Jewish World Review March 2, 2001 / 7 Adar, 5761
http://www.jewishworldreview.com -- More than 30 percent of Web pages sampled during last year's Christmas season were infected by new generations of Web bugs that the advertising industry is using to secretly track what surfers are doing online, privacy advocates say.
Richard Smith, chief technology officer at the University of Denver's Privacy Foundation, said the use of sophisticated Web bug tracking devices "has grown dramatically" over the last year.
He used a search engine and identified 4 million Web bugs planted by 30 vendors.
Smith said he even has found that bugs are planted by the Boston bank he uses for online banking, and on a hotel site offering Internet room booking services. He said many companies aren't disclosing their use of bugs in their privacy policies, and at least one Web bug version he uncovered searches a user's computer while they are looking at the site.
"Technology is changing constantly,'' said Smith, who is working on software the Privacy Foundation plans to give away that will alert computer users to the bugs.
At a briefing on Web bugs for the congressional privacy caucus Thursday, Sen. Richard Shelby, R-Ala., said he was outraged at the sophistication of some new generations of bugs, which can secretly extract the most sensitive data from a user's computer while they are visiting a Web site.
"It would appear that while you use the Internet, the Internet is using you,'' Shelby said. He said people stand to lose some of their most sensitive information. "You can get more information off a computer than through a wiretap,'' he said. "What concerns me is the national implications to this."
He said individuals and government agencies aren't fully aware of the capabilities of newer generations of tracking devices, which are replacing "cookies," or small software programs the advertising industry puts in users' hard drives to track surfing habits.
Shelby said Web bugs can steal the most sensitive information on a computer hard-drive, leaving no trail of the lost data and giving the computer user no knowledge of what the Web bug operator has been doing.
Rep. Ed Markey, D-Mass., said the alarming misuse of Internet tracking devices is spurring support for toughening a new privacy bill that Congress is considering to regulate how Web sites use the technology. "This is more than a game. It is real,'' he said.
Gary Clayton, chief executive officer of the Privacy Council, showed lawmakers how Web bugs can be used to extract data from a computer within minutes of logging onto a Web site, without a computer user's knowledge.
The Privacy Council is not associated with the Privacy Foundation.
In the demonstration, Clayton's address book with 1,800 phone numbers and addresses and a congressional memo were taken from his computer.
Clayton said he's trying to alert American business to the potential of corporate espionage, and the loss of their most sensitive data. "No one is immune," he said.
Christine Varney, a former Federal Trade Commission attorney, said that the sort of Web bug spying Clayton described is a felony under existing federal laws, but acknowledged it could be done without the knowledge of the computer owner. "This is totally outrageous,'' she said.
Varney said some bug versions are only software programs buried in Web sites to track how many visitors come to the sites, but other newer versions are more sophisticated. She said companies should be alerting visitors they are using the devices.
Smith said the most dangerous Web bugs are able to exploit
security holes software developers left in their systems to collect
data. He urged Congress to persuade the major software
developers to come up with patches that will provide new ways of
protecting software from
Comment by clicking here.