Watching AT&T, Time Warner Cable, and Verizon representatives testify at the U.S. Senate Commerce Committee hearing on broadband providers and consumer privacy made me wonder how long we can talk in generalities about online privacy and advertising without rolling out some storyboards.

Behavioral targeting veteran Dave Morgan offers a nice summary on MediaPost of the background and arguments for industry self-regulation, and both the House and Senate have made it pretty clear that they would like to avoid any legislation that might damage the online advertising economy. Plus, some of them seem a bit distracted at the moment. But there's a catch-phrase here that everyone appears to be lining up behind which makes me wince. It's "advance affirmative informed consent" – or some variant – which begs to be acronymed: AAIC.

Of course, AAIC sounds good: give consumers the information they need to make an informed decision about things like deep packet inspection and third-party tracking cookies and make them decide what they're willing to tolerate. I imagine my ISP presenting some kind of long EULA-like consent form the next time I open my browser, probably two minutes before I have to get on the phone with a client, blocking my access until I click a radio button indicating whether I agree or not.

As it happens, there's a much better way. I saw it demonstrated at Microsoft over a year ago, but I haven't seen it since. It's a small standard semi-transparent icon (call it a "disclosure bug") that appears in the corner of any display ad. When rolled over, it opens an overlay that explains why you're being shown this ad, which ad network or publisher is responsible, what your profile looks like to them and what method was used to obtain it, and gives you the opportunity to either immediately opt-out of the network (and wipe your profile), or adjust your interest categories if they've got it wrong. This puts the focus where it should be: on full transparency and granular control in the relevant context, rather than an AAIC that's likely to seem more like annoyance than empowerment.

I discussed disclosure bugs with many leading ad network executives at OMMA last week, and for the most part they thought it was a great idea. There are several reasons why behavioral targeting networks should like this, not the least of which is that consumers will soon learn that targeted ads actually are more relevant to them than non-targeted ads, which tend toward the "you have just won $1,000,000!!" sensibility. It would also allow consumers to improve the accuracy of their profiles and manage privacy pro-actively, and provide law-makers and privacy advocates with evidence of tangible progress in self-regulation. Last but not least, it would expose the networks who believe full transparency is a bad idea.

Unfortunately the IAB, whose privacy principles are still at the level of generalities, is probably not up to the challenge of pursuing such aggressive standards. Congress, for its part, is even more unlikely to get involved at such a level of detail. ISPs are arguably in the best position to take the lead on the concept of active disclosure for targeted ads. Although few of them practice behavioral targeting today, and DPI in the U.S. seems for the moment to have followed NebuAd into hiding, their long-term interest in advertising is likely to grow along with their triple-play aspirations. But they also have the distinction, unlike online ad networks, of having to answer directly to consumers.