By now you’ve probably seen a slew of headlines about how the government has pulled protections on your internet privacy, specifically allowing your internet service provider to collect data and sell your data without permission. Many people probably aren’t exactly sure what this means for them, or what they can do to protect themselves from it. A lot of terms have been thrown around, such as supercookie, tracking, and VPN. But what do those all mean on a technical and practical level? I want to help you figure this all out, so I’ll be writing a series on your digital privacy, telling you what’s at stake and how to protect yourself. And to start, I’ll be covering the following topics:
- The basics (this post)
- Virtual Private Networks (VPNs)
- Your Phone
The first thing to know is what exactly happened. The House and Senate S.J.Res.34. This resolution isn’t a new rule but a repeal of a pre-existing one, called “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services”. Here’s an excerpt from the summary:
The rules require carriers to provide privacy notices that clearly and accurately inform customers; obtain opt-in or opt-out customer approval to use and share sensitive or non-sensitive customer proprietary information, respectively; take reasonable measures to secure customer proprietary information; provide notification to customers, the Commission, and law enforcement in the event of data breaches that could result in harm; not condition provision of service on the surrender of privacy rights; and provide heightened notice and obtain affirmative consent when offering financial incentives in exchange for the right to use a customer’s confidential information.
Basically, this protection meant that your ISP had to tell you what information they were saving about you, who they were giving it to, and give you the option of opting out of it. It also means that they need to tell you if there was a breach and your data was/may have been leaked. And finally it required explicit consent if they wanted to sell your data. That all sounds perfectly reasonable, right?
All of that is now gone.
Everyone is focusing on the sales clause, and that’s huge, we’ll get to that in a second, but I do want to point out something that everyone else is glossing over: that your ISP no longer has strict legal rules to inform you in the case of a data breach. Your payment details, name, and address could get stolen and if they wanted to, your ISP could cover that up. Thanks, Republicans!
But yes, the fact that your ISP can now collect data on you without telling you is huge. And that they can sell it without your consent is even huger. But what is this valuable data that can be collected on you? Pretty much anything. Cookies are strings of information that are saved on your computer that identify you individually. Not as you, but usually as a generated number that the website you are looking at can recognize. It lets you save preferences, as well as letting the server keep a history of your browsing patterns on their site. Supercookies are something similar, but they are injected into your internet traffic. This means that instead of your identity being generated randomly it’s generated by your ISP and therefore it can be traced directly to you. The other thing is, since it’s injected by your ISP it’s not limited to a single server reading your cookie; it’s tracking all of your browsing on every site. That means an ISP can sell your browsing habits and content.
Think about it. Without telling you, your ISP is now legally entitled to track what sites you visit, , what you do there, the content of your emails, and anything else you do online. And they can then sell your stats and keywords to anyone they want. The most likely, and lucrative, effect is that you’ll start to get targeted advertisements everywhere you go online. You know how Facebook gleans your interests by the posts you read and the groups you’re in, and then serves up related ads? Imagine that everywhere, and your interests and habits not being limited to sites where you’ve signed up. Every company could know whether to target you for ads and you will have no legal recourse to opt out.
Not only that, but since ISPs no longer have to worry about notifying you or getting permission for interfering with your data, they can now slow down traffic on sites that don’t pay them extra (the end of net neutrality) as well as splicing in their own search results for companies that do compensate them. ISPs will have more access to data about you than you will. If this sounds hyperbolic and paranoid, most of the data companies out there have already done things like this, but have ended or scaled back these efforts preciously because of the legal protections we’ve just lost.
Is it too late for privacy? Have we relinquished too much control already, and this repeal of protections now has us cornered by corporations? That’s a complicated question with a complicated answer. A lot of it depends not on how much privacy you want to keep, but how much you’re willing to relinquish. We’re in a data economy now. Google is a money machine because their advertising targeting is so good. And they are targeted so well because people use their services (Gmail, Docs, Calendar, Maps, Analytics, etc.) and from that usage they can send ads to users tailored to their interests. But your ISP is providing you with access to the internet and that means they can pull a lot more specific information about you and do whatever they want with it. Additionally, you’re already paying them. So they make money off their customers twice; once by providing you a service and then again by providing you as a service to advertisers, and anyone else who wants your information.
It’s also important to keep in mind that the repealed protections hadn’t yet gone into effect. They were just on the books and a damn good idea. The problem is the further we move into a data economy the more appealing, lucrative, and easy these nefarious uses of user data become. We’re precisely at the point when we need these protections and now the House and Senate have voted to repeal them. There are still some FCC regulations that could be pulled up as data defenses in court, but in order for that to happen someone has to A) know that there’s a problem with their data usage and B) sue these giant ISPs.
With that in mind, that means now is actually the perfect time to start locking down your digital presence and incorporating some good security practices into your life. There’s probably a lot of vulnerable information you’re leaking about yourself, from social networks to wi-fi usage, to weak passwords. So I’ll do my best to make easy guides to what you’re possibly exposing, as well as showing you the tools to tighten up your security. As I said before, some of this will come at the expense of convenience, but there are at least a few easy and free methods of securing yourself that will be worth it to even the laziest internet user.
Be sure to ask about any security issues you want us to cover down in the comments.