Verizon Strikes $1.35 Million Settlement With FCC Over Its Use Of Stealth 'Zombie Cookies'
from the comes-around-goes-around dept
Last year you’ll recall Verizon Wireless found itself in hot water after being caught modifying user packets to insert stealth tracking technology. By embedding each packet with a unique identifier traffic header, or X-UIDH. Verizon and its marketing partners were not only able to ignore user browser preferences and track their behavior around the Internet, they were then able to use this technology to build detailed user profiles. Verizon Wireless launched and operated the technology for two years before security researchers even noticed the program, and it required another six months of public pressure for Verizon to even offer an opt-out option.
According to the FCC’s full press announcement (pdf), the fairly measly $1.35 million settlement doesn’t stop the program, which likely won’t please many privacy advocates. Verizon Wireless will however need to transparently notify users of the system and get their explicit opt-in (a rare dinosaur in online tracking rules) consent before sharing any of this data with third parties. The FCC is quick to highlight how Verizon previously proclaimed the technology couldn’t be abused by third parties to build detailed profiles of users — right before it was.
The FCC’s full order (pdf) indicates that the regulator is leaning heavily on both the transparency requirement embedded in the FCC’s net neutrality rules, and the agency’s authority under Title II of the Communications Act to enforce the settlement:
“Section 222 of the Communications Act imposes a duty on carriers to protect their customers? proprietary information and use such information only for authorized purposes. It also expressly prohibits carriers that obtain proprietary information from other carriers for the provision of telecommunications services to use such information for any other purpose. Section 8.3 of the Commission?s rules, known as the Open Internet Transparency Rule, requires every fixed and mobile broadband Internet access provider to publicly disclose accurate information regarding the network management practices, performance, and commercial terms of its broadband Internet access services sufficient for consumers to make informed choices regarding use of such services and for content, application, service, and device providers to develop, market, and maintain Internet offerings.”
When the FCC reclassified ISPs as common carriers under Title II, ISPs became subject to Title II?s Section 222 privacy protections regarding “customer proprietary network information” (CPNI). That portion of Title II was written specifically for phone companies, so the FCC is planning (prompted in large part by Verizon’s behavior) to update the CPNI rules to create new broadband consumer privacy protections. While the FCC politely lauds Verizon’s cooperation in the investigation, these kinds of consumer protections are precisely what Verizon was trying to stop when it sued to cripple net neutrality (both in 2010 and again last year).
Granted Verizon could have easily avoided the new privacy rules. It has argued for years that tougher privacy protections for broadband weren’t necessary because the industry could self-regulate. And regulators appeared to buy that claim for a while. But Verizon’s decision to covertly fiddle with packets and track tens of millions of customers without bothering to tell any of them indicates just how well that plan actually worked in practice.
Filed Under: fcc, privacy, settlement, zombie cookies
Companies: verizon
Comments on “Verizon Strikes $1.35 Million Settlement With FCC Over Its Use Of Stealth 'Zombie Cookies'”
Fines that low are really just a “cut” of the action.
and i suppose that’s about 1% of the revenue Verizon raked in from the advertising!
Does that even qualify as a slap on the wrist? Hell, does it even qualify as a mildly disapproving frown?
Just blink to "opt in".
There, that wasn’t so hard, was it?
How long before...
… we find out it was actually a government requested/mandated security/tracking program under guise of a advertising revenue stream.
Think of the children!
Where is my cut?
I am a Verizon customer… why is it that I first get fucked by Verizon and then the FTC gets to profit while I still got fucked without any compensation?
I know a lot of you tech dirter’s like your government institutions but I have yet to see much of a benefit to all of these “regulations”. I have however, notice a whole lot of monopolies and poor service with little choice in the market however.
Re: Where is my cut?
Well I’ve noticed that the much-vaunted market has utterly failed to correct itself; the choice being between “take it” or “leave it.”
Funny, that.
The first rule of how to run a business today is ..
.. do not get caught.
Re: The first rule of how to run a business today is ..
2nd rule is to lobby for laws and fines that make it still profitable to break the law.
Verizon breaks the law, Government profits, Citizens still wronged and not give any compensation. I am seeing a patternhere.
Hit hard or don't bother
If the $1.35 million ended up being so much as 5% of what they gained from selling the data I would be greatly surprised, which means that the FCC might as well not have even bothered. What possible reason does Verizon have not do do the same thing in the future with a fine this pathetic after all, it’s basically just a cost of business, a minuscule cost that ever so slightly lessens the profits gained.
No, if the FCC or other similar agencies want to provide some real incentive for companies to follow the rules then they need to use a percentage based fine system, and start at 100%. If companies know that the absolutely smallest fine for violations will leave them no better off than before should they be caught, in addition to any other penalties, then they might care, but as it stands the penalties and motivations are entirely on the side of breaking as many of the rules as they can and then just paying the laughable fines should they get caught.
Re: Hit hard or don't bother
No fines! not even a $1.
Jail Time, nothing other than Jail Time. Fines serve as nothing more than a catalyst for government to ignore a problem long enough to ensure that they catch them do just enough damage for citizens to ignorantly feel good about it while the company laughs all the way to bank shaking the had that fined them for their generosity.
Re: Hit hard or don't bother
hopefully there is a larger game afoot and the ftc is just flexing its muscles and setting legal president under the new laws. by charging this little they get a president they can then use as a hammer later for real fines that verizon may actually want to fight about. but then again reading to much techdirt has shaken my faith in humanity.
$1.35 million settlement
Maybe I’m wrong but with such a detailed mining method they probably made much more than that. This is almost like punishing a kid for eating too much cake by giving them more cake.
Verizon Wireless will however need to transparently notify users of the system and get their explicit opt-in (a rare dinosaur in online tracking rules) consent before sharing any of this data with third parties.
Oh yes, I’d be delighted to have the privilege of being thoroughly tracked online while my data is subject to “outstanding” security practices. They’ll need to word their “transparent notification” eloquently to get users to opt in to such thing. Then again how many tool bars have I seen installed on computers of the world?
Re: Re:
Maybe I’m wrong but with such a detailed mining method they probably made much more than that. This is almost like punishing a kid for eating too much cake by taking a very small bite of the cake.
Correction
New Rule
If you get caught by the cops for robbing a bank, you must share some of the loot with the cops.
Re: New Rule
unfortunately, its not new.
I would almost guarantee Facebook uses something similar. Sometime in the middle of a Facebook session, try turning cookies off. Facebook will almost immediately log you off.
You are the product when it comes to Facebook, and the moment they can’t track your every move, they will shut you out. Not the kind of “free” application I’m interested in.
Re: Re:
The difference is that you can turn your cookies off and have it be effective with Facebook.
With ISPs, cookies don’t enter into it. Verizon, for example, was tagging the traffic itself in a manner that you had little control over. Facebook cannot technically do this sort of thing. You have to be an ISP to pull it off.
Re: Re: Re:
When you own your own datacenters, does it even matter that you’re not an ISP?
So as a Verizon user who has been affected by this terrible thing, how much money am I going to see from this settlement?
What happens to the data collected?
As far as I can concerned any existing data in Verizon’s direct or indirect control should be deleted.
$1.35M, that must be about 0.001% of their yearly profit. What an effect that will have on their bottom line. It’s a joke.
Re: Re:
don’t worry, they’ll tack on a new under the line fee for it…so the fine being this small is a huge benefit to Verizon Customers that were affected by this issue!
Win cookies or fountain drink by participating in the global subway customer survey at https://www.globalsubwaylistens.com/