Verizon Strikes $1.35 Million Settlement With FCC Over Its Use Of Stealth 'Zombie Cookies'

from the comes-around-goes-around dept

Last year you’ll recall Verizon Wireless found itself in hot water after being caught modifying user packets to insert stealth tracking technology. By embedding each packet with a unique identifier traffic header, or X-UIDH. Verizon and its marketing partners were not only able to ignore user browser preferences and track their behavior around the Internet, they were then able to use this technology to build detailed user profiles. Verizon Wireless launched and operated the technology for two years before security researchers even noticed the program, and it required another six months of public pressure for Verizon to even offer an opt-out option.

According to the FCC’s full press announcement (pdf), the fairly measly $1.35 million settlement doesn’t stop the program, which likely won’t please many privacy advocates. Verizon Wireless will however need to transparently notify users of the system and get their explicit opt-in (a rare dinosaur in online tracking rules) consent before sharing any of this data with third parties. The FCC is quick to highlight how Verizon previously proclaimed the technology couldn’t be abused by third parties to build detailed profiles of users — right before it was.

The FCC’s full order (pdf) indicates that the regulator is leaning heavily on both the transparency requirement embedded in the FCC’s net neutrality rules, and the agency’s authority under Title II of the Communications Act to enforce the settlement:

“Section 222 of the Communications Act imposes a duty on carriers to protect their customers? proprietary information and use such information only for authorized purposes. It also expressly prohibits carriers that obtain proprietary information from other carriers for the provision of telecommunications services to use such information for any other purpose. Section 8.3 of the Commission?s rules, known as the Open Internet Transparency Rule, requires every fixed and mobile broadband Internet access provider to publicly disclose accurate information regarding the network management practices, performance, and commercial terms of its broadband Internet access services sufficient for consumers to make informed choices regarding use of such services and for content, application, service, and device providers to develop, market, and maintain Internet offerings.”

When the FCC reclassified ISPs as common carriers under Title II, ISPs became subject to Title II?s Section 222 privacy protections regarding “customer proprietary network information” (CPNI). That portion of Title II was written specifically for phone companies, so the FCC is planning (prompted in large part by Verizon’s behavior) to update the CPNI rules to create new broadband consumer privacy protections. While the FCC politely lauds Verizon’s cooperation in the investigation, these kinds of consumer protections are precisely what Verizon was trying to stop when it sued to cripple net neutrality (both in 2010 and again last year).

Granted Verizon could have easily avoided the new privacy rules. It has argued for years that tougher privacy protections for broadband weren’t necessary because the industry could self-regulate. And regulators appeared to buy that claim for a while. But Verizon’s decision to covertly fiddle with packets and track tens of millions of customers without bothering to tell any of them indicates just how well that plan actually worked in practice.

Filed Under: , , ,
Companies: verizon

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Verizon Strikes $1.35 Million Settlement With FCC Over Its Use Of Stealth 'Zombie Cookies'”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Where is my cut?

I am a Verizon customer… why is it that I first get fucked by Verizon and then the FTC gets to profit while I still got fucked without any compensation?

I know a lot of you tech dirter’s like your government institutions but I have yet to see much of a benefit to all of these “regulations”. I have however, notice a whole lot of monopolies and poor service with little choice in the market however.

That One Guy (profile) says:

Hit hard or don't bother

If the $1.35 million ended up being so much as 5% of what they gained from selling the data I would be greatly surprised, which means that the FCC might as well not have even bothered. What possible reason does Verizon have not do do the same thing in the future with a fine this pathetic after all, it’s basically just a cost of business, a minuscule cost that ever so slightly lessens the profits gained.

No, if the FCC or other similar agencies want to provide some real incentive for companies to follow the rules then they need to use a percentage based fine system, and start at 100%. If companies know that the absolutely smallest fine for violations will leave them no better off than before should they be caught, in addition to any other penalties, then they might care, but as it stands the penalties and motivations are entirely on the side of breaking as many of the rules as they can and then just paying the laughable fines should they get caught.

Anonymous Coward says:

Re: Hit hard or don't bother

No fines! not even a $1.

Jail Time, nothing other than Jail Time. Fines serve as nothing more than a catalyst for government to ignore a problem long enough to ensure that they catch them do just enough damage for citizens to ignorantly feel good about it while the company laughs all the way to bank shaking the had that fined them for their generosity.

Anonymous Coward says:

Re: Hit hard or don't bother

hopefully there is a larger game afoot and the ftc is just flexing its muscles and setting legal president under the new laws. by charging this little they get a president they can then use as a hammer later for real fines that verizon may actually want to fight about. but then again reading to much techdirt has shaken my faith in humanity.

Ninja (profile) says:

$1.35 million settlement

Maybe I’m wrong but with such a detailed mining method they probably made much more than that. This is almost like punishing a kid for eating too much cake by giving them more cake.

Verizon Wireless will however need to transparently notify users of the system and get their explicit opt-in (a rare dinosaur in online tracking rules) consent before sharing any of this data with third parties.

Oh yes, I’d be delighted to have the privilege of being thoroughly tracked online while my data is subject to “outstanding” security practices. They’ll need to word their “transparent notification” eloquently to get users to opt in to such thing. Then again how many tool bars have I seen installed on computers of the world?

Anonymous Coward says:

I would almost guarantee Facebook uses something similar. Sometime in the middle of a Facebook session, try turning cookies off. Facebook will almost immediately log you off.

You are the product when it comes to Facebook, and the moment they can’t track your every move, they will shut you out. Not the kind of “free” application I’m interested in.

John Fenderson (profile) says:

Re: Re:

The difference is that you can turn your cookies off and have it be effective with Facebook.

With ISPs, cookies don’t enter into it. Verizon, for example, was tagging the traffic itself in a manner that you had little control over. Facebook cannot technically do this sort of thing. You have to be an ISP to pull it off.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...