Bashing ISPs on privacy "has become very popular," Rotenberg said. He added that existing US laws clearly prohibit ISPs from intercepting communications for advertising purposes. As a result, recent proposals to capture network traffic for advertising purposes "would be unlawful," and therefore don't pose a long-term threat to online privacy, Rotenberg said.
Lawmakers also are paying attention to the issue. In August, for instance, the US House Committee on Energy and Commerce sent a letter (download PDF) to 33 phone, cable and Internet companies inquiring about their data collection practices.
The letter was prompted by what committee members said was the growing trend among companies to deliver targeted online advertisements based on data collected about a user's Web surfing habits. One of the goals was to find out whether existing communications privacy laws applied to ISP monitoring activities and whether those laws needed to be amended to address that issue, the letter said.
ISPs themselves are downplaying the privacy concerns and have sought to assure legislators that any monitoring activities they may be planning are innocuous compared to what companies like Google are doing.
For instance, in a response to the House committee's letter, Dorothy Attwood, a privacy executives at AT&T, said that the company doesn't track the "overall" Web browsing or search habits of users for behavioral advertising purposes. Attwood's response (download PDF) drew attention to what she claimed was Google's ability to observe a user's "entire Web browsing experience at a granular level," including the URLs that he enters and the searches that are conducted, and then said that AT&T hasn't installed such capabilities.
Attwood added that if done right, behavioral advertising holds lots of potential benefits for Internet users. But she said that if AT&T ever embarked on such an effort, it would do so only with the full, informed consent of customers.
More than two dozen other companies also responded to the House committee's letter. In its response (download PDF), US-based Cable One acknowledged that it had engaged in a "small-scale test" of technology that would have enabled the company to deliver targeted ads to its users.
The test involved 14,000 customers over a 180-day period, but Cable One ultimately decided not to implement the technology, according to the response. Cable One added that if it had decided to go ahead with the project, it would have done so only with the full consent of users and in full compliance with applicable laws.