Web Bugs

If I asked you if the Web site you're viewing has a "Web bug," you might think that I was asking if it had a glitch or problem. Actually, in this context, when I use the word "bug," you should think of a little surveillance device. Did you know Web sites and even e-mails can be bugged? Big Browser may be watching.

"Web bugs" are an information-gathering tool. They're not new, but they have been getting more attention lately. They upset privacy advocates because they're invisible and people can put them anywhere that they can place pictures or images on the Web. This means that people can bug Web pages, banner ads, emails, and newsgroups.

Welcome to the world of spyware. Can you imagine that you actually thought you could surf anonymously? Think again. You can't even necessarily read your e-mail without sending a message back to the sender saying, "I opened your e-mail."

This must be against the law. Right? As Johnny Carson might have said, "Guess again keyboard breath." (If you're not old enough to understand the Johnny Carson comment, I suppose that your parents would be proud to know that you're reading the Business Section.) It turns out that it's really not clear that Web bugs are illegal.

While government agency investigations and class-action suits have put Web bugs under intense legal scrutiny, I can' point to anything that says that Web bugs are clearly illegal. I can tell you that the Michigan Attorney General has shown interest. The "E-Commerce Law Report" quoted him as saying that Web bugs are "similar to Big Brother... People have no idea their thoughts and practices on the Internet are being tracked or policed. We're going after this secret, third-party surveillance."

Dangers from Web Bugs

Web bugs are a great asset to spammers because they let them know if your e-mail address is valid. As soon as you open the spam, the spammer gets a message back that says "valid address."

When marketers use cookies (another technology that upsets privacy advocates) and Web bugs, they obtain the Web addresses of pages you've visited. If that's not bad enough, it gets worse because the address sometimes includes your search terms or personally identifiable information.

It's even possible that using Web bugs and cookies together, "they" can track you by your e-mail address as you surf the Net. In other words, the Web site knows it's you even though you didn't try to tell them it's you who is surfing their site.

Are you feeling paranoid yet? Maybe you should.

It's an area that's clearly ripe for Federal legislation. It strikes me as outrageous that my surfing and email activities can be monitored and I don't know it. It's so over the line that I can't imagine any legitimate debate.

Having said that, I'm not suggesting that Web bugs be banned completely. I'm just suggesting that they be strictly regulated with meaty penalties for violating the law. They do have legitimate commercial uses and you may not object to a particular use if you knew it was happening. It's the fact that it's done surreptitiously that's so outrageous.

The Privacy Foundation (privacyfoundation.org) has suggested a multi-pronged approach for Web bugs. While it may not provide the ultimate answer, I would suggest that it's a good starting point for the discussion about legislation.

They start by suggesting that invisible Web bugs not be permitted. Rather, Web bugs should employ a visible, easily spotted icon on the page.

They next recommend that the icon identify the name of the company that placed the Web bug on the page. In addition, the icon should be labeled to say it is a monitoring device.

When a user clicks on the icon, they suggest that she should receive a disclosure that includes things like what data the Web bug is disclosing, how the data is used after it's collected, what companies receive the data, what other data the Web bug is combined with, and if a cookie is associated with the Web bug.

Also important is that users should be able to "opt-out" from any data collection done by Web bugs.

Finally, nobody should use the Web to collect information from Web pages of a sensitive nature. Examples may include pages intended for children or about medical, financial, job, or sexual matters.

Using Web Bugs Properly

Today, the law in this area is uncertain. The fact is that Web bugs are out there, businesses use them (including some of my clients), and they do have some legitimate purposes.

If you want to stay on the correct side of this legally uncertain area and on the good side of those who surf your site, I would suggest that you adopt a policy of voluntary compliance with the Privacy Foundation's multi-pronged approach. With people's increased sensitivity to privacy issues, I don't think that you can go wrong by erring on the "good guy" side on privacy issues.