FTC Tells ISPs To Disclose Exactly What Information They Collect On Users and What It's For

An anonymous reader quotes a report from TechCrunch: The Federal Trade Commission, in what could be considered a prelude to new regulatory action, has issued an order to several major internet service providers requiring them to share every detail of their data collection practices. The information could expose patterns of abuse or otherwise troubling data use against which the FTC -- or states -- may want to take action. The letters requesting info went to Comcast, Google, T-Mobile, and both the fixed and wireless sub-companies of Verizon and AT&T. These "represent a range of large and small ISPs, as well as fixed and mobile Internet providers," an FTC spokesperson said. I'm not sure which is mean to be the small one, but welcome any information the agency can extract from any of them.

To be clear, the FTC already has consumer protection rules in place and could already go after an internet provider if it were found to be abusing the privacy of its users -- you know, selling their location to anyone who asks or the like. (Still no action there, by the way.) But the evolving media and telecom landscape, in which we see enormous companies devouring one another to best provide as many complementary services as possible, requires constant reevaluation. As the agency writes in a press release: "The FTC is initiating this study to better understand Internet service providers' privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content." The report provides this example as to the kind of situation the FTC is concerned about: "If Verizon wants to offer not just the connection you get on your phone, but the media you request, the ads you are served, and the tracking you never heard of, it needs to show that these businesses are not somehow shirking rules behind the scenes."

"For instance, if Verizon Wireless says it doesn't collect or share information about what sites you visit, but the mysterious VZ Snooping Co (fictitious, I should add) scoops all that up and then sells it for peanuts to its sister company, that could amount to a deceptive practice," TechCrunch adds. "Of course it's rarely that simple (though don't rule it out), but the only way to be sure is to comprehensively question everyone involved and carefully compare the answers with real-world practices."

The honest answer to this would be short.

[ffkom]

Like: "We collect all the data we can get hold of, and use it for every conceivable purpose, especially those that make us money."

Let me guess

[burtosis]

FTC: What do you collect?

ISP: Everything

FTC: What's it for?

ISP: Everything legal and maybe some questionably illegal stuff too

How deep is the rabbit hole?

[Impy the Impiuos Imp]

Go further. I want to know how ISPs, web sites, and big advertising conglomerates like Google, Amazon, and facebook do with all their info. Who feeds what to where? How is it analyzed and applied to you, your various login accounts, and your IP address and phone number. What is stored in your advertising proclivities database they keep on you? Does government need a warrant to access it? Does government do the same thing anyway deep in those billion dollar buildings?

Re:

[jeti]

And maybe that's even more scary. In China such systems are already used for a social scoring that limits what people are allowed to do. In the west, this kind of algorithm merely determines your credit worthiness and maybe how much you have to pay for your insurance. If a potential employer can't already purchase your employability score from a data mining company, that's only a matter of time.

Re:

[account_deleted]

Comment removed based on user account deletion

Investigation? Seems pretty clear...

[Arzaboa]

In my "agreement" with Comcast, it states that they own all of my information and may sell or give it to anyone they please if they call them a "partner". I've been told that I'm wrong about them being a monopoly and that we really do have a choice based on this map by the U.S. Government https://broadbandmap.fcc.gov/ [fcc.gov]. The government says I'm in an area where there is no monopoly and that I can choose to not be monitored by this ISP. Maybe the investigation will help show that this is wrong?

If you look through these agreements, they basically say Comcast/Xfinity is responsible for nothing and they can share anything they want. The agreements protect xfinity/comcast from ever being in breach of any privacy agreement as they don't agree to be private about anything.

Here are the current privacy policies I found. .
https://www.xfinity.com/corporate/customers/policies/customerprivacy [xfinity.com]
https://www.xfinity.com/support/articles/comcast-web-services-terms-of-service-and-privacy-policy [xfinity.com]
https://www.xfinity.com/corporate/legal/privacystatement [xfinity.com]
https://www.xfinity.com/mobile/policies/privacy-policy [xfinity.com]
https://my.xfinity.com/privacy/ [xfinity.com]

Here are some highlights:

They do not respect your request to not be tracked
Do Not Track Disclosure

The World Wide Web Consortium (W3C) established a process to develop a “Do Not Track” Standard. Comcast’s Websites do not currently respond to “Do Not Track” signals sent from browsers.

Information We Collect When You Use the Xfinity Mobile Service
They scan your mobile device for all installed applications and record that information. They record everything you do with those apps. They do this across all of your mobile devices, they and they share your data if THEY think it will provide you with more and better services

Comcast and third parties acting on Comcast’s behalf collect technical and service information from all Xfinity Mobile Service users, which we call “Usage Data.” Usage Data includes app usage information, equipment information, network performance and usage information, and location information. This includes information about your use of the Xfinity Mobile network, use of your device, and diagnostic data such as device performance, signal strength, dropped calls, data failures, battery strength, and network performance issues. This may also include information about what apps are on your device, the fact that an app has been used, and the length of time that an app has been running. Other information includes voice recordings or prints, reasons you give for contacting us, network traffic data, device identifiers, service options, and the number of devices you have purchased on our plans.

Users Outside of the United States GDPR? Hah We don't believe in those types of protections..

The Websites that link to this Privacy Policy are for users located in the United States. If you use the Websites from outside of the United States, then by providing any data to Comcast over the Websites or through another direct communication with Comcast, you understand and consent to the collection, use, processing, sharing, and disclosure of your personal data as described in this Privacy Policy. You also consent to the transfer of your personal data to the United States for this collection, use, processing, and disclosure. The European Commission has determined that the United States does not provide an adequate level of protection to personal data and it may not offer the same level of data protection as

Re: Investigation? Seems pretty clear...

[astrofurter]

+1 Informative

They'll lie anyway

[Rick Schumann]

They'll lie about it, the risk of being caught being small, since they can conceal it, and someone has to be looking for the ways they collect information. If and when they get caught they'll just say "Oops! We didn't even know we were doing that, sorry!" pay a small fine and continue on unabated, after firing the person(s) responsible for being so sloppy about covering their tracks, getting people to replace them who *can* cover their tracks better, and continue collecting the same information.