How To Stop AT&T From Selling Your Private Data To Advertisers

An anonymous reader writes "AT&T is ready to follow in its rivals' footsteps and begin selling the private usage data it collects from its subscribers' phones to advertisers. The data in question is anonymized, according to AT&T, but it includes very sensitive information such as customers' locations, Web browsing history, mobile app usage and more. Privacy is something of a hot button issue right now, so it is likely that a number of AT&T subscribers would prefer to not have their private data sold to advertisers. Luckily, there is a fast and easy way to opt out of AT&T's 'External Marketing and Analytics Reporting' program."

It's not their data

perhaps the customers should sue to get their property returned

Re:It's not their data

It's funny how you Americans seem have no legal distinction between ownership and possession and derive most of your rights from what you can write down in a contract. In civilized countries you can't sign away a fundamental right and you certainly don't lose ownership of something just because it's in someone else's hands.

Why do you need a government at all? Privatize the whole country! Land of the Free my ass - more like Land of the Corporate Fascism Drones.

Re:It's not their data

[Dcnjoe60]

Yay for pedancy! If the FCC sells licenses to use the airwaves, then we collectively own them for any reasonable definition of ownership.

No, we do not. The FCC say you may not broadcast in this country unless you have a license. The State also says you may not drive a car unless you have a license. That doesn't mean we collectively own all the cars. The FCC regulates what may be broadcasted from towers located in the US. There is nothing to own.

If I want to go to Mexico or Canada and erect a tower on the same frequency as a US station, assuming those countries allow me to do so, there is nothing that the US can do to keep it from interfering. Now obviously, there are probably treaties with Canada and Mexico to keep that from happening, but that is further evidence that we don't own the airwaves. Nobody owns them, we have an agreement on how we will all use them, no more and no less.

Take short wave as an example, not as widely used today as it was, but it bounced signals all over the planet. Whose airwaves were they, the originating country, the destination country, the countries in transit? Nobody owns the airwaves, they are just part of the electromagnetic spectrum. People may own the content they put on the airwaves, but they don't own the airwaves themselves.

It's has and is being tried.

Well, this is /was going on.

I found that trying to find an article from the 90's (I think it was in the WSJ) about one man who tried to do just that - sue to get his personal information from the marketing firms - I think his strategy was to sue for monetary damages. IIRC/

The marketing people say that an individual's information isn't worth much but a list of thousands or millions of people is worth quite a bit.

Anyway, it's 2013 and the marketing industry (personal data industry) is as big and strong as ever.

Let's face it, all some big corp has to do is have their lobbyists go to Washington, spread some "gifts" around, and just whine how "it'll hurt their business" and America.

We NEED privacy laws like in Europe. We have this lop sided balance of power in this country.

log in with telephone number and password...

[lkcl]

hmmm... is this the password that by default if you've never set it is set to the 1st 4 digits of your Social Security Number, like it is for Bell South? and how many retries are you allowed on the login? it's not 9,999 is it? and what are the first 3 digits of a SSN? why that'll be the area you were born, which probably closely match with the area code of the telephone number. that just leaves 2 digits left to guess...

Can't log on? Here's another way in

[Khopesh]

I couldn't log in through the proffered http://www.att.com/cmpchoice link.

Another way in is through the standard payments portal. Once logged in there, you can go to Profile -> Account & User Information -> Marketing Preferences. This lets you opt out of direct marketing that they send to you. (Might as well take care of that while you're in there.) At the very bottom, below the buttons, is a link to "Update your privacy choices for External Marketing & Analytics reports" (which is the same cmpchoice link as above). Clicking it bypasses the login page since you're already authenticated.

No Such Thing

[Jane+Q.+Public]

"The data in question is anonymized, according to AT&T, but it includes very sensitive information such as customers' locations, Web browsing history, mobile app usage and more."

We have known for years now that there is no such thing as "anonymized" data. I found out the other day that somebody actually built a browser for viewing so-called "anonymous" data from the AOL data release some years ago.

Generally, all it takes is a little sleuthing, and all that "anonymous" data becomes anything but.

We need a law. Seriously... if you know me I am not someone who would normally say that. But we need better privacy laws in this country. The Constitutional guarantee of privacy (and yes, before you argue, SCOTUS said it does exist) simply seems to have been falling on deaf ears.

Re:No Such Thing

[MacTO]

We needed laws that guaranteed customer privacy years ago. Unfortunately, it is far too late for those laws to be meaningful since businesses have found ways to generate revenues from customer data and they're not going to let go of that easily.

At the very least, businesses will find loopholes in these laws. The most basic one is described in the summary: data is anonymized. From this perspective, businesses will claim that the data is property of their company and the anonymization process provides sufficient guarantees of privacy. The fact that it is possible to trace this data back to individual users would be beyond the scope of laws that most governments are willing to create simply because the businesses are, in a way, correct. Data with personally identifying information stripped is a product of the business because it is generated as a part of the businesses operations using the businesses infrastructure.

Another possibility is to ship the data out of country, where customers are unlikely to be protected by privacy laws. Even if that country has privacy laws itself, it probably won't cover foreign citizens. Even if it did cover foreign citizens, it would be difficult for them to sue the appropriate entity in the appropriate jurisdiction.

At the end of the day, it is best to assume that anything we do that involves a third party simply isn't private. In a sense, it even makes sense. We don't assume that our actions in a shopping mall are private since we are sharing that space with other people. Why should electrons passing over wires (or, in this case, RF spectrum) owned by a telecommunications company be any different? The same goes when we invite someone into our home. Even friends can gossip after all.

I love the idea of privacy. I also recognize that it is difficult to protect. That is especially true when someone can benefit from violating your privacy. Since the threshold for privacy has been lowered incredibly far in recent years, I suspect that we will never be able to get it back. Such are the perils of leaping before you look: upon insisting upon an unregulated medium before understanding why prior media were regulated.

Re:No Such Thing

[Jane+Q.+Public]

When AOL first released that infamous "sample" data, it took reporters about an hour to start identifying people.

Not big companies. Not wealthy organizations. Some newspaper reporters. Sure, they probably had a couple of programmer friends help. But they didn't hire Hughes Corporation or anything.

Read the contract.

[csumpi]

I'm pretty sure some of the tiny letter stuff on your contract says that by signing the contract you give them full permission to do whatever they want with all the data they collect from you.

Re:Read the contract.

[Mitreya]

I'm pretty sure some of the tiny letter stuff on your contract says that by signing the contract you give them full permission to do whatever they want with all the data they collect from you.

It gets better!

Somewhere in that contract you also sign away your right to sue them (particularly AT&T, I believe it was a lawsuit against them that legalized mandatory arbitration clause).
So... what you can do is to complain to an arbitrator employed by AT&T and see whether he/she rules for you or not.

Re:Read the contract.

[hairyfeet]

Yep I'm sure they got you by the balls with the fine print which is why I said screw all the bullshit and just went prepaid.

You can get the Walmart android phone for less than $100 with the "unlimited" card (yes i know their unlimited starts slowing you down between 3-5GB,I'm not gonna do that much on a dang phone,that's what the netbook and desktop are for) and if they try jacking me around? Screw 'em, plenty of other pre-paid bunches out there, no contract means they don't have me by the short hairs anymore and so far the service has been great,I'm loving it.

Re:Read the contract.

[black6host]

If the GP is referring to Straight Talk, you get unlimited everything (USA only) for 45.00/mo. Calls, texts, data etc. I've been using them for over a year and it's been fine for me. Plus, they use Verizon's towers so the coverage is excellent.

Not in any way associated with them. I just use their service. I've got friends paying 60.00 plus a month for something like 700 minutes and that's on a dumb phone, very limited data. Why? The options are worth checking out......

Re:Read the contract.

[bleh-of-the-huns]

You can still sue AT&T, or any other company that forces arbitration. The only thing it does it prevent users from joining class action suits.

How exactly do you anonymyze location data?

[Lendrick]

You don't think large advertising companies have some automated way of taking a GPS location, converting that to an address, then using public records to look up the owner of the property?

Give me a month of a homeowner's GPS data and access to public records, and I can write a program that will determine exactly who they are with a relatively high degree of certainty.

Re:How exactly do you anonymyze location data?

[Lendrick]

My phone GPS doesn't have much trouble zeroing in right on my house.

Re:anonymous SIM card?

[fuzzyfuzzyfungus]

Is it possible with any arbitrary smartphone to buy a prepaid anonymous SIM card and use that so that there is no direct tie between the card and a personal identity? Obviously one would still have to be careful not to disclose that in other ways, but it would make their job harder.

Any phone that isn't SIM-locked and takes SIMs should theoretically work. It isn't exactly news that all contemporary smartphones dedicate their existence to getting you and your credit card locked into their maker's walled garden, and tend to bleed device-unique data like stuck pigs; but at least you'll be able to pay for the line over which your phone phones home in cash!