Broadband Industry Has A Hissy Fit As FCC Unveils Some Fairly Basic New Broadband Privacy Protections

from the sky-is-falling dept

As had been hinted at for months, the FCC formally unveiled its plans to apply some relatively basic privacy protections for broadband service. And while you'll likely see the broadband industry bitching up a storm over the next few months, none of the requirements are particularly onerous (and many are things ISPs are doing already). The agency's full announcement (pdf) notes the rules will require that ISPs are a) transparent about what they're doing, b) have basic systems in place to protect collected data and alert users in case of data breach and c) provide users with opt out technology that actually works.

When the FCC reclassified ISPs as common carriers under Title II, ISPs were automatically subjected to Title II’s Section 222 privacy protections regarding "customer proprietary network information" (CPNI). But because those rules were largely designed for ye olde phone company, the FCC is updating them to become very basic rules of the road for handling customer data. ISPs have been quick to complain that they shouldn't face privacy protections that go beyond what Apple and Google deal with, but the FCC correctly argues that the lack of broadband competition make ISPs a unique animal:

"A consumer’s relationship with her ISP is very different than the one she has with a website or app. Consumers can move instantaneously to a different website, search engine or application. But once they sign up for broadband service, consumers can scarcely avoid the network for which they are paying a monthly fee."

ISPs have also argued for the better part of a decade that they should be allowed to self-regulate on the privacy front, but their behavior has repeatedly indicated they're not actually capable of this. Verizon, for example., was caught last year modifying user packets to track users around the Internet and build detailed subscriber profiles. The company engaged in this behavior for two years before it was even discovered by security researchers. It took another six months of public and FCC pressure for Verizon to even provide working opt-out tools.

Preparing for the FCC's announcement the broadband industry has been pushing a number of "studies" trying to argue that broadband privacy protections also aren't necessary because users can protect themselves with encryption or VPNs. But plenty of household data isn't encrypted (including most IOT devices), and the FCC is quick to note that the lack of broadband competition makes the sector notably different from say, search engines:

"Even when data is encrypted, broadband providers can still see the websites that a customer visits, how often they visit them, and the amount of time they spend on each website. Using this information, ISPs can piece together enormous amounts of information about their customers – including private information such as a chronic medical condition or financial problems."

In short what the FCC's doing is again relatively straightforward, basic, and most ISPs will be doing this stuff anyway. But that didn't stop AT&T from taking to its policy blog to complain that the modern broadband industry is just too damned evolved for privacy protections:

"In the 1980’s telecommunications industry, when companies were required by law to stay in their lanes, it might have made sense to have rules that applied only to one set of providers in an industry. But that was 30+ years ago, and we are long past that stage in U.S. communications policy...Limiting ISPs’ ability to compete with ad supported business models – which are overwhelmingly favored by consumers – is bad for consumers and ultimately bad for broadband investment in this country."

Except you should stop and take a look at what AT&T's vision of modern broadband privacy standards looks like. The company has been using deep packet inspection to track its U-verse broadband customers for years. But instead of making it easy and transparent to opt out, AT&T requires that its broadband customers not only jump through a number of confusing hoops, but it actually charges customers upwards of $60 per month to do so. When you understand that AT&T's vision of the broadband privacy future involves making actual privacy a cumbersome paid luxury, you can understand why companies like AT&T are opposed to even the most basic protections.

The FCC's also making it very clear it's not thwarting "innovation" in the user-tracking space, or seriously hindering the cash cow that is tracking users online. That was illustrated with the company's recent settlement with Verizon over the afore-mentioned stealth trackers; the settlement lets Verizon happily continue fiddling with user traffic for the benefit of tracking them, just as long as the company's clear about what's happening and provides working opt-out tools. That's really not a big deal by any standard.

So while you're going to see ISPs and friends bitch endlessly about this being "yet another heavy-handed FCC power grab" and the like, there's really not much here to be afraid of. It's also worth remembering that ISPs like AT&T and Verizon had every opportunity to preempt privacy regulations by showing they were capable of self-regulating, but failed repeatedly and painfully at the task.

Filed Under: broadband, fcc, privacy
Companies: at&t, verizon

Broadband Industry 'Studies' Claim Users Don't Need Privacy Protections Because ISPs Are Just Harmless, Innovative Sweethearts

from the watching-the-watchers dept

With few protections in play, most of the last decade broadband ISPs have collected any and every shred of data about their customers' online behavior. It began with clickstream data, which ISPs sold to third parties, then either refused to comment on or outright lied about. Since then, more intelligent network hardware has let ISPs use deep packet inspection to track and monetize user online behavior down to the second. In wireless, carriers like AT&T and Verizon not only collect and sell user online behavior and location data, but now embed stealth packet headers to track and profile users across the entire Internet.

It was that last decision that raised eyebrows at the FCC, prompting the agency recently to consider whether it should use its new Title II authority to build at least some basic rules of the road regarding broadband user privacy. This has, of course made the broadband industry rather nervous. After all, the telecom industry has grown very comfortable with the fact that nobody has bothered to give half a damn about broadband privacy for the better part of a generation.

Enter the telecom-industry funded Information Technology and Innovation Foundation, which has released a new "study" (pdf) that argues no privacy protections are necessary because you can trust broadband providers to do the right thing. The report starts off on a highly scientific note, insulting those who'd like some basic broadband privacy protections as "broadband populists" that are pushing an agenda that will -- you guessed it -- will hurt puppies, innovation, broadband deployment, and tear giant holes in the time-space continuum.

Amusingly, the report claims that basic privacy protections would prevent ISPs from providing "numerous benefits" to consumers. The report also tries to claim that basic privacy protections will somehow stop ISPs from properly managing their networks:

"Limiting the use of broadband data...would constrain broadband providers’ ability to provide numerous benefits to consumers. Analyzing data is essential for ISPs to understand patterns and trends in Internet traffic and allows for informed adjustments to network functions and capacity, both in the long and the short term. Customer data is also important to help diagnose problems within the network and facilitate responses to customer requests for assistance with various issues."

The report goes on to claim consumers really don't need privacy protections because they have the option of using VPNs and encryption to hide their traffic from ISPs. But Nick Feamster over at Freedom to Tinker does a nice job explaining why it's not really that simple. ISPs can still observe user online behavior based on overall traffic pattern and volume, unencrypted portions of communication, and the growing volume of unencrypted Internet of Things traffic. And a VPN is no guaranteed blockade to ISP snooping either, since again IOT devices won't use the VPN, and ISPs can often still monitor user behavior via DNS anyway.

To be clear, what the FCC is proposing isn't particularly heavy-handed, nor would it stop ISPs from managing their networks or even profiting from snoopvertising. With the FCC's recent Title II move, ISPs are now subject to Title II’s Section 222 privacy protections regarding "customer proprietary network information" (CPNI). But since those rules were crafted for older phone companies, the FCC's looking to modernize them for the modern era. We're talking about relatively basic protections, such as requirements that you inform customers if you're tracking them and selling their data, and give them opt out tools that actually work.

Given the billions everyone is happily making hoovering up user data from Silicon Valley to K Street, there's really no serious political motivation to go beyond that, "populist" outcry or not. But the report argues that broadband users don't need privacy protections at all because hey, ISPs don't actually know much about you and industry "self regulation" works exceptionally well to thwart bad behavior:

"The privacy policies of operating systems like Apple’s OS X and Google Android are also subject to FTC enforcement if they misrepresent how they use their users’ personally-identifiable information. This is the model for a well-functioning, self-regulatory environment that maintains the flexibility needed for rapid innovation and experimentation with welfare-enhancing business models. Broadband providers should not face steeper burdens for implementing advertising than already exist.

Except not. One, broadband is notably different from Apple and Google because telecom operators hold a monopoly over the last mile. Whereas an Apple smartphone customer annoyed at Apple's privacy policies can migrate to Android, or a Google search customer can pick a new engine, most broadband customers don't have a real choice of providers. Meanwhile, the FTC has proven all but useless in telecom privacy enforcement, and the self-regulatory approach has worked about as well in telecom as it has in the banking industry thanks to generations of cronyism and dysfunction.

For years, Verizon repeatedly stated that more meaningful privacy protections weren't necessary for broadband providers because "public shame" would keep the company honest. Verizon-owned AOL recently parroted that idea when it insisted "the market" would keep companies on their best behavior. How does that actually work in practice? As we've seen with Verizon's "zombie cookies," not at all.

In fact, it took months for security researchers to even realize that Verizon was embedding user wireless packets with stealth tracking technology. It took another six months of public pressure before Verizon even gave users the option to opt out. The self-regulatory approach just doesn't work in telecom. What we get in reality are companies like AT&T that are now charging broadband users a $60 premium if they want to opt out of invasive snoopvertising, then calling that innovation.

Alongside the ITIF report, the industry is pushing a second report this week (pdf), funded by telecom-industry lobbying group "Broadband for America." While most people familiar with sockpuppetry and astroturf will disregard these reports as the conflicted proxy musings of the telecom industry, the press usually isn't so savvy. In fact, ReCode ran an article on the study with a headline informing readers that ISPs know "less than you might think" about them, and an opening paragraph claiming ISPs "have limited access to consumer data." Only in a later update at the bottom of the story did ReCode disclose the study was funded by AT&T, Comcast and Verizon.

It's clear the broadband industry is now engaged in a full court press to derail rules that might take a small bite out of billions in user-tracking revenues. And in typical telecom-industry fashion, that involves creating a sound wall of fauxcademics, fake consumer advocates, third-party consultants and other mouthpieces who will be spending the next six months informing you that ISPs are utter angels when it comes to respecting and protecting consumer privacy, and that the status quo (read: no real privacy protections whatsoever) is good enough.

Filed Under: broadband, fcc, privacy, studies
Companies: itif

Verizon Strikes $1.35 Million Settlement With FCC Over Its Use Of Stealth 'Zombie Cookies'

from the comes-around-goes-around dept

Last year you'll recall Verizon Wireless found itself in hot water after being caught modifying user packets to insert stealth tracking technology. By embedding each packet with a unique identifier traffic header, or X-UIDH. Verizon and its marketing partners were not only able to ignore user browser preferences and track their behavior around the Internet, they were then able to use this technology to build detailed user profiles. Verizon Wireless launched and operated the technology for two years before security researchers even noticed the program, and it required another six months of public pressure for Verizon to even offer an opt-out option.

According to the FCC's full press announcement (pdf), the fairly measly $1.35 million settlement doesn't stop the program, which likely won't please many privacy advocates. Verizon Wireless will however need to transparently notify users of the system and get their explicit opt-in (a rare dinosaur in online tracking rules) consent before sharing any of this data with third parties. The FCC is quick to highlight how Verizon previously proclaimed the technology couldn't be abused by third parties to build detailed profiles of users -- right before it was.

The FCC's full order (pdf) indicates that the regulator is leaning heavily on both the transparency requirement embedded in the FCC's net neutrality rules, and the agency's authority under Title II of the Communications Act to enforce the settlement:

"Section 222 of the Communications Act imposes a duty on carriers to protect their customers’ proprietary information and use such information only for authorized purposes. It also expressly prohibits carriers that obtain proprietary information from other carriers for the provision of telecommunications services to use such information for any other purpose. Section 8.3 of the Commission’s rules, known as the Open Internet Transparency Rule, requires every fixed and mobile broadband Internet access provider to publicly disclose accurate information regarding the network management practices, performance, and commercial terms of its broadband Internet access services sufficient for consumers to make informed choices regarding use of such services and for content, application, service, and device providers to develop, market, and maintain Internet offerings."

When the FCC reclassified ISPs as common carriers under Title II, ISPs became subject to Title II’s Section 222 privacy protections regarding "customer proprietary network information" (CPNI). That portion of Title II was written specifically for phone companies, so the FCC is planning (prompted in large part by Verizon's behavior) to update the CPNI rules to create new broadband consumer privacy protections. While the FCC politely lauds Verizon's cooperation in the investigation, these kinds of consumer protections are precisely what Verizon was trying to stop when it sued to cripple net neutrality (both in 2010 and again last year).

Granted Verizon could have easily avoided the new privacy rules. It has argued for years that tougher privacy protections for broadband weren't necessary because the industry could self-regulate. And regulators appeared to buy that claim for a while. But Verizon's decision to covertly fiddle with packets and track tens of millions of customers without bothering to tell any of them indicates just how well that plan actually worked in practice.

Filed Under: fcc, privacy, settlement, zombie cookies
Companies: verizon

Afraid Of Upsetting The Cable Industry, Roku Won't Support FCC Quest For Increased Set Top Box Competition

from the i-got-mine,-thanks dept

As the FCC continues its push to open up the cable set top box market to competition, one of the companies that could benefit the most from such a shift isn't willing to support the initiative. The FCC's plan calls for the cable industry to deliver its existing cable content to third-party hardware, creating a new competitive market and putting an end to the $20 billion in fees consumers pay yearly for often-outdated hardware. But unlike companies like Google and TiVO, Roku isn't supporting the plan, making it clear this week the company doesn't want to upset its friends in the cable industry:

"We have not been advocating for a rule making in this area at this time,” Tricia Mifsud, a Roku spokeswoman, told IBD. “While we are known for selling streaming players, it is only one area of our business. Customers also access our platform through smart TVs and streaming players that operators deploy."

Roku's been partnering with Charter and Time Warner Cable (soon to be merged) on small-scale trials that involve the cable companies giving away a free Roku alongside a skinny bundle of basic channels. In New York City, for example, Time Warner Cable's trial offers the free Roku as a replacement for the cable box, delivering three different skinny promo bundles ranging from $10 to $50. Roku makes it pretty clear it's keeping its mouth shut in the fight over the cable box because it believes these relationships will only flourish:

"In addition to Time Warner Cable, we also have a similar arrangement with Charter where they are buying streaming players to offer in a bundle,” added Roku’s Mifsud. “Overseas, we have partnerships with Sky in several countries and Telstra where we have licensed use of our platform and they have deployed their streaming video services to co-branded streaming players."

Indeed, Roku's already cooking up a hybrid streaming and cable box for use overseas it hopes the soon-to-be fused Time Warner Cable Charter will adopt as well. The problem is that these trials aren't likely to see broader deployment in the States, because execs fear such alternatives will cannibalize their already-struggling traditional cable subscriber bases. Cable operators have a long, proud history of flirting with more innovative, less expensive alternatives only for executives to scrap or hamstring the ideas for fear they might hurt the sacred, legacy TV cash cow.

But, because Roku believes it's first in line for the cable industry's affections, it appears to be backing away from an initiative that would likely be good for the entire sector (investment by Viacom, 21st Century Fox, and UK cable operator Sky might be shaping Roku's thinking as well). After all, why support broader, healthy competition when you believe you've got the inside track? Well, because should the FCC's gambit actually work, Roku (which people forget began as a brain child of Netflix) stands to gain a much larger chunk of this suddenly-open market than it will from remaining mute.

Filed Under: cable, fcc, set top boxes, tv
Companies: roku

FCC 'Probing' Whether Cable Companies Have Sabotaged Internet Video

from the well,-duh dept

Most people realize that the cable and broadcast industry has worked tirelessly to protect its legacy cash cow from disruption. Dish was forced to make its ad-skipping DVR less useful if it wanted streaming licensing rights. Fox, Disney and Comcast/NBC for years kept Hulu from being too disruptive. ESPN sued Verizon for trying to offer more flexible TV lineups. Apple keeps running face first into broadcasters terrified of real disruption with its own TV plans. That's before you even get to cable companies busy capping and metering usage to hurt streaming services, while zero rating their own services for competitive advantage.

Gosh, it's almost as if there's a broad, coordinated, decade-long effort to keep legacy television expensive, barely-competitive, and shitty.

Enter the FCC, which, according to a Wall Street Journal report (registration required), is "probing" whether there's a coordinated effort by the cable and broadcast industry to keep Internet video from truly taking off. Though there's a number of ways the industry does this, the FCC's latest inquiry is focused on cable companies demanding broadcasters not license content to competing streaming services:

"Some evidence suggests the restrictive clauses may have effectively kept many TV programs off the Internet. Several big tech companies have tried to start Internet TV services, but have found it hard to get programming because of the exclusivity provisions. One new online TV venture, Sling TV, a subsidiary of Dish Network, says it suffered months of delay because of challenges posed by the contract clauses.

“When we launched Sling, one of the toughest things [was that] many of the programmers…had conditions in their programming agreements with other distributors that did restrict them in how they could license content,” Roger Lynch, Sling’s CEO, said in an interview."

So yes, some cable operators have demanded broadcasters intentionally limit who they offer service to, and you'd assume that Dish has forwarded something vaguely-resembling evidence to the FCC.

But the Journal report is oddly myopic in its coverage of the issue, vaguely implying that broadcasters like Disney, Fox, et al aren't also part of the problem. Disney for example owns ESPN, which again sued Verizon for upsetting the status quo of bloated, expensive channel bundles. Comcast/NBC took steps to hinder Hulu's growth despite being theoretically prohibited (via NBC merger condition) from Hulu management. Fox, meanwhile, has sued the hell out of any company attempting to do anything to so much as jostle the traditional TV apple cart.

This all comes up now because the FCC is reviewing Charter's attempted merger of Bright House Networks and Time Warner Cable. The regulator is fielding concerns from numerous companies that the merger will create another Comcast with a vested interest in hurting streaming video. Comcast's attempt to acquire these same companies was blocked, you'll recall, because the combined power of a broadcaster, cable operator and broadband company worried regulators (well, that and Comcast was immeasurably full of shit during its sales pitch).

Charter, by contrast, doesn't have the broadcast power of Comcast. And while Charter's customer service rankings are almost as bad as Comcast's, for whatever reason the company doesn't generate the same negative public sentiment, meaning less political pressure on the FCC to block the deal. To try and seal the deal, Charter has even gone so far as to hire respected neutrality advocate Marvin Ammori to help craft a company promise to avoid usage caps and adhere to net neutrality for (an admittedly unimpressive) three years after the deal is signed.

As such you're likely to see the FCC approve the deal, and the "probe" the Journal references is the regulator feeling out just what the conditions should be. Prohibiting Charter from agreements intentionally designed to sabotage streaming video competition might be a start, but it's not going to hinder the broadband and cable industry's primary avenue attack against Internet video: usage caps and zero rating. And so far, the FCC has been utterly comatose in its response to how Comcast and Verizon are using caps to give their own content a distinct marketplace advantage.

It's all well and good if the FCC wants to aid streaming video competition by opening the set top box or thwarting anti-competitive deals, but if the agency doesn't seriously address broadband competition, usage caps and zero rating, streaming video's just going to find itself choked off on the other end of the line. If the FCC wants to help, it can start by "probing" whether usage caps are necessary, whether the meters being used are accurate, and whether it made a mistake when it decided on net neutrality rules that pussy foot around the obvious problems caused by zero rating.

Historically telecom and cable merger conditions imposed by the FCC are sad, mostly meaningless, restrictions volunteered by the companies themselves (which they still often fail to adhere to). The FCC's going to have to dramatically change this historical narrative if it seriously hopes to keep the cable and broadcast industry from waging all-out-war on disruptive streaming alternatives.

Filed Under: collusion, competition, fcc, internet, internet video
Companies: apple, comcast, disney, espn, fox, hulu, verizon

FCC Votes to Dismantle Cable's Monopoly Over The Set Top Box

from the unlock-the-box dept

The FCC voted 3-2 today to begin dismantling the cable industry's long-standing monopoly over ye olde set top cable box. As noted previously, the FCC is pushing a proposal that would require cable operators make their programming accessible to third-party set top manufacturers, without requiring the use of a CableCARD. The goal is to create competition in the set top box market, giving consumers a choice of better and cheaper gear, in the same way consumers can buy their own cable modems. 99% of consumers currently pay about $231 annually in rental fees for hardware that's generally worth about half that much.

Note this morning's vote simply sets forth a notice of proposed rulemaking (NPRM) that won't be voted on and fully revealed to the public until later this spring. The NPRM also indicates that cable operators will have two years from full approval to implement the changes. Assuming, that is, the elections don't end up with a totally revamped FCC that reverses the plan.

As you might expect, the cable industry has been engaged in hysterical, breathless protest against the FCC's proposal, since it would instantly demolish around $20 billion in captive revenue cable providers enjoy every year. The industry's also well aware that third-party set tops will be much more likely to include streaming services that compete with cable, accelerating cord cutting as the nation's Luddites suddenly realize they don't need to pay $150 a month for five hundred channels of garbage they don't actually watch.

But the industry can't just come out and admit these obvious motivations, so they've turned to the usual practice of farmed outrage in editorial sections nationwide. Including the creation of the Future of TV Coalition, which calls itself a "diverse group of programmers, content creators, civic groups and television providers" who've joined forces to "celebrate and promote the thriving innovation" going on in the cable industry. This group has been making the rounds trying to argue that set top box competition would destroy the universe as we know it, harm innovation, damage consumer privacy, and even hurt minorities.

On the heels of the vote, the group was quick to fire out an e-mail statement blaming "big tech" for the FCC's plan to...secretly make life hell for American cable consumers:

"The massive outpouring of opposition to this costly and destructive rule from members of congress, the creative community, TV distributors, and public advocates reflects a basic truth: the rules under consideration will drive up consumer costs, hurt programmers (and most especially small and diversity programming), and blow a gaping hole in Congressional protections for our TV privacy – all for an unnecessary government giveaway to Big Tech. In short, this rule does not make sense.

Ahead of his dissenting vote this morning, former Verizon regulatory lawyer turned FCC Commissioner Ajit Pai was quick to parrot many of these claims:

"Among Pai's concerns were what he said could be the advserse impact on programmers, including on diverse programmers. "[N]othing in this proposal would prevent a set-top box manufacturer from replacing the commercials in a television show with commercials sold by that manufacturer. And nothing in this proposal would prevent a set-top box manufacturer from adding commercials to a program," he said."

This idea that "big tech" companies like Google and TiVo will come in and intentionally filter out minority programming is something the industry has been scare-mongering over for weeks, but there's no evidence of this actually being a threat. Logically, broader access to cheaper, better hardware would be good for all consumers, as would access to a broader array of streaming options, layered on top of existing content. FCC boss Tom Wheeler was quick to state that these claims are "red herrings" being pushed by an industry that's perfectly happy with the status quo, and that nothing in his plan puts existing content or business relationships at risk:

"There is nothing in here that allows third parties to disaggregate cable content or sell advertising around it... It takes the same system that goes to the cable box today with the same structures and moves it through a different box requiring the same structures. As a result, existing copyrights and programming agreements are unaffected, consumer privacy is protected, emergency alerts are passed through and child protection laws are unaffected. Nothing in this proposal slows down or stops cable innovation."

While the cable industry's opposition is by and large bullshit, there are some lingering questions with the FCC's well-intentioned plan. One, the plan will require an awful lot of effort, political fighting, enforcement and FCC man hours to revamp a technology that Internet video will likely make irrelevant in the next decade anyway. And once implemented, providers will likely look to simply recoup that lost revenue from broadband users in uncompetitive markets in the form of more fees, usage caps, zero rating and other potentially anti-competitive behavior. Behavior the FCC has been turning a blind eye to -- to focus on the cable box.

Following that line of thinking long term, it may have been wiser for the FCC to focus its energy and resources on broadband competition, and leave the cable box for dead as the vultures begin to circle overhead.

Filed Under: competition, fcc, innovation, set top box

Broadband Industry Getting Nervous That The FCC Might Actually Protect User Privacy

from the actually-doing-your-job dept

Back in 2008, Verizon proclaimed that broadband services didn't need additional consumer privacy protections because "public shame" would keep the broadband industry honest. But in late 2014, Verizon found itself at the center of a privacy scandal after security researchers discovered the company was embedding stealth tracking technology in every packet sent by the company's wireless users. These "stealth cookies" were being used by Verizon for two years before they were even discovered, and it took another six months of public and press outrage for Verizon to let users opt out.

In other words, public shame didn't work, because even security researchers weren't able to detect what Verizon was doing. Verizon's behavior specifically prompted the FCC to use its new Title II authority to begin crafting marginally-tougher consumer privacy protections. Under Title II, ISPs are now subject to Title II’s Section 222 privacy protections regarding "customer proprietary network information" (CPNI). But since those rules were crafted for older phone companies, the FCC's looking to modernize them for the smartphone and "Internet of Things" age.

This has, as you might expect, been met with renewed annoyance by the broadband industry. Most of the broadband industry's major lobbying organizations have fired off a letter to the FCC (pdf) that basically urges the FCC to pass rules that aren't all that clear or tough, since tough rules might just hurt the industry's incredible love of innovation and competition:

If the courts determine that the FCC has authority to regulate broadband privacy, we encourage you to develop a framework that offers consumers robust privacy protection, while at the same time allowing broadband providers to continue to innovate and compete...Our member companies recognize that ensuring robust privacy protection is important and have devoted substantial capital, resources and personnel to develop, maintain, and enhance meaningful data privacy and security programs. Indeed, our companies have strong incentives to earn and maintain their customers’ loyalty by protecting their data.

Except that hasn't really proven to be the case.

Verizon's incentive certainly wasn't consumer loyalty when it designed a super cookie that ignored all consumer privacy preferences and browser settings. And that kind of thinking has been more the norm than aberrant behavior, given that ISPs have been selling user clickstream data for more than a decade (and lying about it). Similarly, the kind of "innovations" consumers have grown used to have included being forced to pay a premium for privacy, such as how AT&T forces U-Verse broadband customers to pay $44 to $64 more per month if they want to opt out of AT&T's deep packet inspection snoopvertising.

And that's just fixed-line broadband. Privacy essentially doesn't exist when it comes to wireless, where both usage and location data is shared with absolutely anybody ready to write the major wireless carriers a check. And as the major broadband players push into smart home, security, automation, connected vehicle and other fields, you can be absolutely sure that their total lack of privacy principles will be coming along for the ride. That's why more than fifty privacy-focused groups including the EFF sent their own letter (pdf) to the FCC last month urging it to become a "brawnier cop on the beat" on broadband privacy.

And while the broadband industry's myriad of mouthpieces are sure to whine incessantly about "over regulation" here, the industry had absolutely every opportunity over the last decade to self-regulate and avoid "tougher" (read: any) privacy protections. Instead, as Verizon's super cookies perfectly exemplify, the industry thought that lifting a giant middle finger to consumers was the smarter option.

Filed Under: broadband, cpni, fcc, privacy