Senate Scrutinizes Privacy Issues of ISP User Tracking

← Back to Stories (view on slashdot.org)

Senate Scrutinizes Privacy Issues of ISP User Tracking

Posted by kdawson on Tuesday July 8, 2008 @10:30AM from the you-want-to-watch-me-you-have-to-pay dept.

Hugh Pickens writes "As companies collect, use, and disseminate data regarding online users, there is concern that tracking individuals' Internet activity and gathering information from online users violates their expectations of privacy. The Senate Commerce Committee will hold a hearing Wednesday to look at the policy issues, and the hottest topic will be proposed systems by which ISPs can watch users and sell information about their surfing habits to advertising companies. The Center for Democracy and Technology has issued a report suggesting that these systems may violate federal law (PDF). 'Advertising per se is not the evil here,' says Leslie Harris from CDT. 'It's the collection of individuals' information, usually without their knowledge, always without their consent, creation of profiles and the complete inability of people to make choices about that.' On the other side NebuAd, the most active ad-targeting company, says its profiles are interest-based, and not personally identifiable. 'We have designed our entire company to make sure that we stay on the opt-out side of those laws and policies,' says NebuAd CEO Robert Dykes. Charter Communications announced last month that it would suspend a trial of NebuAd due to customer concerns about privacy."

22 of 109 comments (clear)

Min score:

Reason:

Sort:

Scrutiny should extend further. by suck_burners_rice · 2008-07-08 10:39 · Score: 4, Interesting

I'd say it's great that the Senate is scrutinizing what ISPs do to track people, but this shouldn't be limited solely to ISPs. There should be a lot of scrutiny about what the government does with your information, and I'm talking about all levels of government from the local level up to the federal level. Further, there are millions of businesses around the world, small and large, that gather all kinds of information. It is difficult to scrutinize so many companies, so I would say that the Senate should concentrate on the government first. Because the government collects the most.

--
McCain/Palin '08. Now THAT's hope and change!
1. Re:Scrutiny should extend further. by pin0chet · 2008-07-08 11:36 · Score: 2, Interesting
  
  Agreed. When an ISP makes a bone-headed move, like using NebuAd, it gets a lot of bad press and has a strong competitive incentive to say sorry and fix its mistake.
  I'm a lot more concerned about government invading my privacy than my ISP. You can always sue a company, but thanks to qualified immunity, government agents can break the law and get away scot-free.
  Now there is a bill in the Senate, sponsored by Grassley, to force online retailers to inform the government of every online credit card transaction. You can't opt-out of govermment data collection, and you can't just "take your business someplace else."
  The Senate's first priority should be taking a close look at the privacy implications of the REAL ID, the national fingerprint registry, the FBI's DNA database, and warrantless surveillance.
2. Re:Scrutiny should extend further. by PopeRatzo · 2008-07-08 12:48 · Score: 4, Insightful
  
  You can always sue a company.
  Not so. After tomorrow, for example, Americans will no longer be able to sue AT&T for violating the law by letting the Bush Administration tap their phones without any judicial oversight.
  The current president has taken the 60-year old notion of "state secrets" to an extent that absolutely shreds the Bill of Rights, but there was always the possibility that the truth would come out and the lawbreakers would have to pay. After tomorrow, not any more.
  
  --
  You are welcome on my lawn.
3. Re:Scrutiny should extend further. by corsec67 · 2008-07-08 14:05 · Score: 4, Insightful
  
  Doesn't "state secrets" as currently used in court violate the first amendment?
  Not the speech part, the ... to petition the Government for a redress of grievances. part.
  
  --
  If I have nothing to hide, don't search me
Yeah, and? by Red+Flayer · 2008-07-08 10:39 · Score: 3, Informative

'It's the collection of individuals' information, usually without their knowledge, always without their consent, creation of profiles and the complete inability of people to make choices about that.'

Hey, guess what... if a partner in a two-way correspondence chooses to share details of that correspondence, that's their choice (i.e., don't give private info to someone you don't trust). If you choose not to make safe your correspondence from third parties via encryption, that's your problem.

I'm willing to risk some troll or flamebait mods here to make a point:

No correspondence should ever be considered absolutley private. The same tools that allow data aggregation by companies like Google and ISPs give us better access to information and (arguably) a better quality of life. You have to take the bad with the good.

Creation of profiles allow vendors to serve us better. They allow better targeting of ads so we're not bombarded with ads for things we have no interest in (ok, in theory. In practice, this needs further work). They allow people and businesses to target our needs better, so it's easier for me to find what I'm looking for.

As long as we have the ability to anonymize and encrypt our traffic (which isn't a given), I have no problem with profiling. Those who want to opt out can do so easily... and if there is enough demand for it, there will be off-the-shelf tools for joe sixpack to do so.

So my point is this: Allow us to anonymize our traffic. Allow us to encrypt our traffic. Then you can go ahead and profile all you want.

--
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
1. Re:Yeah, and? by no-body · 2008-07-08 11:00 · Score: 2, Insightful
  
  Have you ever counted or even looked at the 1 pixel images embedded into web sites?
  I encountered a recent ridiculous one from a Yahoo access - something like that:
  us.bc.yahoo.com/b?P=FjLh6UWTUG8MnHdaSGkxXR + over 1000 characters more
  
  To load 1 PIXEL!!!!!
  
  There is tons of that stuff embedded in web sites. And that's got nothing to do with 2-way communication whatsoever.
  
  Wo tracks it, who controls it, who sells and buys it?
  Are the neurons in Sentat's heads interlinked enough to grok this?
  
  Highly doubtful - and they (the trackers) will fight tooth and nail about it to keep it that way.
  
  We all are paying for the free ride to information with our privacy.
2. Re:Yeah, and? by Red+Flayer · 2008-07-08 11:28 · Score: 2, Interesting
  
  Not only are there people who don't know anything about encryption
  If they care about their privacy, that is their problem. If they don't care, no harm, no foul.
  
  but why should I have to do something extra to ensure I have what is already supposed to be mine?
  I have tons of problems with this question. Why do you assume that "it" is supposed to be yours? You're transmitting postcards, not sealed envelopes... assuming that by "it" you are referring to privacy, what makes you think that you have any expectation of privacy in a de facto public space if you don't make any efforts to safeguard it?
  
  If I send a postcard to a friend, I assume anyone who handles it could read it. But that's not fair! Why should I have to take the extra step of sealing an envelope in order to maintain the privacy of my letter? And if it's really important info, you can bet your ass I'd encrypt it with a one-time pad. So even if they open my mail, they won't find anything useful without dedicating ridiculous resources to it.
  
  --
  "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
3. Re:Yeah, and? by inhahe · 2008-07-08 11:36 · Score: 2, Interesting
  
  Collecting information about people's habits without their knowledge or explicit consent for the purpose of making money is reptilian. I say reptilian because I'm not sure that I can say it's unethical, because I don't believe that taking pictures of people in public is unethical. But then, what they do is more akin to paying someone you're likely to speak to to secretly record your conversation for them.
  If we all believed that companies just wanted to serve our best interests, then there would be no backlash against this kind of profiling. But since we know on a deep level that corporations are fundamentally cold, evil and without conscience, it bothers us. You could say that by the devil's grace it just happens to work out so that serving their best interests serves ours, but that does not make it not reptilian.
  And saying that, basically, if you don't want companies to profile you then surf anonymously is dangerously close to saying that if you don't want to be shot (and injured) by a criminal then wear a bullet-proof vest. Or if you don't want someone creating a voodoo doll in your likeness and dipping you in vaults of various acids in effigy, or perhaps collecting a DNA swipe off of a counter you touched to analyze it on their computer and determine the best pick-up line to give you the next day, then wear a hair net, a veil, gloves, a long-sleeved shirt and pants whenever you go out. Or maybe just a burqa to make it easier. We shouldn't _have_ to hide.. Oh, yeah, and the DNA analyst at his computer is just trying to figure out how to best serve you, right?
  TBH though, there is no law against making a voodoo doll of someone and burning it (and I don't want the Inquisition all over again), so it's iffy whether companies should legally be allowed to do that. But I'm certainly not going to be apologetic for them..
4. Re:Yeah, and? by Red+Flayer · 2008-07-08 12:23 · Score: 2, Interesting
  
  As to encryption, it's a sad day when you cannot trust your service provider to provide a service, without eavesdropping for profit. What next, encryption for snailmail? We could always use invisible ink, but that might prove difficult for the mail service to deliver
  If you're going to continue the snailmail metaphor, again I have to stress that without encryption, you are sending postcards, not sealed envelopes. And plenty of people have used, and still use, encryption with snailmail, as they deem it necessary to maintain their privacy. The question is, how much do they value their privacy, and how much effort do they have to put in for encryption? When encryption is so easy electronically, why not take advantage of it?
  
  I think it's absolutely absurd to think that when you give a private for-profit organization your correspondence, you don't expect them to try to make money off their own information (after all, they have as much right of ownership to the information of what crosses their network, and from where, as you do).
  
  Privacy cannot be protected by legal recourse. It can only truly be protected by technological recourse. Making something illegal does not prevent it from happening. Making something impossible does.
  
  --
  "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
5. Re:Yeah, and? by pin0chet · 2008-07-08 15:13 · Score: 2, Informative
  
  There are plenty of highly anonymous VPN/SSL tunneling services available for 10 or 15 bucks a month. No need to take a speed hit or trust an unknown foreign proxy server. -Steganos https://www.steganos.com/us/products/home-office/internet-anonym-vpn/overview/ -VPNGates http://www.vpngates.com/ -SecureIX http://www.secureix.com/ -Relakks https://www.relakks.com/?cid=gb -Anonymizer http://www.anonymizer.com/
6. Re:Yeah, and? by CowTipperGore · 2008-07-09 01:57 · Score: 2, Insightful
  
  You're transmitting postcards, not sealed envelopes... assuming that by "it" you are referring to privacy, what makes you think that you have any expectation of privacy...
  To complete your analogy, I guess it would be okay for the US government to read all postcards sent via the US mail, log the data, and use it for whatever purpose they want? After all, not sending it in a triple-sealed container means that we clearly wanted this information gathered and used. UPS can open and examine packages sent in paper envelopes or cardboard boxes, since if we cared about privacy we would have used a welded box.
  You're confusing what could happen with what should happen. Just because someone can read your postcard doesn't mean we should be okay with the USPS doing so as policy. Just because UPS could open packages and reseal them, we shouldn't be okay with them modeling my underwear before they arrive.
Boiling a frog by Mike+Rice · 2008-07-08 10:43 · Score: 5, Insightful

How ironic that Congress is, in all likelihood, about to pass a telecoms immunity bill which allows them to spy on us... but are giving lip service to the issue of telecoms spying on us.
CongressCritters and Snoozators will soon be making a lot of noise about how they are protecting the public from being spied upon, while at the same time making it legal for us to be spied on.
Nothings changed, just another election year.
1. Re:Boiling a frog by easyTree · 2008-07-08 11:00 · Score: 3, Informative
  
  CongressCritters and Snoozators will soon be making a lot of noise about how they are protecting the public from being spied upon, while at the same time making it legal for us to be spied on.
  Democracy in action :) - or rather that's what happens when the free market and democracy collide.
  We had a similar situation in the UK recently with a company called Phorm. ISP's were entering into secret deals with them to collect our data so that they could modify the html streams returned from sites to inject targeted advertising. i.e. pure evil was afoot :)
  http://en.wikipedia.org/wiki/Phorm
  
  --
  Requiem for the American Dream
2. Re:Boiling a frog by Opportunist · 2008-07-08 11:23 · Score: 3, Insightful
  
  What free market? I hope you don't mean the mockery thereof that the current market of corporate cartels is.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
3. Re:Boiling a frog by easyTree · 2008-07-08 11:41 · Score: 2, Interesting
  
  Perhaps I'm using the wrong term - I'm ignorant of world affairs..
  I'm talking about the situation that exists when profit is used as a means to determine what is moral.
  
  --
  Requiem for the American Dream
4. Re:Boiling a frog by Opportunist · 2008-07-08 20:48 · Score: 2, Insightful
  
  It's not even profit anymore. Profit as a measurement of morality could be considered free market. What we have today is more control instead of profit. Everything is moral and fine as long as I get more control. More control of the market (in case I'm a corporation) or more control of the people (in case I'm a government).
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I'd have less problem with this... by fahrbot-bot · 2008-07-08 10:48 · Score: 2, Insightful

We have designed our entire company to make sure that we stay on the opt-out side of those laws and policies,' says NebuAd CEO Robert Dykes.
... If they'd stay on the "opt-in" side, but I'm sure user participation and company profits would be lower. Too bad, so sad...

--
It must have been something you assimilated. . . .
1. Re:I'd have less problem with this... by Gat0r30y · 2008-07-08 11:01 · Score: 2, Insightful
  
  Not necessarily - what if you could opt in for a little discount. You get 5 bucks off your monthly internet bill, and in exchange they have permission to keep a cookie on your machine to track what your doing. On the other hand, as a government backed monopoly I suspect that the ISP's are going to come out of this whistling the tune of the free market.
  
  --
  Prediction: The real iPhone killer is going to be sex robots from Japan. Think about it.
Re:Since When Do They Care About Our Privacy? by Tackhead · 2008-07-08 11:00 · Score: 4, Insightful

They're going to grant the telecoms immunity and the Bush Administration a free pass on breaking federal wiretap laws and violating the 4th Amendment, but *this* concerns them? Spare me.
1970s: Don't steal. The government hates competition.
2010s: Don't spy on your users. The government still hates competition.
Watch just one little word by Ollabelle · 2008-07-08 11:12 · Score: 2, Insightful

To me, the money here is targeting the user to feed him/her ("them") ads based on what that user has already seen, queried, etc.
Yet, NebuAd says the data they collect is not "personally" identifiable. I'll bet a six-pack that the data is damn-sure "individually" identifiable by cookies, etc.
"Personally" just means they're not selling my name along with my surfing habits. But they are very much tracking my individual habits/interest and selling that; user by individual user. I say send them back to tele-marketing, the scum-bags.

--
Ibid.
Putting it simply by CopaceticOpus · 2008-07-08 11:24 · Score: 5, Interesting

What is needed is a clear separation between those companies that sling bits (ISPs) and those who provide content and advertising. Each ISP should be required to transfer data as fairly as possible with a minimum of interference and monitoring.
Most broadband providers have a monopoly or duopoly, and therefore need to be regulated strongly. Otherwise, customers who object to these invasions of privacy will have nowhere to turn.
Re:---HOW--- are they showing ads? by QuantumRiff · 2008-07-08 11:55 · Score: 2, Informative

Neubud purchases ad space on tons of websites.. when the web page is requested, they check the requesting IP. If its on a network they "service" then they call up the cookie and the profile from the monitoring hardware at the ISP, and instead of displaying a static ad, display one targeted to your surfing habits. Then they give the ISP a chunk of change (or a percentage of ad revenue, not sure), for allowing them to have their monitoring/profiling tools installed at their access points.. The ads don't go "over" other ads, IE, you won't see them on your personal blog.. only on sites where they have already purchased advertising. (at least thats what they claim for now)

--

What are we going to do tonight Brain?