Verizon Dinged Again For Privacy Violations, This Time For Slinging Personalized Ads To Kids

from the what-privacy-law? dept

Oh Verizon. For years we've noted how the company's consumer privacy practices are utterly abysmal. Like that time in 2016 when Verizon was fined a relative pittance by the FCC for modifying user wireless packets so it could covertly track users around the internet (beyond cookie, clickstream, or even deep packet inspection data). This being Verizon, it didn't bother to tell anybody that this was happening. As a result, it took two years for security researchers to even notice what the company was up to, and another six months of media yelling before the company was willing to even let consumers opt out of the data collection.

Fast forward to this week, and Verizon has been busted once again on the privacy front, this time for slinging behavioral advertisements at kids in violation of the Children’s Online Privacy Protection Act (COPPA). According to an announcement by acting New York Attorney General Barbara Underwood, Verizon's Oath operations (the mash up of its Yahoo and AOL acquisitions) routinely auctioned off ad space and placed ads on websites the company knew targeted kids -- without parental consent. As a result, Verizon's being hit with the biggest fine in the history of COPPA:

"The Attorney General’s Office found that AOL conducted billions of auctions for ad space on hundreds of websites the company knew were directed to children under the age of 13. Through these auctions, AOL collected, used, and disclosed personal information from the websites’ users in violation of COPPA, enabling advertisers to track and serve targeted ads to young children. The company has agreed to adopt comprehensive reforms to protect children from improper tracking and pay a record $4.95 million in penalties, the largest penalty ever in a COPPA enforcement matter in U.S. history."

But much like the company's fine for its earlier scandal, the fine itself is likely a small fraction of the money made during the time AOL spent intentionally turning a blind eye as behavior ads were aimed at kids and kid-frequented websites. The AG's report notes that until late last year (presumably as a result of realizing the AG inquiry existed), AOL's systems ignored any information that it received from an ad exchange indicating that the ad space was subject to COPPA, so the website routinely ignored the law in general. It's worth noting that the full settlement has not yet been released.

There's no indication from the NY AG (I've reached out for more detail) how long this was going on, but it's fairly obvious the income AOL made from ignoring COPPA (there were 1.3 billion auctions of display ad space) outweighs any penalty it's facing, however historic. COPPA is one of the few privacy regulations currently in place, and even then, Verizon/AOL/Oath's decision to just ignore the law speaks pretty broadly as to how even the privacy laws we do have are inconsistently enforced. Especially when we're talking about deep-pocketed telecom giants, who have openly flirted with the idea of charging users even more money for privacy without regulators so much as batting an eye.

As we sit down and begin the long, difficult conversation about what a real internet-era privacy law should look like, the lion's share of the focus remains (quite justly given the Cambridge Analytica scandal) on Facebook. But it can't be understated how the telecom industry has historically been even worse -- especially given they're effectively bone-grafted to the nation's intelligence surveillance apparatus. That these are the companies that will have the biggest impact on the crafting of privacy laws should terrify anyone interested in getting meaningful privacy legislation right.

Filed Under: barbara underwood, coppa, new york, parental consent, privacy, targeting kids
Companies: aol, oath, verizon, yahoo

NY's AG Is Trying To Tie Major ISPs To Those Bogus Net Neutrality Comments

from the ill-communication dept

Last year you might recall that the New York AG's office began investigating who was behind all of those bogus comments that flooded the FCC's website during the net neutrality repeal. As we noted then, "somebody" paid a proxy organization to flood the FCC comment period with a myriad of fake comments. Some of those comments hijacked the real identities of real people (like myself). Others utilized a bot to post a myriad of fake support for Ajit Pai using a hacked database of some kind. Some of the most enthusiastic supporters of Ajit Pai's policies were, interestingly enough, dead.

When the AG's office reached out to the FCC for help getting to the bottom of who was behind the fake comments, the FCC completely stonewalled them, rejecting nine requests for data between June and November of last year. The FCC has subsequently stonewalled numerous FOIA requests regarding who used the necessary APIs to submit the fraudulent comments in bulk, resulting in a lawsuit by journalist Jason Prechtel. A court recently ruled in Prechtel's favor, demanding the FCC release at least some data (in a month or two) that could identify the culprits.

Meanwhile, New York AG Barbara Underwood has expanded her investigation into the bogus comments, subpoenaing more than a dozen ISP-linked lobbying groups (and a few consumer advocacy firms) for additional data on the methodology used to submit the fake support for the FCC's plan. Subpoena targets including groups like the telecom-industry funding lobbying vessel Broadband for America, which we've pretty consistently highlighted for some fairly sleazy and disingenuous behavior.

In her statement to me, Underwood stated that at this juncture they've found that 9.53 million of the 22 million net neutrality comments submitted to the FCC were fake:

"The FCC’s public comment process was corrupted by millions of fake comments—and our investigation found that as many at 9.53 million of those comments stole the identities of real people,” Underwood said in a statement.

“The law protects New Yorkers from deception and the misuse of their identities. And all Americans deserve a fair and transparent process for determining public policy that impacts their daily lives. My office will get to the bottom of what happened and hold accountable those responsible for using stolen identities to distort public opinion on net neutrality."

It's worth noting that Prechtel's analysis and reporting so far has claimed that one of the key players in this whole shady affair may have been DC-based news website and lobbying and policy organization CQ Roll Call, which e-mailed the FCC last year looking for advice on how to submit millions of comments on behalf of an unnamed client. CQ Roll Call was indeed among those subpoenaed by the NY AG this week. Granted there's a universe of fairly shady organizations that routinely help all manner of companies submit fake comments to try and sway government policy during official proceedings.

Again, it's fairly obvious who benefited from trying to downplay the massive public opposition to the FCC's plan by using cardboard cutouts. Getting a hold of all of the FCC API and other server-side data will certainly go a long way toward that end. The question really, as it has always been, is whether any of the proxy organizations involved were dumb enough to leave a paper trail leading to funders like AT&T, Verizon, Comcast, or Charter.

Filed Under: ajit pai, barbara underwood, fake comments, fcc, net neutrality, ny attorney general