US Congressman Ed Markey and his anti-data-pimping brigade are back on the warpath. On Friday, the chairman of the House Telecommunications and the Internet Subcommittee joined three other high-ranking US lawmakers in lobbing an open letter at thirty American ISPs, asking each if they've ever used customer browsing activity as a …
This MIGHT be acceptable if...
1) I asked for it, and more importantly
2) I obtained some benefit ($$$ comes to mind) from it being there.
So, to all, what's in it for me?
In the current state of affairs, NOTHING. It just benefits the data pimpers and the ad people, who hope to get more out of me (sales).
Of course, if they did this to phone lines (we're using voice recognition software to give you nice targeted telemarketing calls), or mail (we're looking into all your mail so we can send you more junk mail you won't read) the objection would be obvious to anyone, even a legislator (MP/Congressman/Senator).
Oh, well, life goes on, congress is now in vacation mode. I wish I could declare 5 weeks off just by saying so!
To decide if data theft is potentially a problem..
Just look at a few thousand news stories regarding the loss of personal data. Including a fair number about sites and businesses that stored credit card data, something explicitly banned by the credit card companies (Visa / Mastercard) themselves. Banned for the obvious reason that if lost, this would be bad.
This in turn led to whining from these companies that Visa and Mastercard would no longer allow them to process credit card data, and they might go out of business. A loud cheer at the prospect was all the sympathy they got.
Now we have ISPs vacuuming everything they can, including that which was typed into 'secure' portions of a website. Credit card numbers, social security / national insurance numbers, addresses, phone numbers, dates of birth, mother's maiden name, bank account numbers, routing codes, you name it, it has been recorded.
We're told this is fine, because they're only using it to serve up spam and popups. We're also told this is fine, because if we search hard enough, we can find where we didn't opt out of it.
What should be concerning everyone, including banks, credit card companies, social security administration, IRS, is that personal data isn't all that secure these days. Why? Because there's no incentive to make it secure. Losing it doesn't result in a punishment beyond sending out some emails (at best) or more usually, no punishment whatsoever.
What should be of more concern to those doing it, is the complete illegality of what they're doing. I'm sure the IRS in particular would be happy to find out that customers are having their information lifted as they type it into 'secure' websites. And banks, and credit card companies, you know the people that are compelled to make good on stolen credit and debit card purchases. I'm sure they're thrilled about the ISPs creating yet another insecure database of their information.
And that's the thing. Why isn't stealing information from a computer illegal when an ISP does it? If I hacked into the networks of these businesses, stole their information and promised not to pass it on, would that be ok if I hid an opt-out clause somewhere on one of their computers? I sort of doubt it. You figure it out, and then tell me why they're allowed to circumvent security put in place on commercial websites, and vacuum up data on your computer, just because they've placed what they're doing in a ton of legalese, somewhere in your service agreement.
Seems to me that posting a newspaper through a door, with the words "I'm going to take your possessions, unless you opt out" typed somewhere in the middle of it, wouldn't be enough to stop me going to jail if I robbed that house. But somehow that's the basis on their activities being legal. Beats me why a number of CEOs aren't being arrested. As far as I was aware, just being ignorant of the law doesn't make you immune to it. So saying "I didn't know thieving data from someone was illegal" isn't usually a good excuse.
Regarding secure data...
ISPs are just seeing the same HTTPS-encrypted gibberish that any other man-in-the-middle would see. And if you're typing your SSN, credit card details, etc. into a non-HTTPS form, having it gobbled up by your ISP is probably one of the least of your immediate worries.
"Has your company at any time tailored, or facilitated the tailoring of, Internet advertising based on customers' internet search, surfing, or other use?"
While not the technological apples-to-apples equivalent ....isn't this what Google does all day, every day?
RE: Regarding secure data
Have YOU ever got an SLL channel to work with google?
https://www.google.co.uk/ bounces straight to http://
So how do YOu secure your search history?
I'm thinking Time Warner "BT'd" me.
Shortly after the Phorm story broke on el Reg, I wrote them asking if they used any type of deep packet inspection and the reply was a rather terse "No". I'm hoping I saved that email as if it turns out otherwise, somebody has some serious explaining to do and they can kiss my $120 a month good bye.
This whole issue of still continuing to track peoples network activity AFTER they've opted out is nothing less that wire tapping, and unless there is a warrant given to them by a law enforcement agency, I don't want those wankers recording a damn thing I do.
And if it ultimately gets to the point of being forced to choose between being plugged in or disconnecting everything from the internet, I'll choose the later as there isn't really anything that's all that important or good, that's worth the complete erosion of privacy.
It's the way it's being done that is of concern.
Google serves up "relevant" ads based on what you voluntarily type into its interface and based on the textual content of the pages on which its displayed.
In other words, you use Google to seek out information and it gives you information, some of which is ads related to the information you willingly gave Google to use in narrowing your search to provide results most likely to match what you seek.
ISP-based deep packet inspection, however, analyses information you do NOT willingly give it to analyse ... you willingly use their pipes to get to Google ... but the road to your destination should be free of any analysis of your information as it travels beyond that which is necessary to get you there.
RE: RE: Regarding secure data
"So how do YOu secure your search history?"
I hide it behind a password... on Google's Web History servers :D
this is like voting machines, too. They can track your voting history because they issue you the magnetic-stripe card your vote is recorded on. If they keep track of which card was used, your vote has a trail, and the government knows about it (but they still won't give you a paper receipt because that would make it too easy to find out if electronic vote tampering was occurring on behalf of the government or some other third party - and no, that was not an intentional joke).
Same thing with Google, ISPs and anything online. It can all be tracked; ISPs can track what you send because it's their pipes, and sites can track you when you interact with them. And if they're clever, skilled people can get copies of your packets without you even knowing about it (it's masked by "net lag"). After all, the US government has programs in place that do just that. So does China (to root out "undesirable content").
It all goes back to the original Rule #1 about the Internet:
Don't put anything on the Internet you wouldn't want somebody else to see.
Because sooner or later, someone will.
a level playing field would also be nice
Google uses your browsing habits (as I understand), to target ads. So what - I can choose to opt in by using Google, I can just as easily opt out, by using any other search engine I like. I can even opt to use Microsoft's very own search engine if I'm not too bothered about failing to find what I'm looking for. When Phorm and friends operate the same way, I will withdraw my objection.
RE : RE: Regarding secure data
Jobs a good 'un!
ok ok ok
first of I h8 all data pimping (is that a reg allowed phrase?) and will switch away from any isps that do it but I think I should correct a few facts
"2) I obtained some benefit ($$$ comes to mind) from it being there.
So, to all, what's in it for me?"
what is in it for you is your isp can contunt to offer inter net for £4.99 for a mounth basicley they can still sell under the cost cos the add revenu is paying the diffrence
secure sections of a web site are called secure for a reasion
"Why isn't stealing information from a computer illegal when an ISP does it?" they are not setaling it form your computer it is passing over there networks this is not much better but it is diffrent
that is all for now fokes flames on
Get the UN to sanction an automatic death penalty for politicians that accept bribes. Set up an international task-force to handle it. This will solve this, data-pimping, and a LOT of the other corporism-related problems the Uncivilized Surveillance Area are exporting.
Why are you all such cry babies ?
If you watch Channel 4 during Big Brother you get targetted with "white trash" adverts. If you watch ITV news you get financial adverts.
Guess what muppets ? What you watch on TV is targetted adverts. Advertisers don't pay a fortune for the TV companies to broadcast their adverts 'whenever' - there are specific program types that the advertisers target. Same as Phorm etc. You look at p0rn sites - you'll get p0rn related adverts. Look at a football site and you'll get sports related adverts.
This has been going on in the TV market since ITV was launched, it's nothing new so get over it.
Paris - someone should target her, and not with an advert.
And over here?
All we have is a buck being passed at very high speeds.
Bureaucratic mediocrities, the lot of them. Does anyone with a donor card want to donate a spine? Our government could do with one.
@ Why are you all such cry babies ?
The specific problem is not the targeted ads per se. The specific problem is that in order to serve the targeted ads, your ISP monitors every single thing you, personally, do using your internet connection.
The things people do with their internet connection can be extremely private - for example, people send their personal and financial details over the internet; they use it for political discussion; they use it to find out how to get help with their drugs problem without their dad finding out about it...
That is why ISPs should mind their own business.
Q. Has your company at any time tailored, or facilitated the tailoring of, Internet advertising based on customers' internet search, surfing, or other use?
But really Google is hardly the problem, I dont go to google I dont get googled. ISP's are the problem. I use the net I get ISP'd
"While not the technological apples-to-apples equivalent ....isn't this what Google does all day, every day?"
Indeed it does, and in exchange for allowing them to profile 'your' data Google gives you access to the largest search-engine on the internet and many other useful services. From the user's point of view that seems to be a beneficial transaction. On the other hand, what the ISPs are proposing to do offers absolutely no beneficial gain for the user: they intend to pimp 'your' data to a third party and take a share the spoils. It's called stealing.
Clearly Google perceive this man-in-the-middle activity as a serious potential threat to their business model and so we have political favours being called in and US legislators waving a big stick at the pimpers.
Sadly, here in the UK there is no prospect of stick waving, just the usual "if it's good for business, it's good enough for you" bullshit.
A law that states clearly and unambiguously that a person's use of the internet is as private and confidential as anything they send by snail mail or over the telephone -- no snooping by anybody, including ISPs. Not only no deep packet inspection, not even shallow inspection.
Of course, this conflicts in spirit with the drive from the official snoops and control freaks to have unfettered access to everyone's online activity: FBI, NSA, Swedish intelilgence, the NuLab Stasi, Gemany's Bundespolizei, and so on. But that drive is as much a product of sheer laziness on the part of the cops as it is of anything else. They can't be bothered to gather the evidence necessary to get a wire tap warrant; it's so much easier to just hoover up everything and then go on fishing expeditions.
Time to STOP the madness and give us back our privacy.