Copyrighted material Tracking Customers Internet Use

by Josh Feit

Sucks up personal data without asking for consent, alleges FTC complaints
"At, we are committed to protecting your privacy.... In connection with your use of the Service, we collect web site usage data and traffic pattern data with respect to your activity both within and across web sites -- all of which remain anonymous."

Some people might think it's convenient to go shopping at and be greeted with recommendations: "Hey, you bought a Dr. Seuss book on your previous visit -- you might want to check out The Best of Elmo on DVD or the Infant Klackeroo from Playskool." However, Amazon's efforts to "customize" and cater to shoppers are becoming a little too friendly for some Internet users. A pair of recent complaints -- one filed with the Federal Trade Commission in Washington, D.C. and another filed in San Francisco federal court -- allege that an Amazon subsidiary, Alexa Internet, uses software to secretly collect personal data on web users and funnel it back to Amazon.

"I've never seen a piece of software that was so talkative about what you're doing and who you are," says Richard M. Smith, the Boston-based software designer who filed the FTC complaint. Smith's fundamental concern, shared by other privacy advocates, isn't simply that Amazon is amassing huge amounts of personal data (foregoing anonymity, despite their online privacy statement), but that there are no government regulations in place to prevent the company and others like it from selling the information to health insurers, credit companies, or even potential employers. "Companies make all sorts of pledges about policy today, but that doesn't mean they can't change their mind or get bought tomorrow by a company with a different policy," he says.

"These companies have stated rules," agrees Evan Hendricks, editor of the Washington, D.C.-based newsletter Privacy Times, "but we go through one by one and find serious contradictions with their voluntary policies." (Hendricks points out that several companies, including Microsoft and Real Networks, have been "Smiffed" -- sniffed out by Smith -- for secretly gathering information on people.)

Raising red flags about nosy software companies is crucial. If the Internet, as predicted, becomes the central marketplace of the 21st century, companies will not only be able to track consumers in an unprecedented way, they'll be under competitive pressure to use the data to their advantage. If the government doesn't step in to regulate e-commerce, privacy experts argue, the Internet will surely become a data-trading bonanza for private industry.

In Europe, comprehensive data-protection laws give citizens cause for legal action when private companies tinker with or trade personal information, but other than preventing cable companies and video stores from revealing what tapes you rent, no analogous laws exist in the United States.

Both Smith's complaint and the lawsuit filed January 6 in federal court by San Diego law firm Milberg Weiss Bershad Hynes & Lerach LLP focus on Amazon subsidiary, Alexa Internet. Amazon bought Alexa last April for $245.5 million in stock as part of its "customization" strategy to take advantage of Alexa's data-mining software expertise. The company's software alerts web surfers to other sites that may be of interest to them. The software, which web users download and attach to their browsers, does this by following the cyber paths of millions of Internet shoppers, analyzing where they go, detecting patterns, and reporting back to individual consumers with browsing tips. Amazon is using Alexa's updated version, zBubbles, which goes so far as to make comparative shopping recommendations.

The catch, according to Smith's FTC complaint, is that Alexa's technology, without asking for consent, simultaneously sucks up personal data (names, addresses, phone numbers, e-mail addresses) and monitors exactly what a person searched for at a given website, then relays that info back to Alexa and Amazon.

Smith knows what he's talking about, because he's used his own software to spy on the spies. Cruising the web to test out zBubbles, for example, Smith found that the program -- in violation of its own stated policy -- relayed his address to Alexa and Amazon. Smith ran the same test on Alexa basic software and found that his e-mail address, his home address, a plane reservation, and his sister's name and phone number were sent to an Alexa web server, without his permission.

In a letter to Amazon CEO Jeff Bezos, Smith wrote, "No software package should ever be transmitting this kind of personal information to another party without the knowledge and consent of a user.... I have been looking at privacy problems in other software packages... [and] the privacy problems with the zBubbles and Alexa are the worse by far of all of the software packages that I have investigated."

The privacy concerns that Smith raises about Alexa software are highlighted in the Milberg Weiss suit, in which plaintiff Joel D. Newby claims Alexa used its "secret information gathering capacity" to "shadow" his Internet use, collect personal data, and pass it off to parent company "This secret capacity works as a shadow of the user's Internet activity," the complaint states, "providing Alexa and with... defendants' personal and confidential data about its users' activities on the Internet."

The suit is intended as a class action for all Alexa users, and seeks $1,000 per plaintiff in damages. The suit, if successful, could cost Amazon millions. When news got out last week of the legal filing, Amazon stock tumbled six percent, to $65.56. did not return calls from this reporter. Alexa Internet could not be reached for comment. However, Smith says Alexa told him that while their software does pick up personal information, the company doesn't use it.

"That's the 'I didn't inhale' defense," Smith scoffs.

Comments? Send a letter to the editor.

Albion Monitor February 6, 2000 (

All Rights Reserved.

Contact for permission to use in any format.