annotations or url

As if you needed another sign that times are tough, here's a fairly reliable measure: The number of cases handled by the advertising industry's best-kept secret -- self-regulation -- are on the rise. Last year the National Advertising Division of the Council of Better Business Bureaus handled 214 cases, up 22% from 2007. And in 2008 ad challenges, in which one advertiser challenges a competitor's claim, rose 31% to 81 cases. Why the increased activity? It's a deadly fight for share of market out there, and in down times advertisers tend to revert to hard-hitting comparative advertising. NAD's purpose is to substantiate these kinds of attack ads, and it can do it faster and cheaper than litigation can. The Federal Trade Commission seems to like the idea of letting advertisers settle their own disputes. When the National Advertising Review Council, the body that sets the policies and procedures for the NAD to enforce, started 38 years ago, then-FTC Chairman Bob Pitofsky wasn't an early convert. "If the truth be known," he said 10 years ago, "there was some skepticism about how the whole thing would work. The FTC had been burned time and time again by unkept promises of self-regulation by other industries. But this group has proved the skeptics wrong. Today, advertising has the best self-regulatory system of any industry in the country." The outgoing chairman of the FTC, William Kovacic, is also a fan. But the current crop of FTC commissioners don't seem as convinced, although they seem somewhat willing to give self-regulation a chance. In issuing guidelines for online behavioral advertising, FTC Commissioner Jon Leibowitz said the industry needs to do a better job of "meaningful, rigorous self-regulation, or it will certainly invite legislation by Congress and a more regulatory approach by our commission."A joint industry task force quickly seized on that statement as an endorsement for self-regulation, and said it supported FTC's goal of a "comprehensive and eff

Enforcing Privacy Promises: Section 5 of the FTC Act A key part of the Commission's privacy program is making sure companies keep the promises they make to consumers about privacy, including the precautions they take to secure consumers' personal information. To respond to consumers' concerns about privacy, many Web sites post privacy policies that describe how consumers' personal information is collected, used, shared, and secured. Indeed, almost all the top 100 commercial sites now post privacy policies. Using its authority under Section 5 of the FTC Act, which prohibits unfair or deceptive practices, the Commission has brought a number of cases to enforce the promises in privacy statements, including promises about the security of consumers' personal information. The Commission has also used its unfairness authority to challenge information practices that cause substantial consumer injury.

To help parents better understand their childrens' online privacy rights, the Federal Trade Commission has developed a new article, Protecting Kids' Privacy. The article is posted at OnGuardOnline.gov, a Web site sponsored by the federal government and the technology industry to help users stay on guard against Internet fraud, secure their computers, and protect their personal information. Parents can learn what Web sites must do to protect the privacy of kids younger than 13 under the Children's Online Privacy Protection Act (COPPA). For example, with very few exceptions, sites must get parents' permission if they want to collect or share their kids' personal information. Parents also will find tips for talking to their kids about online privacy, knowing what their kids are doing online, reporting a Web site that may be violating COPPA, and more. To learn more about online privacy for kids, view this article on OnGuardOnline.gov at www.OnGuardOnline.gov/topics/kids-privacy.aspx or view it as an FTC Facts for Consumers publication at http://www.ftc.gov/bcp/edu/pubs/consumer/tech/tec08.shtm. The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC's Web site provides free information on a variety of consumer topics.

The recent U.S. stimulus bill includes $18 billion to catapult the health industry toward the world of electronic health records. This is sure to light a fire under every hungry security vendor to position itself as the essential product or service necessary to achieve HIPAA compliance. It should also motivate healthcare IT professionals to learn where their sensitive data is located and how it flows. To be sure, with federal money allocated through 2014 for the task of modernizing the healthcare industry there will be many consultant and vendor businesses that will thrive on stimulus money. Healthcare is unique in that storage of electronic health records is highly distributed between primary care physicians, specialist doctors, hospitals, and insurance/HMO organizations. Information has to be efficiently shared among these entities with great sensitivity towards patient privacy and legitimate claims processing. Patients want to prevent over zealous employers from performing unauthorized background checks on medical history; claim processors want to prevent paying fraudulent claims arising from targeted patient identity theft. The bill has two provisions which turn this into a tremendously challenging plan, and a daunting task for securing patient data: * Citizens will have the right to monitor and control use of their own health data. This implies a large centralized identity and access control service, or perhaps a federated network of patient registration directories. Authenticated users will be able to reach into the network of health databases audit use of their data and payment history. * Health organizations suffering loss of more than 500 patient records must publicly disclose the breach, starting with postings on the government's Health and Human Services website. This allows related organizations to trace the impact of the breach throughout the healthcare network, but care must be taken not to disclose vulnerabilities in the system to intruders

A company that monitors P2P networks says it found details about the president's helicopter, Marine One, on a computer in Tehran. Pittsburgh station WPXI reports. Bob Boback, CEO of Tiversa, said, "We found a file containing entire blueprints and avionics package for Marine One. … What appears to be a defense contractor in Bethesda, MD had a file sharing program on one of their systems that also contained highly sensitive blueprints for Marine One," Boback said. Retired Gen. Wesley Clark, an adviser to Tiversa, added: We found where this information came from. We know exactly what computer it came from. I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went. It's no accident the information wound up in Iran, the company said. Countries like Iran, Pakistan, Yemen, Qatar and China are "actively searching for information that is disclosed in this fashion because it is a great source of intelligence," Boback said. Rep. Jason Altmire said he will ask Congress to investigate the risk to national security of this sort of exposure. Cnet's Charles Cooper interviewed the Tiversa's Sam Hopkins (Cooper says he's the CEO but the original report said Boback is CEO; the company website doesn't list executives), who said someone at the company was running a Gnutella client - possible a buggy one. Hopkins said it's hardly an unusual occurence - although presumably the usual breaches aren't so closely connected to the President. Everybody uses (P2P). Everybody. We see classified information leaking all the time. When the Iraq war got started, we knew what U.S. troops were doing because G.I.'s who wanted to listen to music would install software on secure computers and it got compromised. … We see information flying out there to Iran, China, Syria, Qatar-you name it. There's so much out there that sometimes we can't keep up with it. Bottom line: P2P is the big

Big Brother may be at it again. Behavioral advertising - the tracking of consumer's Internet surfing activity to create tailored ads - has triggered an intense legal controversy that has law firms scrambling to stay on top of a burgeoning practice. Attorneys say that behavioral advertising is raising privacy, litigation and regulation fears among consumer advocates, the electronic commerce and advertising industries and legislators. Law firms are busy helping companies come up with a transparent way of letting consumers know that their online activities are being tracked and possibly shared. "Lawmakers and companies are having a tough time keeping up with this new frontier of Internet privacy issues, and there is growing consumer unrest about behavioral advertising, leading in some cases to consumer rebellion," said Lisa Sotto, a partner and head of the privacy and security data group in the New York office of Richmond, Va.-based Hunton & Williams. "Consumers find this type of tracking intrusive, and businesses are starting to take the consumer reaction seriously," she said. The buzz over behavioral advertising has been building since congressional hearings that were held last year, during which Congress called on Internet service providers (ISPs) to testify about a highly controversial advertising practice known as "deep-packet inspection." The practice gives companies the ability to track every Web site consumers visit and provides a detailed look at everything they're doing, such as where they're going on vacation, who is going, how much they spent on the trip and what credit card was used. But then came the first class action targeting behavioral advertising, filed against Foster City, Calif.-based NebuAd Inc., an online advertising company accused of spying on consumers from several states and allegedly violating their privacy and computer security rights. The lawsuit specifically alleges that NebuAd engaged in deep-packet inspection. Valentine v. Ne

Oh, the double-edged sword of Twitter. It's not nice when it makes PR people and reporters look like asses, as Jennifer Leggio will post tomorrow. But it's a whole new can o' beans when it affects political power. And yup, Twitter did in fact (or not - see below) alter the balance of power in Virginia (the state capital of which is Richmond, Va., for what it's worth) this week, as Talking Points Memo blogs: Yesterday the Virginia GOP came very close to taking control of the state Senate, nearly luring a Democratic Senator to switch parties and put them at a 20-20 tie, which would have been broken by the Republican Lt. Governor. Then Jeff Frederick, a state legislator and the party chairman, ruined it all by Twittering this: Big news coming out of Senate: Apparently one dem is either switching or leaving the dem caucus. Negotiations for power sharing underway. The Dems then read the message, quickly mobilized to talk the renegade out of it, and stopped the GOP coup before it could happen. Here's Frederick's exciting presence on Twitter, featuring such nail-biting updates as: * Had great meeting; dinner @ Bookbinders; now at Lucky Strike/Cap Results party. Tired * Meeting w/ Senator about a bill he wants me to support. And then this intriguing post: Meeting w/ HseMajLdr abt my senate post earlier.He gave me info, which came f/ a Senator who said it was public. That will be a fun meeting. At any rate Frederick pointed to a blog post from conservative Roanoke County, which says the whole Twitter story is b.s., that the Dems already knew about the rogue House member before Frederick ever Tweeted. Even so, the strange power of Twitter is now well-established.

The Department of Homeland Security's Data Privacy and Integrity Advisory Committee has offered DHS Secretary Janet Napolitano 16 recommendations on how to best address privacy issues currently facing the department. The panel stressed that "the need to update the government's legal authority to protect and defend cyberspace in the U.S. classified intelligence systems raise specific and sometimes significant privacy issues, including the conflict between transparency and redress." The committee has asked that each DHS component - such as the Federal Emergency Management Agency and Office of Intelligence and Analysis - have a designated privacy officer that would report to the head of the section. The committee also "encourages DHS to continue to work toward policy and functional interoperability in the development of new systems and when making major modifications to existing systems," according to a letter from the committee hand delivered to Napolitano. Additionally, the panel said the 1974 Privacy Act has "not kept pace with the evolution of technology and developments in how data is collected, used, shared and stored. To the extent the Secretary is asked to submit recommendations to Congress for making the act more relevant and effective, the committee recommends that the secretary seek guidance from the Privacy Office staff, who are experts in applying the Act's provisions throughout the department." For more on the recommendations, read the committee's letter here.

Update on Feb. 18, 8:33 a.m.: Facebook is backing off changes to its terms of service, informing users on their official blog that they will remain intact. "Over the past couple of days, we received a lot of questions and comments about the changes and what they mean for people and their information," Facebook CEO Mark Zuckerberg writes in the blog. "Based on this feedback, we have decided to return to our previous terms of use while we resolve the issues that people have raised." To learn more, read our original post below. Facebook is having trouble dousing the flames in a firestorm over its trustworthiness. A recent change in its terms of use -- the legalese tacked onto the bottom of most websites -- has sparked concerns that the social networking giant plans to own all users' information forever. Founder and CEO Mark Zuckerberg claimed in a blog post Monday that "on Facebook people own and control their information." But privacy advocates still aren't satisfied. "I think in simple terms it's a tug of war over user data," says Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC) in Washington. "People put information on a Facebook page to share with friends. But it's pretty much with the understanding that they're deciding what to post and who has access to it. Facebook, like any other company, is trying to obtain maximum commercial value from its users."

Social media is on the rise, and so are the privacy and security risks. Is it time to dial back on the whole Web 2.0 'friend' thing? The social media honeymoon is officially over. While it may not yet be time to fly to Reno for a quickie divorce, you might want to start thinking about sleeping in separate bedrooms for a while. Example du jour: Over the weekend, a rogue application spread across Facebook, warning users about bogus errors in their profiles. Clicking on the "Error Check System" app causes it to send false warnings to your entire FB posse, per the unofficial AllFacebook blog. There doesn't seem to be any payload associated with that app besides driving traffic, but the potential for abuse is obvious. But a bigger problem on social nets is an old familiar one: spam. So far, spam only accounts for about 5 to 25 percent of all e-mail passed on social networks, versus 90 percent of regular e-mail, says Adam O'Donnell, director of emerging tech for Cloudmark, which filters spam for some large social nets (but won't identify which ones). As more people start tweeting about what their cats ate for lunch and share their Facebook profiles with near-total strangers, though, that number will only grow. The type of spam on social networks is different too, says O'Donnell. Think fewer fake Viagra come-ons, more social engineering scams. In other words, the junk you get on social networks is more likely to be aimed at stealing your credentials or your identity -- and thus much more dangerous than garden-variety spam.

Eight years ago, a woman we'll call Sarah discovered that she was not biologically related to the father she had known all her life. Sarah, her mother revealed, was "donor-conceived." Her parents, after trying without success for a pregnancy of their own in the late 1970s, turned to a fertility center, where Sarah's mother was artificially inseminated with sperm from an anonymous donor. At the time sperm banks did not offer detailed donor profiles. Upon discovering the truth, Sarah was told what her parents had been told about her biological father: He was a medical student, possibly of Scandinavian ancestry. Sarah, who describes her family as "loving and stable," was shocked. Today she is also sick. A year before finding out about her conception, she began to experience severe, unexplained bladder problems. She has been seeing doctors at Johns Hopkins; so far they haven't figured out the cause. Recently married, Sarah worries that she may pass the illness on to future children. The medical history of her biological father could provide a crucial piece of the diagnostic puzzle. But in the early days of artificial insemination, clinics often shredded or burned files to ensure donor anonymity and client privacy. Sarah's father's identity may be locked away in storage somewhere, or it may have been destroyed. Although aware of the likely futility of her search, Sarah still continues-writing the clinic, nurses, her doctor-in the hope that someone can help. Faced with stories like this, the fertility industry and a few state governments are trying to come up with a way to ensure that future donor-conceived children will have access to their fathers' medical files. A national registry, for example, could allow banks to monitor how many times a man donates semen and how many children are born from his seed, to share updates about medical issues and to facilitate long-term research on health outcomes. But any such registry poses a threat to the p

The departments of Defense, State, and Health and Human Services have not met legal requirements meant to protect Americans' civil liberties, and a board that's supposed to enforce the mandates has been dormant since 2007, according to federal records. All three departments have failed to comply with a 2007 law directing them to appoint civil liberties protection officers and report regularly to Congress on the safeguards they use to make sure their programs don't undermine the public's rights and privacy, a USA TODAY review of congressional filings shows. An independent Privacy and Civil Liberties Oversight Board set up to monitor the departments hasn't met publicly since 2006; it no longer has members. Government missteps such as putting innocent people on terrorist watch lists and misusing administrative warrants, known as national security letters, "might have been dealt with much sooner if we had … cops on the beat to make sure there are standards that are being upheld," says Caroline Fredrickson, legislative director at the American Civil Liberties Union (ACLU). The lack of civil liberties officers at State and Health and Human Services is troubling because the departments hold passport and medical records, says James Dempsey, vice president of the Center for Democracy and Technology. "Security of that information is very important," he says, and these officers should monitor how it's used and shared. The Pentagon also has sparked concerns. Its Counterintelligence Field Activity office was criticized by the ACLU for wrongly tracking anti-war groups - a charge confirmed by the Pentagon in 2006. A 2007 law requires eight departments and agencies to have civil liberties officers and file reports. Justice, Homeland Security, Treasury, the CIA and the Office of the Director of National Intelligence have done so. Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, leaders of the Homeland Security committee, says departments not in compliance will b

The new year has come and gone on the Gregorian calendar. But the new year for legal technology is still in progress at LegalTech New York, where vendors are unveiling their new products and services and attendees are helping them celebrate. LegalTech attendees should revel in the number of vendor initiatives aimed at reducing e-discovery costs from acquisition to review and production. And, like last year, EDD vendors continue to design and manufacture their products for international litigation. But LegalTech is not all about e-discovery. There were still plenty of vendors with products outside the Electronic Data Reference Model. EDD PARTIES Readers should be aware that Index Engines can access and extract data from tape and tape libraries -- and can do so really fast. But now they can also extract data from network storage systems, file shares, forensic images and hard drives and still provide users a single point of access to it -- via a Web browser. Index Engines first indexes data on disparate resources. Once the index is compiled, data can be deduped, searched, reviewed and extracted on demand. Also note that Index Engines can now filter unwanted file types such as EXE, DLL, etc., during the indexing process to reduce the time it takes to review the data. Read LegalTech New York 2009 Coverage on Legal Blog Watch In preparation for the new year, Kazeon Systems introduced new pay-as-you-go pricing models that augment their current standard software licensing option and focus on case matters. Kazeon hopes the new pricing models allow customers to implement an e-discovery solution that does not require a major financial investment or lengthy rollout. Vendors are starting to "go left" of the EDRM to provide organizations a better view of the end of litigation via early case assessment tools. In fact, KPMG promoted the concept with a T-shirt emblazoned with "go left." Toward that end, Daticon EED announced the availability of its Early Case Assessment servic

A group of U.S. companies, led by technology giants Microsoft, Hewlett-Packard and eBay, is set to outline recommendations for new federal data-privacy legislation that could make life easier for consumers and lead to a standard federal breach-notification law. The recommendations, which were developed by a group of industry players called the Consumer Privacy Legislative Forum, are set to be released at an upcoming privacy conference six weeks from now, according to Peter Cullen, Microsoft's chief privacy officer. The companies have been working for the past three years to encourage the adoption of federal consumer data-privacy laws and to answer the question of what federal legislation should look like, Cullen said in an interview. Other forum members include Google, Oracle, Procter & Gamble and Eli Lilly. One idea is that laws should make it easier for consumers to understand what they're getting into when they share their personal data with Web sites, Cullen said. "The whole focus on consent really puts an unfair burden on the consumer," he said. "My mom doesn't know what an IP address is." The recommendations will cover rules around data use and the ability of consumers to correct inaccurate data. And they will cover data breach notification, which is now covered by a patchwork of state laws. Simplifying breach-notification laws by creating a single federal standard is important, Cullen said Wednesday while speaking at a discussion of privacy policy in San Francisco. "It's not that there is no privacy law. There's actually too much privacy law," he said. "If you think about data-breach notification laws just as an example, there are 38 state laws, many of them very different." "We need to think about much more of a framework approach." Congress has passed some laws covering consumer data privacy, such as the 1996 Health Insurance Portability and Accountability Act (HIPAA), but existing laws do not comprehensively cover consumer privacy in general.

Government Computer News presents Pat Howard, chief information security officer of the Nuclear Regulatory Commission, and Ari Schwartz, vice president and chief operating officer of the Center for Democracy and Technology, in an eSeminar recoreded at 2 p.m. Wednesday, Nov. 19, where they discuss personally identifiable information in the government. Federal IT officials must continually balance competing demands to share information while also complying with various mandates to protect the privacy of PII within federal information systems and programs. During the presentation, Mr. Howard discusses: * How IT and program managers are adapting to these challenges; * The latest laws and guidance on PII; * Measures taken by the NRC to strengthen PII protections; and * New demands concerning privacy in the federal marketplace. A question-and-answer session follows the presentation. GCN Editor in Chief Wyatt Kash moderates.

Date: Tuesday, February 10, 2009 Time: 2:00 p.m. EST/11:00 a.m. PST Follow the link below to register: http://sc.haymarketcomm.net/r/?ZXU=775318&ZXD=33050957 Organizations are still struggling to get into compliance with PCI DSS, especially as the PCI Security Standards Council continues to update and tweak the standards. There's much to keep in mind and even more to do in order to adhere to the mandates, so what are the critical steps to get there. Experts share their know-how. Featured speakers Rich Mogull, L.L.C., Founder and Principle Analyst, Securosis Murray Rosenthal, CISA, Senior Policy Analyst - Security I&T Strategic Planning & Architecture Information & Technology Division, City of Toronto Sponsored by Symantec http://sc.haymarketcomm.net/r/?ZXU=775319&ZXD=33050957 Follow the link below to register: http://sc.haymarketcomm.net/r/?ZXU=775320&ZXD=33050957

It's funny. Was it just a month ago that we were enjoying the holiday respite, wondering what 2009 would have in store for us? Mind you, I didn't have any delusions. After the breaches, news events and regulatory issues of 2008, I didn't think we were going to turn the calendar page and emerge in a new world of a healthy economy and soaring consumer confidence. But neither did I think, four weeks later, we'd already have our first major security breach of the year - Heartland Payment Systems (HPY) and that it would so dominate our industry's attention. I get it, though, why we're so enamored of this case. It speaks to our biggest fears, first of all, that unknown electronic assailants can sneak into our systems and pry away our customers' names and critical information. Then there's the unknown enormity - we truly don't know how big this breach was. And, finally, it hits home. For you, the banking institution, you're the one left replacing your customers' cards and explaining why. For me, the banking customer ... well, mine is one of the banks doing the explaining. Needless to say, we're monitoring accounts closely. So, we were among the first to break the Heartland story when it first broke last Tuesday, and we've continued to follow it closely. After the initial media surge, where we saw news outlets and solutions providers tripping over one another to opine over what they think happened to Heartland and what it all means, here is what I believe we've learned so far from the case: 1) The Damage Goes Far Beyond the Breach. Heartland execs absolutely did the right thing by stepping forward last week and saying "We were breached," but the company has suffered for it ever since. The market responded to the news by gutting the company's value from over $14 per share last Tuesday to a low of just under $8 this week. Reputationally, you just can't measure the damage - Heartland is now synonymous with "breach," and that's a tough tag to shake. Unable to answer quest

This tip is part of Mitigating Web 2.0 threats, a lesson in SearchSecurity.com's Data Protection Security School. Visit the lesson page or our Security School Course Catalog for additional learning resources. Social networking, a term relatively new to the computing vernacular, has already become part of the cultural norm for a great proportion of Internet users. Even more recently, the use of online communities to establish and build connections among those with shared interests has become part of the corporate world as well. As professional social networks such as LinkedIn and Blue Chip Expert continue to grow, and professional groups gain in popularity on once-personal sites like Facebook and MySpace, enterprise security and risk management professionals must face the reality that these sites are emerging conduits for the unauthorized disclosure of confidential corperate information. Add the use of public social networking tools to the list of concerns, and the effectiveness of the traditional corporate security perimeter is further diminished. However, a robust set of policy, process and architecture aids in mitigating the risks of being social. Broadly, social networking is described as software that lets people interact, rendezvous, connect, play or collaborate by use of a computer network. This definition covers the popular social networking sites, including those mentioned above, as well as blogs, wikis, RSS, podcasts, tags, and more recently, search engines. While there are numerous benefits to social network solutions, including reducing costs and increasing collaboration, we'll focus on addressing the risks.

Jan. 27 /PRNewswire-USNewswire/ -- Consumer Policy Solutions today released a new survey examining consumer awareness and understanding of online privacy. With Data Privacy Day tomorrow, this is an especially timely survey intended to help raise consumer awareness of privacy issues and give consumers the knowledge and tools needed for the privacy they desire online. Many consumers are not fully aware of the implications of their online activity and the "virtual breadcrumbs" they inadvertently leave behind when roaming from site to site. This survey, which follows closely on the heels of a Consumer Policy Solutions survey released in May that revealed protecting personal privacy is a top consumer concern, takes a closer look at consumers understanding of online privacy. Many respondents were unaware of the tracking, collecting and sharing of information that occurs as a result of online activities. "Consumers care about protecting their privacy on the Internet, but they do not necessarily know how to protect themselves nor do they understand how the process works," said Debra Berlyn, president of Consumer Policy Solutions. "Today is a great day to raise awareness of what the issues are for consumers. I think our survey serves as a good gauge of how consumers view their privacy online." In response to the findings of the survey, Consumer Policy Solutions is launching a website www.ConsumerPrivacyAwareness.org dedicated to educating and informing consumers about online privacy issues. The survey found that: * Consumers think they are knowledgeable about online privacy, but many are unaware of how their activity and behaviors can be followed and collected online. o 70% of Internet users say they are very or fairly knowledgeable about how to protect their personal privacy online o 42% are unsure whether their online activity is tracked and recorded by companies for commercial purposes o 12% believe that tracking by companies for co

Top House and Senate Democrats are working on legislation that would prevent online marketers from sharing Web-surfing information unless Internet users allowed them to. That's according to House Communications, Technology and the Internet Subcommittee chairman Rick Boucher (D.-Va.), who told Multichannel News that such a bill was in the works and was one of his top legislative priorities. The issue of online behavioral marketing has gained traction recently, spurred by privacy concerns and by media companies' need to find new ways for advertisers to reach aggregated audiences at a time of fragmented viewing and multiplying delivery platforms. Boucher's predecessor atop the committee, Rep. Edward Markey (D-Mass.), held a hearing last fall on the issue and helped quash a test by ad-tracking company NebuAd and cable operator Charter Communications. In an interview, Boucher said he was teaming with Reps. Cliff Stearns (R-Fla.), ranking member of his subcommittee, and Joe Barton (R-Texas), ranking full committee member, on a bill that would apply "across the board" to behavioral advertising and data collection by Web sites. "The goal would be to give the Internet user a sense that information about him that is collected by Web sites is well understood by the user, so he has an opportunity to know what is collected," Boucher said. "He would then have an opportunity to act in a way that prevents that Web site using that information to market him personally, and an even broader opportunity to prevent the transfer of that information about him to third parties." Boucher envisions a combination of opt-in and opt-out requirements. "Opt-in would apply where the information is conveyed to third parties," he said, while "opt out would apply where the Web site that collects the information is using that information directly to market the customers from whom it is collected." Center for Digital Democracy executive director Jeff Chester was please