AT&T, Comcast & Verizon Pretend They Didn't Just Pay Congress To Sell You Out On Privacy

from the trust-is-more-than-just-a-five-letter-word dept

Large ISPs like AT&T, Verizon and Comcast spent a significant part of Friday trying to convince the press and public that they didn't just screw consumers over on privacy (if you've been napping: they did). With the vote on killing FCC broadband privacy protections barely in the books, ISP lobbyists and lawyers penned a number of editorials and blog posts breathlessly professing their tireless dedication to privacy, and insisting that worries about the rules' repeal are little more than "misinformation."

All of these posts, in lock step, tried to effectively make three key arguments: that the FTC will rush in to protect consumers in the wake of the FCC rules being repealed (not happening), ISPs don't really collect much data on you anyway (patently untrue), and that ISPs' lengthy, existing privacy policies and history of consumer respect mean consumers have nothing to worry about (feel free to pause here and laugh).

For more than a decade, large ISPs have used deep-packet inspection, search engine redirection and clickstream data collection to build detailed user profiles, and their longstanding refusal to candidly talk about many of these programs should make their actual dedication to user privacy abundantly clear. Yet over at Comcast, Deputy General Counsel & Chief Privacy Officer Gerard Lewis spent some time complaining that consumer privacy concerns are little more than "misleading talk" and "misinformation and inaccurate statements":

"There has been a lot of misleading talk about how the congressional action this week to overturn the regulatory overreach of the prior FCC will now permit us to sell sensitive customer data without customers’ knowledge or consent. This is just not true. In fact, we have committed not to share our customers’ sensitive information (such as banking, children’s, and health information), unless we first obtain their affirmative, opt-in consent."

So one, the "commitment" Comcast links to in this paragraph is little more than a cross-industry, toothless and voluntary self-regulatory regime that means just a fraction more than nothing at all. And while Comcast insists it doesn't sell its broadband customers' "individual web browsing history" (yet), they do still collect an ocean of other data for use in targeted ads, and there's really little stopping them from using your browsing history in this same way down the road -- it may not be "selling" your data, but it is using it to let advertisers target you. Comcast proceeds to say it's updating its privacy policy in the wake of the changes -- as if such an action (since these policies are drafted entirely to protect the ISP, not the consumer) means anything at all.

Like Comcast, Verizon's blog post on the subject amusingly acts as if the company's privacy policy actually protects you, not Verizon:

"Verizon is fully committed to the privacy of our customers. We value the trust our customers have in us so protecting the privacy of customer information is a core priority for us. Verizon’s privacy policy clearly lays out what we do and don’t do as well as the choices customers can make."

Feel better? That's the same company, we'll note, that was caught covertly modifying user data packets to track users around the internet regardless of any other data collected. That program was in place for two years before security researchers even noticed it existed. It took another six months of public shaming before the company even provided the option for consumers to opt out. Verizon's own recent history makes it clear its respect for consumer privacy is skin deep. And again, there's nothing really stopping Verizon from expanding this data collection and sales down the road, and burying it on page 117 of its privacy policy.

AT&T was a bit more verbose in a post over at the AT&T policy blog, where again it trots out this idea that existing FTC oversight is somehow good enough:

"The reality is that the FCC’s new broadband privacy rules had not yet even taken effect. And no one is saying there shouldn’t be any rules. Supporters of this action all agree that the rescinded FCC rules should be replaced by a return to the long-standing Federal Trade Commission approach. But in today’s overheated political dialogue, it is not surprising that some folks are ignoring the facts."

So again, the FTC doesn't really have much authority over broadband, and AT&T forgets to mention that its lawyers have found ways to wiggle around what little authority the agency does have via common carrier exemptions. And while AT&T insists that "no one is saying there shouldn't be any rules," its lobbyists are working tirelessly to accomplish precisely that by gutting both FTC and FCC oversight of the telecom sector. Not partially. Entirely. Title II, net neutrality, privacy -- AT&T wants it all gone. Its pretense to the contrary is laughable.

Like the other two providers, AT&T trots out this idea that the FCC's rules weren't fair because they didn't also apply to "edge" companies like Facebook or Google (which actually are more fully regulated by the FTC). That's a flimsy point also pushed by an AT&T and US Telecom Op/Ed over at Axios, where the lobbying group's CEO Jonathan Spalter tries to argue that consumers shouldn't worry about ISPs, because their data is also being hoovered up further down the supply chain:

"Your browser history is already being aggregated and sold to advertising networks—by virtually every site you visit on the internet. Consumers' browsing history is bought and sold across massive online advertising networks every day. This is the reason so many popular online destinations and services are "free." And, it's why the ads you see on your favorite sites—large and small—always seem so relevant to what you've recently been shopping for online. Of note, internet service providers are relative bit players in the $83 billion digital ad market, which made singling them out for heavier regulations so suspect."

Again, this quite intentionally ignores the fact that whereas you can choose to not use Facebook or Gmail, a lack of competition means you're stuck with your broadband provider. As such, arguing that "everybody else is busy collecting your data" isn't much of an argument, especially when "everybody else" is having their behaviors checked by competitive pressure to offer a better product. As well-respected security expert Bruce Schneier points out in a blog post, these companies desperately want you to ignore this one, central, undeniable truth:

"When markets work well, different companies compete on price and features, and society collectively rewards better products by purchasing them. This mechanism fails if there is no competition, or if rival companies choose not to compete on a particular feature. It fails when customers are unable to switch to competitors. And it fails when what companies do remains secret.

Unlike service providers like Google and Facebook, telecom companies are infrastructure that requires government involvement and regulation. The practical impossibility of consumers learning the extent of surveillance by their Internet service providers, combined with the difficulty of switching them, means that the decision about whether to be spied on should be with the consumer and not a telecom giant. That this new bill reverses that is both wrong and harmful."

This lack of competition didn't just magically happen. As in other sectors driven by legacy turf protectors, the same ISP lobbyists that just gutted the FCC's privacy rules have a long and proud history of dismantling competitive threats at every conceivable opportunity, then paying legislators to look the other way. That includes pushing for protectionist state laws preventing towns and cities from doing much of anything about it. It's not clear who these ISPs thought they were speaking to in these editorials, but it's certainly not to folks that have actually paid attention to their behavior over the last fifteen years.

The EFF, meanwhile, concisely calls these ISPs' sudden and breathless dedication to privacy nonsense:

"There is a lot to say about the nonsense they've produced here," said Ernesto Falcon, legislative counsel at EFF. "There is little reason to believe they will not start using personal data they've been legally barred from using and selling to bidders without our consent now. The law will soon be tilted in their favor to do it."

Gosh, who to believe? Actual experts on subjects like security or privacy, or one of the more dishonest and anti-competitive business sectors in American industry? All told, you can expect these ISPs to remain on their best behavior for a short while for appearances' sake (and because AT&T wants its Time Warner merger approved) -- but it's not going to be long before they rush to abuse the lack of oversight their campaign contributions just successfully created. Anybody believing otherwise simply hasn't been paying attention to the laundry list of idiotic ISP actions that drove the FCC to try and pass the now-dismantled rules in the first place.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: broadband, congress, fcc, ftc, lobbying, politics, privacy
Companies: at&t, comcast, verizon


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 4 Apr 2017 @ 5:59am

    If you need to justify something that much chances are you are wrong. Or you are an activist trying to change historic problems (racism, chauvinism etc). I personally think the ISPs mentioned above are not 'activists'.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 4 Apr 2017 @ 6:42am

    Verizon is also the company that is planning on installing spyware on everyone's phone. It literally has no other purpose than to collect information on you.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 4 Apr 2017 @ 6:54am

    "and burying it on page 117 of its privacy policy"

    That's just nasty, those evil monsters. Page 2 would have had the same effect.

    link to this | view in thread ]

  4. identicon
    Sasparilla, 4 Apr 2017 @ 7:15am

    Not covered - Silicon Valley partnered with ISP's on this

    There was a reason beyond just ISP's that this got rammed through even though lots of people were calling their Reps prior to the House vote - Silicon Valley (led by Google) partnered with the ISP shortly after the election and started lobbying on this to get it killed (Google etc. figured such privacy protections might eventually see their way into their businesses and chose to kill this at the ISP for consumers).

    http://www.politico.com/story/2017/03/broadband-data-victory-republicans-236760

    Google executives have chosen to leave "Do No Evil" far behind....

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 4 Apr 2017 @ 7:27am

    Also, ISPs defintion of personally identifiable information is very narrow. As long as it is "anonymized" and aggregated there are few regulations of what can be done with it. This could include selling it to parties who re-identify it using their own databases.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 4 Apr 2017 @ 7:30am

    Funny

    Funny how a) The contents of a privacy policy is entirely under the control of the company. It's not as if they can't change it whenever they want to. So from a consumer point of view, anything that is written in such a policy that may now protect you, is worthless if they change it tomorrow.

    b) These ISPs keep talking of protecting their customers. Everybody should understand that this means their advertisers. They are the real customers these bobos are protecting. Remember, you are the product, not the client!

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 4 Apr 2017 @ 7:31am

    Re: Funny

    "Remember, you are the product, not the client!"

    These aren't mutually exclusive.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 4 Apr 2017 @ 7:46am

    Re: Re: Funny

    Indeed, in this case, you even pay to be the product!

    link to this | view in thread ]

  9. identicon
    Jeffrey Cawthorne, 4 Apr 2017 @ 7:51am

    > Comcast proceeds to say it's updating its privacy policy in the wake of the changes -- as if such an action (since these policies are drafted entirely to protect the ISP, not the consumer) means anything at all.

    I think the word "updating" can be construed a number of different ways here. We shouldn't assume it's synonymous with "strengthening."

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 4 Apr 2017 @ 8:10am

    Re:

    Funny that you should conflate those two issues. Freudian slip perhaps? Perhaps not?

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 4 Apr 2017 @ 8:11am

    Re: Re: Re: Funny

    It's a win win for them.

    And we pay to lose! What is not to like?

    link to this | view in thread ]

  12. identicon
    ryuugami, 4 Apr 2017 @ 8:22am

    Link error!

    Heads up: there is a typo (I assume) in the article's HTML.

    In third row, the sentence "With the vote on killing FCC broadband privacy protections barely in the books" has a misspelled "href" attribute of the "a" tag, it says "hreef". That means that the part that should be a link, isn't.

    Noticed it when I accidentally hovered over the text and it changed :)

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 4 Apr 2017 @ 8:44am

    Re: Not covered - Silicon Valley partnered with ISP's on this

    Do no traceable evil?

    link to this | view in thread ]

  14. identicon
    I.T. Guy, 4 Apr 2017 @ 9:04am

    link to this | view in thread ]

  15. icon
    beltorak (profile), 4 Apr 2017 @ 9:07am

    Re: Funny

    Funny how a) The contents of a privacy policy is entirely under the control of the company. It's not as if they can't change it whenever they want to.

    What's even worse is that you have no choice but to accept the changes to the privacy policy; and I'm pretty sure violations aren't punishable in any real terms anyway.

    If companies want us to actually take their privacy policies seriously then it should be part of the contract we are forced to sign for their ahem services.

    link to this | view in thread ]

  16. icon
    Ryunosuke (profile), 4 Apr 2017 @ 9:10am

    its so good to know that you can buy a sitting member of congress for a low as $10k usd. Must be that free market everyone is talking about. Free market of Democracy!

    Side note: the senator of Indiana is a $2 usd prostitute, and apparently it was discount day, The very least they could have done is offered him a 6 figure sum, now I am pissed that my senator not only sold me out, but sold me out on the cheap. YES I AM TALKING TO YOU TODD YOUNG.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 4 Apr 2017 @ 9:42am

    Re: Not covered - Silicon Valley partnered with ISP's on this

    TD is probably trying to figure out how to quietly make this post go away.

    link to this | view in thread ]

  18. icon
    MikeW (profile), 4 Apr 2017 @ 9:45am

    feel free to pause here and laugh

    --feel free to pause here and cry

    Fixed that for you

    link to this | view in thread ]

  19. identicon
    David, 4 Apr 2017 @ 10:25am

    Isn't this great?

    In many dictatorships, rulership is enforced by the rich able to afford the weapons needed for usurping the leadership of the country.

    In the U.S., everybody has the right to bear arms. Rulership is enforced by the rich able to afford the congress members needed for usurping the leadership of the country, bypassing the arms dealers as middle men.

    Small wonder the arms dealers themselves lobby in order to at least be able to sell to the man on the street for gamesmanship and killer sprees when they are locked out of being a significant part of the play of power.

    This is capitalism at its best: money becomes a thing of its own without the need to measure one's fungible resources in relation to the price tag of an AK47.

    Replacing the apocalyptic rider "war" by the deadly sin "greed" is quite nicer. "famine" is not really affected, "pestilence" is probably sad that the "Obamacare" repeal did not work out well. But I'm sure its time will come.

    link to this | view in thread ]

  20. icon
    That One Guy (profile), 4 Apr 2017 @ 10:34am

    Also not covered: What AT&T execs had for lunch

    Was Google posting incredibly dishonest op-eds to defend the gutting of the rules? Because this article is about responding to that, not everything to do with the rules in general.

    And in fact, in the last article on the subject Karl pointed out in the comments that Google was in fact against the rules for the same reason that the ISP's were.

    link to this | view in thread ]

  21. icon
    That One Guy (profile), 4 Apr 2017 @ 10:42am

    If someone feels the need to constantly remind you of how honest they are...

    ... odds are good you shouldn't trust a single thing they say.

    If these companies were so very dedicated to the privacy of their customers it would be evident in their actions, and they wouldn't need to constantly remind people about how very focused they are on protecting customer privacy.

    The 'problem' with that however is that their actions make it clear that the only 'concern' they have for customer privacy is 'concern' over how many new ways they can violate it for fun and profit. That they fought tooth and nail to stop simple privacy rules from being written, and then to kill them before they came into effect makes it clear that they plan on engaging(past, present and future) in actions that would have violated those simple rules left and right, despite their lies to the contrary.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 4 Apr 2017 @ 10:43am

    Re:

    Why is a privacy policy 117 pages?

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 4 Apr 2017 @ 10:50am

    Re: Also not covered: What AT&T execs had for lunch

    MUST DEFEND MASTER GOOG

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 4 Apr 2017 @ 11:01am

    Re: Re: Also not covered: What AT&T execs had for lunch

    Must attack Google at every opportunity.

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 4 Apr 2017 @ 11:05am

    Re: Re: Re: Also not covered: What AT&T execs had for lunch

    So you're saying we should be mad at the ISPs for this, but give Google and Facebook a pass?

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 4 Apr 2017 @ 11:08am

    Re: Re: Re: Also not covered: What AT&T execs had for lunch

    Since when is pointing out something sleazy a company is actually guilty of an "attack"? Quit playing the victim on Google's behalf here. It's pathetic.

    link to this | view in thread ]

  27. icon
    That One Guy (profile), 4 Apr 2017 @ 11:11am

    How pavlovian

    So pointing out that Google was opposed to the rules, and the article didn't mention this because it was focused on particular op-eds by other companies is 'defending' Google?

    I notice you yourself failed to insult Google in your comment, am I to take it then that you are also 'defending' the company?

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 4 Apr 2017 @ 11:19am

    Re: How pavlovian

    > Was Google posting incredibly dishonest op-eds to defend the gutting of the rules? Because this article is about responding to that, not everything to do with the rules in general.

    "Google helping gut privacy protections is okay because they're better at PR than the ISPs"

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 4 Apr 2017 @ 11:23am

    Re: Re: Re: Re: Also not covered: What AT&T execs had for lunch

    Because the adults in the room are talking about ATT not trying to deflect about google. Please to try to keep up.

    link to this | view in thread ]

  30. icon
    That One Guy (profile), 4 Apr 2017 @ 11:41am

    Re: Re: How pavlovian

    If beating up strawmen took physical effort beyond finger movements I can only imagine how incredibly fit you would be.

    That an article didn't mention Google because Google had nothing to do with what was covered in the article(companies writing dishonest op-eds, if you missed it) does not equal 'defending Google'.

    If every article on a subject made sure to provide an extensive background on everything that had happened related to the subject you'd be looking at dozens of pages worth of content for even simple stuff like this. Does that sound like something you'd be eager to wade through, or would you take one look at it and decide that reading that much would take too much work and move on to shorter, easier to get through stuff?

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 4 Apr 2017 @ 12:09pm

    Re: Re: Re: How pavlovian

    I wasn't talking about the article, I was talking about your defense of Google.

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 4 Apr 2017 @ 12:41pm

    Re: Re: Re: Re: How pavlovian

    Not attacking someone is not the same as defending them. Attacking when when they are not the subject suggests a pathological hatred, which is far from healthy.

    link to this | view in thread ]

  33. icon
    That One Guy (profile), 4 Apr 2017 @ 1:22pm

    Re: Re: Re: Re: How pavlovian

    You have a funny definition of 'defending' if it includes pointing out that a comment is unrelated to the article at hand, followed by pointing out that what the person is claiming isn't covered was, just not every time because it's not always relevant to the discussion.

    If that's 'defending' Google then I could just as easily say that the attempt to divert to Google is 'defending' the companies that are the focus of the article by attempting to shift the focus away from what they've said/done and move it to what Google has said/done. Moving the focus on what's happening now to what's happened in the past in order to divert attention away from the now. That strike you as a fair assessment?

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 4 Apr 2017 @ 1:47pm

    Re: Re: Re: Re: Re: How pavlovian

    How is pointing out that they were involved in something considered an "attack" if they were actually involved?

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 4 Apr 2017 @ 2:02pm

    Re: Re: Re: Re: Re: How pavlovian

    > attempting to shift the focus away from what they've said/done and move it to what Google has said/done. Moving the focus on what's happening now to what's happened in the past in order to divert attention away from the now. That strike you as a fair assessment?

    Nobody is trying to divert attention. I'd like to see all of these scumbags held accountable. Unfortunately, nobody seems to be willing to report on it when companies like Google and Facebook get involved, which allows them to continue getting away with supporting/pushing things that damage the internet and privacy as long as they keep it quiet.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 4 Apr 2017 @ 3:45pm

    Re: Re: Funny

    >you have no choice but to accept the changes to the privacy policy
    Agree or end your relationship with the company. That's the way things work.

    >violations aren't punishable in any real terms anyway.
    FTC actually has some teeth and has amassed a long list of fighting for consumers.

    https://www.ftc.gov/news-events/press-releases/2011/11/facebook-settles-ftc-charges-it-dec eived-consumers-failing-keep

    https://www.ftc.gov/news-events/press-releases/2011/03/ftc-charges-decep tive-privacy-practices-googles-rollout-its-buzz

    https://www.ftc.gov/news-events/press-releases/2017/0 2/vizio-pay-22-million-ftc-state-new-jersey-settle-charges-it

    link to this | view in thread ]

  37. icon
    wereisjessicahyde (profile), 4 Apr 2017 @ 5:47pm

    "For more than a decade, large ISPs have used deep-packet inspection...."

    I was thinking For more than a decade, large ISPs have used deep pockets to get their own way.

    link to this | view in thread ]

  38. icon
    That One Guy (profile), 5 Apr 2017 @ 1:38am

    Re: Re: Re: Re: Re: Re: How pavlovian

    Nobody is trying to divert attention. I'd like to see all of these scumbags held accountable. Unfortunately, nobody seems to be willing to report on it when companies like Google and Facebook get involved, which allows them to continue getting away with supporting/pushing things that damage the internet and privacy as long as they keep it quiet.

    Nobody except the person who posted the first comment in this chain, a comment that had nothing to do with the actual article and instead went off on a 'But look at what Google did!' tangent? Yes Google opposed the rules, yes that was and is bad, but the current topic of discussion is what these particular companies which are not Google are doing now.

    Bringing up Google at that point is at best irrelevant to the topic at hand, even if it doesn't reach the 'Look, a distraction!' level.

    If Google and/or Facebook, or any other company writes a stupid and dishonest op-ed, then I'm all for calling them out. If they do something that damages privacy for those that use their services, by all means point out what a bad or dangerous move it is. Dragging them into a discussion that doesn't involve them though, ignoring the companies that are being talked about to focus on them just muddies the waters and wastes time by taking a focused discussion on what a specific company(or several in this case) are doing now and turning it into a general one about what other companies have done in the past.

    link to this | view in thread ]

  39. identicon
    Anonymous Coward, 5 Apr 2017 @ 5:13am

    don't worry

    the government will save us

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 5 Apr 2017 @ 5:53am

    Re: don't worry

    to be their slaves.

    link to this | view in thread ]

  41. identicon
    Philly Bob, 7 Apr 2017 @ 12:05pm

    Re:

    "I personally think the ISPs mentioned above are not 'activists'.

    Yeah they are... active in screwing us over and selling us out.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.