Information & Ethics Committee on Dec. 11th, 2012

Thank you. Unfortunately, Mr. Angus, your time is up.

I will now yield the floor to Mr. Calkins for seven minutes.

Thank you, Chair.

I'm listening with great interest about your platform. You answered a couple of questions that I had as you went on with your conversation.

I want to talk a little bit about cookies. Just so I'm clear, your company is a data aggregator. Is that right?

Then you use that aggregate information and provide third party advertising directed back to a particular computer based on the cookies that are in the cache or in the cookie file that is commonly used by whichever Internet browser might be used on that computer at that particular point in time.

Who has that data?

The data is stored by BlueKai, but there's data also on the local machine. That's there in both cases.

I can write an app. I used to do this for a living, so I can write an app that will create a cookie and store it on a computer, and every time somebody puts information in a form—first name, last name, address, and so on—that information is stored on a cookie. The reason it has to be stored on a cookie is that a web page is static, not dynamic, even when you're using dynamic HTML, or whatever it happens to be.... Is this language that you and I both understand?

For the sake of edification, the reason cookies are used is that they're a necessary tool. It's not a client-server application. It's a static page, making a transaction with whatever other servers are out there across the Internet at that time. The cookie is there simply as a vehicle to store the information. It's a tool, sometimes temporary and sometimes permanent, for maintaining profiles, user information, or whatever it happens to be.

This is why, when we log back on to a number of different websites, the information that we were there last time is already automatically preloaded into that web page. This way, we don't have to constantly keep doing it. We get prompted as users from time to time if we want Internet Explorer to save the information for future use. That information's stored in a cookie. I understand that.

What I need to know from your perspective is this: you have this opt-out protection tool, which relies on a cookie to keep track of the bit or the signal or whatever it is that says they've opted out, yet as my colleague Mr. Angus brought to our attention, if he chooses to turn the cookies off and delete the cache or the history, and all of the cookies are wiped out, you have no knowledge of that opt-out on the machine.

Is that correct?

It's a plug-in.

Is it a Java plug-in, or what kind of a plug-in is it?

It's a Java plug-in. Okay.

You said you made the source code public.

So anybody...

—anybody could reverse-engineer this. Anybody could take a look at it, and anybody who has the experience could look at the code and understand the nature of what's happening there. It's a transparency mechanism for BlueKai, right?