Gazing into the abyss - Republicans are selling out your privacy

When you think about the future, you may start to suffer from “abyss gaze,” the depression that settles in when you realize that we’re all doomed. Warren Ellis coined the term in a novella named “Normal,” which tells the story of futurists who suffer nervous breakdowns after discovering that there is no hope for humanity as a result of the trends in whatever area they study. Scientists who are fully informed about climate change are terrified, for example – we’re in far worse shape than you realize. Geopolitical specialists studying North Korea know that a cataclysm is imminent. It doesn’t take very much research into drone warfare or genetic engineering to find reasons to be frightened about the future.

And then there’s the chasm opening in front of us in the United States as Republicans seize the levers of power. Disbelief is giving way to madness as we consider the consequences of having people in charge who think reality can be ignored when ideology demands it.

Last week internal divisions kept the Republicans from passing a massive tax cut for the rich disguised as “health care reform,” hurting tens of millions of Americans as a side effect. But the work of dismantling the government and harming us continues despite that setback.

Gaze into the abyss.

On Thursday, 50 Senate Republicans voted to eliminate broadband privacy rules and make it almost impossible for any such rules to be imposed in the future. It is the death of privacy. Their bad deed will likely be rubberstamped by the House this week and signed into law.

What they did is viciously anti-consumer. It’s cynical and corrupt – rewarding donors and giving up your privacy because they figure they can safely ignore our preferences. There is no excuse, no rationalization, no opposing argument. Republicans delivered your privacy – your personal information, your health, your finances – to big companies who contribute to their campaigns. The big companies will profit from selling your personal information to anyone they choose – advertisers, government, law enforcement, or each other.

(Update 03/28/2017: Republicans in the House passed the bill today and sent it on to the White House, where it will be signed immediately. Our position is summarized by Techdirt: “Thanks to a cash-soaked Congress there will be neither broadband competition, nor functional regulatory oversight of an industry with a documented history of aggressive, anti-consumer and anti-competitive behavior.”)

Let me give you some background so you understand the significance of that vote.

Internet Service Providers gather more information about you than Google or Facebook

Who do you think knows the most about you? Google? Facebook?

Your Internet service provider (ISP) knows more about you than anyone else. That’s wired providers like Comcast and Time Warner, and wireless providers like Verizon and AT&T.

Every click you make online goes through your ISP’s servers. Your ISP knows every web page you visit. Your ISP knows how many devices you have. It knows where you bank. It knows what you buy online. Sophisticated data analysis can likely reveal your religion and sexual orientation. They can identify how many children you have and where they go to school. If you visit a health website after you wake up, the ISP can guess that you’re not feeling well and see what you looked up.

Do you ever use your browser’s incognito mode? When you browse in incognito mode, there is no record on your computer or mobile device about what websites you visit. You might feel safe using that to view pornography or to conduct personal business without leaving a trail for your spouse or partner. Google does not keep a record of your incognito browsing. But it’s completely visible to your ISP, which will log it along with all of its other information about you.

And your ISP can match the data it collects with your personally identifiable information (PII): the ISP has your name, your physical address for home or business connections, and your social security number. Mobile carriers like Verizon and AT&T also have a record of the location of your phone at all times, 24 hours a day, regardless of what apps you’re running, by tracking the cell phone towers that your phone is near.

Your ISP scans every packet of information going to and from your computer. Comcast and the others have already installed the equipment to do “deep packet inspection” – a surveillance method that literally opens and examines the contents of all the data going to and from your computer or device.

The EFF summarizes it this way: “It’s worth remembering that ISPs and companies like Google or Facebook see entirely different parts of your Internet activity; namely that Google or Facebook only see the traffic you send to their servers, while ISPs see all your traffic. Even when you take into account the fact that Google and Facebook have creepy third-party trackers spread across the web, they still only see a fraction of what your ISP sees. Being able to see all of your traffic gives your ISP an unprecedented view into your life (everything from what you’re shopping for, to who you talk to, to what your politics are, to what you read), which not even Google or Facebook can achieve.”

Internet privacy rules

ISPs have been experimenting with schemes to make profits by violating your privacy for several years. (More about that below.) Although there were no formal privacy rules until recently, the ISPs were constrained by the fear that the Obama administration and the FCC would impose consumer-friendly rules and side with consumers if the ISPs overstepped.

Last fall the FCC approved formal privacy rules providing that ISPs would need to obtain your consent before using precise geolocation, financial information, health information, children’s information and web browsing history for advertising and internal marketing.

After the election, the ISPs smelled their opportunity and began heavily lobbying to prevent the rules from taking effect. Lobbying groups for the ISPs and for advertisers filed oppositions to the rules. Meanwhile, consumer advocate Tom Wheeler was replaced as head of the FCC by Ajit Pai, a Republican who has shed any pretense of being anything other than an industry shill.

Even if the rules had been reversed by the FCC, though, the door was open for court challenges that might have created uncertainty for ISPs seeking to cash in. Opening the money floodgates required an act of Congress.

Enter Congress.

Fifty Senate Republicans voted for legislation to kill the FCC’s Internet privacy rules, removing uncertainty and encouraging ISPs to make aggressive moves into the advertising market. But the legislation goes one step further and prevents the FCC from issuing similar regulations in the future. For ISPs, this is better than the FCC undoing its own rules, because it means a future FCC won’t be able to reinstate them.

Forty-eight Democrats opposed the legislation. The House will take it up next week, trying to rush it through before people can discover the damage that is being done.

Once this goes through, there will be no federal authority on ISPs and privacy – literally no one with jurisdiction to listen to complaints or deal with overreaching. The ACLU says: “The FCC is the only agency that can proactively protect your online privacy. Other government bodies, such as the Federal Trade Commission, cannot issue proactive rules that require companies to obtain consent before sharing customer information. Moreover, as a result of recent court cases, the FTC lacks jurisdiction over some internet service providers, such as AT&T. As a result, if Congress eliminates the FCC rules, no existing regulations would require companies to provide opt-in consent to consumers before sharing their information, creating an enormous privacy gap.”

What will the ISPs do to violate your privacy?

Let’s look at a number of examples of what may be coming. This is not speculation. ISPs have already implemented or experimented with each one of the below examples.

Fees for privacy  Two years ago AT&T/U-verse started doing deep packet inspection to monitor everything its customers did online and sell the data to advertisers. It offered to give fiber subscribers some privacy but only if they paid an extra $30/month. Last fall Comcast informed the FCC that it should also be able to charge an extra fee to broadband users seeking to protect their privacy. DSLReports wrote: “Comcast argues that charging consumers more money to opt out of snoopvertising should be considered a “perfectly acceptable” business practice. . . . In short, Comcast is arguing that protecting your own privacy should be a paid luxury option.”

AT&T ended the fee-for-privacy program shortly before the new broadband privacy rules were enacted last fall. It’s safe to assume AT&T and Comcast and the others will be moving forward again with similar programs once the rules are repealed.

Profits from advertisers  Google has become a giant company because advertisers are willing to pay huge amounts for Google to analyze its data and choose appropriate ads for you. Google does not deliver data about you to advertisers. It keeps the data to itself and selects the ads through its own ad network.

ISPs would have no such constraints. Nothing would prevent them from selling your data to advertisers, linked to your name and address. Even if they don’t go that far, the whole point is to sell data about your location, demographics and browsing history to advertisers, without your knowledge or consent. That’s what this is all about.

Hijacking your searches  When you do a Google search, you expect to see a Google page displaying search results chosen by Google.

Your ISP controls the packets sent to your computer. The ISP can redirect your search to a different search engine. No matter how you tried, you might get a page of Comcast search results, containing ads from companies that had paid Comcast.

Sound unlikely? In 2011 a number of ISPs did exactly that. Charter, DirectPC and a number of others sent searches to a third party named Paxfire. Searches were redirected through affiliate marketing programs or to pages selected by advertisers. Paxfire and the affiliate programs were paying ISPs to redirect customers to places the customers hadn’t asked for, without anyone’s knowledge.

As of next week, there will be no rules against resuming that behavior.

Inserting ads on web pages  ISPs will have a green light to inject ads into your web browsing – ads that have nothing to do with the web page that you’re loading. You might see full page ads before the page loads, or banner ads at the top or bottom of pages, or popup ads. Again, remember that the ISP controls every packet sent to your computer and has the technical ability to do this in pursuit of extra profits.

AT&T did this with some public wifi hotspots in 2015. Charter Communications started experimenting with injected ads almost ten years ago.

When the privacy rules are repealed, there will be nothing to stop ISPs from doing this routinely, and literally no federal agency with jurisdiction to handle complaints.

Injecting undetectable, undeletable tracking cookies in all of your web traffic  Cookies are one of the methods used to track you as you browse the web. When you shop for earrings on one site, it is a cookie from an ad network that results in ads for earrings following you around to every other site for the next two weeks.

Two years ago Verizon came up with “supercookie” trackers that could be injected into all of its customers’ traffic. They recorded all browsing, including incognito browsing, and ignored cookie blockers, which meant they could be used (and abused) by anyone, not just advertisers. Attempts to delete the supercookies were unsuccessful, as they could be resurrected later.

What can you do?

What can you do? Not much. This is what it means to “remove outdated and unnecessary regulations,” as FCC chairman Ajit Pai said last month. Similar hostile anti-consumer moves are going on all over the federal government as Republicans move to dismantle agencies and empower large corporations to accumulate profits without restraints.

You can support the EFF in a last ditch attempt to stop the House from repealing the FCC rules. The ACLU will also be fighting to prevent the repeal and presumably taking action in court to try to limit the damage.

If you are technically agile and sufficiently paranoid, you can begin using a VPN or Tor to hide your browsing from your ISP. Those have their own price. They’re technically complex. They slow down your Internet browsing pretty significantly. Using a VPN just moves the problem downstream, because now you have to trust the VPN provider, who will technically have access to exactly the same information about you as your ISP.

Unfortunately, for most of us, the only answer is to be alert and knowledgeable, and try to stay calm and sane as we stare into the abyss.

Share This