Privacy

by Karl Bode


Filed Under:
broadband, congress, fcc, ftc, lobbying, politics, privacy

Companies:
at&t, comcast, verizon



AT&T, Comcast & Verizon Pretend They Didn't Just Pay Congress To Sell You Out On Privacy

from the trust-is-more-than-just-a-five-letter-word dept

Large ISPs like AT&T, Verizon and Comcast spent a significant part of Friday trying to convince the press and public that they didn't just screw consumers over on privacy (if you've been napping: they did). With the vote on killing FCC broadband privacy protections barely in the books, ISP lobbyists and lawyers penned a number of editorials and blog posts breathlessly professing their tireless dedication to privacy, and insisting that worries about the rules' repeal are little more than "misinformation."

All of these posts, in lock step, tried to effectively make three key arguments: that the FTC will rush in to protect consumers in the wake of the FCC rules being repealed (not happening), ISPs don't really collect much data on you anyway (patently untrue), and that ISPs' lengthy, existing privacy policies and history of consumer respect mean consumers have nothing to worry about (feel free to pause here and laugh).

For more than a decade, large ISPs have used deep-packet inspection, search engine redirection and clickstream data collection to build detailed user profiles, and their longstanding refusal to candidly talk about many of these programs should make their actual dedication to user privacy abundantly clear. Yet over at Comcast, Deputy General Counsel & Chief Privacy Officer Gerard Lewis spent some time complaining that consumer privacy concerns are little more than "misleading talk" and "misinformation and inaccurate statements":

"There has been a lot of misleading talk about how the congressional action this week to overturn the regulatory overreach of the prior FCC will now permit us to sell sensitive customer data without customers’ knowledge or consent. This is just not true. In fact, we have committed not to share our customers’ sensitive information (such as banking, children’s, and health information), unless we first obtain their affirmative, opt-in consent."

So one, the "commitment" Comcast links to in this paragraph is little more than a cross-industry, toothless and voluntary self-regulatory regime that means just a fraction more than nothing at all. And while Comcast insists it doesn't sell its broadband customers' "individual web browsing history" (yet), they do still collect an ocean of other data for use in targeted ads, and there's really little stopping them from using your browsing history in this same way down the road -- it may not be "selling" your data, but it is using it to let advertisers target you. Comcast proceeds to say it's updating its privacy policy in the wake of the changes -- as if such an action (since these policies are drafted entirely to protect the ISP, not the consumer) means anything at all.

Like Comcast, Verizon's blog post on the subject amusingly acts as if the company's privacy policy actually protects you, not Verizon:

"Verizon is fully committed to the privacy of our customers. We value the trust our customers have in us so protecting the privacy of customer information is a core priority for us. Verizon’s privacy policy clearly lays out what we do and don’t do as well as the choices customers can make."

Feel better? That's the same company, we'll note, that was caught covertly modifying user data packets to track users around the internet regardless of any other data collected. That program was in place for two years before security researchers even noticed it existed. It took another six months of public shaming before the company even provided the option for consumers to opt out. Verizon's own recent history makes it clear its respect for consumer privacy is skin deep. And again, there's nothing really stopping Verizon from expanding this data collection and sales down the road, and burying it on page 117 of its privacy policy.

AT&T was a bit more verbose in a post over at the AT&T policy blog, where again it trots out this idea that existing FTC oversight is somehow good enough:

"The reality is that the FCC’s new broadband privacy rules had not yet even taken effect. And no one is saying there shouldn’t be any rules. Supporters of this action all agree that the rescinded FCC rules should be replaced by a return to the long-standing Federal Trade Commission approach. But in today’s overheated political dialogue, it is not surprising that some folks are ignoring the facts."

So again, the FTC doesn't really have much authority over broadband, and AT&T forgets to mention that its lawyers have found ways to wiggle around what little authority the agency does have via common carrier exemptions. And while AT&T insists that "no one is saying there shouldn't be any rules," its lobbyists are working tirelessly to accomplish precisely that by gutting both FTC and FCC oversight of the telecom sector. Not partially. Entirely. Title II, net neutrality, privacy -- AT&T wants it all gone. Its pretense to the contrary is laughable.

Like the other two providers, AT&T trots out this idea that the FCC's rules weren't fair because they didn't also apply to "edge" companies like Facebook or Google (which actually are more fully regulated by the FTC). That's a flimsy point also pushed by an AT&T and US Telecom Op/Ed over at Axios, where the lobbying group's CEO Jonathan Spalter tries to argue that consumers shouldn't worry about ISPs, because their data is also being hoovered up further down the supply chain:

"Your browser history is already being aggregated and sold to advertising networks—by virtually every site you visit on the internet. Consumers' browsing history is bought and sold across massive online advertising networks every day. This is the reason so many popular online destinations and services are "free." And, it's why the ads you see on your favorite sites—large and small—always seem so relevant to what you've recently been shopping for online. Of note, internet service providers are relative bit players in the $83 billion digital ad market, which made singling them out for heavier regulations so suspect."

Again, this quite intentionally ignores the fact that whereas you can choose to not use Facebook or Gmail, a lack of competition means you're stuck with your broadband provider. As such, arguing that "everybody else is busy collecting your data" isn't much of an argument, especially when "everybody else" is having their behaviors checked by competitive pressure to offer a better product. As well-respected security expert Bruce Schneier points out in a blog post, these companies desperately want you to ignore this one, central, undeniable truth:

"When markets work well, different companies compete on price and features, and society collectively rewards better products by purchasing them. This mechanism fails if there is no competition, or if rival companies choose not to compete on a particular feature. It fails when customers are unable to switch to competitors. And it fails when what companies do remains secret.

Unlike service providers like Google and Facebook, telecom companies are infrastructure that requires government involvement and regulation. The practical impossibility of consumers learning the extent of surveillance by their Internet service providers, combined with the difficulty of switching them, means that the decision about whether to be spied on should be with the consumer and not a telecom giant. That this new bill reverses that is both wrong and harmful."

This lack of competition didn't just magically happen. As in other sectors driven by legacy turf protectors, the same ISP lobbyists that just gutted the FCC's privacy rules have a long and proud history of dismantling competitive threats at every conceivable opportunity, then paying legislators to look the other way. That includes pushing for protectionist state laws preventing towns and cities from doing much of anything about it. It's not clear who these ISPs thought they were speaking to in these editorials, but it's certainly not to folks that have actually paid attention to their behavior over the last fifteen years.

The EFF, meanwhile, concisely calls these ISPs' sudden and breathless dedication to privacy nonsense:

"There is a lot to say about the nonsense they've produced here," said Ernesto Falcon, legislative counsel at EFF. "There is little reason to believe they will not start using personal data they've been legally barred from using and selling to bidders without our consent now. The law will soon be tilted in their favor to do it."

Gosh, who to believe? Actual experts on subjects like security or privacy, or one of the more dishonest and anti-competitive business sectors in American industry? All told, you can expect these ISPs to remain on their best behavior for a short while for appearances' sake (and because AT&T wants its Time Warner merger approved) -- but it's not going to be long before they rush to abuse the lack of oversight their campaign contributions just successfully created. Anybody believing otherwise simply hasn't been paying attention to the laundry list of idiotic ISP actions that drove the FCC to try and pass the now-dismantled rules in the first place.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 4 Apr 2017 @ 5:59am

    If you need to justify something that much chances are you are wrong. Or you are an activist trying to change historic problems (racism, chauvinism etc). I personally think the ISPs mentioned above are not 'activists'.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2017 @ 6:42am

    Verizon is also the company that is planning on installing spyware on everyone's phone. It literally has no other purpose than to collect information on you.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2017 @ 6:54am

    "and burying it on page 117 of its privacy policy"

    That's just nasty, those evil monsters. Page 2 would have had the same effect.

    reply to this | link to this | view in chronology ]

  • identicon
    Sasparilla, 4 Apr 2017 @ 7:15am

    Not covered - Silicon Valley partnered with ISP's on this

    There was a reason beyond just ISP's that this got rammed through even though lots of people were calling their Reps prior to the House vote - Silicon Valley (led by Google) partnered with the ISP shortly after the election and started lobbying on this to get it killed (Google etc. figured such privacy protections might eventually see their way into their businesses and chose to kill this at the ISP for consumers).

    http://www.politico.com/story/2017/03/broadband-data-victory-republicans-236760

    Google executives have chosen to leave "Do No Evil" far behind....

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Apr 2017 @ 8:44am

      Re: Not covered - Silicon Valley partnered with ISP's on this

      Do no traceable evil?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Apr 2017 @ 9:42am

      Re: Not covered - Silicon Valley partnered with ISP's on this

      TD is probably trying to figure out how to quietly make this post go away.

      reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 4 Apr 2017 @ 10:34am

      Also not covered: What AT&T execs had for lunch

      Was Google posting incredibly dishonest op-eds to defend the gutting of the rules? Because this article is about responding to that, not everything to do with the rules in general.

      And in fact, in the last article on the subject Karl pointed out in the comments that Google was in fact against the rules for the same reason that the ISP's were.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Apr 2017 @ 10:50am

        Re: Also not covered: What AT&T execs had for lunch

        MUST DEFEND MASTER GOOG

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 Apr 2017 @ 11:01am

          Re: Re: Also not covered: What AT&T execs had for lunch

          Must attack Google at every opportunity.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 4 Apr 2017 @ 11:05am

            Re: Re: Re: Also not covered: What AT&T execs had for lunch

            So you're saying we should be mad at the ISPs for this, but give Google and Facebook a pass?

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 4 Apr 2017 @ 11:08am

            Re: Re: Re: Also not covered: What AT&T execs had for lunch

            Since when is pointing out something sleazy a company is actually guilty of an "attack"? Quit playing the victim on Google's behalf here. It's pathetic.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 4 Apr 2017 @ 11:23am

              Re: Re: Re: Re: Also not covered: What AT&T execs had for lunch

              Because the adults in the room are talking about ATT not trying to deflect about google. Please to try to keep up.

              reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 4 Apr 2017 @ 11:11am

          How pavlovian

          So pointing out that Google was opposed to the rules, and the article didn't mention this because it was focused on particular op-eds by other companies is 'defending' Google?

          I notice you yourself failed to insult Google in your comment, am I to take it then that you are also 'defending' the company?

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 4 Apr 2017 @ 11:19am

            Re: How pavlovian

            > Was Google posting incredibly dishonest op-eds to defend the gutting of the rules? Because this article is about responding to that, not everything to do with the rules in general.

            "Google helping gut privacy protections is okay because they're better at PR than the ISPs"

            reply to this | link to this | view in chronology ]

            • icon
              That One Guy (profile), 4 Apr 2017 @ 11:41am

              Re: Re: How pavlovian

              If beating up strawmen took physical effort beyond finger movements I can only imagine how incredibly fit you would be.

              That an article didn't mention Google because Google had nothing to do with what was covered in the article(companies writing dishonest op-eds, if you missed it) does not equal 'defending Google'.

              If every article on a subject made sure to provide an extensive background on everything that had happened related to the subject you'd be looking at dozens of pages worth of content for even simple stuff like this. Does that sound like something you'd be eager to wade through, or would you take one look at it and decide that reading that much would take too much work and move on to shorter, easier to get through stuff?

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 4 Apr 2017 @ 12:09pm

                Re: Re: Re: How pavlovian

                I wasn't talking about the article, I was talking about your defense of Google.

                reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 4 Apr 2017 @ 12:41pm

                  Re: Re: Re: Re: How pavlovian

                  Not attacking someone is not the same as defending them. Attacking when when they are not the subject suggests a pathological hatred, which is far from healthy.

                  reply to this | link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 4 Apr 2017 @ 1:47pm

                    Re: Re: Re: Re: Re: How pavlovian

                    How is pointing out that they were involved in something considered an "attack" if they were actually involved?

                    reply to this | link to this | view in chronology ]

                • icon
                  That One Guy (profile), 4 Apr 2017 @ 1:22pm

                  Re: Re: Re: Re: How pavlovian

                  You have a funny definition of 'defending' if it includes pointing out that a comment is unrelated to the article at hand, followed by pointing out that what the person is claiming isn't covered was, just not every time because it's not always relevant to the discussion.

                  If that's 'defending' Google then I could just as easily say that the attempt to divert to Google is 'defending' the companies that are the focus of the article by attempting to shift the focus away from what they've said/done and move it to what Google has said/done. Moving the focus on what's happening now to what's happened in the past in order to divert attention away from the now. That strike you as a fair assessment?

                  reply to this | link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 4 Apr 2017 @ 2:02pm

                    Re: Re: Re: Re: Re: How pavlovian

                    > attempting to shift the focus away from what they've said/done and move it to what Google has said/done. Moving the focus on what's happening now to what's happened in the past in order to divert attention away from the now. That strike you as a fair assessment?

                    Nobody is trying to divert attention. I'd like to see all of these scumbags held accountable. Unfortunately, nobody seems to be willing to report on it when companies like Google and Facebook get involved, which allows them to continue getting away with supporting/pushing things that damage the internet and privacy as long as they keep it quiet.

                    reply to this | link to this | view in chronology ]

                    • icon
                      That One Guy (profile), 5 Apr 2017 @ 1:38am

                      Re: Re: Re: Re: Re: Re: How pavlovian

                      Nobody is trying to divert attention. I'd like to see all of these scumbags held accountable. Unfortunately, nobody seems to be willing to report on it when companies like Google and Facebook get involved, which allows them to continue getting away with supporting/pushing things that damage the internet and privacy as long as they keep it quiet.

                      Nobody except the person who posted the first comment in this chain, a comment that had nothing to do with the actual article and instead went off on a 'But look at what Google did!' tangent? Yes Google opposed the rules, yes that was and is bad, but the current topic of discussion is what these particular companies which are not Google are doing now.

                      Bringing up Google at that point is at best irrelevant to the topic at hand, even if it doesn't reach the 'Look, a distraction!' level.

                      If Google and/or Facebook, or any other company writes a stupid and dishonest op-ed, then I'm all for calling them out. If they do something that damages privacy for those that use their services, by all means point out what a bad or dangerous move it is. Dragging them into a discussion that doesn't involve them though, ignoring the companies that are being talked about to focus on them just muddies the waters and wastes time by taking a focused discussion on what a specific company(or several in this case) are doing now and turning it into a general one about what other companies have done in the past.

                      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2017 @ 7:27am

    Also, ISPs defintion of personally identifiable information is very narrow. As long as it is "anonymized" and aggregated there are few regulations of what can be done with it. This could include selling it to parties who re-identify it using their own databases.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2017 @ 7:30am

    Funny

    Funny how a) The contents of a privacy policy is entirely under the control of the company. It's not as if they can't change it whenever they want to. So from a consumer point of view, anything that is written in such a policy that may now protect you, is worthless if they change it tomorrow.

    b) These ISPs keep talking of protecting their customers. Everybody should understand that this means their advertisers. They are the real customers these bobos are protecting. Remember, you are the product, not the client!

    reply to this | link to this | view in chronology ]

  • identicon
    Jeffrey Cawthorne, 4 Apr 2017 @ 7:51am

    > Comcast proceeds to say it's updating its privacy policy in the wake of the changes -- as if such an action (since these policies are drafted entirely to protect the ISP, not the consumer) means anything at all.

    I think the word "updating" can be construed a number of different ways here. We shouldn't assume it's synonymous with "strengthening."

    reply to this | link to this | view in chronology ]

  • identicon
    ryuugami, 4 Apr 2017 @ 8:22am

    Link error!

    Heads up: there is a typo (I assume) in the article's HTML.

    In third row, the sentence "With the vote on killing FCC broadband privacy protections barely in the books" has a misspelled "href" attribute of the "a" tag, it says "hreef". That means that the part that should be a link, isn't.

    Noticed it when I accidentally hovered over the text and it changed :)

    reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 4 Apr 2017 @ 9:04am

    reply to this | link to this | view in chronology ]

  • icon
    Ryunosuke (profile), 4 Apr 2017 @ 9:10am

    its so good to know that you can buy a sitting member of congress for a low as $10k usd. Must be that free market everyone is talking about. Free market of Democracy!

    Side note: the senator of Indiana is a $2 usd prostitute, and apparently it was discount day, The very least they could have done is offered him a 6 figure sum, now I am pissed that my senator not only sold me out, but sold me out on the cheap. YES I AM TALKING TO YOU TODD YOUNG.

    reply to this | link to this | view in chronology ]

  • icon
    MikeW (profile), 4 Apr 2017 @ 9:45am

    feel free to pause here and laugh

    --feel free to pause here and cry

    Fixed that for you

    reply to this | link to this | view in chronology ]

  • identicon
    David, 4 Apr 2017 @ 10:25am

    Isn't this great?

    In many dictatorships, rulership is enforced by the rich able to afford the weapons needed for usurping the leadership of the country.

    In the U.S., everybody has the right to bear arms. Rulership is enforced by the rich able to afford the congress members needed for usurping the leadership of the country, bypassing the arms dealers as middle men.

    Small wonder the arms dealers themselves lobby in order to at least be able to sell to the man on the street for gamesmanship and killer sprees when they are locked out of being a significant part of the play of power.

    This is capitalism at its best: money becomes a thing of its own without the need to measure one's fungible resources in relation to the price tag of an AK47.

    Replacing the apocalyptic rider "war" by the deadly sin "greed" is quite nicer. "famine" is not really affected, "pestilence" is probably sad that the "Obamacare" repeal did not work out well. But I'm sure its time will come.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 4 Apr 2017 @ 10:42am

    If someone feels the need to constantly remind you of how honest they are...

    ... odds are good you shouldn't trust a single thing they say.

    If these companies were so very dedicated to the privacy of their customers it would be evident in their actions, and they wouldn't need to constantly remind people about how very focused they are on protecting customer privacy.

    The 'problem' with that however is that their actions make it clear that the only 'concern' they have for customer privacy is 'concern' over how many new ways they can violate it for fun and profit. That they fought tooth and nail to stop simple privacy rules from being written, and then to kill them before they came into effect makes it clear that they plan on engaging(past, present and future) in actions that would have violated those simple rules left and right, despite their lies to the contrary.

    reply to this | link to this | view in chronology ]

  • icon
    wereisjessicahyde (profile), 4 Apr 2017 @ 5:47pm

    "For more than a decade, large ISPs have used deep-packet inspection...."

    I was thinking For more than a decade, large ISPs have used deep pockets to get their own way.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Apr 2017 @ 5:13am

    don't worry

    the government will save us

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.