Skip to Content

Government Surveillance

Legal Implications of Online Behavioral Advertising Practices: Collection of Internet Content from ISPs May Violate Federal and State Wiretap Laws


Brock N Meeks, CDT
(202) 637-9800 ex. 114
(703) 989-3547 (CELL)

WASHINGTON – The Center for Democracy & Technology today released an analysis questioning the legal standing of a new approach to online advertising being considered by Internet Service Providers and Internet advertising networks.

Under the new scheme, an ISP allows an advertising network to copy the contents of the individual Web traffic streams of the ISP’s subscribers. The advertising network then creates a record of each individual’s online behavior and uses it to target ads to the consumer.

“Based on what we know so far, this new advertising model appears to defy reasonable consumer expectations and may violate communications privacy laws,” said CDT President and CEO Leslie Harris.

The CDT memo examines in depth how the practice of copying consumer data in the network – at the ISP level – relates to the legal protections regarding online communications as set out in the Electronic Communications Privacy Act (ECPA).

CDT analysis concludes that this use of Internet traffic content by ISPs may run afoul of federal and state wiretap laws. Federal law would allow the practice with the consent of the subscriber. However, CDT notes, that consent should not be obtained through a notice buried in a “terms of service” agreement or inserted in a billing statement. State law may be even more stringent, requiring consent from all parties.

“Consumers do not expect their ISP to be copying their Internet communications and selling them to third parties,” said CDT Vice President Ari Schwartz. “We have concluded that the advertising network model at issue here requires clear notice and prior consent, and that may be impossible if state laws apply requiring all parties to consent.”

The memo can be found online at