#ICYMI: Politicians don’t care about data consent

June 22, 20175 Minute Read

Select article text below to share directly to Twitter!


Are you one of the few people who actually reads their annual data disclosure statements or app permissions in detail? I didn’t think so. So, in case you missed it: Your data consent is no longer an issue.

In late March 2017, House and Senate politicians voted to allow internet service providers (ISPs) to sell your personal data to advertisers without your consent. President Trump signed the congressional resolution into law in early April. It’s official—your entire browser history is now up for sale.

Way back in October, the Federal Trade Commission implemented a policy that required Comcast, Verizon, and other ISPs to get “affirmative ‘opt-in’ consent” from their customers before their sensitive data could be released. After politicians reversed this policy, Neema Singh Guiliana of the American Civil Liberties Union described the vote as “extremely disappointing,” marking it as a move to sacrifice Americans’ privacy rights.

Don’t bother clearing your history

The laundry list of data your ISPs can now control includes some truly concerning content you shouldn’t want to share with anyone. ISPs now have the right to share private data that includes your:

  • Financial information
  • Medical information
  • Social security numbers
  • Browser history
  • Mobile app usage
  • Email content
  • Chat content

If you’re a little white-knuckled, well, there’s good reason to be. Slate wrote that while Comcast and other ISPs have released official statements they don’t plan to sell their customer’s data, consumer data is a big business, and ISPs are in a position to make some serious profit.

Anonymous data doesn’t hide much

While it’s impossible to predict the future, companies may technically uphold their promise to protect your privacy, while scrubbing your data of specifically identifying information and still making money hand over foot.

Your anonymized data is shockingly identifying. Advertising companies may just be buying “insights” on millennial IT professionals in your zip code, but these data sets could contain enough to figure out who you are. Seventeen years ago, information security researchers realized, with the help of Dirichlet clustering algorithms, figuring out someone’s real identity was as easy as birth date, zip code, and sex for 87 percent of the US population.

In the last several weeks, researchers took this experiment a step further and successfully simulated de-anonymizating web browser history. They were correctly able to attribute the web browsing history of 70 percent of study volunteers to the right Twitter profile. As it turns out, your browsing history contains certain idiosyncratic characteristics that resemble how you use your social media accounts.

Why ISPs want your internet rabbit holes

While the general population reacted in horror to the news that their private data was now a commodity, the details of exactly how and what ISPs could profit from their data were initially a little less clear. Chances are, you’re using some device pretty much every minute you’re awake—from the minute you check your Facebook in the morning to your final minutes watching Netflix before you turn into bed at night. ISPs will use these insights to understand people within your demographic groups and sell the information to advertisers accordingly.

If you’ve thought Facebook’s targeted ads were creepy, you’re in for a wild ride. Representative Michael Capuano (D-Mass.) called the bill “terrible” and explained to the media that one ISP has a patent application in a cable box with a thermal camera to understand how and when you’re engaged with your flat-screen TV. Your “Netflix and chill” session could result in being shown advertisements for romantic content, because the camera may have the ability to detect when you’re cuddling with your partner (or, you know, “beyond”).

Literally being watched when you unwind after a really long work week and being shown targeted ad content accordingly is creepy enough, but the possibilities behind the ISPs new right to collect and disseminate your personal data is even scarier. While they may not sell your name and social security number to aggressive adtech professionals, what if their information security practices aren’t bulletproof, and their internal storage mechanisms don’t keep your personal identifying information (PII) obscured?

ISPs have experienced months-long data leaks due to identified software bugs in 2017. Targeted advertising may feel invasive—but when you think about what your identity and web browser history could mean in the hands of cybercriminals, it’s a lot worse.

Steps to protect your anonymity

There is some good news: Any website you visit with a HTTPS isn’t necessarily going to be part of your ISP’s dataset. But there’s enough contextual information around it that even if they can’t see your banking login information, a shrewd advertiser may be able to discern from your Mayo Clinic searches that you’ve experienced a strange rash in the last few weeks. Luckily, organizations are increasingly moving towards HTTPS encryption to protect their users’ data consent. One recent report indicated that more websites are encrypted than not-encrypted.

Users should assume that no method of information security protection is perfect. However, there are a few other tactics you can use. One such idea is adopting virtual private network (VPN) technology when working from your home. Senior technologist Jacob Hoffman-Andrews cautions the general population to be wary about free VPN options designed for simple home use, though, and look toward solutions that cost between $5–$20 each month. Web tools designed to support online anonymity, such as the web browser Tor and the search engine DuckDuckGo, may also allow you some means of protection.

Unfortunately, your sleepless nights spent reading up on the latest conspiracy theories on Reddit may not be as anonymous as you think. For most heavy internet users, they can even be linked to your online social media content. Unless you’re prepared to go completely off the grid, adopting basic means of protection, like a VPN and privacy-conscious browsing and search tools, is your next best bet.

  • Recommended for you
  • Recommended for You