Comcast Sued Over Internet Data Gathering

saikou writes: "Slashdot already had an article about Comcast using transparent cache systems to track their cable modem users' browsing habits (purely for improvment of their networks, of course) and now here's the follow-up. Newsbyte posted yesterday a story about the lawsuit, demanding $100 per day of tracking for each customer. I guess even if it will work out, customers might get oh, say, $10. With rest being a fee for the lawyer(s) :)" Update: 05/25 12:37 GMT by T : burgburgburg points to a New York Times article about the case, and reminds you of two previous mentions of the controversial user-tracking effort (one, two).

Good to see

It's good to see that Comcast haven't, in this case, been able to use general technical ignorance to bamboozle their way out of this one.

It looks as if they actually expected to get away with claiming they needed that info for caching purposes. I hope that they're nicely stunned at being asked to prove why they felt it necessary to tie that info back to individual user identities.

BTW, I presume that most /.ers have always assumed that their ISP was tracking their online activities.

Court?

So... does your browsing habits come out in court as a matter of public record?

Lawful tracking

Right of way for protection of data privacy - are we the people?

Are you really sure you're innocent? Do you expect your representatives which have been elected by youself to believe into your integrity without needing evidence? A minority of the European Parliament seems to be in doubt and precautiously suspects its citizens at the time being. On May 29 2002 in Brussels will be vote if the fundamental rights of the citizens in Europe as there are protection of privacy, freedom of speech and the presumption of innocense should be abolished. Law enforcement authorities shall be authorized to store any data about electronic communications of EU-citizens. The most important rights are endangered to be sacrificed in the course of fight agains terrorism.

Neither the individual case nor interim measures will be considered when it will come to storing data. Thus data would not be saved temporary or in an appropriate manner. Regarding the intention of a part of the European Parliament retention of all individuals' electronic communication shall be done without control to enable further investigations about illegal actions in the future. Therewith all citizens will be assumed to be potential criminals. On April 18 this violation of the basic rights was defeated by a close vote.

For this narrow majority to become an absolute one a letter to the European Parliament was phrased which can be signed here:
http://stop1984.com/index2.php?text=letter. txt. Over 40 international civil rights organizations and user groups in the internet subscribed to this letter. Til now the signatures of more than 7500 people all over the world were registered.

If you don't agree with your government suspecting you to be a potential terrorist and storing all your electronic communication without a cause you should sign this letter.

Um, stupid?

Need I remind you that if you use Comcast as your ISP you are using *their* networks. Its not like they don't have a right to maintain it anyways they want. Unless the TOS specifically says "We will not log your activity" this lawsuit should be thrown out.

Tom

Re:Um, stupid?

Need I remind you that if you use Comcast as your ISP you are using *their* networks. Its not like they don't have a right to maintain it anyways they want. Unless the TOS specifically says "We will not log your activity" this lawsuit should be thrown out.

The right to swing *their* fist stops where the customers nose begins.

There are limits to what you can do with your property,
and those limits are in part defined by injury it causes others.
If you want to do something as egregious as Comcast
(i.e. something your customers wouldn't reasonably expect you to do)
then you had damn well better state that up front in large print.
In other words, it is like they like they don't have a right
to maintain their network anyway they want.
Unless the TOS states in large print
"WE WILL LOG YOUR ACTIVITY AND SELL IT TO THIRD PARTIES"
then they are at fault.

There are limits, and Comcast exceeded them.

-- this is not a .sig

Is it possible...

...that comcast is simply using this proxy system to reduce its external traffic and attempt to make web-browsing faster for its users rather than as some part of some great conspiracy?

Read the article !

It says 100$ per customer or 1000$ for all customers per day. The first one is extremely unlikely. And 1000$ bucks is not so much - any major company can afford this. They probably made more money by the data.

Thanks for the info

I'd heard about Comcast doing this from a local news report; seems like I missed the postings here. Thanks for all the info.

Heh, and as I'm typing this, a "we're hiring" ad for Comcast is on cable... "Enjoy an exciting career with Comcast! Technician! Sales! Spy!"
----
Apple hardware still too expensive? How about a raffle ticket? [macraffle.com]

The Real Problem

It isn't so much the commercial use of this information that bothers me but, rather, that it's being accumulated in the first place leaves the door open for shady government agencies to have access to it in a harder to fight way than something slightly more attributable and, therefore, possible to fight such as Carnivore.

If you think about it, there was no real reason for the FBI to stick their neck out like that with an actual hardware wire-tap of their own when most ISPs would probably bend over backwards to share the info they've already collected for commercial reasons.

Want to know who's been visiting dangerous, subversive websites [zmag.org]? Simply send Agent Crewcut to play a few rounds of golf with CEO Weasel and suggest that there might be some juicy government contracts coming up for grabs.

Comcast did a bad bad thing....

IANAL, but heres the links to what I believe to be the relevant laws comcast may have violated (mainly for being a cable company) Cable TV Privacy Act of 1994 [epic.org]Which in short provides provisions that limit:

(A) the nature of personally identifiable information collected or to be collected with respect to the subscriber and the nature of the use of such information;
(B) the nature, frequency, and purpose of any disclosure which may be made of such information, including an identification of the types of persons to whom the disclosure may be made;
(C) the period during which such information will be maintained by the cable operator;
(D) the times and place at which the subscriber may have access to such information in accordance with subsection (d) of this section; and
(E) the limitations provided by this section with respect to the collection and disclosure of information by a cable operator and the right of the subscriber under subsections (f) and (h) of this section to enforce such limitations.

As well if I'm not incorrect here,the ECPA [eff.org]
More fun privacy law here, Privacy Act of 1974 [opm.gov]

And of course if they customer has a kid under 13 who they gathered data on there was another law I just couldn't quite manage to find in regards to making this pretty illegal. And you can't make your customers opt out of federal law last I checked.

Anyway, it hasn't been my experience that lawyers take cases they have no chance of winning where the payout is based on them winning.

collecting informations to...

They are collecting information to keep updated their database about best p0rn sites.

Read the EULA

(1) Read the "End User License Agreement" that Comcast requires of its customers--it is in explicit contradition to their public statements w/r to the collection and use of end user communications. [they claim explicit ownership of the data that you place on their networks as a subscriber] (2) If Comcast were to exercise its self-promoted rights under said agreement--and I have some technical evidence that they have--then not only are they at issue with the 1984 Federal satute--but, Pennsylvania's 1996 ammendment to its Cable TV Act. [I would strongly suspect that other states' Cable Acts are cast from the same template] As to no collection of "personally indentifiable information"--that's patent nonsense. The architecture of the the DOCCIS v.1.1 infrastructure that Comcast has implemented requires the explicit registration of every communications device on their network with a specific subscriber account--each datagram produced by every device on the Comcast network is directly identifiable to a specific subscriber account. The nature of the proxy is such that a query on the order of "Show me all data transactions that the household of Smith, John S. has enganged in with http://www.cnn.com over the past 12 hours" is a trivial undertaking--requiring perhaps 15 minutes worth of effort. [the MAC# of the DOCCIS modem is recorded in the billing/user account database--the rest is a trivial filtering/datbase query exercise]

$100

saikou commented in the intro: I guess even if it will work out, customers might get oh, say, $10. With rest being a fee for the lawyer(s) :)"

The $100 is exclusive of lawyer's fees. The NYT article states:

Goren, who predicted ``months or years'' of litigation, is seeking attorney's fees plus damages of at least $100 per day for every Comcast subscriber.

Is Covad starting to do this too?

For about the past month, any http connection I've made would be really slow and lossy, even though ping times to the sites were good. Anyone know if Covad is trying to set up some kind of transparent proxy on their network too?

Lawyers

I guess even if it will work out, customers might get oh, say, $10. With rest being a fee for the lawyer(s)

We could endlessly repeat well-worn ideas yet never think about them, but let's try:

People complain that class action contingency attorneys pull a scam on their targets (e.g. Comcast) and their clients (e.g. Comcasts customers) and take all the $. Think about it; contingency lawyers (lawyers that collect large sums if they win, rather than smaller sums win or lose) and class action (grouping large numbers of small complaints into one big one: e.g. $100 damages * 1 million people = $100 million lawsuit) are the only way the less-than-rich get access to our court system.

o Contingency lawyers let everyone, not just the rich, use our court system. Our court system was too expensive for anyone but the rich. You must have a lawyer (technically you can represent yourself, just like my grandmother is technically allowed to hack the Linux kernel), and lawyers are expensive. If you couldn't afford one, no justice for you -- very democratic. Now, contingency lawyers take your case based on the hope you'll win and be able to pay them. Think about it -- would you work hundreds (or more) hours, hire experts and make every other investment at your own expense, and risk that if you lose (the other side has attorneys too) that you get $0.00? All that time, effort and money completely sunk? No way to buy dinner? Pay the mortgage? Put the kids through college? Even if you do win, you work now and get paid next year. Now you understand why contingency lawyers demand a larger percentage when they win.

o What other check, besides Class Action, is there on corporations screwing the millions of individuals who buy their products, work for them, share communities with them and invest hard-earned money in them? There aren't enough gov't regulators -- they couldn't even stop the multi-billion dollar Savings and Loan or Enron or other huge scandals -- can they protect the $10,000 of pension money Jane Elderly invested in Creative Financial Reporting Inc.? The citizens of a polluted neighborhood whose health is at risk? Or simply Ed Jones who wasted on their lies about their useless product? What deters some executive from twisting the financial statements, or ignoring the pollution or lying to consumers, simply to protect his job? What motivates the Board of Directors to question instead of rubber stamping their buddy the CEO who gave them their cushy jobs? It's not fear of the a few regulators; it's fear of massive lawsuits on behalf of every one of those people they might screw.

Sure, there are some bad lawyers who fleece the system, but so do some companies, doctors, politicians, bankers, police, programmers, etc. etc. Like everyone else, there are good lawyers and bad ones, and they all have their good and bad days. Plus, lawyers can't fleece anyone unless a jury and/or judge helps.

Funny that it's the part of our court system that serves the politically weak, not the part that serves the RIAA, the Fortune 500 corporations, etc., that gets all the mainstream criticism.

Freep article...

I'm just going to assume that the tracking comes from the possiblity of the merge with AT&T. The freep [freep.com] had a really good article yesterday about Comcast not being too happy with the bandwidth consupmtion from users.

"Comcast points out that it is not cheap to provide high-speed service to a million customers, as it does now. At its network operations center in Cherry Hill, N.J., workers electronically monitor more than 50,000 pieces of equipment throughout the company's broadband network."

It wouldn't be surprising if they were tracking "equipment" (users more like it) to see who the bandwidth "hogs" are.

Better take advantage of Usenet acess while it lasts!

Damned if they do, damned if they don't

The social side of it is that no one wants to be watched by Big Brother or marketers or whatever. And it's against the law for Comcast to do it. It seems that most Slashdotters are well aware of and justifiably sensitive to these issues.

Then there's the technical side, and I'm kind of surprised that so few voices here speak up about it. When you have a network with a lot of users, it is very natural and intelligent to want to optimize it and use it at maximum efficiency. Caching proxies are a great tool at your disposal. It would almost be stupid if you didn't use them. (Yes, I'm a Squid [squid-cache.org] lover. IMHO, almost every ISP, net-connected business, school, etc should have one.)

But running a web proxy comes with a responsibility. Someone might abuse it, and if the admin receives a complaint about something that came from his box, he needs to be able to look in a log and see who really deserves to receive that complaint, lest he be left holding the hot potato. You can't be a common carrier and not be held responsible for what goes through your network, unless your finger is always ready to point at who is responsible.

It looks like the social issues are the squeaky wheel, so they're going to be addressed. Just remember that this comes with a performance cost.

BT/UK Gov't doing the same thing

I used to be a BT Openworld subscriber here in the UK. They also had a "transparent proxy" running. I freely sent all my data in cleartext until one day their connection to the US went down, and every time I tried to access any sites in the US, it spat back a proxy error at me. So I setup my own squid server in Ireland and routed all my traffic securely through there.

I phoned up the support line and got some slimy "technician" who claimed nothing was wrong. I told him his proxy server was spitting back errors at me, to which he replied he didn't think they had any proxy servers and were my proxy settings ok.

So he put me onto his "manager" who told me I wasn't supposed to know about the proxy and he'd look into it. That was the last I heard of it, 10 minutes later they'd fixed it.

There is No Implied Privacy ...

... when you are a subscriber of a Cable ISP. Get over it. Whether or not the TOS states explicitly that information is being gathered, there is no implied privacy when using a data network. A recent case has upheld this. (I'm sorry, but the exact case escapes me ... however, it appeared on these very pages.)

That being said, there are NO Federal laws governing data passing over a cable TV connection. The FCC (and most state) regulations govern only the television signals that pass over the cable. The cable company is granted, in most cases, a exclusive contract to provide this service to a community. The contracts were mostly written prior to the internet's popularity, and hence have no conditions or obligations in them pertaining to data.

Re:higher threat

Here's an idea then, invite law enforcement to come live with you for 3 months, watch you have sex, watch you bath, and more. The interesting thing is, many of us have been allowing this to slowly happen, while giving up our power to the government. A government that we are supposed to run. Besides that, this type of information can also be used to target sell to you. Why is it that my personal life should be in the hands of some corporation or the government.

Re:higher threat

If you nothing to hide, than you have nothing to worry about.

Would you still not be worried if the postman regularly logged your snailmail and the phone company regularly logged your phone calls or maybe the police regularly logged your physical movements?

Re:higher threat

If you nothing to hide, than you have nothing to worry about. True, until someone decides that something you thought was legal is now suddenly made illegal (DeCSS, anyone?). So guess what? You should've kept that stuff hidden all this time.

On the other hand, that sounds just like something out of a nudist beach advertisement or from the Naked News website.

Re:Whish Distro?

Debian