I'm sure this is a controversial topic in the NANOG community, but EFF and a
number of ISPs and networking companies are writing to Congress opposing the
repeal of the FCC's broadband privacy rules, which require explicit opt-in
consent before ISPs use or sell sensitive, non-anonymized data (including
non-anonymized locations and browsing histories).
If you or your employer would like to sign on to such a letter, please reply
off-list by midday Monday with your name, and a one-sentence description of
your affiliation and/or major career accomplishments.
It's worth noting that most of EFF's list consists of individuals and/or politically connected organizations, not actual ISPs. This is for good reason. EFF was founded with the intention of creating a civil rights organization but has morphed into a captive corporate lobbying shop for Google, to which several of its board members have close financial ties. EFF opposes the interests of hard working ISPs and routinely denigrates them and attempts to foster promotes hatred of them. It also promotes and lobbies for regulations which advantage Google and disadvantage ISPs -- including the so-called "broadband privacy" regulations, which heavily burden ISPs while exempting Google from all oversight.
No knowledgeable network professional or ISP would support the current FCC rules. Both they AND the FCC's illegal Title II classification of ISPs must be rolled back, restoring the FTC's ability to apply uniform and apolitical privacy standards to all of the players in the Internet ecosystem. The first step is to support S.J. Res 34/H.J. Res 86, the Congressional resolution which would revoke the current FCC regulations that were written and paid for by Google and its lobbyists. So, DO contact your legislators... but do so in support of the resolutions that will repeal the regulations. It is vital to the future of the Internet.
I am somehow please that Mr. Glass does not find me a “knowledgeable network professional”. It feels like a badge of honor. Any other “not” knowledgeable network professionals want to come forward and accept this badge?
Personally, I find the FCC’s current rules to be sub-optimal. But saying a gov’t regulation is sub-optimal is like saying water is wet. The question is not whether the regulation could be improved. It is whether the proposed changes are an improvement.
To be 10000% clear: I prefer the current privacy regime over the new one being proposed.
Oh, and I do not believe the EFF is just a shill for Google. But then, I’m just a not knowledgeable network professional, so what do I know?
Many organizations clamor the FCC for regulation because they hate something about the top 10, 20, etc. ISPs. There is certainly something to hate about them, but almost every time, the baby gets thrown out with the bath water and little ISPs are harmed along the way. Extremes on both sides are what get attention, meanwhile nothing constructive for little ISPs gets done. The policy community forgets them.
That same sort of forget about the little guys happens in technical discussions in NANOG as well. Most ISPs and most web hosts have less than 1G of upstream and likely from a single provider. The technical community forgets them.
Having worked networks with massive bandwidth, networks with a single T1 (don’t ask, just Google what a T1 is, er, was), and now being somewhere in the middle, I agree that the large guys sometimes forget the little guys exist. However, I think the change in privacy being proposed hurts -all- users, and disproportionately helps the large guys.
A tiny ISP with < 1 Gbps upstream does not have enough user data to sell or otherwise “monetize”, while the top 5-10 ISPs have a ready and willing market for their users’ data.
Which is why this is so strange. Mr. Glass’ ISP isn’t even a nat on the ass of national broadband ISPs. Not an indictment, like I said, I’ve run tiny networks myself. However, this change does not help ISPs in his position. Yet he is claiming the EFF is fighting for the big guy by opposing this change.
Color me confused. But then again, I am a not knowledgeable network professional, so I am probably just confused.
No ISPs have any right to market our customers browsing history, and currently that practice is illegal unless the customer opts in. In my opinion, only a fool wants to relieve ISPs of this restriction.
The claim oft presented by people favoring this customer abuse is that the sold data is anonymous. But it's been well-established that very simple data aggregation techniques can develop signatures that reveal the identity of people in anonymized data.
"We don't think we did anything wrong," Alexa Chief Executive Brewster Kahle said. "But instead of going all the way through the legal process, we thought this was the easiest way to go on with our business."
This needs to be repeated loudly and often at every possible opportunity.
I've spent much of the past decade studying this issue and the most succinct
way I can put it is that however good you (generic "you") think
de-anonymization techniques are, you're wrong: they're way better than that.
Billions, and I am not exaggerating even a little bit, have been spent
on this problem, and they've been spent by smart people with essentially
unlimited computational resources. And whaddaya know, they've succeeded.
So if someone presents you a data corpus and says "this data is anonymized",
the default response should be to mock them, because there is a very high
probability they're either (a) lying or (b) wrong.
Incidentally, I'm also a signatory of the EFF document, since of course
with nearly 40 years in the field I'm a mere clueless newbie and despite
ripping them a new one about once every other month, I'm clearly a tool
of Google.
There's a difference. Google only gets to aggregate data you pass to Google.
Your ISP gets to aggregate data you pass to *anybody*. The difference matters.
Consider this example from the EFF:
"They know you spoke with an HIV testing service, then your doctor, then your
health insurance company in the same hour. But they don't know what was
discussed."
And the ISP is in that same position of being able to see all 3, and allowing
anybody they sell the data to, to make conclusions.
My first thought was your 6 year old watching sesame street videos, and your 10 year old playing minecraft.
Sounds like the various COPPA lawsuits that I’ve seen from the FTC lawsuits, but IANAL.
I know, I'm not picking on Google like the other post was, other than to bring up that point that a lot of non-technical people don't connect that free Gmail means something has to pay for it. When I talk to people they have this expectation of free internet because ISPs charging for internet access is greedy when most most everything online is free. The internet is just a nebulous thing out there that's "free".
So ultimately you have ISPs that sell data to marketers so they can meet the demands from sales/marketing to offer $10 gigabit internet access with no contracts and free install.
Hmmm... I hadn't heard about the $10 Internet access with no contracts and free installation. I'm pretty sure that's a complete fantasy, and that every ISP on the planet makes sure they get a tidy profit from the contract fees that lock in customers, with zero advertising income. Money from stealing user browser data is just gravy. Not that I'm opposed to gravy, but not when I, as a customer, don't get any.
Now, if ISPs want to PURCHASE browser data from customers directly, I'm sure they'll get some takers. But that strategy has never appeared in any business plan I've seen.
