Senate Scrutinizes Privacy Issues of ISP User Tracking 109
Hugh Pickens writes "As companies collect, use, and disseminate data regarding online users, there is concern that tracking individuals' Internet activity and gathering information from online users violates their expectations of privacy. The Senate Commerce Committee will hold a hearing Wednesday to look at the policy issues, and the hottest topic will be proposed systems by which ISPs can watch users and sell information about their surfing habits to advertising companies. The Center for Democracy and Technology has issued a report suggesting that these systems may violate federal law (PDF). 'Advertising per se is not the evil here,' says Leslie Harris from CDT. 'It's the collection of individuals' information, usually without their knowledge, always without their consent, creation of profiles and the complete inability of people to make choices about that.' On the other side NebuAd, the most active ad-targeting company, says its profiles are interest-based, and not personally identifiable. 'We have designed our entire company to make sure that we stay on the opt-out side of those laws and policies,' says NebuAd CEO Robert Dykes. Charter Communications announced last month that it would suspend a trial of NebuAd due to customer concerns about privacy."
Scrutiny should extend further. (Score:4, Interesting)
Re: (Score:2, Interesting)
Agreed. When an ISP makes a bone-headed move, like using NebuAd, it gets a lot of bad press and has a strong competitive incentive to say sorry and fix its mistake.
I'm a lot more concerned about government invading my privacy than my ISP. You can always sue a company, but thanks to qualified immunity, government agents can break the law and get away scot-free.
Now there is a bill in the Senate, sponsored by Grassley, to force online retailers to inform the government of every online credit card transact
Re:Scrutiny should extend further. (Score:5, Insightful)
Not so. After tomorrow, for example, Americans will no longer be able to sue AT&T for violating the law by letting the Bush Administration tap their phones without any judicial oversight.
The current president has taken the 60-year old notion of "state secrets" to an extent that absolutely shreds the Bill of Rights, but there was always the possibility that the truth would come out and the lawbreakers would have to pay. After tomorrow, not any more.
Re:Scrutiny should extend further. (Score:5, Insightful)
Doesn't "state secrets" as currently used in court violate the first amendment?
Not the speech part, the ... to petition the Government for a redress of grievances. part.
Re: (Score:2)
Absolutely. It was argued so in the 1948 case that started this whole "state secrets" baloney.
There's a recent book by Barry Siegal, Claim of Privilege which tells the story of how this remarkable encroachment on the Constitution first occurred, when a military plane crashed and some contractors died. Their wives sued and just wanted to see the accident report. The government, trying to prevent a scandal and the relatively ti
Re: (Score:1)
George Bush has raised the claiming of state secrets to an artform. A very ugly, thuggish and anti-American art form. May he and Dick Cheney rot in hell.
Noted... you can expect some CIA operatives picking you up right.. about... NOW!
Good day Sir.
Re: (Score:2)
And you are not condemning Harry Truman [wikipedia.org] and Alben Barkley [wikipedia.org] to same for starting this non-sense — not to defend the country, mind you, but simply to cover-up their government's fuck-up — because?.. Oh, right, they were Democrats and thus could do no wrong...
Re: (Score:2)
Harry Truman and Alben Barkley are the godfathers of the "state secrets" privilege. They scratched the surface of that canard at a time when the Cold War was just getting underway, anti-Communism was rampant and nuclear weapons had only recently been unleashed on the Earth.
But what they did absolutely pales beside what George Bush and Dick Cheney have done. I'm sorry if that pains you to hear, but it's the truth.
The two guys you voted for have done more in eight years to destroy our Constitution and the
Re: (Score:1)
The term is "jerk-off", and it applies to you.
Yeah, and? (Score:3, Informative)
Hey, guess what... if a partner in a two-way correspondence chooses to share details of that correspondence, that's their choice (i.e., don't give private info to someone you don't trust). If you choose not to make safe your correspondence from third parties via encryption, that's your problem.
I'm willing to risk some troll or flamebait mods here to make a point:
No correspondence should ever be considered absolutley private. The same tools that allow data aggregation by companies like Google and ISPs give us better access to information and (arguably) a better quality of life. You have to take the bad with the good.
Creation of profiles allow vendors to serve us better. They allow better targeting of ads so we're not bombarded with ads for things we have no interest in (ok, in theory. In practice, this needs further work). They allow people and businesses to target our needs better, so it's easier for me to find what I'm looking for.
As long as we have the ability to anonymize and encrypt our traffic (which isn't a given), I have no problem with profiling. Those who want to opt out can do so easily... and if there is enough demand for it, there will be off-the-shelf tools for joe sixpack to do so.
So my point is this: Allow us to anonymize our traffic. Allow us to encrypt our traffic. Then you can go ahead and profile all you want.
Re: (Score:3, Insightful)
I encountered a recent ridiculous one from a Yahoo access - something like that:
us.bc.yahoo.com/b?P=FjLh6UWTUG8MnHdaSGkxXR + over 1000 characters more
To load 1 PIXEL!!!!!
There is tons of that stuff embedded in web sites. And that's got nothing to do with 2-way communication whatsoever.
Wo tracks it, who controls it, who sells and buys it?
Are the neurons in Sentat's heads interlinked enough to grok this?
Highly doubtful -
Re: (Score:2)
And why should you care, if your traffic is anonymized and your personal information, when needed, encrypted?
Re: (Score:1)
Re: (Score:3, Interesting)
If they care about their privacy, that is their problem. If they don't care, no harm, no foul.
I have tons of problems with this question. Why do you assume that "it" is supposed to be yours? You're transmitting postcards, not sealed envelopes... assuming that by "it" you are referring to privacy, what makes you think that you have any expecta
Re: (Score:1)
Because we're supposed to be in a society that's built around rules that our papers and effects and privacy should not be infringed. People do care. Just because people are unaware or don't know how to encrypt their e-mail doesn't mean a company has a right to copy, read, sell and distribute it.
Re: (Score:3, Insightful)
You're transmitting postcards, not sealed envelopes... assuming that by "it" you are referring to privacy, what makes you think that you have any expectation of privacy...
To complete your analogy, I guess it would be okay for the US government to read all postcards sent via the US mail, log the data, and use it for whatever purpose they want? After all, not sending it in a triple-sealed container means that we clearly wanted this information gathered and used. UPS can open and examine packages sent in paper envelopes or cardboard boxes, since if we cared about privacy we would have used a welded box.
You're confusing what could happen with what should happen. Just becau
Re: (Score:2)
-yeah, encrypted web surfing/email for the masses is happening and Tor has lightning access speed.
It's just not reality at this point and will it ever be? So, your premise to arrive on your conclusion to "no need to care" is not a given, it's a cloud castle.
Re: (Score:2)
Just because you don't see it happening a ton today doesn't mean it won't be used a lot tomorrow.
What is important is that our *right* to use anonymization services and encryption is not abrogated.
Re: (Score:2)
And why should you care, if your traffic is anonymized and your personal information, when needed, encrypted?
But honestly, in order to get anonymous internet, you either have to A) take a huge speed-hit or B) trust a proxy. Neither of those are usually good options.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Informative)
Re: (Score:1)
Are the neurons in Sentat's heads interlinked enough to grok this?
I found that typo somewhat amusing, because it rhymes with "mentat", and that produced a very bizarre image in my mind.
Re: (Score:2)
Reminds me of a quote (or sig) I saw once, wish I could remember the source:
"In the 80s, capitalism triumphed over communism. In the 90s, it triumphed over democracy."
Re: (Score:2)
Reminds me of a quote (or sig) I saw once, wish I could remember the source:
"In the 80s, capitalism triumphed over communism. In the 90s, it triumphed over democracy."
Source of the quote: David Korten [davidkorten.org].
(Props to Jeremiah Cornelius [slashdot.org], where I first saw it.)
Re: (Score:2)
> the free market has killed democracy
Maybe it's not so much the "free market" that's to blame, but that we allowed our government to sell itself.
> [killed] quite badly.
It just so happens that it's only mostly dead.
Re: (Score:1, Insightful)
Hey, guess what... if a partner in a two-way correspondence chooses to share details of that correspondence, that's their choice (i.e., don't give private info to someone you don't trust).
Your ISP is a carrier of information, not a partner in a two-way correspondence, they are a third party who facilitates your communication. Like the postal service in a snailmail correspondence. In the contexts of internet access they are proposing to eavesdrop on private communication for profit. I doubt you would be happy if the postal service routinely read your mail, then slotted in 'targeted' adverts, before re-sealing and delivering to your home but promising to forget what they had read.
Re: (Score:1, Troll)
If all your traffic is encrypted, and goes to an anonymization server, how exactly is the ISP supposed to sniff the traffic? Seriously.
The two-way correspondence refers to the end recipient of your packets, not to the ISP.
Re: (Score:1, Insightful)
Hence anonymization and encryption. Did you even read my post? Or did you rush to respond to the first line you read to which you could raise an objection?
If all your traffic is encrypted, and goes to an anonymization server, how exactly is the ISP supposed to sniff the traffic? Seriously.
The two-way correspondence refers to the end recipient of your packets, not to the ISP.
I did indeed read your post, all the way through, the point you made related to someone party to the correspondence revealing information, not the carrier (postal, phone or internet). Your ISP is a third party to your internet browsing, you pay them to carry your traffic, not to parse then serve 'targeted' adverts for profit, which is the subject of the article.
Google and ISP profiling are not comparable, I don't pay Google for a service and can opt out of their profiling. As I said, I pay my ISP for access
Re: (Score:3, Interesting)
If you're going to continue the snailmail metaphor, again I have to stress that without encryption, you are sending postcards, not sealed envelopes. And plenty of people have used, and still use, encryption with snailmail, as they deem it neces
Re: (Score:1)
What? If I send a postcard, I'm not too excited about people reading it, but then I don't assume that a corporation is going to copy everything I send a
Re: (Score:2)
There is no harm in a business wanting my data to serve me better.
Provide I, and only I, decide when they get what data.
Re: (Score:2)
Re: (Score:2)
I don't see why I should have to take steps to avoid being spied on by corporations. Such a notion pretty much means that privacy becomes the prerogative of people technically savvy enough to protect it.
Re: (Score:1)
Then why do they show me ads at all? I DO NOT WANT THEM. Oh right, the profile isn't to serve me, it's to serve them (usually by manipulating me). So the profiles allow them to better manipulate me. Why do I want this, again?
Re: (Score:2)
Because it pays for the content you're accessing? Because it helps offset the cost of providing service to you?
Re: (Score:1)
Because it pays for the content you're accessing? Because it helps offset the cost of providing service to you?
I thought the bill you pay monthly covers the cost of maintaining the networks over which the information is travelling. As you wrote them, the two rhetorical-sounding questions there are contradictory, in some ways. In the first case, the content is being paid for by targeted advertising, while in the second, you're receiving a discounted price from the full cost and receiving targeted advertising. One does not equal the other. I would much rather they run the system without the advertising and charge an
Re: (Score:2)
if a partner in a two-way correspondence chooses to share details of that correspondence, that's their choice
Maybe. But that doesn't mean it's legal, and, more to the point, that there isn't "an expectation of privacy."
If you choose not to make safe your correspondence from third parties via encryption, that's your problem
So we should google over SSL? I can't find their https search service.
The same tools that allow data aggregation ... give us better access to information... You have to take the bad with the good.
Why do we have to "take the bad with the good"? Is there some law of quantum physics that says website visitor tracking must be entangled with advertising services?
Re: (Score:2)
Why should it be illegal? Other than things like credit card numbers, social security numbers, etc, why should it be illegal? Is it illegal for me to tell my wife the details of a conversation I had with you?
As for the expectation of privacy, are you kidding me? Were you never taught that emails (or for that matters, any packets) should be considered postcards, not sealed envelopes? The internet is a
Re: (Score:2)
> why should it be illegal?
Because it isn't opt-in.
> Is it illegal for me to tell my wife the details of a conversation I had with you?
The more relevant question would be: Is it ethical for the phone company to record and correlate all conversations going through their lines and sell (summaries of) the recordings to third parties? Without their customers' consent? Without their knowledge?
> Were you never taught that emails ... should be considered postcards
What I've been taught is irrelevant. W
Re: (Score:1, Redundant)
I fail to see the point of that argument. You are voluntarily sending data on their network, why should you have to opt in?
Were you around when all calls went through a switchboard? And you had to assume that the operator was lis
Re: (Score:2, Interesting)
Collecting information about people's habits without their knowledge or explicit consent for the purpose of making money is reptilian. I say reptilian because I'm not sure that I can say it's unethical, because I don't believe that taking pictures of people in public is unethical. But then, what they do is more akin to paying someone you're likely to speak to to secretly record your conversation for them.
If we all believed that companies just wanted to serve our best interests, then there would be no back
Re: (Score:2)
Sure. And why should I expect that this would never happen? Because it's unprofitable for them. But when the value of my conversations is more than the cost of paying people to eavesdrop, I have no expectation that people won't do so. This is why if you have information worth a lot to you, you don't share it, except with people you trust.
Re: (Score:2)
Hey, guess what... if a partner in a two-way correspondence chooses to share details of that correspondence, that's their choice
Actually, that's not always the case. With phones for example, in some states[1], it is illegal to record a phone call without the other person's knowledge and consent. This is the reason for that "this call may be monitored or recorded" thing. Staying on the line implies consent.
[1]California, Connecticut, Delaware, Florida, Massachusetts, Maryland, Michigan, Montana, New Hampshire, Pennsylvania, and Washington.
Re: (Score:1)
Well, not everyone agrees with you. Some states make it a crime to record police, or phone calls without informing all parties.
We don't have to take the bad with the good. We can change it. Why are you so gangbusters? You sound like and ad fanatic.
Creation of profiles allow vendors to... annoy us. My needs are not being targeted well at all. My need is for them to stop profiling and showing me irrelevant things I don't want to buy.
As for your If there's anonymity demand, it'll be filled comment later. I lik
Re: (Score:1)
No correspondence should ever be considered absolutley private.
Aside from technical screw-ups, accidental or illegal behavior, or possibly national security concerns, the default expectation absolutely should be privacy in one's correspondence.
Re:Since When Do They Care About Our Privacy? (Score:5, Insightful)
1970s: Don't steal. The government hates competition.
2010s: Don't spy on your users. The government still hates competition.
Re: (Score:1)
If they look into ISP privacy issues then the telecomm industry will buy them expensive vacations and contribute to their "re-election campaign fund" (not to influence them though).
If you were a political hack, which would you look into?
Re: (Score:2)
"The Bush administration will make their life difficult if they investigate telecomm immunity."
For six months? Does the phrase "lame duck" mean anything to you? All anybody that didn't support the immunity and wasn't complicit in it would have to do is run out the clock, and yet...
Re: (Score:1)
You're right, but your reasoned response requires a thinking adult who is not interested in telco money to implement such a plan... have you seen anyone who meets that description (outside of the visitor's gallery) hanging around the Capitol Building recently? That said, my point was more that they could profit financially acting as they are- they probably aren't even considering the hassle they'd get from the administration.
I share your frustration.
Well (Score:1)
It's not that I don't not disagree against this, but I can't say that I agree with the counter argument against this. That said, I pick the blue marble and place it in the yellow jar.
Re: (Score:1)
You have awakened a mummy.
Boiling a frog (Score:5, Insightful)
How ironic that Congress is, in all likelihood, about to pass a telecoms immunity bill which allows them to spy on us... but are giving lip service to the issue of telecoms spying on us.
CongressCritters and Snoozators will soon be making a lot of noise about how they are protecting the public from being spied upon, while at the same time making it legal for us to be spied on.
Nothings changed, just another election year.
Re: (Score:2)
"9% approval rating - seriously. 9%."
It could be 0% and nothing would change. Ask any voter and they'll tell you that the House of Representatives is composed of 434 voting asshats and one person who walks on water, who just happens to represent their district. Besides, the incumbents have seniority due to tenure, which further disinclines voters to vote against them.
Re: (Score:3, Informative)
Democracy in action :) - or rather that's what happens when the free market and democracy collide.
We had a similar situation in the UK recently with a company called Phorm. ISP's were entering into secret deals with them to collect our data so that they could modify the html streams returned from sites to inject target
Re:Boiling a frog (Score:4, Insightful)
What free market? I hope you don't mean the mockery thereof that the current market of corporate cartels is.
Re: (Score:3, Interesting)
Perhaps I'm using the wrong term - I'm ignorant of world affairs..
I'm talking about the situation that exists when profit is used as a means to determine what is moral.
Re: (Score:3, Insightful)
It's not even profit anymore. Profit as a measurement of morality could be considered free market. What we have today is more control instead of profit. Everything is moral and fine as long as I get more control. More control of the market (in case I'm a corporation) or more control of the people (in case I'm a government).
I'd have less problem with this... (Score:3, Insightful)
Re: (Score:2)
Re: (Score:1)
Yeah, I always clear my cookies when I close windows. Especially in a torrent, as nothing spoils an evening more than wet cookies.
Re: (Score:3, Insightful)
Re: (Score:2)
Why would they need a cookie to track what you are doing? They can just monitor your connection directly as it flows through their network.
Re: (Score:1)
I get $20-30 an hour for doing random surveys, taste testing, and the like for a local ad research agency so they'd have to do far better than $5 per month. If they are collecting my info they damn well better ask me first and they sure as hell better be paying ME for it. Not the other way around. If they paid for my internet connection I'd consider taking a 1 hour survey a month about my surfing habits. But they sure as hell better not actually track me and you don't get to do it unless I say so. Opt-out m
Re: (Score:1)
Re: (Score:1)
Watch just one little word (Score:3, Insightful)
Yet, NebuAd says the data they collect is not "personally" identifiable. I'll bet a six-pack that the data is damn-sure "individually" identifiable by cookies, etc.
"Personally" just means they're not selling my name along with my surfing habits. But they are very much tracking my individual habits/interest and selling that; user by individual user. I say send them back to tele-marketing, the scum-bags.
Re: (Score:1)
Putting it simply (Score:5, Interesting)
What is needed is a clear separation between those companies that sling bits (ISPs) and those who provide content and advertising. Each ISP should be required to transfer data as fairly as possible with a minimum of interference and monitoring.
Most broadband providers have a monopoly or duopoly, and therefore need to be regulated strongly. Otherwise, customers who object to these invasions of privacy will have nowhere to turn.
---HOW--- are they showing ads? (Score:2)
Re: (Score:3, Informative)
Re: (Score:1, Informative)
Actually, other articles have stated this is not the case.
NebuAd gets a bunch of various advertising spaces from a bunch of different web sites. Advertisers sign on with them. They act as middlemen, and an advertiser's ad may appear on any of the sites they have a deal with. It's the same as google ads in that sense. The difference is that google reads the page, and shows ads related to the content on that page; nothing personal is collected. NebuAd, on the other hand, partners with ISPs and collects user d
How I Learned to Stop Worrying & Love Data Min (Score:1)
"...a foreign substance is introduced into our precious bodily fluids without the knowledge of the individual. Certainly without any choice. That's the way your hard core Commie works." - Jack T. Ripper
"It's the collection of individuals' information, usually without their knowledge, always without their consent, creation of profiles and the complete inability of people to make choices about that." - Center for Democracy and Technology
I didn't RTFA, but... (Score:1)
Swell (Score:2)
Do you really think that the government is going to give this a pass so that ads can be sold? Fuck no. It's going to be used as another spying opportunity when they deem fit stating, "all that information is just sitting there, why don't you give us some so we can hunt bad guys."
This will just be abused when they deem it necessary to incarcerate you for a longer period of time on some trumped up charge. 1984 is just that
Want broadband? Agree to give up privacy. (Score:2)
All that will come out of this is when signing up for any broadband service, you will simply sign away your rights entirely.
The gov doesnt give a shit if you're privacy is protected.
To have service you will have to sign away all rights. Its that simple.
Twit (Score:1)
Forget ISP's (Score:2)
Generally, this is a bunch of FUD (Score:1)
I don't know the Charter deal specifically but I do know ISP's aren't planning on selling info that is identifiable back to a specific person. IE, they are not going to correlate your IP back to the account holder and sell something like John Doe at IP x.x.x.x went to sex.com 10 times between 1pm and 3pm. It would be more like, a user in this geo region went to sex.com 10 times between 1pm and 3pm.
This is already happening every time you surf the web, someone should explain what a cookie is to those idiots