ISPs Claim a Privacy Law Would Weaken Online Security, Increase Pop-Ups

An anonymous reader quotes a report from Ars Technica: The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers. AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service." The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer's personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

Browsers could remove popup support.

If web browsers removed the code that implements popups, then it would be far less likely that they show up, regardless of what privacy laws are in place.

Re:Browsers could remove popup support.

[LinuxIsGarbage]

If web browsers removed the code that implements popups, then it would be far less likely that they show up, regardless of what privacy laws are in place.

Modern Web Browsers have Popup blockers that block standard HTML popups, giving indication that a popup was blocked, with options to create an exception. However they still seem to allow popups created by other means (JavaScript, HTML5, etc). The result seems to be annoying popups still show up, but useful popups from a legacy application are blocked.

Re:Browsers could remove popup support.

[ShanghaiBill]

Modern Web Browsers have Popup blockers that block standard HTML popups, giving indication that a popup was blocked, with options to create an exception.

That works well. I get popup alerts from my bank, letting me know my session is about to expire, but only because I have specifically enabled those. I never see unexpected popups from other sites.

However they still seem to allow popups created by other means (JavaScript, HTML5, etc).

Those are not real popups. They don't appear in a separate window, they have no ability to grab the focus from other tabs, and they are easy to ignore.

Re:Browsers could remove popup support.

[radams217]

Javascript Popups are not easier to ignore. They are much more invasive when you want to read an article or not have to mute your sound. The websites that do the follow me as a scroll video ads need to die a slow death.

What they meant

[sit1963nz]

" Privacy laws directly attack one of our income streams, our ability to collect, store, and sell your personal information"

Re:What they meant

[Altrag]

Basically yes, and they're implying that if you remove that income stream, they'll just go ahead and implement something even worse to be a new income stream.

Of course, that leaves out the little tidbit that if they could actually use all those popups and shit as a revenue stream, they would already be doing it. Its not like ISPs are known to be terribly scrupulous.

Oh my god!

[Opportunist]

I had no idea what saint my ISP is. Just think how many ads and how much spam you'd get if they did NOT sell your personal information to advertisers and spammers.

Re:Oh my god!

[Ichijo]

Protecting "us" from "them" is the same argument the GOP makes for voter ID laws.

Re:Perfect Opportunity.

[MightyMartian]

Would you actually want their lips on your testicles?
  I think I'd rather get it done by ten dollar prostitute with cold sores, she'd be cleaner.

It's a nightmare in Canada with Privacy

[WillAffleckUW]

In Canada, the Canadian Constitution mandates Privacy.

People spend years handling the privacy popups required.

Oh. Wait. They don't. They just say "No" once and then the ads can't steal their info.

Hmmm.

Do what now?

[PopeRatzo]

Privacy laws will also cause you to become sterile. You can look it up.

Well done, ISP lobbyists!

[llamalad]

As a direct result of your efforts, I just clicked over to the EFF site to sign up to do recurring monthly donations to them.

I've had a vague intention to do so for a while, but thanks much for pushing me into action.

Re: Bogus

5x dipping. They often recive government subsidies as well.

Popup concern?

[mysidia]

The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing ....

In addition to REQUIRING customers' permission, I suggest they add the following to the law:

• For the purposes of this act; specific permission MUST be obtained from the customer IN WRITING with the customer's official signature EACH time their history information or private details are to be shared, sold, or used for any purpose not directly essential to providing that customer's broadband service or resolving abuse complaints due to customer's activity. Non-written forms such as a verbal direction or acknowledging a "Click-Through Agreement" may not be used to obtain permission.
• Customer's permission to share information SHALL NOT be required as a condition to purchase or renew subscription to any broadband, or internet access services.
• Service providers SHALL NOT interfere with network access or delivery of purchased services in any way order to request or wait for permission.

Re:Popup concern?

[RLaager]

At that point, it is effectively a ban on sharing. I assume that is what you want. It is what I want, and I am a manager at a small ISP (not in California). We should just enact an outright ban.

This sort of thing was not allowed in telephone, as far as I know. I see no reason it should be different for Internet.

Re:Popup concern?

[mysidia]

At that point, it is effectively a ban on sharing.

Exactly, because any required "Consent" is going to be obtained surreptitiously or through coercion, or annoying end users;
the providers simply cannot be trusted, and sharing/selling for an additional marketing revenue stream should just be banned, EXCEPT possibly if the customer
voluntarily opts to purchase an additional service completely separate and not bundled with the broadband,
where sharing may be technically necessary to provide the separate service.

Re: Why oh why

Because you ain't gonna do anything about it you cuck.

HAHAHA

[XSportSeeker]

These fuckers... they really think people are idiots to beliebe in such outlandish claims.
WE NEED TO COLLECT YOUR DATA AND SELL IT FOR YOUR PRIVACY AND SECURITY

What's next? We need to double the price or your current plan because that prevents you from wasting it all on booze and drugs?

Pop-ups and EULAs

[thereitis]

This claim is a lie too, and we have no idea how any rational person could read A.B. 375 and think “maybe that will mean more pop-ups.” The best we can come up with is that since A.B. 375 would require Internet providers to get your consent before sharing your data, maybe they think that if they constantly pester people with pop-ups, they’ll succeed in wearing people down until they give their consent. If that’s really what Comcast and Verizon are implying, then lawmakers should understand the claim for what it really is: a threat to hold consumers hostage in the fight for online privacy. As with Lie #1, if big Internet providers have a better explanation, we challenge them to provide it publicly.

Regarding pop-ups, IMO the whole "click to agree to this legally binding document" idea should be rethought. It's far too easy to embed all sorts of nasty stuff in EULA's and most people can't fully understand the implications even if they do take the time to skim/read through it.

That would be like programmers saying: hey, read through the source code at this github address and if you click I Agree, then you are declaring you are ok with whatever the code is doing with your system/data, for better or worse. You don't understand it? Ah well, too bad. Hire a programmer to try and figure it out.

The right to privacy and security should be inalienable rights, impervious to click-wrap agreements.

In the words of the great Capt. Picard: Dafuq?

[sandbagger]

Why is this the dilemma presented. We get user privacy at the cost of a parade of pop up windows. Really? Maaaaaybe you could decide to not spam your customers with popup windows.

This is how bullies talk: don't make me hurt you!

The sooner ISPs become regulated as utilities, the better.

Re:Perfect Opportunity.

[sconeu]

Sigh.... I miss the old time trolls, like OOG the Internet Caveman, The Glorious MEEPT!, The "IF I EVER MEET YOU I WILL KICK YOUR ASS" guy....

They are absolutely right

[Erik+Hensema]

Over here in Europe we've got a crazy law requiring websites to ask visitor consent before placing tracking cookies. Now all websites have popups. You can't refuse the cookies like envisioned by the privacy lobbyists when drafting the bill. You can either accept or leave the site. The law is a useless disaster doing absolutely nothing for privacy. It just annoys everybody.

Needless to say, lots of people now just use a browser plugin to just accept the cookies blindly.

Also please note this isn't a browser window popping up of course. It's an overlay over the web page.

Re: Bogus

[carlos_danger]

At&t and Google fiber are the worst at this, selling as much data as they can to advertisers. I expect this law to result in At&T raising prices and Google fiber leaving the state.