Consumer Groups Say AT&T, Comcast Violate Privacy Law By Hoovering Up Cable Box Data Without Full User Consent

Privacy

from the informed,-empowered-consumers-cost-us-revenue dept

In addition to the $21 billion made annually by cable set top box rental fees, cable companies make untold billions from monetizing the user viewing data these boxes help collect. That captive revenue alone is the driving force behind the pay TV sectors histrionic opposition to the FCC’s plan to open the sector up to third-party hardware competition. Consumer viewing and behavioral data is an immense cash cow, one the cable industry has occasionally threatened to take even further — with patents on tech that lets the cable box literally watch or listen in on American living rooms.

While things haven’t quite reached that level of total information awareness yet, consumer groups this week filed a formal complaint with both the FTC and FCC arguing that things have gone far enough. Public Knowledge, the Center for Digital Democracy and Consumer Watchdog have filed formal privacy complaints with both the FCC and FTC saying that major cable companies routinely fail to inform consumers about the degree in which their viewing data is collected, stored and monetized via ye olde cable box.

The complaints note that while most cable company privacy policies do alert consumers that they use personally identifiable information and third-party data for ads, these warnings don’t go far enough to formally adhere to cable privacy rules on set-top box information:

“Federal law requires cable and satellite providers to obtain permission from subscribers prior to collecting and using their information for advertising purposes. Cable operators are also required to provide subscribers with a written statement that clearly describes the nature of the use of their personally identifiable information. Currently, cable operators obtain opt-out consent from consumers to use their information, which is insufficient to constitute prior consent under the law. And their privacy policies often fail to adequately disclose the extent to which they are sharing and combining customer data with third parties.”

The complaints specifically single out Comcast, AT&T and Cablevision as “among the most egregious” when it comes to using consumer data without adequate consent. The complaint filed with the FCC (pdf) for example, notes that companies like AT&T often pull data from both the wireless and wireline empires to create mammoth databases of user behavior and personal information for targeted ads, without making the scope of this collection and usage clear to consumers or obtaining full, legal consent:

“AT&T?s TV Blueprint, for example, ?gives advertisers working with AT&T the ability to reach people based on factors like device, operating system, whether or not they?re heavy data users or the status of their carrier contract,? using ?sophisticated second-by-second set- top box data? and other information. AT&T pulls data ?from millions of set-top boxes? and analyzes consumer viewing history and uses these data to target consumers based on their viewing profile. Companies like Cablevision leverage granular data and precise details of household viewing behavior, and combine it with third-party data covering other intimate details of consumers? lives to analyze and target specific individuals with video advertising across a range of screens. In their own words, ?this set-top box level targeting lets marketers target customers that fit particular trends, profiles, demographics and attributes, and they can also pair the Cablevision data with their own or third-party data.”

With the FCC eyeing both set top box reform and new privacy rules for broadband providers, Public Knowledge is providing the commission with a little ammunition and fuel for thought on both fronts. Historically, consumer privacy in telecom and television has been feebly protected at best, and companies like AT&T have consistently pushed the barriers in their ever-expanding quest for more marketing data, whether that’s the use of modified wireless packets to track users around the Internet, or charging a steep premium to opt out of deep packet inspection and data collection.

In the not-so-competitive realm of telecom, this is about as close to “innovation” as many sector companies get.

Specifically, Public Knowledge makes it clear they’d like to see such collection be made opt in instead of opt out, and argues that opting out doesn’t go far enough to count as “consent” under existing privacy law:

“…The Commission should take the affirmative step of declaring that the use of customer information requires opt-in consent and that absent such consent, cable providers violate privacy rules by collecting customer information and using it to deliver marketing tailored to those customers.”

As we’ve seen with the do not track debate, opting in is the bane of any data hoovering operation, given an informed and empowered consumer protected by a still-clawed regulator results in an obvious dent in the profit party. As such, telecom regulators have never been keen on supporting opt in, and it doesn’t seem likely they’ll start doing so anytime soon, despite the groups’ request.

Meanwhile, AT&T was quick to unsurprisingly pooh pooh the groups’ complaint as “bogus,” while somehow arguing the attempt to protect consumer privacy would violate consumer privacy:

“AT&T?s use of anonymous and aggregate set-top box information is entirely consistent with the statute. Our disclosures tell our customers exactly how we use that data and provide tools for customers to opt out. Frankly, this complaint is bogus, and seems mainly designed to distract the public from the overwhelming bipartisan opposition to the FCC?s controversial set-top box plan.

That plan itself will erode existing consumer privacy protections, not to mention its many other harms. Because the plan?s few remaining supporters have no answer to that charge, they?ve decided to invent a false privacy claim. This smacks of desperation, and it also carries the whiff of hypocrisy. It?s further proof, if any is needed, that the plan?s supporters have lost the public policy debate on this issue.”

AT&T somehow forgets to mention that most of the opposition to the FCC’s set top box competition plan is entirely artificial — generated in large part by AT&T and Comcast lobbying departments — who’ve been busy filling editorial pages nationwide with absurd and misleading arguments.

The genuine reason for AT&T’s opposition isn’t surprising or complicated: ill-informed customers in un-competitive markets trapped in walled gardens are hugely profitable. Any deviation from this standard is treated as an egregious affront. But cable ops can’t just come out and admit this is simply about protecting set top box monopoly money; that’s why they’ve created groups like the “Future of TV Coalition” to try and complain — like AT&T briefly does above — that actually protecting cable customer privacy — will somehow be a privacy violation in and of itself:

“But the new AllVid-style TV regulations being proposed by the FCC this week are an assault on consumer privacy. They will strip viewers of vital safeguards for their viewing choices and add ?what we watch? to the mountains of data being mined and exploited by privacy scofflaws like Google, alongside their existing files of what we search for on the Internet; what we say in our gmail at home, work, and school; what happens in our ?Nest?-connected homes; and where we go using Waze and Google Maps.”

Cable companies could embrace opt in as a new standard and creatively offer small discounts to users who participate, but it’s much easier to whine nebulously about Google. Companies like AT&T and Comcast desperately want to be regulated exactly like “edge providers” such as Google when it comes to privacy, ignoring the fact that their stranglehold over the broadband last mile — and the cable box — create a scenario whereby if regulators don’t make at least a token effort to protect consumer privacy, the sky will be the limit in terms of abusing these captive markets and consumer walled gardens.

Filed Under: data, fcc, ftc, privacy, set top boxes
Companies: at&t, comcast, public knowledge