AT&T Rewrites Privacy Policy

VikingThunder writes "The San Francisco Chronicle reports that AT&T has revamped its privacy policy, in an effort to head off future consumer lawsuits, with changes taking effect this Friday. AT&T is introducing a new policy that gives it more 'latitude' when it comes to sharing your browsing history with government agencies. Notable changes include notification that AT&T will track viewing habits of customers of its new video services Homezone and U-Verse, which is forbidden for cable and satellite companies, as well as explicitly stating that the customer's data belongs to the company: 'While your account information may be personal to you, these records constitute business records that are owned by AT&T. As such, AT&T may disclose such records to protect its legitimate business interests, safeguard others, or respond to legal process.'"

It's time to take action.

Well, I knew it wasn't going to be long before companies decided to openly admit that playing politics was more important than treating their customers right. Agreed that they had been playing politics in the past *cough* Bush's domestic wiretapping *cough*, but only now are they confirming that and trying to save their behinds from lawsuits like the kind the EFF has filed for unwarranted wiretaps.
This is exactly the treachery that leads to companies going under...You f*ck the consumer, you get f*cked right back.

I say call up your local congressman/woman and tell them that you want the Cable Communications Policy Act of 1984 to include provisions for all methods of distributing content, including IPTV. Also explain to them that your privacy is important to you and that you want them to support as many privacy bills as they can.

Of course, if that doesn't work, just ditch AT&T. I know there is enough competition out there to cripple them. Alas, you might end up paying a bit more, but think of it as the price you pay for privacy, and consumer-friendliness.

Re:It's time to take action.

Ditching ATT is not so easy, they have a very large infrastructure and massive backbone. There is really no way to avoid using their services, either directly or indirectly. I hate to say this, but the only way to stop this is through gov intervention (I wont say regulation because I have regulation), but there is little way for the avg consumer to impact ATT's pocket book, now if companies (end user ISPs and such) toss ATT, that would definately hurt them.

Re:It's time to take action.

"Does Vonage encrypt their traffic?"

I dunno...but, if you want to make their tracking data useless for you...start trying to encrypt ALL your internet traffic.

Grant it....it will slow you up a bit, but, will make you far less traceable. Set up anon. browsing, set up nym accounts for email...that will help your mail at least be encrypted, even from those who don't know how to use pgp.

• Tor - For anonymous browsing [eff.org]
• Freenet [sourceforge.net]
• Anonymous Email (look for Nym section) [faqs.org]
• Free Proxy servers (some https and anon listed) [proxy4free.com]
• Set up and use Mixmaster anon remailers [sourceforge.net]

In general, also start trying to use SSH and vpns for most everything you do....it is a bit slower and PITA, but, might be worth it in the end, considering this new policy, and the govt's recent attempts to get ALL ISP's to "voluntarilly" keep all internet access records stored for 2 years.

Re:It's time to take action.

You're preaching to the choir here. Most of the network related programs I use operate with ssh as their transport layer (unison for file sync, svn+ssh for source code repo and other versioned storage).

I also operate my own mail server/domain, which most of my friends and family have accounts on. I allow ONLY SSL-protected connections, so no plaintext POP3 passwords flying about. As far as they're concerned it's only 1 extra checkbox to click so it's no big deal. SMTP+AUTH+SSL for sending.

Granted, that won't help for sending messages to the outside as they transit unencrypted at some point, but at least we can email each other in relative security. If the NSA wastes a few weeks of processor time just to find out what my lunch plans were last Friday, serves 'em right.

Grant it....it will slow you up a bit

Unless you're talking about initial setup, at the bandwidth levels that most consumer accounts have, I have never seen an appreciable slowdown due to encryption. My modest 266-Mhz router can saturate a 3Mb link with VPN traffic.

Even on my laptop where I do full-disk encryption (GELI on FreeBSD -- built in and it was cake to set up), I can still get upwards of 20MB/s disk I/O, which isn't significantly worse than the el-cheapo drive that's in there can manage without it.

Re:It's time to take action.

And how long do you think before this sort of encryption becomes illegal? Wasn't there some bill/law in the UK that you have to provide the government with all your private keys or face jail time?

Re:It's time to take action.

<sarcasm>Great! I'll get mom, dad, and my popular sister with 60 of her bestest friends on AIM using anonymous email and Freenet in no time!</sarcasm>

Seriously though, the reason these apps haven't taken-off is because they face a chicken-and-egg problem: they aren't standards de facto or de jure.

I've tried getting my friends to use encrypted AIM, via GAIM, Trillian, etc.. Of course they don't use it, (except for another Slashdotter friend of mine): it's "too hard" and (so they say) if you have nothing to hide, then what's the concern over privacy about? (and then I sigh: "He who does not learn from the past, is doomed to repeat it...")

I have relatives who are privacy nuts, and one close to me is even somewhat technically-competent and very well-educated. Yet, mention "PGP", and his eyes glaze over.

If even the privacy-concerned intelligentsia don't want to put forth the effort to protect their privacy, then isn't the battle, as a defacto matter, basically lost?

I think privacy is, has, and will always be, a lost cause. It takes:

• Political and/or economic/business intelligence to understand its value
  
• A historian's knowledge to understand the historical examples of privacy loss
  
• Mathematical sophistication to have a theoretical conception of the potential growth in instances of knowledge of one's personal information by others via the network effects of private information's spread
  
• A network-connected computer geek's (like most of us Slashdotters) understanding of how quickly that information actually *does* spread on the Internet to understand and demonstrate the reality of the privacy situation
  

Few people outside of many computer scientists, and some in the hard sciences and math, and maybe a few lawyers, are competent to fully-grasp the implications of privacy loss. Most people are not so intelligent, nor nearly patient enough to understand the subject -- and so, most people don't give a rat's ass.

The reality of privacy around the world is that Scott McNeely was right some 10 years ago, when he proclaimed that "privacy is dead." I cannot think of a single period in time in which the U.S. or Britain have undergone periods in which privacy could be said to have generally *increased*. [1] Germany arguably improved after the fall of East German socialism, having eliminated the Stasi in the process, but that's like switching from a Yugo to a GM-made econocar for one's personal transportation -- it's a big improvement, but still very far from what is wanted.

Those of us who care about privacy can and do use such applications. The rest of the unwashed masses will be tracked and eventually hunted-down by governments, corporations, and sophisticated black-market criminal organizations like the goddamn cattle they are (and, if East German, Iraqi, Chinese, North Korean, and American communist history -- as well as the history of various black market businesses (drug cartels, the Mafia, etc.) -- is any indicator, murdered much the same).

It doesn't help either that privacy apps have typically not worked particularly-well. Freenet is a great example: it hogs RAM and CPU and in the end, content-retrieval is painfully-slow. Not to mention that Freenet, like PGP, is basically a big red flashing neon sign to law-enforcement suggesting a high probability of illegal activity (and I think those of us who genuinely run/ran it for the political purpose of keeping free-speech and privacy alive really are/were in the minority -- just as those with whom you can talk intelligently to on USENET, or anywhere else on the Internet or in real life, are in the minority)...

[1] Then again, how does one measure privacy? By the number of surveillance cameras, public and private? By the number of records per individual being analyzed out of databases? By the number of doors kicked-down on the basis of information obtained via a breach of privacy? By th

Re:It's time to take action.

From GP:

Also explain to [legislators] that your privacy is important to you and that you want them to support as many privacy bills as they can.

Currently the mantra If you are not a terrorist/paedophile/Mexican, you have nothing to hide and you'll have no privacy when the terrorists win seems to be the flavor of the day.

Or as one prominent FoxNews commentator puts it, the American People would rather the Govt. collected their records than their remains.

 

Of course, if that doesn't work, just ditch AT&T. I know there is enough competition out there to cripple them.

As the parent (bleh-of-the-huns) said, such a move will not impact ATT's bottom line. If anything, it will save them bandwidth costs as those customers that tend to be privacy-aware also tend to consume more of their all-you-can-eat subscription plans than the sheeople customers.

Re:It's time to take action.

Except in this case, where the german police decided acting "inconspicious" was suspicious in and of itself:

http://today.reuters.co.uk/news/newsArticle.aspx?t ype=worldFootballNews&storyID=2006-06-06T201822Z_0 1_L06509705_RTRIDST_0_SPORT-SOCCER-WORLD-STRIPSEAR CH.XML [reuters.co.uk]

Re:It's time to take action.

I hate to say this, but the only way to stop this is through gov intervention (I wont say regulation because I hate regulation)

Ain't it funny how folks hate regulation until they want something regulated?

Welcome to the left side of the aisle, buddy. I hope you don't hate Liberals. You're one of us now. :)

Re:It's time to take action.

Of course, if that doesn't work, just ditch AT&T.

I currently do not use AT&T. However...

Anytime anybody calls me using AT&T, my phone number appears in those records. And since I am not an AT&T customer, I have not agreed to their privacy policy. Is there any legal remedy for this?

Re:It's time to take action.

Anytime anybody calls me using AT&T, my phone number appears in those records. And since I am not an AT&T customer, I have not agreed to their privacy policy. Is there any legal remedy for this?

All "privacy policies" are bullshit. They all say at the end of them something in legalese like: "We reserve the right to change our mind at any time".

Personally, I believe that _WE_ as individuals should create our own privacy policy and make businesses/corps sign it.

The problem is that no business or corporation or whatever would sign our privacy policy. The rights of individuals have been officially lost as far as I can tell.

Re:It's time to take action.

US has unique problems. Last time I came back from Dallas I had to swerve my car hundreds of times to avoid the numerous flag burnings all up and down I-35 (or was that just the combination of Jack Daniels and cold medicine kicking in?) We should support our president in protecting the American flag from the armies of satanic liberals lined up to vomit on this symbol of our freedom. Even worse, gays are destroying marriage. As one Fox news commentator pointed out the other day, next thing will be marriage to snakes (already performed in some Christian sects). Marriage is intended to be between a man and a woman until divorce decreee and property settlement do they part. The president and our congress are going to amend the US Constitution to preserve marriages for destruction by more conventional means (divorce on the grounds of adultery is a personal favorite).

Re:It's time to take action.

First remembet that it is not AT&T but SBC wearing a AT&T suit they bought.

This is typical SBC tactics they have been pulling over the years.... They just thought that by changing their name nobody would notice.

remember when you hear AT&T you are not hearing the AT&T from the past but SBC trying to hide from their reputation.

Re:It's time to take action.

This is exactly the treachery that leads to companies going under...You f*ck the consumer, you get f*cked right back.

Well, it's a nice theory. In practice, it doesn't mean a damned thing. Cranky consumers can't do anything to a company like AT&T, not really.

If you explicitly refuse this new privacy policy, do you really believe that will cause them to purge your records? No, they're gonna retain what they have already even if it violates their previous policy.

What if you can't change? Live in a place where there is exactly one provider of broadband? Think you'll give up your high-speed just to try and punish AT&T? (And if you do, they're gonna keep what they have.)

Now that they've said this, and now that they're gonna track everything, your assent to their privacy policy will become irrelevant.

Since they operate much of the backbone, what is to stop them from passing on information about people with whom they don't actually have a current/past business relationship? Nothing, they'll still be passing on their routing data which covers people who could not possibly have consented to the privacy policy. International data gets routed through AT&Ts trunks.

Hell, I live in a whole different country (Canada), and my cell-phone company (Rogers) is associated with AT&T. Which probably means that some if not all of my own damned information is probably going to flow south of the border. Which fscking Congressman am I going to fskcing contact to complain about this? Oh, wait, that would be absolutely fsking noone, that's who.

Do you think the government is going to legislate/intervene/say anything? They want this kind of things more than ever. If a company makes you sign a contract that says "we can do anything we want", the current administration has only to gain from this. They're more than happy to extend the territoriatility of their laws with little regard -- despite that if any other country tried to extend their laws in the same way, the US would be screaming bloody murder.

AT&T's decision to do this affects way more people than the number of people who are going to be asked to agree to this privacy policy. It's probably going affect me personally, and I don't have a business relationship with them. And probably a whole lot of other people.

Re:It's time to take action.

well, I just finished writing my letter, so a college temp making $7/hour will definitely be hearing it from me

Fixed.

Re:Effective tool

> The NSA terrorist surveillance program approved by President Bush is an effective tool for law enforcement to identify and break up terrorist activity before it can metastasize again on these shores and cause 9/11 style death and destruction. A large majority of the American electorate approves this action. By all means write to your representative on this issue. That is the American way. Then take your place on the minority side of the issue while President Bush kicks the bloody hell out of radical islam.

The NSA terrorist surveillance program approved by President Clinton II is an effective tool for law enforcement to identify and break up terrorist activity before it can can metastasize again on these shores and cause Okalahoma-style death and destruction. A large majority of the American electorate approves this action. By all means write to your representative on this issue. That is the American way. Then take your place on the minority side of the issue while President Clinton II thanks your half of the Party for giving her the tools she needs to kick the bloody hell out of the Second Amendment fanatics.

(And after 8 years of Republicans arguing against Stasi-like surveillance of fundie Christian groups, the Democratic wing of the Party will power over to the Republican wing of the Party, and the ratchet having gone another 360 degrees tighter...)

Re:Effective tool

So far, the only thing that the current administration has done with the information the NSA has gleemed from their taps is track down journalists in order to find the government sources of their leaks.

Unless you equate a free press with terrorism or goverment employees with terrorists, I'm afraid I cannot see the connection.

We are repeating history. In the 1960s, the goverment expanded its role in domestic surveillance in order to fight "left wing terrorism" by radical groups like the Weathermen. Instead, the FBI spent most of their time spying on Southern Christian Leadership Conference, Congressional opponents, and under Nixon people on his personal "enemies list". The Church Commission recommended much of the restrictions that the Patriot Act trampled over in order to prevent government surveillance on citizens who were using legitimate means of opposing government policy.

Now, we removed these restrictions, and guess what? The government is again using its powers to spy on you and me, and not so much on "Islamic Terrorists". After all, the Islamic terrorists are a pretty smart bunch and probably already figured out not to use electronic communications to contact each other directly. Most of their communication now takes place on websites outside of the United States jurisdiction and most of the conversations are encrypted and coded. Users are anonymous and use public computers in various Internet Cafes making it almost impossible to track down these users. Remote logins, foreign anonymizers, and Tor networks make even domestic users hard to trace.

Re:Effective tool

The NSA terrorist surveillance program approved by President Bush is an effective tool for law enforcement ...

Really? I didn't realize that, since I have not heard of one terrorist activity being prevented by the NSA. After all, what are wiretapped grandmas going to do?

I have no problem with wiretaps, if they are warranted. These days, it is not difficult to get the warrant...you could just show some evidence that the person may be linked to a terrorist organization, and wahlah, you have a warrant. All that I ask is that the get the warrant first, or at least get one period.

Oh, and if you can show me where this wiretapping has been more successful than traditional techniques, I'd be all ears. Until then I will continue to not jump on the 'kill the jihad' bandwagon. This country needs at least a few sane heads.

Re:Effective tool

you could just show some evidence that the person may be linked to a terrorist organization, and wahlah, you have a warrant

TERRORIST KEYWORD PROBABILITY: 92.89% IP LOGGED. FEDERAL FISTING IMMINENT.

Re:Effective tool

Hell, FISA allows retroactive applications for warrants! All concerns about the speed of the court system at granting warrants sorta go out the window when you can do first, ask later.

There's also the fun stat that they've turned down 5 of 19,000 requests.

If the Administration can't work within a system that allows them to ask permission after the fact and have a 99.9736842% chance of approval, just what are they hiding?

Re:Effective tool

Really? I didn't realize that, since I have not heard of one terrorist activity being prevented by the NSA. After all, what are wiretapped grandmas going to do?

I'm not a fan of the NSA, or any agency that listens to my phone calls etc, but in their defense ... do you think if they caught someone, they'd have a big news paper article about it and have interviews on CNN? I suspect they'll be really quiet about it, so people don't know just how much they listen to, how they do it, etc.

I suspect they've heard a lot of things that has led to many investigations/arrests etc ... but we'll never hear about it.

t.

Any teeth to these?

Do privacy polices have any real legal meaning to them? Companies write them, I don't think they'll punish themselves for violating them.

Re:Any teeth to these?

No, a company will most likely not punish themselves for violating their privacy policy. However, my understanding is that they do constitute legally binding agreements with regards to what they do with your information. If the company is found to have violated the agreement that was presented to you, then you do have legal grounds to pursue them for damages. Of course, IANAL, so the preceding may be completely wrong.

Furthermore

Do you know many legal agreement between two private party, and which can be changed at any time by one party, even absolving this party from any previous legal agreemeent with the other party, without involving this second party ? Me neither.

a big BEND OVER to any percieved competitors

"I have changed the agreement. Pray I don't change it further."

Re:Any teeth to these?

The privacy policy is part of the contract. A company that violated its privacy policy, in a way that could be proven at court, could be sued. It's not a very strong guarantee (guess who can afford the better lawyers), but it's something.

Re:Any teeth to these?

Any policy they can change at will without requiring you to sign an greement has no binding force. At best, you could sue for misrepresentation if they break it. Its definitely not breach of contract.

Why does contract law allow this?

I've always wondered exactly why contract law allows for one (but not both) of the parties to arbitrarily define the terms of what either party is allowed to do under the contract. What's the point of allowing an agreement to be binding that can be completely subverted in meaning at any time?

Well, I would not be surprised...

if the other telcos started doing the same thing. In the beginning they simply said all their interactions were "classified" with the governement, building a huge smokescreen with which to hide behind. Now they have to deal with lawsuits, and they slip this into their privacy statement to stymie the 'suits. Knowing how telcos really like to avoid such suits I wouldn't be surprised if AT&T has started a fad.

Reminding you once again...

Reminding you once again that any privacy policy [sbc.com] that includes the clause that it can be changed at any time with minimal notification and no consent is no privacy policy at all.

(To be fair, the linked policy does have a nod towards "materially different" changes to the privacy policy. But guess who decides what "materially different" is...?)

Time for the Privacy Act

As such, AT&T may disclose such records to protect its legitimate business interests, safeguard others, or respond to legal process.'"

Don't you see, AT&T is doing this for you, the valued customer. It is in your best interests. Don't you want to be kept safe from the evil0rz criminals?

In Canada, the Privacy Act restricts the ability of corporations to share private information. Admittedly it's not perfect, but it appears to be better than what exists in the United States.

Re:Time for the Privacy Act

They're not protecting their customers, they're protecting themselves.

That's not all. The wording in the old privacy policy said:

the company "may disclose your information in response to subpoenas, court orders, or other legal process to the extent required and/or permitted by law"

New policy:

the company "may disclose your information in response to subpoenas, court orders, or other legal process"

Looks like the law isn't important to them anymore.

*Sigh of relief*

I was shopping for a new ISP this morning, and AT&T lost out only by failing to have a particularly local dialup number.

Re:Thank you!

"Best" is such an overused modifier. How can you be sure that would really be the best way?

I'd imagine the freekin' Hand of God coming out of the sky and obliterating AT&T headquarters might spur them to make the change just a wee bit faster.

How is this legal?

Can they really legally say, "Welp, even though it's your personal data, we reserve the right to do whatever we want with it if it benefits us or our partners." ?

Re:How is this legal?

Yes, they can do just that.

While your account information may be personal to you, these records constitute business records that are owned by AT&T.

This really summarizes the legal problems with privacy here in the US. Although the data that people collect on you is "personal to you", it almost always, legally, belongs to whoever collected it. The hodgepodge of Federal and state laws doesn't help. For example, here in Virginia, my medical records are the property of my doctor. It was only relatively recently that legislation was passed that gives me the statutory right to see my own medical records.

This also relates directly to the more-or-less careless approach many firms take to protecting personal data. If the data belongs to them, they are that much more insulated from any legal consquences of losing it.

Bruce Schneier [schneier.com] has discussed this in a number of his blog posts and essays.

Re:How is this legal?

You know, 10 years ago the only people worried about privacy were those crazy militia guys in Montana. Nowadays, they not only seem sane, but increasingly look like geniuses!

Re:How is this legal?

Can they really legally say, "Welp, even though it's your personal data, we reserve the right to do whatever we want with it if it benefits us or our partners." ?

I am not a lawyer, but from what I have seen on the web, it is perfectly ok and legal provided they don't include "Nyah, Nyah Nyah, Nyah Nyah.", "Neener Neener, or "Smoochy Boochy" at the end of the policy.

So, does this mean we can get out of our contracts

...with the company formerly known as Cingular, since they're changing the terms of the agreement after the fact?

Ouch.

That does it. I'm sending back my "AT&T Best Friends Forever" ring.

Perfect opportunity for me to get off my duff.

With my bride and I both using cell phones as our primary line, I've put off canceling them on my POTS line for long distance service. Well no more - the $8USD/month (was $3, but it looks like it jumped up with extra fees) just to have the service is not a lot of cash, but at least I'll get a chance to give AT&T a big old FU and the horse you road in on. The rep had the brass to say this was something to strengthen my 'privacy', then started on a song and dance about September 11th.

For those in the US, 1-800-222-0300 option 6 gets you where you need to go. Expect a 30 minute (or more) wait time.

Fuckers...

Contract Violation

In most states, actually operating under the terms of a contract, even if it's not signed by any party, gives that contract full force and effect.

If I used AT&T for anything covered by that privacy "policy", I'd sue them for unilaterally changing the terms of the contract without my consent. If I were a lawyer, I'd construct a class of everyone whose contract they're breaching.

Unless the old privacy policy says "AT&T can unilaterally change any terms of this policy without notice at any time", in which case I'd be a fool to think it was anything but an invitation to screw me whenever they want.

What !!

All your data are belong to us. You have no chance to complain, make your time.

Virus ownership?

Does that mean if I download a virus from an AT&T pipe that they own the virus too, so if it damanges my machine I can sue them, or maybe I can hold AT&T responsible for "their data" corrupting "my system" that I purchased?

Re:VOIP modem to Out of country ISP?

Well, it's interesting, but it kind of misses the point. I don't have anything to hide from the NSA; that's not why I want them to stop spying on Americans. I want them to stop spying on Americans because stopping is the right, legal thing to do. Attempting to circumvent their procedures might give be fun in a "stickin' it to the man" sort of way, but it doesn't really take us where we want to go.