Consumer Groups Say AT&T, Comcast Violate Privacy Law By Hoovering Up Cable Box Data Without Full User Consent

from the informed,-empowered-consumers-cost-us-revenue dept

In addition to the $21 billion made annually by cable set top box rental fees, cable companies make untold billions from monetizing the user viewing data these boxes help collect. That captive revenue alone is the driving force behind the pay TV sectors histrionic opposition to the FCC’s plan to open the sector up to third-party hardware competition. Consumer viewing and behavioral data is an immense cash cow, one the cable industry has occasionally threatened to take even further — with patents on tech that lets the cable box literally watch or listen in on American living rooms.

While things haven’t quite reached that level of total information awareness yet, consumer groups this week filed a formal complaint with both the FTC and FCC arguing that things have gone far enough. Public Knowledge, the Center for Digital Democracy and Consumer Watchdog have filed formal privacy complaints with both the FCC and FTC saying that major cable companies routinely fail to inform consumers about the degree in which their viewing data is collected, stored and monetized via ye olde cable box.

The complaints note that while most cable company privacy policies do alert consumers that they use personally identifiable information and third-party data for ads, these warnings don’t go far enough to formally adhere to cable privacy rules on set-top box information:

“Federal law requires cable and satellite providers to obtain permission from subscribers prior to collecting and using their information for advertising purposes. Cable operators are also required to provide subscribers with a written statement that clearly describes the nature of the use of their personally identifiable information. Currently, cable operators obtain opt-out consent from consumers to use their information, which is insufficient to constitute prior consent under the law. And their privacy policies often fail to adequately disclose the extent to which they are sharing and combining customer data with third parties.”

The complaints specifically single out Comcast, AT&T and Cablevision as “among the most egregious” when it comes to using consumer data without adequate consent. The complaint filed with the FCC (pdf) for example, notes that companies like AT&T often pull data from both the wireless and wireline empires to create mammoth databases of user behavior and personal information for targeted ads, without making the scope of this collection and usage clear to consumers or obtaining full, legal consent:

“AT&T?s TV Blueprint, for example, ?gives advertisers working with AT&T the ability to reach people based on factors like device, operating system, whether or not they?re heavy data users or the status of their carrier contract,? using ?sophisticated second-by-second set- top box data? and other information. AT&T pulls data ?from millions of set-top boxes? and analyzes consumer viewing history and uses these data to target consumers based on their viewing profile. Companies like Cablevision leverage granular data and precise details of household viewing behavior, and combine it with third-party data covering other intimate details of consumers? lives to analyze and target specific individuals with video advertising across a range of screens. In their own words, ?this set-top box level targeting lets marketers target customers that fit particular trends, profiles, demographics and attributes, and they can also pair the Cablevision data with their own or third-party data.”

With the FCC eyeing both set top box reform and new privacy rules for broadband providers, Public Knowledge is providing the commission with a little ammunition and fuel for thought on both fronts. Historically, consumer privacy in telecom and television has been feebly protected at best, and companies like AT&T have consistently pushed the barriers in their ever-expanding quest for more marketing data, whether that’s the use of modified wireless packets to track users around the Internet, or charging a steep premium to opt out of deep packet inspection and data collection.

In the not-so-competitive realm of telecom, this is about as close to “innovation” as many sector companies get.

Specifically, Public Knowledge makes it clear they’d like to see such collection be made opt in instead of opt out, and argues that opting out doesn’t go far enough to count as “consent” under existing privacy law:

“…The Commission should take the affirmative step of declaring that the use of customer information requires opt-in consent and that absent such consent, cable providers violate privacy rules by collecting customer information and using it to deliver marketing tailored to those customers.”

As we’ve seen with the do not track debate, opting in is the bane of any data hoovering operation, given an informed and empowered consumer protected by a still-clawed regulator results in an obvious dent in the profit party. As such, telecom regulators have never been keen on supporting opt in, and it doesn’t seem likely they’ll start doing so anytime soon, despite the groups’ request.

Meanwhile, AT&T was quick to unsurprisingly pooh pooh the groups’ complaint as “bogus,” while somehow arguing the attempt to protect consumer privacy would violate consumer privacy:

“AT&T?s use of anonymous and aggregate set-top box information is entirely consistent with the statute. Our disclosures tell our customers exactly how we use that data and provide tools for customers to opt out. Frankly, this complaint is bogus, and seems mainly designed to distract the public from the overwhelming bipartisan opposition to the FCC?s controversial set-top box plan.

That plan itself will erode existing consumer privacy protections, not to mention its many other harms. Because the plan?s few remaining supporters have no answer to that charge, they?ve decided to invent a false privacy claim. This smacks of desperation, and it also carries the whiff of hypocrisy. It?s further proof, if any is needed, that the plan?s supporters have lost the public policy debate on this issue.”

AT&T somehow forgets to mention that most of the opposition to the FCC’s set top box competition plan is entirely artificial — generated in large part by AT&T and Comcast lobbying departments — who’ve been busy filling editorial pages nationwide with absurd and misleading arguments.

The genuine reason for AT&T’s opposition isn’t surprising or complicated: ill-informed customers in un-competitive markets trapped in walled gardens are hugely profitable. Any deviation from this standard is treated as an egregious affront. But cable ops can’t just come out and admit this is simply about protecting set top box monopoly money; that’s why they’ve created groups like the “Future of TV Coalition” to try and complain — like AT&T briefly does above — that actually protecting cable customer privacy — will somehow be a privacy violation in and of itself:

“But the new AllVid-style TV regulations being proposed by the FCC this week are an assault on consumer privacy. They will strip viewers of vital safeguards for their viewing choices and add ?what we watch? to the mountains of data being mined and exploited by privacy scofflaws like Google, alongside their existing files of what we search for on the Internet; what we say in our gmail at home, work, and school; what happens in our ?Nest?-connected homes; and where we go using Waze and Google Maps.”

Cable companies could embrace opt in as a new standard and creatively offer small discounts to users who participate, but it’s much easier to whine nebulously about Google. Companies like AT&T and Comcast desperately want to be regulated exactly like “edge providers” such as Google when it comes to privacy, ignoring the fact that their stranglehold over the broadband last mile — and the cable box — create a scenario whereby if regulators don’t make at least a token effort to protect consumer privacy, the sky will be the limit in terms of abusing these captive markets and consumer walled gardens.

Filed Under: , , , ,
Companies: at&t, comcast, public knowledge

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Consumer Groups Say AT&T, Comcast Violate Privacy Law By Hoovering Up Cable Box Data Without Full User Consent”

Subscribe: RSS Leave a comment
Anonymous Coward says:

We will get more of the same with open set top boxes

Opening up set top boxes will result in more people doing this monitoring, namely Google. Now that people are used to being spied on by their smartphones, Microsoft is doing the same from Windows 10. Nobody expected to be spied on by their desktop OS. My hope is, that one day, people will look back at all the snooping that is going on by governments and corporations and wonder why the idiot sheeple didn’t revolt sooner.

Anonymous Coward says:

Desperately seeking a framework for litigation.

Everybody knows what is going on. Everybody knows that this will probably eventually degenerate into violence. The rash of fiber cutting in CA could reasonably be considered the beginning of that violence.

So the question then becomes, “How is this resolved legally, in order to prevent further degeneration”.

And if you investigate the problem, what you find is a nexus of cognitive dissonance. The law wants corporations to be treated as persons to make paperwork easier. But failing to distinguish creates a number of abstractions that are abusive to civil rights. The first of which is the pseudo-sovereign.

The pseudo-sovereign is a private entity, so not governed by the 4th amendment. But is called before the state as a witness whenever the state litigates on the subject of the 4th amendment. The result, is total immunity for ANY action they perpetrate which violates people civil rights. They are, and aren’t state actors whenever it suits the state.

It is a game of cup and ball.

State level computer crimes laws probably would cover a lot of the stuff that the Cable Cabal does with their customer data. Their monopolies make their service licensing compulsory, and so without consideration, and therefore invalid.

While you probably could find a judge at the state level who would recognize the lack of validity in the carrier service license, it is less likely this would be upheld in federal courts. So it would take a jurisdiction, that is essentially willing to refuse the feds and enforce its local decision independently.

Which completely inverts the civil rights situation of the 1950’s. Back then southern courts ignored the feds to restrict civil rights. Soon we could be looking at states ignoring the feds, to preserve them.

Anonymous Coward says:

Re: Desperately seeking a framework for litigation.

And if you investigate the problem, what you find is a nexus of cognitive dissonance.

You don’t say! Looks like you have plenty of it yourself. If we have a cognitively dissonant person arguing against a cognitively dissonant industry, then how in the heck to you expect our congress critters to figure out what is truly wrong?

#1. The law does not want anything. It it just a dumb and ignorant principle.
#2. I don’t think anyone is really saying treat corporations like people. They are saying they have the same protections and I agree! This is how 3rd party doctrine and the striping of your privacy comes from, hurray!!! you are a part of the problem!
#3. Civil Rights have always been and will always be a joke and point of contention. No one actually cares about equality, they only care about having an advantage. The people that were once oppressed will become the oppressors in retribution and the cycle begins anew.

Humanity is one big corruption machine. Got an institution…. We corrupt it. Got a politic… Yep corrupted! Got an opinion… likely uninformed and largely susceptible to the Dunning-Kreuger effect.

So in all likely hood about 100% of the posters in this forum, myself included, are all just pissed off because WE are not the ones at the top! If we where, it would all be a grand life then!

Overseer says:


Every single company that has participated in data collection (non opt in) should be prosecuted and auctioned off to new owners. These idiots love to claim users can opt out, knowing full well most people haven’t a clue their device use is being watched. I don’t like the super rich having this type of window into the lives of the people they exploit.

The people involved in this industry need to be identified and targeted.

Whatever says:

Hoovering up

I read that and I just about want to puke. Not because of the amount of data they collect, but rather your outrage at the small potatoes stuff.

Take three online companies (none of which are your ISP):


Each of these companies collects an amount of data that makes cable companies look like amateurs. You cannot visit a major website these days without one of these three knowing about it. Even if you are not logged into their services, they will track you (by IP, operating system, browser, and so on, using cookies (or your refusal of their cookies) combined with location information, and a thousand other little points of data to build a profile of you – and they sell that information on and profit from it.

Just loading this page, each of those companies get multiple data points on you (as does flattr and more than a few others – 22 cookies in all on Techdirt alone!).

If you are going to get outraged, start “at home” – ask Mike why there needs to be 22 cookies set to view a page on Techdirt.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...