In late 2014, it was revealed that Verizon Wireless had been, for over two years, inserting a unique string of 50 letters, numbers, and characters into requests by users to visit webpages. Called a Unique Identifier Head (or UIDH), the serial number allowed advertisers to identify who was visiting which websites, allowing them to target ads based on users’ habits. This is nothing new in the world of Internet browsing. As users, we’ve long been accustomed to “cookies” that allow frequently visited websites to load quicker, to save basic information for forms, and to target ads more effectively.
Yet this was something different. “Cookies” belong to only a single website, and can be deleted by users; the UIDH was attached to all websites, and couldn’t be deleted. As the Electronic Frontier Foundation put it, it “allows third-party advertisers and websites to assemble a deep, permanent profile of visitors’ web browsing habits without their consent.”
It was newly emerging technologies like these that forced the Barack Obama-era Federal Communications Commission to, in October of 2016, approve new rules limiting how Internet Service Providers collect and sell their customers’ personal information. “This was probably the best day we’ve had on Internet privacy — commercial Internet privacy — maybe ever,” Jeffrey Chester, executive director of the Center for Digital Democracy, told the Washington Post after the rules were adopted. “We got a breakthrough.”
But less than five months later, the breakthrough was walled back up. On March 28th, the Republican-dominated House of Representatives signed a bill that erases those rules. It also ties the FCC’s hands from trying to recreate similar rules in the future. The bill was immediately signed by President Donald Trump and is now the law of the land.
This isn’t good news if one happens to be a fan of Internet privacy. The American Civil Liberties Union writes: “no existing regulations would require companies to provide opt-in consent to consumers before sharing their information, creating an enormous privacy gap.” As Tom Wheeler, head of the Obama-era FCC, writes in a New York Times op-ed: “Reversing those protections is a dream for cable and telephone companies, which want to capitalize on the value of such personal information.”
In other words, corporate ISPs got a huge gift from the government in the form of a new commodity for them to sell.
As it stands, due to lack of options for high-speed broadband Internet, consumers are essentially beholden to whatever ISP happens to cover their area. If they don’t like it, their other option is, generally, to not use the Internet. “Unlike a search engine or social networking platform or news site, you can’t easily switch to a competitor. And there’s not a lot of competition in the market, either,” writes Internet security expert Bruce Schneier on his website. “If you have a choice between two high-speed providers in the U.S., consider yourself lucky.”
Without the government providing regulations, the only true recourse for consumers who want to keep their information private is using their own technical expertise — an educational barrier that’s difficult, if not impossible, for many to overcome — or paying someone else to handle their privacy for them. This could mean hiring some kind of Internet privacy technology assistant, or, more likely, investing in tools that fill in the gaps left by the ineffectiveness of the government.
“[Internet privacy] is a market failure, and therefore it is the government’s responsibility to regulate it,” writes Serge Egelman, director of usable security and privacy research at the University of California–Berkeley’s International Computer Science Institute, in an email. “Unfortunately, privacy has become a luxury good. Most of the techniques to mitigate tracking have costs … thus only those who can afford those costs will be able to attain better privacy.”
As usual: Those with disposable income will be fine, and those without will have their private information sold.
It’s not hard imagining how the lack of regulations will further solidify the stranglehold that top ISPs have on the market. If the goal is market share, and the way to get there is through innovation, which requires additional funds, it only makes sense that having a new product to sell — in the form of collected data — can only help them push the smaller ISPs out of the business. The question will be how best they can package the goods.
“I personally suspect that most large ISPs aren’t interested in selling the data outright; they want to tap into the advertising market to compete with Google and Facebook,” Egelman writes. “If you look at what those companies do, they don’t sell user data, because that data is their lifeblood. Instead, their product is mediated access to their users.”
But Internet-based services like Google and Facebook are different from ISPs, infrastructure-based companies that require government involvement and the use of publicly owned rights-of-way spaces like sidewalks, easements, and power lines. Now the land we collectively own is being used to create sellable products out of our private information, creating profits that the public never sees.
“The bigger question is,” Schneier writes, “why do we allow for-profit corporations to create our technological future in ways that are optimized for their profits and anathema to our own interests?”
