Source: American Civil Liberties Union
Congress has voted to reverse new FCC privacy protections that would have required internet service providers (ISPs) like Comcast, Verizon, and AT&T to seek your permission before sharing information about your browsing history, location history, contacts, and other personal information. Last Tuesday, President Trump signed the measure.
There are some limited steps we as individuals can still take to protect our data. But the truth is that none of them are adequate when the companies that run wires into our home are determined to spy on our use of their services. The best thing Americans can do is to exercise their rights as citizens in a democratic society through activism, voting, working to support and oppose candidates, etc. Right now, people need to make their displeasure heard, loud and clear. Check to see if your senators and representative voted to protect the interests of Big Telecom, or the interests of individuals who don’t want to be spied upon, profiled, bought and sold, and possibly discriminated against. If they did the former, voice your displeasure. Speak up online, support federal legislation to restore these protections, advocate for your state governments to take action to fill the gap left by Congress—and don’t let your memory of this travesty fade away, as telecom-supporting members of Congress are counting on you to do.
A common but inadequate response in situations like this is that we should “let the market decide.” The reality for most Americans is that the market has failed to provide meaningful choice among network operators. Fully 51 percent of Americans have only one real choice of broadband internet service provider, and even the lucky Americans with access to two or more providers may not see any meaningful difference between the providers in terms of user privacy. This makes it difficult, if not impossible, to “vote with your wallet.”
What are the limited steps that people can take to restore the privacy that ought to be their right? There is no perfect solution, but we have a few suggestions.
Despite the obliteration of the FCC’s privacy protections, most ISPs (for now) offer consumers limited opportunity to “opt out” of data sharing about their internet use, often referred to by the legal term “Customer Proprietary Network Information,” or CPNI. Although this step has definite limitations, it is something that every customer should take advantage of.
Unfortunately, the telecoms have every incentive to make it difficult for you to do so, and often do not present discoverable, meaningful options. This is a highly imperfect solution from a policy standpoint — because of the difficulty in opting out, because it throws the burden of protecting privacy onto the customers when the law clearly places it on carriers, and because it attempts to normalize surveillance by making surveillance the default when the default should be privacy.
To look at what it takes to opt-out, we explored the sites of the top ISPs in the United States. What we found is that their “opt-out” procedures and options are hopelessly inadequate, and that it was very difficult and time-consuming to get accurate information from the companies. When we sought help from Comcast’s customer service chat, for example, it took over 20 minutes to get a link to their privacy policy, and they did not provide any information on how to opt out of information sharing. We also found that the companies’ privacy policies were generally vague and lacking in information about exactly what data is collected by the ISP and what a broadband user can expect in terms of privacy. Furthermore, none of the opt-out options appeared to allow a user to opt out of having information about their personal browsing histories retained and stored, which many people find offensive—some ISPs merely let users opt out of getting ads based on the collection and storage of that data. Other ISPs will still send some marketing materials based on the information they have collected, even if the user has opted out.
Here are links to opt-out pages for the leading ISPs:
AT&T: Instructions on opting out of various uses of data are here, including this CPNI Restriction Request Form
CenturyLink: Instructions for opt-outs on marketing contacts as well as other practices are here.
Charter Spectrum: Privacy preferences can be set here and by calling the company as described in Charter’s privacy policy in the sections entitled “Can I prohibit or limit Charter’s use and disclosure of my personally identifiable information?” and “Charter Residential Customer Proprietary Network Information (CPNI) Policy.” Charter has acquired Time-Warner Cable, but TWC still has a “CPNI Opt Out” form online here.
Cox: Features a “Privacy…