124 posts categorized "Internet Access" Feed

Study: Almost 40 Percent of U.S. Smartphone Owners Use Voice Recognition

According to a recent study by Parks Associations, a market research and consulting company, 39 percent of smartphone owners in the United States use some form of voice recognition (e.g., Siri, Google Now). The usage is higher (more than 50 percent) for iPhone owners compared to Android owners (less than 33 percent). Harry Wang, Director of Health & Mobile Product Research at Parks Associations said:

“Smartphone penetration has reached 86% of U.S. broadband households, so it is a mature market, with users, particularly younger consumers and iOS users, exploring more intelligent features and interfaces, including voice control... The growing consumer interest in voice control features is driving this technology into new IoT areas... Following Apple’s lead with Siri, other brands have created ‘personalities’ for their voice-control solutions, like Alexa for Amazon Echo and Cortana for Windows Phones."

Usage is higher among younger persons. 48 percent of smartphone users ages 18-24, use voice recognition software, usage of the “Siri” voice recognition software increased from 40 to 52 percent between 2013 and 2015. In total, about 15 percent of all U.S. broadband households use Siri.

About 70 percent of smartphone owners who use voice recognition are satisfied. 38 percent said they are very satisfied, and 9 percent said they are not satisfied.

Additional findings about U.S. smartphone users:

  • More than 70 percent watch short streaming video clips, and more than 40 percent watch long streaming videos.
  • 36 percent use WiFi calling.
  • 26 percent use a payment app for purchases at retail stores, and
  • 24 percent stream video from their phones to a second screen (e.g., TV, PC).

Learn more in the "360 View: Mobility and the App Economy" report, or the press release, by Parks Associates.


Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking

[Editor's Note: Today's guest post was originally published by ProPublica on October 21, 2016. It is reprinted with permission.]

Google logo by Julia Angwin, ProPublica

When Google bought the advertising network DoubleClick in 2007, Google founder Sergey Brin said that privacy would be the company's "number one priority when we contemplate new kinds of advertising products."

And, for nearly a decade, Google did in fact keep DoubleClick's massive database of web-browsing records separate by default from the names and other personally identifiable information Google has collected from Gmail and its other login accounts.

But this summer, Google quietly erased that last privacy line in the sand -- literally crossing out the lines in its privacy policy that promised to keep the two pots of data separate by default. In its place, Google substituted new language that says browsing habits "may be" combined with what the company learns from the use Gmail and other tools.

The change is enabled by default for new Google accounts. Existing users were prompted to opt-in to the change this summer.

Revised Google privacy terms

The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on the keywords they used in their Gmail. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct.

The move is a sea change for Google and a further blow to the online ad industry's longstanding contention that web tracking is mostly anonymous. In recent years, Facebook, offline data brokers and others have increasingly sought to combine their troves of web tracking data with people's real names. But until this summer, Google held the line.

"The fact that DoubleClick data wasn't being regularly connected to personally identifiable information was a really significant last stand," said Paul Ohm, faculty director of the Center on Privacy and Technology at Georgetown Law.

"It was a border wall between being watched everywhere and maintaining a tiny semblance of privacy," he said. "That wall has just fallen."

Google spokeswoman Andrea Faville emailed a statement describing Google's change in privacy policy as an update to adjust to the "smartphone revolution"

"We updated our ads system, and the associated user controls, to match the way people use Google today: across many different devices," Faville wrote. She added that the change "is 100% optional -- if users do not opt-in to these changes, their Google experience will remain unchanged." (Read Google's entire statement.)

Existing Google users were prompted to opt-into the new tracking this summer through a request with titles such as "Some new features for your Google account."

The "new features" received little scrutiny at the time. Wired wrote that it "gives you more granular control over how ads work across devices." In a personal tech column, the New York Times also described the change as "new controls for the types of advertisements you see around the web."

Connecting web browsing habits to personally identifiable information has long been controversial.

Privacy advocates raised a ruckus in 1999 when DoubleClick purchased a data broker that assembled people's names, addresses and offline interests. The merger could have allowed DoubleClick to combine its web browsing information with people's names. After an investigation by the Federal Trade Commission, DoubleClick sold the broker at a loss.

In response to the controversy, the nascent online advertising industry formed the Network Advertising Initiative in 2000 to establish ethical codes. The industry promised to provide consumers with notice when their data was being collected, and options to opt out.

Most online ad tracking remained essentially anonymous for some time after that. When Google bought DoubleClick in 2007, for instance, the company's privacy policy stated:

"DoubleClick's ad-serving technology will be targeted based only on the non-personally-identifiable information."

In 2012, Google changed its privacy policy to allow it to share data about users between different Google services - such as Gmail and search. But it kept data from DoubleClick 2013 whose tracking technology is enabled on half of the top 1 million websites -- separate.

But the era of social networking has ushered in a new wave of identifiable tracking, in which services such as Facebook and Twitter have been able to track logged-in users when they shared an item from another website.

Two years ago, Facebook announced that it would track its users by name across the Internet when they visit websites containing Facebook buttons such as "Share" and "Like" 2013 even when users don't click on the button. (Here's how you can opt out of the targeted ads generated by that tracking).

Offline data brokers also started to merge their mailing lists with online shoppers. "The marriage of online and offline is the ad targeting of the last 10 years on steroids," said Scott Howe, chief executive of broker firm Acxiom.

To opt-out of Google's identified tracking, visit the Activity controls on Google's My Account page, and uncheck the box next to "Include Chrome browsing history and activity from websites and apps that use Google services." You can also delete past activity from your account.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Report: Consumer Usage of Video Streaming Services in The US

New research revealed that 16% of the "viewing population" have multiple subscription video-on-demand (SVOD) services in their homes. That's up from 10% three years ago. Consumer market research firm Gfk studied consumers in the United States, and also found that almost half (49%) of the "viewing population" subscribes to at least one SVOD service, 17% have both Netflix and Amazon Prime, 9% have Netflix and Hulu Plus, and 5% have all three of the major services.

The “viewing population” includes consumers who watch video at least once per week via any format: regular TV, streaming, or otherwise. According to Gfk, this is 95 percent of the total number of people 13 to 64 US years of age. Gfk also found that consumers:

"... who pay for combinations of Netflix, Amazon Prime, Hulu, and other subscription streaming services – are more likely to have kids under 18 in their homes (50%, versus an average of 41% among all weekly viewers of any type). “Self-bundlers” also have higher mean incomes than average weekly viewers – at $90,000 per year versus $76,000 – but are less likely to subscribe to traditional pay TV services.."

GfK interviewed 1,054 consumers in the United States for its “Over-the-Top TV 2016: A Complete Video Landscape” report. In related studies during the past year, Gfk found:

Below is an infographic from Gfk's "Over the Top TV 2016" report with additional information:

Infographic from Gfk Over the Top TV 2016 report. Click to view larger version


Yahoo Confirms Massive Data Breach. Unclear If Users At Its Outsourcing Clients Were Also Affected

Yahoo logo After reports about a rumored announcement, Yahoo confirmed late on Thursday a massive data breach affecting half a billion users -- 500 million persons. Yahoo believes the breach was performed by a "state-sponsored actor."

Data elements exposed and stolen during the breach include full names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, security questions and answers. The breach dated back to 2014. This is very serious, and by far the largest breach ever. The data elements stolen facilitate spam and a variety of scams; plus access to email contacts such as clients, customers, and patients.

Yahoo's breach announcement stated:

"The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter..."

Yahoo is in the process of notifying affected persons. Affected users should change their passwords, security questions, and answers.

The breach announcement did not state if users at outsourcing clients were affected. Other companies and entities can outsource their e-mail services to Yahoo, or to other e-mail providers offering similar services. One such company appears to be AT&T. The "AT&T Email Basics" page (see image below) references a co-branded AT&T-Yahoo website for AT&T customers to check their e-mail.

AT&T Email Basics page references Yahoo site for email. Click to view larger version I reached out to AT&T for a comment. A reply was not received by press time. If its email users were affected by the breach, then those users will probably want to know who is going to assist them, and what assistance will be offered.

Given the pending acquisition of Yahoo by Verizon, several AT&T customers already discussed in an online forum concerns about what might happen to their e-mail service operated by a competitor. (Verizon said on Thursday it learned about the breach two days ago.) If users at outsourcing clients were also affected by the breach, then this might add to their uncertainty.

If you received a breach notice from Yahoo, what is your opinion of the response?


Comcast And The Wireless Industry Defend 'Pay For Privacy' Schemes

Logo of CTIA, The Wireless Association Some big Internet service providers (ISPs) want consumers to pay for privacy. Earlier this month, both Comcast and the CTIA-The Wireless Association (formerly known as the Cellular Communications Industry Association) submitted comments about the broadband privacy rules proposed by the U.S. Federal Communications Commission (FCC) in April.

Portions of August 18, 2016 comments submitted by the CTIA to the FCC:

"Finally, we briefly noted that allowing consumers a variety of options regarding whether to receive a discount on broadband service in exchange for personalized advertising should be preserved. Hybrid payment models have been in commerce for centuries, including advertising supported magazines, grocery store loyalty programs, and app-based discount programs for retail establishments. Many internet companies rely on use of consumer data as their sole source of income, like search engines and social networks. Such offerings can lead to significant cost savings for all consumers, enable more valuable services for consumers, and mirror much of the economic activity that consumers expect. On this point, we provided a copy of a recent report by the Information Technology & Innovation Foundation, titled “Why Broadband Discounts for Data are Pro-Consumer,” which is attached to this filing."

Let's unpack this. It says that ISPs should be able to charge their customers for privacy, since many ISPs rely upon using (and reselling) their customers' information to make money. This would be an opt-out for customers, since the default is customers' information is used and resold. There are several problems with this approach:

  1. The pay-for-privacy business model is camouflaged in a seemingly harmless term: "hybrid payment models"
  2. The CTIA's argument falsely assumes ISPs are equivalent to search engines or social networking sites. They aren't. When a consumer uses the Internet, he/she has a choice of which search engine or social networking site to use; or none. Not so with ISPs. A consumer must use the Internet to do anything. Plus, there is a lack of ISP competition in key markets, which provides consumers with fewer choices. Is the industry suggesting more competition? Doubtful. In fact, the industry lobbied for and obtained local laws in about 20 states that deny residents the rights and benefits from competition by community-run ISPs; laws which a federal court recently (and mistakenly) upheld. And, proposed legislation to encourage ISP competition to gain lower prices and more choices for consumers has been blocked by the industry, by politicians, by attorneys general in some states.
  3. The CTIA's position is harmful. It essentially says this: the default is no privacy. Customers get privacy only when they pay for it. Huh? I find this at odds with traditional property rights laws. Information about consumers is owned by consumers until and unless they share it.
  4. Most customers already pay a monthly fee for Internet access. So, paying for privacy amounts to a price increase... a premium price, for something that should be baked into the service at the start. Plus, consumers in the United States already pay more for broadband and get slower speeds compared to other countries.
  5. The pay-for-privacy model does not address under- and un-served broadband segments: rural and low-income consumers. One could argue that paying for privacy is a greater burden on low-income consumers, when everyone has property rights and Fourth Amendment rights.
  6. Consumers need simplicity and clarity. For example, should a service offer a pay-for-privacy, it should mention optional components (e.g., web browsing, scan email contents, scan text message content, etc.) with standardized labels and language. Otherwise, consumers have more difficulty comparing services, and privacy policies that are already too long, complicated and difficult to read become even more so.

Comcast logo The CTIA's position seems to have followed Comcast's position. Portions of August 1, 2016 comments submitted by Comcast to the FCC:

"We also urged that the Commission allow business models offering discounts or other
value to consumers in exchange for allowing ISPs to use their data. As Comcast and others have argued, the FCC has no authority to prohibit or limit these types of programs. Moreover, such a prohibition would harm consumers by, among other things, depriving them of lower-priced offerings... A bargained-for exchange of information for service is a perfectly acceptable and widely used model throughout the U.S. economy, including the Internet ecosystem, and is consistent with decades of legal precedent and policy goals related to consumer protection and privacy.

Finally, we discussed how Comcast has partnered with vendors who have helped to
enhance consumer data privacy, and that the Commission should be clear that any rules it adopts do not prevent ISPs from providing CPNI to a vendor based on implied consent, provided the ISP has an agreement with the vendor requiring it to safeguard the CPNI and to use it solely on behalf of and as directed by the ISP..."

The same problems I listed above also apply to Comcast's comments. This is not theory. MotherBoard reported:

"Telecom giant AT&T already offers such a [pay for privacy] plan, called “Internet Preferences,” which tempts consumers with “best pricing” if they are willing to let the company “use your individual web browsing information, like the search terms you enter and the web pages you visit, to tailor ads and offers to your interests.” Users who opt-out of "Internet Preferences," which DSLReports calls a “deep packet inspection program that tracks your browsing behavior around the internet—down to the second,” face a $30 premium on their monthly bill."

Last year, Gigaom reported that price premium by AT&T for privacy is really far more:

"But $29 isn’t actually the price that AT&T charges per month for privacy. As I discussed back in May last year after I tried to sign up for AT&T’s GigaPower service to find out more about the pricing and the disclosures associated with the plan, the actual costs were closer to $44 or even $62 per month. This time around the price differentials are $44 for gigabit internet and $66 for HD TV and HBO Go plus gigabit internet."

Like anything else, the devil is in the details. $44 and $62 monthly both sound excessive. Apparently, the more services a consumer has, the more privacy costs. Regular readers of this blog already know about CPNI notices from AT&T.

The problems I see with both Comcast's and the wireless industry's pay-for-privacy positions are rooted in a lack of trust and transparency. The ISP industry has a long history of abuses, customer service failures, and a lack of transparency. Both the Gigaom and MotherBoard articles mentioned above highlight problems and failures, plus:

Consumers are rightfully wary and skeptical of pay-for-privacy schemes. Plus, consumers have no way to confirm that in a pay-for-privacy scheme their information is not being reused and resold anyway.

A solution based upon transparency that promotes trust would help: regular privacy audits by an independent third-party to ensure that the information of consumers who paid a privacy price premium are getting what they paid for.

Also available in this blog are the CTIA letter to the FCC (Adobe PDF; 247.2K bytes), and Comcast's letter to the FCC (Adobe PDF; 176.3K bytes).

To me, the whole thing smells like another excuse for ISPs to increase prices on services that are already too expensive and too slow. What do you think?


Federal Court Upholds State Laws To Restrict And Prevent City-Run Broadband Services

Last week, a federal appeals court overturned a Federal Communications Commission (FCC) ruling allowing community (a/k/a "city-run" or municipal) high-speed Internet service providers (ISPs) to expand into areas not served by commercial providers. The court decision immediately affects the expansion plans of community ISPs in Tennessee and North Carolina.

Community high-speed or broadband ISPs typically provide faster speeds (e.g., upload, download) and lower prices compared to commercial ISPs. Both states had passed laws preventing community ISPs from expanding, or making it onerous to expand. he FCC sought to stop such laws to encourage more competition, more choices, and lower prices for consumers.

The initial Reuters news report did not explain the rationale the court used. ABC News reported:

"The appeals court said that the FCC's order pre-empted the state laws and "the allocation of power between a state and its subdivisions." The court said the FCC's action requires a "clear statement" of authority in federal law, but the law does not contain a clear statement authorizing pre-emption of Tennessee's and North Carolina's laws... The appeals court said its ruling was a limited one, and it does not address other issues debated in the case, including whether the FCC has any pre-emptive power at all under the Telecommunications Act of 1996."

Chattanooga, Tennessee advertises itself as "Gig City," and is proud of its fiber broadband network:

"Only in Chattanooga, Tennessee is 1 Gigabit-per-second Internet speed available to every home and business - over 150,000 of them - throughout the entire community. Urban or rural, business or residence, Internet speeds that are unsurpassed in the Western Hemisphere – from 50 Megabits-per-second all the way up to one gigabit-per-second are accessible here. Today... Chattanooga's Fiber Optic network enables upload and download speeds 200 times faster than the current national average, and 10 times faster than the FCC's National Broadband Plan (a decade ahead of schedule)."

How fast is that? You can download a full-length movie in about 2 minutes. Is that faster than the broadband speed you get in your town or city? Probably. Is it cheaper than what you're paying? Probably.

The Attorneys Generals in several states have worked to prevent their residents from forming city-run ISPs. Tennessee Attorney General Herbert H. Slattery III released a statement:

"We are pleased with the 6th Circuit decision reversing the FCC’s Order. As we have stated from the outset, this case was not about access to broadband. Instead, it was about preventing the federal government from exercising power over the state of Tennessee that it does not have. Current state law allows a municipal Power Board to provide internet service only within its electric service area. Today’s decision preserves Tennessee’s right to determine the authority and market area of a political subdivision organized under Tennessee law."

The trade associations that represents corporate ISPs, US Telecom released a statement:

"Today’s decision is a victory for the rule of law. The FCC’s authority is not unbridled, it is limited to powers specifically delegated by the Congress, and it does not extend to preemption of state legislatures’ exercise of jurisdiction over their own political subdivisions. As an industry that shares the commission’s interest in accelerating broadband deployment, we would suggest that the best way for the FCC to accomplish its goals is to concentrate on eliminating federal regulatory impediments to innovation and investment – where there remains to be much that can and should be done."

Of course, the trade group is happy with the court decision. State laws that restrict or prevent city-run ISPs mean less competition, which makes it easier for corporate ISPs to maintain higher prices and slower speeds (which equals greater profits).

Community ISPs provide benefits for small businesses, and not only consumers. The benefits include more jobs, better services, and the ability of local towns to attract new businesses and start-ups. These benefits apply to rural areas, too; especially rural areas not served by corporate ISPs.

The Community Broadband Networks site described the benefits for small businesses of community broadband in North Carolina:

"... Speed is important, but so is Internet choice, reliable service, and respectful customer service... Before Greenlight began serving Pinetops, the best community members could get was sluggish Centurylink DSL - or Internet access offered over the phone lines... Suzanne Coker Craig, owner of CuriosiTees, described the situation... Her business, a custom screen printing shop, uses an “on-time” inventory system, so speed and reliability is critical for last-minute or late orders... She also subscribes to Greenlight from home and her fiber connection is able to manage data intense uploads required for sending artwork, sales reports, and other large document transfers... Brent Wooten is a sales agent and Manager for Mercer Transportation, a freight management business... moving freight across the country via trucks, requires being on time; he’s an information worker in a knowledge economy... Before Greenlight came to town, Brent’s business paid Centurylink $425 per month for a few phone lines, long distance, an 800 number, and Internet access at 10 Megabits per second (Mbps) download and 1.5 Mbps upload. He was also wasting hours and even days each month trying to get his Internet fixed... When Greenlight came to the community, Centurylink changed their tune. Within hours of his business phone being ported to Greenlight, a Centurylink representative called him. “He offered to cut my current prices in half and double my Internet speed, from 10 to 20 Mbps…My Centurylink 10 Mbps speed never tested at more than 6 Mbps.” Brent chose to keep his Centurylink phone service, but he kept his 25 Mbps symmetrical Greenlight Internet service because upload speed is critical to his business..."

Will these rural consumers and small businesses lose their community broadband services? Given the court decision, that is possible. Will the court decision negatively affect jobs? Probably, since many small businesses depend upon the faster community ISPs. FCC Chairman Wheeler stated:

"While we continue to review the decision, it appears to halt the promise of jobs, investment and opportunity that community broadband has provided in Tennessee and North Carolina. In the end, I believe the Commission’s decision to champion municipal efforts highlighted the benefits of competition and the need of communities to take their broadband futures in their own hands.

In the past 18 months, over 50 communities have taken steps to build their own bridges across the digital divide. The efforts of communities wanting better broadband should not be thwarted by the political power of those who, by protecting their monopoly, have failed to deliver acceptable service at an acceptable price. The FCC’s mandate is to make sure that Americans have access to the best possible broadband. We will consider all our legal and policy options to remove barriers to broadband deployment wherever they exist so that all Americans can have access to 21st Century communications. Should states seek to repeal their anti-competitive broadband statutes, I will be happy to testify on behalf of better broadband and consumer choice. Should states seek to limit the right of people to act for better broadband, I will be happy to testify on behalf of consumer choice...”

In January 2015, several U.S. Senators introduced the Community Broadband Act legislation in to block these restrictive laws in 20 states and to encourage more competition and lower prices for more consumers by allowing residents the right to operate city-run ISPs offering faster speeds and lower prices. Last week, Senator Ron Wyden (Oregon - Democrat) tweeted about the federal court decision:

Tweet by Senator Ron Wyden about Community Broadband Act

The legislation has stalled in the Republican-led Congress. Once again, you will hear politicians shout about the importance of defending state's rights against the FCC, while ignoring the rights of rural and small town residents to form community ISPs. Hypocritical politicians do this to protect their corporate ISPs donors from competition, which basically screws over residents by keeping prices high and speeds slow.

Residents in rural areas, small towns, and cities can claim, "we've been mugged" by state' legislatures that enacted laws preventing competition (and lower prices) from community ISPs.

Researchers compared high-speed Internet services worldwide, and found that consumers in the USA pay more and get slower speedsAnd Get Slower Speeds. That's great for corporate ISP profits and bad for consumers. The Community Broadband Act is an attempt to solve this problem.

Read the court decision: State of Tennessee, and the State of North Carolina; versus the U.S. Federal Communications Commission - (Adobe PDF). The FCC is reviewing the court's decision, and has not decided whether to appeal it.

The court decision is definitely pro-state law and anti-consumer. The court decision basically allows states to continue with laws that deny residents in local cities and towns the right to form, operate, and expand their own municipal broadband services to get lower prices and better services. That means less competition and higher prices for consumers living in states with these laws. Consider that when you vote in November.


The U.S. Copyright Office Commented on The FCC's Set-top Box Proposal

Federal communications Commission logo After the U.S. Federal Communications Commission proposed in February new set-top box rules for cable TV providers to encourage innovation, choices, and lower prices for consumer, the pay TV industry countered with its own proposal in June. Earlier this month, the U.S. Copyright Office shared its views about the matter.

Maria A. Pallante, a United States register of Copyrights and Director, provided the agency's views in a detailed 18-page letter to the FCC. The FCC used "Multi-Channel Video Programming Distributors" (MBPD) in its proposal to refer to the variety of companies (e.g., cable TV, wireless, Internet distributors, etc.) that distribute TV,, film, and video content. Pallante's letter is available at the Electronic Frontier Foundation (EFF) website:

"As requested, our comments pertain to the potential copyright implications of the Proposed Rule, as well as the general copyright principles at issue. Please note that although the Copyright Office did not file public comments in the FCC proceeding, the FCC did request our advice on the copyright issues raised by its proposal... we have no doubt that a number of the third-party products facilitated by the FCCs rule would enable fair and other nonfringing consumer uses of MVPD programming. The Copyright Office is therefore focused on whether these goals can be accomplished without overriding other concerns of copyright law and policy. The Office's principal reservation is that, as currently proposed, the rule could interfere with copyright owners' rights to license their works as provided by copyright law, and restrict their ability to impose reasonable conditions on the use of those works through the private negotiations that are the hallmark of the vibrant and dynamic MVPD marketplace..."

In short, the TV landscape today consists of many, secret, complicated licensing agreements between content producers and distributors. A Forbes Magazine article by Larry Downes described the landscape:

"Hollywood, for better and for worse, is built on a complicated legal regime of content licensing. That licensing limits when, where, and how programs are broadcast, and to whom. It includes limitations of the number and types of commercials that can be inserted into the programming, and even where in the channel line-up the programs will appear to consumers. Licensing agreements between producers and distributors are long, complicated, and mostly secret.

Opening the information flows for undefined new forms of access through new set-top boxes will almost certainly undermine those agreements. Third party boxes may change the channel line-up, replace the commercials, or offer programs on-demand that aren’t licensed for that use. Existing security and consumer privacy protections, mandated by law for pay TV providers, can’t be enforced by the FCC against new unregulated providers."

What we consumers see on TV, when we see it, how often we wee it, the number of commercials we see during shows, whether the show can be recorded (e.g., time shifted), whether the show can be device shifted (e.g., from television to a phone, tablet), and whether we see the show on pay-per-view, on-demand, on an Internet site, and/or on our phones are all governed by those private contracts.

Pallante's letter described the landscape similarly, but in greater detail. It also analyzed the FCC's proposed set-top box rule:

"In its most basic form, the rule contemplated by the FCC would seem to take a valuable good -- bundled video programming created through private effort and agreement under the protections of the Copyright Act -- and deliver it to third parties who are not in privity with the copyright owners, but who may nonetheless exploit the content for profit. Under the Proposed Rule, this would be accomplished without compensation to the creators or licensors of the copyrighted programming, and without requiring the third party to adhere to agreed-upon license terms. Indeed, a third party would have no way of knowing all of the requirements and liitations imposed under that license. As a result, it appears inevitable that many negotiated conditions upon which copyright owners license their works to MVPDs would not be honored under the Proposed Rule..."

"The FCC has stated that the Proposed Rule is not intended to negate these private contractual arrangements. However, it is not clear how the FCC wold prevent such an outcome under the Proposed Rule, for it appears to obligate MVPDs to deliver licensed works to third parties that could then unfairly exploit the works in ways that would be contrary to the essential conditions upon which the works were originally licensed... Thus, rather than being passive conduits for licensed programming, it seems that a broad array of the third-party devices and services would be enabled by the Proposed Rule would essentially be given access to a valuable bundle of copyrighted works, and could repackage and re-transmit those works for a profit, without having to comply with agreed contractual terms. And even though such activities -- for instance, competing or incompatible advertising -- could easily lessen the value of the rights licensed by program producers to the MVPDs, no offsetting compensation would flow back to the copyright holders or their actual licensees. THe Proposed Rule would thus appear to inappropriately restrict copyright owners' exclusive right to authorize parties of their choosing to publicly perform, display, reproduce and distribute their works according to agreed conditions, and to seek remuneration for additional uses of their works."

The Copyright Office's letter also discussed enforcement issues:

"... there already exists today a variety of third-party set-top box devices, mainly produced overseas, that are used to view pirated content delivered over the Internet. A reasonable concern is that, in response to the Proposed Rule, this market might expand to encompass devices designed to exploit the more readily available MVPD programming streams without adhering to the prescribed security measures. In addition, some commenters have suggested that limiting options for content security in this manner could jeopardize robust content security regimes -- including innovations to those systems -- thereby opening doors for third parties to acquire content illegally..."

Pallante and the Copyright Office concluded:

"We note that at the July 12th Congressional oversight hearing, FCC Commissioners acknowledged that they might choose to follow a different approach to achieve the FCC's objectives than that outlined in the NPRM, and that emerging alternative proposals showed promise. The Copyright Office is therefore hopeful that the FCC will refine its approach as necessary to avoid conflicts with copyright law and authors' interests under that law... it seems critical that any revised proposal respect the authority of creators to manage the exploitation of their copyrighted works through private licensing arrangements, because regulatory actions that undermine such arrangements would be inconsistent with the rights granted under the Copyright Act..."

So, the FCC's set-top box rule as initially proposed is too disruptive, and is effectively dead, since it would interfere with copyright owners' rights to license their content. Hopefully, the FCC won't give up and will refine its set-top box approach.

Pallante's letter to the FCC is also available here (Adobe PDF; 278.1K).


Benefits of Municipal Broadband Service

Andy Berke, the Mayor of Chattanooga (Tennessee) recently shared the benefits his city enjoys from municipal broadband services. The Tennessean reported:

"A pioneer in municipal broadband, Chattanooga developed its fiber network in 2010 with $330 million, paid for with $105 million in federal funds and the rest from bonds. The high-speed access led to direct and indirect economic gains and has been profitable."

Municipal broadband, a/k/a community broadband, is an affordable high-speed Internet Service Provider (ISP) built by the city, town, or municipality. It paid the cost to install fiber-optic cables to every home, not only to luxury buildings or select high-rise offices. A public-private partnership or third party may operate the network. Every resident and business that wants municipal broadband can sign up and easily get it; just like water, electricity, and gas services. Residents use municipal broadband for entertainment, education and online classes, remote work and tele-commuting, video conferencing, home-based businesses, new business startups, and more.

Mayor Berke listed the benefits Chattanooga enjoys:

"In the past three years, the city’s unemployment rate has dropped to 4.1 percent from 7.8 percent and the wage rate has also been climbing. Volkswagen’s presence has boosted the manufacturing sector and 10-gigabit speed internet has fueled wage growth, Berke said, speaking at Fiber to the Home Council Americas conference at Gaylord Opryland Resort & Convention Center... “It changed our conceptions of who we are and what is possible,” Berke said... Downtown has doubled its residents and landlords often advertise gigabit speeds that are included in monthly rents... "

Other towns in Tennessee have installed municipal broadband services, including Tullahoma and Clarksville. How fast is 10 gigabits? It is the fastest service available. Some math:

1.0 gigabit = 1.0 Gb = 1,024 X 1,024 X 1,024 bits = 1,073,741,824 bits
10 Gb = 10 X 1,073,741,824 bits = 10,737,418,240 bits
And 1 byte = 8 bits. So:
10 Gb / 8 = 1,342,177,280 bytes
And 1.0 megabyte = 1.0 MB = 1,000 kilobytes
And 1.0 kilobyte - 1.0 kb = 1,000 bytes. So:
1,342,177,280 bytes / 1,000,000 = 1,342 MB

The bottom line: 10-gigabits is a far, far faster than the 25-, 50-, or 100 MB broadband speed you're probably getting from your current Internet Service provider (ISP). Electric Power Board (EPB) provides the municipal broadband service in Chattanooga. Besides the blazing 10 gigabit speed, it also offers slower speeds:

EPB brodabnad prices. Chattanooga, Tennessee. Click to view larger version

Comcast Xfinity monthly prices for Internet. Click to view larger version I compared prices. Comcast Xfinity in Boston costs $79.95 per month for 75 megabytes speed. That's both slower and more expensive. Plus, it's the old coaxial cables and not the new fiber optic technology. Old things usually cost less. Read and learn more about community broadband networks.

Compare the prices for where you live. You're probably getting poor value. You're probably paying a lot more. If you are paying less, then you're still paying more because you're probably getting a far slower speed. Now you know a better deal exists, and how sweet that deal is -- both faster and cheaper service.

This worldwide study found that municipal or community broadband networks provide consumers with the best value (e.g., highest speeds at the lowest prices via wired lines). Regular readers of this blog are aware that there are 19 states with laws that prevent local towns and cities from forming their own municipal broadband networks. These laws contribute to the lack of competition, and keep your monthly Internet prices higher than otherwise. Some States Attorneys General are complicit with limiting competition.

Several politicians and Presidential candidates support these states' laws that limit competition, under the guise of "states rights" freedoms. This subterfuge helps their corporate donors, and limits (and ignores) both the freedoms and rights of people in local cities and towns to get and develop their own faster, more affordable high-speed Internet services.

Some politicians tried to correct this in 2015 with the Community Broadband Act. Sadly, that legislation has gone nowhere in Congress. Contact your elected officials today and tell them you want municipal broadband now.

Now you know why I discuss municipal broadband in this blog. Consumers are missing out on a sweet deal.


Pay-TV Industry Makes A Counter Proposal To FCC Set-Top Cable Box Rules

In response to the new set-top box rules proposed by the U.S. Federal Communications Commission (FCC) in February to encourage innovation, choices, and lower prices for consumers, the pay-TV industry has made a counter proposal. During meetings last week with the FCC:

"... the pay-TV industry would commit to creating apps to allow consumers to watch programs without needing to lease a box and the FCC could implement regulations enforcing the commitment"

Consumers spend an average of $231 annually in set-top box rental fees, generating $20 billion for the industry. The proposed FCC rules would encourage competition, innovation, more consumer choices, and lower prices. The FCC has said that it needs to see more details about the industry's counter offer:

"... to determine whether their industry proposal fully meets all of the goals of our proceeding..."

Not long ago, the pay-TV industry threatened lawsuits if the FCC proceeded with its proposed set-top box rules. Now, the industry has proposed a half-baked counter offer. Committing to create apps is like giving the sleeves off your vest. Apps are something the industry should be doing anyway.

Plus, the faux commitment avoids competition which was a key goal of the FCC's original proposed rules. One goal was innovation, which means let the innovators innovate -- tech companies like Apple, Alphabet, and others. Clearly, the industry is afraid of competition and doing whatever it can to keep competitors out, regardless of the negative consequences for consumers.

Also, the pay-TV industry's objections to the proposed FCC set-top box rules are unsupportable. Nothing in the FCC's proposed set-top box rules restricts the industry. They can still negotiate content agreements, develop apps (by themselves or license others to do it), and maintain their copyrights or property ownership. The Electronic Frontier Foundation (EFF) explained the the pay-TV industry's sordid history, the industry's faux copyright objections, and its likely goals today:

"... they are hoping that the FCC will repeat the same mistake it has made in the past when attempting to break up the TV set-top box monopoly, which is to leave them with enough control over the design and features of personal TV hardware and software so that choice becomes an illusion... Consumers know they are being ripped off by the current marketplace ($230 per consumer totaling $20 billion in rental fees each year) because they don't have an easy way to just own their box like they do with computers, cable modems, smart phones, tablets, and other electronic devices. And consumers know the personal empowerment that comes with being able to choose the best entertainment devices and software for themselves, separate from the entertainment content itself. Congress recognized this problem twenty years ago and passed a law that empowered the FCC to fix the problem... So what happened? The FCC issued regulations but allowed the cable industry to keep some control. Cable companies today have to give customers a descrambling device called a CableCARD that can go into devices like a TiVO, a PC, or (in theory) a TV itself. But the CableCARD era has been riddled with endless examples of how cable companies frustrate consumer switching away from rented set-top boxes because they controlled the means to switch... "

The pay-TV industry also includes many of the same wireless and broadband providers that object to proposed broadband privacy rules, object to net neutrality rules, and hired lobbyists for local laws in 19 states that prevent citizens from forming municipal broadband networks. All of this keeps prices high, and restricts competition and innovation. What's with the executive myopia?

The TV and cable-TV industries are changing quickly. Pay-TV executives seem addicted to $20 billion annual revenue flows regardless of the consequences to consumers. Address consumers' changing needs or go the way of buggy-whip makers who failed to adapt.

What are your opinions? Comments?


Appeals Court Backs FCC Net Neutrality Rules: Internet Access is a Utility

Federal communications Commission logo Yesterday, the D.C. Court of Appeals issued its decision, which supported the new Open Internet Rules by the Federal Communication Commission (FCC) to ensure open access to the Internet by all Americans. The new rules, commonly referred to as Net Neutrality and developed in 2015, apply to both wireless and wired connects; and are based upon no blocking, no throttling, no paid prioritization, and greater transparency. Cable, telecommunications, and wireless companies have fought the new rules.

The New York Times reported:

"The court’s decision upheld the F.C.C. on the historic declaration of broadband as a utility, the most significant aspect of the rules. That has broad-reaching implications for web and telecommunications companies and signals a shift in the government’s view of broadband as a service that should be equally accessible to all Americans, rather than a luxury that does not need close government supervision... The 184-page ruling opens a path for new limits on broadband providers."

Some of the companies support the FCC's new rules:

"Google and Netflix support net neutrality rules and have warned government officials that without regulatory limits, broadband providers would have an incentive to create business models that could harm consumers. They argue that broadband providers could degrade the quality of downloads and streams of online services to extract tolls from web companies or to promote unfairly their own competing services or the content of partners."

Some of the companies against the FCC's new rules:

"The legal battle from the broadband industry is far from over. The cable and telecom industries have signaled their intent to challenge any unfavorable decision, possibly taking the case to the Supreme Court. AT&T immediately said it would continue to fight."

A spokesperson for AT&T said that it hopes the U.S. Supreme Court will ultimately decide the matter. Corporate ISPs don't want Internet access reclassified as a utility. The Republican party promoted Senator Thune's proposed legislation in Congress to undo all of the good in the latest FCC rules. I called the proposed legislation a bait and switch. Read it and you'll probably agree.

U.S. Senator Edward J. Markey (D-Mass.) said in a statement:

"... net neutrality is here to stay... The court decision affirms what we already know to be true: that the FCC has the power to classify broadband Internet access service according to its best and current understanding of the technology, and how consumers harness that technology. The battle for net neutrality is the battle for our online future, and today’s ruling is a victory for consumers, innovators, entrepreneurs, and anyone who counts on the Internet to connect to the world. This decision celebrates the free and democratic expression of ideas that is the hallmark of our online ecosystem. Protecting net neutrality ensures that the best ideas, and not merely the best-funded ideas, will rule the day.”

The D.C. Appeals Court decision is indeed good news for consumers. Both consumers and businesses use the Internet daily... need the Internet... for a variety of applications. It has become essential to everyday life. Internet access is like water o electricity. We all need it to live, to work, to attend school.

Open Internet rules makes sense. When a consumer pays for Internet access, he or she should decide what they use that access for... not the Internet Service Provider (ISP). Large, corporate ISPs have amassed a variety of programming content in divisions and subsidiaries. The rule reflects this reality, and helps ensure that when YOU, the consumer, access the Internet you choose where to go -- and not your ISP, which has their own internal, financial bias toward content at owned affiliates, divisions, or business units.

The FCC has already proposed new privacy rules for high-speed ISPs, and unlocking cable set-top boxes to encourage innovation, competition, more choice, and lower prices for consumers. All of these rules make sense, complement each other, and help consumers.

The 184-page decision by the D.C. Appellate Court is available here and here (Adobe PDF; 1,001K bytes).


U.S. Chamber of Commerce Opposes Proposed FCC Broadband Privacy Rules

U.S. Chamber of Commerce logo Some companies don't want consumers to have privacy when using high-speed Internet services. Just before the long Memorial Day holiday weekend, the U.S. Chamber of Commerce (USCOC) submitted comments about the broadband privacy rules proposed by the U.S. Federal Communications Commission (FCC) in April. Portions of the USCOC's comments to the FCC:

"... the Chamber opposes the proposed broadband privacy rule because it is unnecessary, exceeds statutory authority, furthers a regulatory digital divide between edge and telecommunications providers, and threatens innovation by stifling the already thriving Internet ecosystem... I. Current broadband provider privacy practices and the market do not justify the proposed rule... II. The Commission is engaging in a regulatory overreach with its proposed rule... III. The NPRM furthers a regulatory digital divide The proposed rule creates regulatory imbalance in which broadband service providers will be subject to highly restrictive and prescriptive “opt-in” privacy regulations while other content and edge providers — like Netflix — remain under the light-touch regulatory framework of the FTC... The Chamber strongly supports voluntary self-regulation as the appropriate mechanism for online data protection... IV. The proposed FCC privacy rule threatens innovation and the current digital ecosystem..."

What is the USCOC? It is a political lobbying organization representing businesses. According to the organization's website:

"The U.S. Chamber of Commerce is the world’s largest business organization representing the interests of more than 3 million businesses of all sizes, sectors, and regions. Our members range from mom-and-pop shops and local chambers to leading industry associations and large corporations. They all share one thing—they count on the Chamber to be their voice in Washington, D.C."

Let's unpack this a bit. In its comments to the FCC, the USCOC is arguing for the interests of Internet Service Providers (ISPs), and not small mom-and-pop shops, and definitely not the interests of consumers. The USCOC's view is that opt-in privacy approaches is "highly restrictive" and a burden. Instead, they want to collect whatever consumer information ISPs desire and place the entire burden on consumers to opt-out of programs. Think about that for a moment. They believe it is burdensome to explain a program's privacy policy and display an "opt-in" (or "register" or "I accept these terms") button so that consumers stay in control of their personal information.

The USCOC's submission claims that the FCC's proposed rules unfairly places restrictions on ISPs compared to "edge providers' or companies that produce content and advertising networks:

"The proposed rule creates regulatory imbalance in which broadband service providers will be subject to highly-restrictive and prescriptive “opt-in” privacy regulations while other content and edge providers — like Netflix — remain under the light-touch regulatory framework of the FTC. The same customer data about Internet usage will be regulated by two very different agencies. Content and edge providers will continue to operate under FTC’s jurisdiction to regulate “unfair and deceptive” trade practices under Section 5 of the Federal Trade Commission Act. 21 Under Section 5, in the case of unfair and deceptive trade practice violations, the FTC generally issues a cease and desist order that does not immediately impose penalties on alleged violators. This practice gives companies notice and a chance to clean up their act. Conversely, broadband providers under section 222 would not be entitled to a notice to correct mistakes and would be subject to the highly-prescriptive regulations imposed by the NPRM. The decision to regulate broadband providers under two different regulatory regimes is entirely arbitrary..."

Huh? Really? Internet access is not content. Content is content. Of course, the two should be treated differently. Internet access includes the connections for devices a consumer uses online: phones, tablets, laptops, desktops, smart televisions, smart thermometers, smart home-security systems, fitness bands, smart watches, connected refrigerators, and more. Consuming content from Netflix, or another provider, may involve a few, one, or none of these devices -- the choice of the consumer.

In its comments to the FCC, the USCOC also said:

The Commission has also failed to offer any evidence that edge and content providers are respecting consumers’ privacy more than broadband providers or that Internet service providers have any meaningful advantage over content and edge providers with respect to personal data."

MediaPost reported:

"Consumer advocacy groups disagree, pointing out that ISPs have access to all unencrypted traffic in their networks. While more sites now encrypt data than in the past, much remains unencrypted. Consider, a recent study by Upturn found that more than 85% of the top 50 sites in health, news and shopping don't fully support encryption. Upturn also noted in its report that ISPs can glean information about consumers even when they visit encrypted sites... Consumer advocacy groups also argue that broadband providers should be subject to tougher privacy rules because consumers have only limited options about which ISP to use, but many choices about which Web sites to visit."

Well said. I would add to this that the industry historically has repeatedly abused consumers' privacy. This blog has covered many of those abuses:

Historically, ISPs have sought increased revenues and viewed targeted (behavioral) advertising as the means. To do this, they partnered with several technology companies (some went out of business after class-action lawsuits) to spy on consumers without notice, without consent, and without providing opt-out  mechanisms. Consumers should control their privacy, not ISPs.

Now you know who if fighting for consumers' interests, and who is not.


Proprietary Content Formats Threaten Both Consumers' Choices And An Open, Fair Internet

EFF - Save Firefox image

The open Internet and consumer choice are both under attack. The Electronic Frontier Foundation (EFF) described the threat (links added):

"The World Wide Web Consortium (W3C), once the force for open standards that kept browsers from locking publishers to their proprietary capabilities, has changed its mission. Since 2013, the organization has provided a forum where today's dominant browser companies and the dominant entertainment companies can collaborate on a system to let our browsers control our behavior, rather than the other way.

This system, "Encrypted Media Extensions" (EME) uses standards-defined code to funnel video into a proprietary container called a "Content Decryption Module." For a new browser to support this new video streaming standard -- which major studios and cable operators are pushing for -- it would have to convince those entertainment companies or one of their partners to let them have a CDM, or this part of the "open" Web would not display in their new browser.

This is the opposite of every W3C standard to date: once, all you needed to do to render content sent by a server was follow the standard, not get permission. If browsers had needed permission to render a page at the launch of Mozilla, the publishers would have frozen out this new, pop-up-blocking upstart. Kiss Firefox goodbye, in other words.

The W3C didn't have to do this. No copyright law says that making a video gives you the right to tell people who legally watch it how they must configure their equipment. But because of the design of EME, copyright holders will be able to use the law to shut down any new browser that tries to render the video without their permission."

An EFF blog post explained the related threat from vague online language:

"A team of researchers from UC Berkeley and Case Western have published a study showing that customers think they are getting traditional ownership rights when they buy digital media online, even when a vendor’s site includes legal terms (often buried in click-wrap agreements) purporting to limit those rights.

In the study, customers purchased digital media from a fictional website with either a “Buy Now” button, a “License Now” button... Customers clicking “Buy Now” overwhelmingly believed for that they would “own” both digital and hard copy media, and have the right to keep it indefinitely and use it on a device of their choice. Little did they realize that their digital copy could be taken away or simply be discontinued when a vendor went out of business or stopped supporting the product... When the button was changed to read “License Now,” customers’ expectations did not significantly change (they were less likely to say they "owned" the product, but just as likely to believe they had the rights that come with ownership). When, however, customers were presented with a plainly-written summary of the rights that were and were not granted, this did cause a corresponding change in people’s expectations. The paper reinforces the truism that no one reads fine print online terms, even in a research study. If vendors really wanted customers to understand what’s in their terms, they could easily craft informative summaries as the researchers did."

So, when you visit a website with "Buy It Now" buttons or "Own it Now" ads, you now know what really matters is what the fine print states. Some Apple Music and iTunes customers are learning this the hard way. Subscribing to music online may be convenient, but the downside is loss of control over music files that can also affect files users do own.

Publishers have every right to protect their property from theft, and the old adage is true: the devil is in the details. Read the fine print. When publishers use digital rights management (DRM) to drive web browser standards and both the hardware and software consumers can buy, then the tail wagging the dog.

So, it's not only about saving the Firefox web browser. It's about ensuring competition; that publishers build content to open standards and any web browser can display content built to those standards. Read the entire EFF article. Standards are standards. They should be open to everyone; not driven by publisher's needs.

What are you thoughts or opinions about the new standard?


FCC And FTC Query Wireless Providers About Security Updates For Mobile Devices

Federal communications Commission logo The U.S. Federal Trade Commission (FTC) and the U.S. Communications Commission (FCC) have launched a joint effort to understand the processes by wireless service providers (e.g., AT&T, Verizon Wireless, T-Mobile, Sprint, etc.) to review and distribute security updates to users' mobile devices. Also:

"... the FTC has ordered eight mobile device manufacturers to provide the agency with information about how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices."

The FCC announcement cited malware as a key reason for the agencies' joint action:

"There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device, including “Stagefright” in the Android operating system, which may affect almost 1 billion Android devices globally."

Usually, a consumer has to open a file attached to a text message or email for their computer to get infected. Not so with Stagefright. ZDNet explained just how nasty this malware is for mobile devices without security updates:

"Then, there's Stagefright. With malware based on this security hole all you need to do is to get a text on your unpatched Android device, and, bang, you're hacked. Stagefright can attack any Android smartphone, tablet, or other device running Android 2.2 or higher... Stagefright holds up your device by being sent to you as a multimedia text message... The really sneaky part is you don't need to watch the [attached video]. If you're using Google's Hangouts app, you don't even need to open your text message app. All the attacker needs to do is send a poisoned package to your phone number. It then opens up your device, and the attack starts. This can happen so fast that by the time your phone alerts you that a message has arrived, you've already been hacked."

The letter from the FCC to wireless service providers:

"May 9, 2016
Dear [Carrier],

As you know, one of the Commission’s top priorities is the promotion of safety and security of communications. This is a priority that is shared by our colleagues at the Federal Trade Commission (FTC).

As our nation’s consumers and businesses turn to mobile broadband to conduct ever more of their daily activities, from the most sensitive to the most trivial, the safety and security and their communications and other personal information is directly related to the security of the devices they use.

There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device and all the personal, sensitive data on it. One of the most significant to date is a vulnerability in the Android component called “Stagefright.” It may have the ability to affect close to 1 billion Android devices around the world. And there are many other vulnerabilities that could do just as much harm.

Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered. Therefore, we appreciate efforts made by operating system providers, original equipment manufacturers, and mobile service providers to respond quickly to address vulnerabilities as they arise. We are concerned, however, that there are significant delays in delivering patches to actual devices—and that older devices may never be patched.

In partnership with the FTC, we have launched a joint effort to better understand, and ultimately to improve, the mobile security “ecosystem.” The FCC is contacting the service provider community to better understand the role that they play in ensuring the security of mobile devices. The FTC is separately seeking information from operating system providers and original equipment manufacturers. We hope that the efforts of our two agencies will lead to a greater understanding of what is being done today to address mobile device vulnerabilities—and what can be done to improve mobile device consumer safety and security in the future.

As a first step, I request that you provide us with your detailed responses within forty-five (45) days of the date of this letter. If you request confidential treatment for your responses, your responses will be treated confidentially (see 47 CFR § 0.459(d)(3)) but please be aware that we intend to share all responses with the FTC, as we are permitted to do pursuant to 44 U.S.C. § 3510, and we ask that you state in your response, pursuant to 47 CFR § 0.442, that you do not oppose such disclosure.

Once we receive your responses, we look forward to meeting with your representatives to review your answers and learn your perspectives on possible next steps. Should you have any questions, please feel free to contact Charles Mathias on my staff. Thank you in advance for help in this important undertaking.

Sincerely,

Jon Wilkins,
Chief
Wireless Telecommunications Bureau
Federal Communications Commission"

The specific questions the FCC and FTC seek responses to:

"General Questions
1. Does [Carrier] face issues or hurdles in releasing security updates for operating systems (OS) to consumers? If so, please explain in detail.

2. Do any mobile devices on [Carrier]’s network run an OS that is modified for or is unique to [Carrier] and if so, what percent of the devices on [Carrier]’s network do they represent? With respect to such OS, is [Carrier] responsible for developing and providing security updates? Does [Carrier] face any additional issues or hurdles in releasing security updates for such OS to consumers? If so please explain in detail.

3. Similarly, are there devices intended for deployment on [Carrier]’s network that have been loaded at [Carrier]’s direction with special software beyond the OS or applications to monitor device or network performance or similar metrics (Required Software)? With respect to such Required Software, is [Carrier] responsible for developing and providing security updates? Does [Carrier] face issues or hurdles in releasing security updates for Required Software to consumers, regardless of who is responsible for developing such updates?

4. Does [Carrier] face particular issues or hurdles in getting consumers to install updates for either a modified OS or Required Software on mobile devices as they are made available?

5. To what degree does [Carrier] know whether a consumer has installed a security update to address OS or Required Software security vulnerabilities? If [Carrier] does not engage in practices to monitor such information, does [Carrier] have the technical ability to do so?

6. To the extent that [Carrier] does not know whether individual consumers have installed updates to address security vulnerabilities in an OS or Required Software, is [Carrier] concerned about this lack of knowledge?

7. Could un-patched, non-updated devices on [Carrier]’s network impact or harm the functionality of that network or [Carrier]’s ability to provide effective service to other consumers who have patched and installed security updates on their devices?

Development and Release of Security Updates Questions
8. To [Carrier]’s knowledge, what entities are involved in the updating process (e.g., original equipment manufacturer (OEM), OS or Required Software vendor, other) and can any of those entities other than [Carrier] individually release security updates for the consumer directly? What legal, security, or other permissions are required from any involved entities and does obtaining those permissions cause delay in release? If [Carrier] provides updates to consumers, are security updates generally released to all consumers at once? If not, please describe the security update release process and how it might affect different consumers, including those who transfer their device to [Carrier]’s network.

9. Do any of these answers differ for devices running different operating systems (e.g., Android, Windows, iOS, CyanogenMod, Blackberry, etc.)? If so, describe in detail. Is the process different for devices that are ported to [Carrier]’s network? If so, describe in detail.

10. As a general matter, are security updates that have been made available or provided to [Carrier] by an OEM or OS or Required Software vendor in response to an identified security vulnerability regularly reviewed and/or released by [Carrier]? If so, how long does this process take? If not, please explain.

11. What considerations does [Carrier] generally take into account when determining the prioritization and timing of release of a security update (i.e., severity of vulnerability, whether it can be rolled into another planned update, etc.)?

12. What data does [Carrier] maintain about security updates that have been made available to [Carrier] and the actions [Carrier] has taken in response?

Consumer-specific Questions
13. Does [Carrier] provide updates to consumers with vulnerabilities on their mobile devices or make available a website where consumers can easily check the vulnerability status of their device and download required patches? If so, what are the steps and typical time frames from the discovery of a vulnerability to the consumer receiving an update that resolves the vulnerability—or making that vulnerability available for download?

14. Are there instances where [Carrier] knows of a vulnerability to OS or Required Software but does not release a security update to consumers or otherwise make the security update available? If so, why and how does [Carrier] protect consumer security in such instances?

15. Does [Carrier] discontinue security update support for mobile devices? How does [Carrier] decide when to discontinue security update support? Are consumers notified at the time of sale how long security updates will be provided or supported for their device by [Carrier]? Are consumers notified when security updates to their mobile devices are no longer supported? What are consumers’ options for protecting themselves against security vulnerabilities after such discontinuance by [Carrier]?

16. What information or notices regarding security update support does [Carrier] provide to customers who port or bring their device when they sign up for [Carrier]’s service?

Stagefright-specific Questions
17. When and how did [Carrier] first become aware of vulnerabilities in the Android libstagefright library (commonly known as Stagefright)?

18. How many models of mobile devices on [Carrier]’s network were or might/could have been impacted by Stagefright vulnerabilities? 19. How many models of mobile devices on [Carrier]’s network remain vulnerable to the Stagefright vulnerabilities? Approximately how many such devices remain active on the network? How many of these devices have a customized OS provided by the [Carrier]?

20. Following expressions of public concern surrounding the Stagefright vulnerabilities, Google, Samsung, and LG committed to releasing monthly security updates for mobile devices. Has [Carrier] made a similar commitment to expedite the release of the monthly security updates as they become available? Have such monthly updates been made available and, if so, has [Carrier] begun to release those updates as they become available? How many have been made available and how many has [Carrier] released?"

It will be interesting to see which companies respond in a timely manner with complete responses, which procrastinate or provide obtuse responses, and which refuse to respond.

The agencies' joint action is good news for both consumers and employers. Many consumers have mobile devices that never receive security updates. Many employers have bring-your-own-device (BYOD) policies, which allow their employees to use personal devices for both personal and company business.

Everyone wants secure mobile devices. Everyone needs secure mobile devices.


Boston Mayor Announced Verizon Partnership And Fiber High-Speed Internet Expansion Across City

Verizon logo During a Boston City Council meeting in October 2015, Verizon representatives firmly stated the company's disinterest in expanding its FiOS fiber-based high-speed Internet services throughout the city. That position resulted in a lack of broadband Internet competition, with Comcast often the only service available in teh city. (The FCC increased the minimum broadband speed, so DSL services no longer qualify.) I was pleasantly surprised when Boston Mayor Marty Walsh announced on Tuesday:

"... a new partnership with Verizon to make Boston one of the most technologically advanced cities in the country by replacing its copper-based infrastructure with a state-of-the-art fiber-optic network platform across the city. The new network will offer enormous bandwidth and speeds. Through an investment of more than $300 million from Verizon over six years, this change will bring increased competition and choice for broadband and entertainment services in Boston..."

This is welcome news. Other Internet Service Providers (ISPs) offer slower speeds and charge high prices for those slower speeds. This worldwide study found that municipal broadband networks provide consumers with the best value (e.g., highest speeds at the lowest prices via wired lines). Thankfully, Massachusetts is not one of the 19 states with laws that prevent local towns and cities from forming their own municipal broadband networks. Consumers everywhere need choice and more competition.

Verizon fiber broadband construction in Boston will start:

"... in Dorchester, West Roxbury and the Dudley Square neighborhood of Roxbury in 2016, followed by Hyde Park, Mattapan, and other areas of Roxbury and Jamaica Plain. The city has also agreed to provide an expedited permitting process to encourage this build... As a next step, the city will begin the cable television licensing process. Upon successful completion of the licensing process, Verizon expects to offer FiOS TV service in Boston... Verizon kicked off the new collaboration by presenting a $100,000 Digital Equity contribution to the city, which will be used to support a mobile hotspot lending program at the Boston Public Library."

The partnership will measure demand from residents and businesses, and prioritize construction, using the www.verizon.com/BostonFiber website. Residents and businesses should visit the site and vote (for free) to ensure that their neighborhood gets fiber broadband first.

The partnership also includes the installation of Internet-connected devices in public areas, which is one portion of the Internet-ofThings (ioT):

"... an innovative "Smart Cities" trial that will address traffic safety and congestion along the Massachusetts Avenue Vision Zero Priority Corridor. The city and Verizon will experiment with sensors and advanced traffic signal control technology to increase safety, measure bicycle traffic, improve public transit vehicle flow, and decrease congestion. Future "Smart Cities" applications will address other key services, including environmental sensors, energy efficiency, and city lighting management."

As the projects move forward, it will be interesting to learn about what data will be collected by ioT devices and data-sharing agreements. Details matter. Verizon also announced:

"This partnership will also improve wireless services in Boston by enabling Verizon to attach wireless equipment to city street lights and utility poles, helping residents get fast, reliable mobile service."

Fiber broadband availability is good news. I visited the Boston Fiber website and voted. The site asks for your full name, email, and mobile phone number to provide availability updates. The site confirmed that I live in the area the partnership considers Zone A: the first area to get Verizon FiOS.

With all of this good news, sadly it seems to already be two steps forward and one step backward. Verizon has failed to reach agreement with its workers' unions, who went on strike yesterday. CNN reported:

"Most of the striking workers service the company's landline phone business and FiOS broadband network -- not the much larger Verizon Wireless network. They have gone without a contract since August, and their union, the Communication Workers of America, says it is fighting to get Verizon to come to the table with a better offer. The union's list of complaints is a long one: Verizon has outsourced 5,000 jobs to workers in Mexico, the Philippines and the Dominican Republic. Verizon is hiring more low-wage, non-union contractors... The union also claims Verizon won't negotiate with people who work in Verizon stores and is closing call centers. And Verizon is asking workers to work out of state, away from their homes, for months at a time. Meanwhile, the union says Verizon is cutting costs as its profits have soared."

I am sure that many residents and businesses want to order Verizon FiOS fiber broadband, and have it installed by fully trained and experienced technicians, not hastily gathered replacements.

After I voted, the Verizon website presented the image below with relative vote counts for Boston fiber:

Verizon FiOS fiber broadband Internet for Boston. Relative vote counts by neighborhoods. Click to view larger image


FCC Proposed New Privacy Rules To Help Consumers With Broadband Internet Services

Federal Communications Commission logo Earlier this month, the U.S. Federal Communications Commission (FCC) proposed new privacy rules to help consumers when subscribing to high-speed Internet services. The rules clarify when Internet Service providers (ISPs) must obtain the consumer's approval. A summary:

"Consent Inherent in Customer Decision to Purchase ISP’s Services: Customer data necessary to provide broadband services and for marketing the type of broadband service purchased by a customer – and for certain other purposes consistent with customer expectations, such as contacting public safety – would require no additional customer consent beyond the creation of the customer-ISP relationship.

Opt-out: Broadband providers would be allowed to use customer data for the purposes of marketing other communications-related services and to share customer data with their affiliates that provide communications-related services for the purposes of marketing such services unless the customer affirmatively opts out.

Opt-in: All other uses and sharing of consumer data would require express, affirmative “opt-in” consent from customers."

Additional rules require ISPs to clearly provide notices, opt-in mechanisms, and opt-out mechanisms:

"Transparency requirements that require ISPs to provide customers with clear, conspicuous and persistent notice about what information they collect, use and share with third parties, and how customers can change their privacy preferences;

Robust and flexible data security requirements for broadband providers that include requirements to adopt risk management practices; institute personnel training practices; implement strong customer authentication requirements; identify a senior manager responsible for data security; and take responsibility for use and protection of customer information when shared with third parties;

Common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information."

The Notice of Proposed Rulemaking (NPRM - Adobe format) contains the detailed statements. (The document is also available here.) Privacy is critical, since broadband Internet access is critical to do anything today. In January, 50 consumer and privacy groups urged the FCC to tighten broadband privacy rules for ISPs. In March, the FCC released a broadband privacy Fact Sheet, which stated in part:

"Telephone networks have had clear, enforceable privacy rules for decades, but broadband networks currently do not... An ISP handles all of its customers’ network traffic, which means it has an unobstructed view of all of their unencrypted online activity – the websites they visit, the applications they use. If customers have a mobile device, their provider can track their physical and online activities throughout the day in real time. Even when data is encrypted, broadband providers can still see the websites that a customer visits, how often they visit them, and the amount of time they spend on each website. Using this information, ISPs can piece together enormous amounts of information about their customers – including private information such as a chronic medical condition or financial problems. A consumer’s relationship with her ISP is very different than the one she has with a website or app. Consumers can move instantaneously to a different website, search engine or application. But once they sign up for broadband service, consumers can scarcely avoid the network for which they are paying a monthly fee."

You don't need to look far to find abuses and questionable customer service historically by ISPs. This blog has covered many of those abuses:

Historically, ISPs have sought increased revenues and viewed targeted (behavioral) advertising as the means. To do this, they partnered with several technology companies (some went out of business after class-action lawsuits) to spy on consumers without notice, without consent, and without providing opt-out  mechanisms. Consumers should control their privacy, not ISPs.

These proposed rules seem reasonable and common-sense. Consumers should be able to register for (e.g., opt-in) for additional desired programs and unsubscribe (e.g., opt-out) of undesired programs offered by their ISP.

Like any newly proposed rules, there is a comment period where the FCC seeks feedback from both consumers and companies. (A democracy requires participation.) If you like, or dislike, or want the proposed rules modified, then tell the FCC and explain why. The deadline for submitting feedback is May 27, 2016. Submit feedback online at the FCC website. The site lists several open proceedings for comments, so use Docket Number 16-106: "Protecting the Privacy of Customers of Broadband and Other Telecommunications Services."


CPNI Privacy Notices: A Review Of AT&T's And What You Need To Know

AT&T postcard notice in March 2016 about CPNI

Last week, my wife and I received the above postcard from AT&T, which provides our mobile phone service. All telecommunications companies in the United States provide these notices -- by snail mail, email, or both. If you receive a notice, don't toss it in the trash. Read it closely because your privacy depends upon it.

AT&T logo The text of our postcard read:

"AN IMPORTANT MESSAGE ABOUT THE PRIVACY OF YOUR CUSTOMER PROPRIETARY NETWORK INFORMATION (OR CPNI)

The protection of our customers' privacy is of utmost importance to the employees and management of the AT&T family of companies (AT&T)*. Please take a moment to read the following important message about the privacy of your customer information.

AT&T companies that provide telecommunications and interconnected Voice over Internet Protocol (VoIP) service (which permits VoIP customers to both send and receive calls to/from customer with traditional telephone/telecommunications service) would like to share your customer proprietary network information (CPNI) within the AT&T family of companies for our own marketing purposes, including using theat information to offer you additional products and services.

What CPNI? Your CPNI includes the types of telecommunications and interconnected VoIP services you currently purchase, how you use them, and the related billing for those services. CPNI does not include your telephone number, your name or your address. Protecting the confidentiality of your CPNI is your right and our duty under federal law. As an AT&T customer, you can restrict the use of your CPNI even within the AT&T family of companies.

To allow AT&T to use your CPNI, no further action is required. AT&T and our authorized agents will not sell, trade or share your CPNI with anyone other than those who are in the AT&T family of companies or are AT&T authorized agents, unless required by law. If at any time you would prefer that AT&T not use your CPNI to offer you additional products and services, you may:
- Submit an online form at att.com/ecpnioptout; or
- Call 800.315.8303 24 hour a day, 7 days a week and follow the prompts; or
- To speak to a service representative call 800.288.2020

Your decision to permit or restrict the use of CPNI will remain in effect until you decide to change it, which you can do at any time without charge. Restricting our use of your CPNI will not affect the providion of any AT&T products or services to which you currently subscribe, nor will it eliminate other types of marketing contacts. Thank you for choosing AT&T. We appreciate your business.

*The AT&T Family of Companies are those companies that provide voice, video and broadcast-related products and/or services domestically and internationally, including the AT&T local and long distance companies, AT&T Corp., AT&T Mobility, DIRECTV and other subsidiaries or affiliates of AT&T Inc. that provide, design, market, or sell products and/or services."

What does this notice mean? What's really going on?

First, AT&T is already sharing your information. Anytime you read a corporate notice that says you can opt out (e.g., unsubscribe) of a marketing or advertising program, that means you are already included. You'd think that programs would work the other way: you are never included in a program until you subscribe (e.g., opt in). That would be easy for consumers. You're only in programs you want to participate in, and there's no burden to (constantly) opt out of unwanted programs.

Sadly, other telecommunications companies have similar marketing programs with CPNI and opt-out mechanisms. Why? Marketing and advertising programs that automatically include all customers are the easiest and fastest way for companies to collect and share as much information as possible about as many customers as possible. So, you're included in programs whether you want them or not, with the hope that you won't take the time to read and opt out (unsubscribe).

That's definitely not consumer friendly.

Second, the notice fails to explain exactly what CPNI is. The description seems to have been written by lawyers for lawyers -- and not for consumers. A clearer notice would list the specific data elements collected and shared, with examples. I checked AT&T's CPNI website page to see if it provided a more details. It doesn't. It provided the same vague text. Compared to a postcard, there's plenty of more room on a web page to share details. I guess AT&T really doesn't want to share details about CPNI.

If you want to know exactly what CPNI is, the FCC provides this definition:

"Your local, long distance and wireless telephone companies, as well as your Voice over Internet Provider (VoIP), collect information such as the numbers you call and when you call them, as well as the particular services you use, such as call forwarding or voice mail. These companies collect this customer information, also called Customer Proprietary Network Information (CPNI) so they can provide the services you have requested and send you bills for them."

While petitioning the FCC for greater privacy protections in 2007, the Electronic Privacy Information Center (Epic) and other advocacy groups said:

"CPNI is the data collected by telecommunications corporations about a consumer’s telephone calls. It includes the time, date, duration and destination number of each call, the type of network a customer subscribes to, and any other information that appears on the customer's bill."

So, CPNI includes metadata about your call and online activity. That's sensitive personal information... which leads to the next point.

Third, treat the security of your CPNI data seriously. Last year, AT&T paid a $25 million penalty after data breaches in three of its offshore call centers that included stolen CPNI. The U.S. Federal Communications Commission (FCC) investigated after unauthorized employees in call centers in Mexico, Colombia, and the Philippines accessed sensitive personal information of about 280,000 U.S. customers: names, full or partial Social Security numbers, and CPNI data. The employees transferred the stolen information to "unauthorized third parties" (e.g., criminals) to unlock stolen phones and other acts. So, criminals understand the value of CPNI data. You should, too.

Fourth, the notice seems slanted. It uses the term "restrict" as if that is bad, but never provides examples of the benefits for consumers. How are consumers to make informed decisions if a company fails to clearly explain the program?

Fifth, the AT&T CPNI Optout page mechanism is poorly designed. The form, which asks customers to enter an account number and ZIP Code:

Image of AT&T CPNI Opt-out page

This works okay for accounts with a single person. It is problematic for accounts with multiple persons (phones), like family plans -- which my wife and I have. The form's lack of flexibility means that the account holder decides for everyone on the account. Individual persons can't selectively opt out. You'd think that AT&T would have designed the mechanism with flexibility to accommodate this, but it didn't. Everything seems driven by the sharing of information on monthly bills.

Sixth, the confirmation page copy seems vague. It isn't clear if the customer has opted out or not. If the processing isn't complete, then messaging should explain what happens next and when. See:

Image of AT&T CPNI Opt-out Confirmation page

Seventh, if you opted out of the CPNI data sharing program, you're not finished. The AT&T Choices and Controls page lists about six behavioral advertising programs. It is time consuming and crazy-making to have to wade through so many programs and opt out of each one.

So, I was underwhelmed by the CPNI opt-out mechanism. A long time ago, AT&T publicly promised to do behavioral advertising the right way. It's not there yet. Not even close.

What else might be happening here? AT&T executives probably have watched the 'supercookies' investigation and settlement agreement involving Verizon Wireless. Supercookies are unique identifiers inserted into mobile users' data streams to track their online usage. The identifiers, which are really difficult for consumers to delete, help provide advertisers with the robust information they desire. The FCC found that Verizon Wireless didn't inform its customers about its use of supercookies with data sharing, and didn't provide its customers with an opt-out mechanism. Bazinga! $1.35 million fine for privacy violations and a three-year compliance program. Verizon has since updated its policies and opt-out mechanism.

C/Net reported in 2014 that AT&T lagged Verizon in using supercookies:

"Verizon, the largest mobile carrier in the US, uses information gleaned from its supercookies to understand your interests and concerns by tracking the websites you visit and links you click on. It then supplies that information to its advertisers so they can craft finely targeted advertising campaigns. About 106 million of Verizon's consumer customers have been tracked this way for over two years by the company's Precision Market Insights program... AT&T tracks fewer customers, but only because the company says its program is still being tested."

Will AT&T ramp up its supercookies development? That bears monitoring. I expect privacy advocates will keep watch. Meanwhile, consumers can assume that CPNI includes everything on their monthly bill for whichever telecommunications products and services you use. Make your opt-out decisions based upon that.

What are your opinions of the CPNI privacy notice by AT&T? By other telecommunications companies?


Verizon Wireless Settles With The FCC Regarding 'Supercookies' And Online Tracking

Verizon logo Yesterday, the Federal Communications Commission (FCC) announced a settlement agreement with Verizon Wireless regarding the company's use of "Supercookies" to track mobile users. The FCC alleged that that Verizon Wireless inserted:

"... unique identifier headers or so-called “supercookies” into its customers’ mobile Internet traffic without their knowledge or consent. These unique, undeletable identifiers – referred to as UIDH – are inserted into web traffic and used to identify customers in order to deliver targeted ads from Verizon and other third parties."

Terms of the settlement agreement require Verizon Wireless to notify consumers about its targeted advertising programs, obtain customers’ opt-in consent before sharing UIDH with third-party companies and affiliates, and obtain customers’ opt-in (or opt-out) consent before sharing UIDH internally among Verizon's companies and business units. The settlement terms also require the company to pay a $1.35 million fine and adopt a three-year compliance plan.

Federal communications Commission logo The FCC's announcement also noted that the company was slow to update its privacy policy (bold added):

"It was not until late March 2015, over two years after Verizon Wireless first began inserting UIDH, that the company updated its privacy policy to disclose its use of UIDH and began to offer consumers the opportunity to opt-out of the insertion of unique identifier headers into their Internet traffic... Section 222 of the Communications Act imposes a duty on carriers to protect their customers’ proprietary information and use such information only for authorized purposes. It also expressly prohibits carriers that obtain proprietary information from other carriers for the provision of telecommunications services to use such information for any other purpose. Section 8.3 of the Commission’s rules, known as the Open Internet Transparency Rule, requires every fixed and mobile broadband Internet access provider to publicly disclose accurate information regarding the network management practices, performance, and commercial terms of its broadband Internet access services sufficient for consumers to make informed choices regarding use of such services and for content, application, service, and device providers to develop, market, and maintain Internet offerings."

The FCC began its investigation in December, 2014. At that time, the concern was:

"... whether Verizon Wireless failed to appropriately protect customer proprietary information and whether the company failed to disclose accurate and adequate information regarding its insertion of UIDH into consumer Internet traffic over its wireless network, in violation of the FCC’s 2010 Open Internet Transparency Rule and Section 222 of the Communications Act."

Verizon Wireless began inserting UIDH into consumer Internet traffic in December 2012, and didn't disclose this practice until October 2014. After acknowledging this practice, the company claimed that third-party advertising companies were unlikely to use their supercookies to build consumer profiles or other purposes. The Washington Post reported in November 2014:

"Verizon and AT&T have been quietly tracking the Internet activity of more than 100 million cellular customers with what critics have dubbed “supercookies”... The technology has allowed the companies to monitor which sites their customers visit, cataloging their tastes and interests. Consumers cannot erase these supercookies or evade them by using browser settings, such as the “private” or “incognito” modes that are popular among users wary of corporate or government surveillance.

Also in November 2014, the Electronic Frontier foundation (EFF) discovered the tracking, and asked Verizon to both notify users and get their consent before using supercookies:

"Verizon users might want to start looking for another provider. In an effort to better serve advertisers, Verizon Wireless has been silently modifying its users' web traffic on its network to inject a cookie-like tracker. This tracker, included in an HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device. It allows third-party advertisers and websites to assemble a deep, permanent profile of visitors' web browsing habits without their consent. Verizon apparently created this mechanism to expand their advertising programs, but it has privacy implications far beyond those programs."

The EFF said that the Verizon Wireless settlement agreement:

"... is a huge win for Internet privacy. ISPs are trusted carriers of our communications. They should be supporting individuals' privacy rights, not undermining them."

The EFF tempered its comments with a warning how ISPs can still secretly track consumers:

"... They can send tracking data only to selected web sites, hindering detection by third parties. ISPs can (and some very likely do) hide tracking data in a lower protocol layer, like TCP or IP, setting fields that are normally random based on an agreed-upon code. Or they could log all user browsing activity themselves and share it upon request. Detecting these more pernicious methods will require ongoing skilled technical work by the FCC and other watchdog organizations.."

This is why both a skilled oversight agency and watchdog groups are necessary. The average consumer cannot perform this technical analysis. FCC Enforcement Bureau Chief Travis LeBlanc said:

"Consumers care about privacy and should have a say in how their personal information is used, especially when it comes to who knows what they’re doing online... Privacy and innovation are not incompatible. This agreement shows that companies can offer meaningful transparency and consumer choice while at the same time continuing to innovate...”

Yes! Innovation and privacy are compatible. Yes, we consumers care... care greatly about privacy. Relevant advertising is not an excuse to do anything without notification and without consent. Kudos to the FCC. View the Verizon Wireless Order and Consent Decree (Adobe PDF).


FCC Proposes New Rule To Unlock Set-Top Cable Boxes To Encourage Innovation, Competition, Choice And Lower Prices

Federal communications Commission logo During an open Commission meeting on Thursday February 18, 2016, the U.S. Federal Communications Commission (FCC) discussed and approved several agenda items including a proposal to encourage competition with the cable television set-top boxes that many consumers lease from their cable-TV providers:

"The Notice of Proposed Rulemaking (NPRM) will create a framework for providing innovators, device manufacturers, and app developers the information they need to develop new technologies, reflecting the many ways consumers access their subscription video programming today. Ninety-nine percent of pay-TV subscribers have limited choices today and lease set-top boxes from their cable and satellite operators. Lack of competition has meant few choices and high prices for consumers – on average, $231 in rental fees annually for the average American household. Altogether, U.S. consumers spend $20 billion a year to lease these devices. Since 1994, according to a recent analysis, the cost of cable set-top boxes has risen 185 percent while the cost of computers, televisions, and mobile phones has dropped by 90 percent. Congress recognized the importance of a competitive marketplace and directed the Commission to adopt rules that will ensure consumers will be able to use the device they prefer for accessing programming they’ve paid for."

The NPRM recommends that Multi-channel Video Programming Distributors (MVPD), including legacy cable-TV providers, TV networks, and others that provide programming via cable and/or the Internet, be required to deliver three core information streams:

"1. Service discovery: Information about what programming is available to the consumer, such as the channel listing and video-on-demand lineup, and what is on those channels.
2. Entitlements: Information about what a device is allowed to do with content, such as recording,
3. Content delivery: The video programming itself."

Consumers can keep their current cable set-top boxes, or switch to newer solutions when available. The FCC did not dictate standards for the solutions. Instead the FCC recommended that:

"... these three streams be available to the creators of competitive solutions using any published, transparent format that conforms to specifications set by an independent, open standards body... The Notice of Proposed Rulemaking also recommends content protection rules... The proposed rules do not mandate a single security system but simply require MVPDs to offer at least one content protection system that is openly licensed on reasonable and non-discriminatory terms. This gives MVPDs the ability to create their own content protection system to prevent theft and misuse, while ensuring that manufacturers will be able to build devices that can access protected content from a variety of MVPDs."

The proposed rules also include the following requirements for MVPDs:

"Ensure that children’s programming advertising limits and emergency alerts apply regardless of whether the consumer leases the MVPD’s set-top box or uses a competitive solution to access video programming;

Include a billing transparency rule to ensure that consumers understand their monthly charges for both programming services and equipment lease fees in accordance with section 629; and

Retain the Commission’s rules adopted in a 2010 Report and Order to improve support for consumer-owned CableCARD devices."

Much needs to happen before competitive set-top box solutions are available in the marketplace. The next step includes a comment period where interested parties (e.g., companies, consumers) -- supporters and opponents -- submit feedback about the proposed rules. Then, the FCC reviews the feedback and may adjust its rules based upon that feedback. After finalized rules, companies will then develop set-top box solutions. The proposed rules document lists several topics the FCC seeks feedback about. Some of those topics:

"... ways to address any licensing and consumer protection issues... how best to align our rules on device billing and subsidies... whether the rules the Commission adopted in a 2010 Report and Order to improve support for consumer-owned CableCARD devices have continued relevance and should remain valid and enforceable... statistics show, however, that almost all consumers have one source for access to the multichannel video programming to which they subscribe: the leased set-top box, or the MVPD-provided application. Therefore, we tentatively conclude that the market for navigation devices is not competitive, and that we should adopt new regulations to further Section 629. We invite comment on this tentative conclusion... the process that an MVPD uses to decide whether to allow such a device to access its services... it appears that consumers have downloaded proprietary MVPD applications many times; we seek comment on whether consumers actually use those applications to access multichannel video programming..."

Regardless, the proposed set-top box rules will disrupt the revenue streams cable-TV operators have enjoyed for decades. So, you can expect them, and their allies, to put up a fight. Wired magazine reported:

"Each consumer has invested thousands of dollars into the box without having any ownership,” says Chip Pickering, CEO of Incompas, a trade association for “competitive networks” backed by Google, Amazon, Netflix, and others. “That’s a monopoly business model.” The distribution of set-top boxes, then, is essentially a monopoly within an already monopolistic industry..."

One argument opponents have used is to blame Google:

"Google has become a popular bogeyman for entrenched cable interests for good reason. The company has actively supported set-top box disruption, both through its involvement with Incompas and through direct contact with the FCC. AT&T went so far as to call it “Google’s Set-Top Box Proposal” in a corporate blog post opposing the rules..."

Despite the hype and spin that has been presented (and will be presented), it's important for consumers to remember that:

“Nothing in the [FCC] proposal changes linear TV or traditional TV’s advertising. Their programming, their advertising, nothing that they do today will be changed,” says Pickering. What could change is that the traditional programming would be served up alongside Internet programming..."

View the FCC "Unlock the Box" press release (Adobe PDF) or here. View the FCC "Unlock the Box" NPRM (Adobe PDF) or here.

The FCC set-top proposal is is good news for consumers. It starts to break the monopolistic strangle-hold. Cable-TV providers have had decades to recoup their infrastructure investments. It's time to move forward with solutions more friendly for consumers. Kudos to the FCC for encouraging competition to lower cable prices for consumers.


Ad Blocking Software: What It Is, The Benefits, And How To Use It

Nobody wants their online experience cluttered with irrelevant advertisements. Recently, TechCrunch published a beginner's guide to ad blocking software. If you are unfamiliar with what the software is, does, and its benefits, then this primer is for you.

Basically, ad blocking software prevents your web browser from downloading and displaying unwanted advertisements. Consumers use it for several reasons, including performance, privacy, and security for a better online experience:

"Performance. The average page has dozens of ad tags, and ad providers are typically built with no regard to performance (loading hundreds of tags, images, megabytes of video, etc.), so preventing all of this from loading drastically speeds up the website."

"Privacy. Most ad networks and tracking systems (like Google Analytics) collect information about user behavior and pages visited, which can lead to privacy issues. Ad blockers stop all of this and make it easy to browse privately."

Security is a concern because some advertising networks (e.g., AOL, Yahoo, Huffington Post) have been compromised with computer viruses, or malware, onto unsuspecting consumers' devices. Some malware targeted mobile devices. It has occurred often enough that the term malvertising is now used. Malvertising is very bad because you don't have to click on annything in order for your computer to get infected.

During the last 7+ years, this blog covered a variety of technologies (e.g., cookies, “zombie cookies,” Flash cookies, “zombie e-tags,” super cookies, “zombie databases” on mobile devices, canvas fingerprinting, etc.) companies use to persistently track consumers online without their knowledge nor consent; and to circumvent consumers' efforts to maintain privacy online. So, you want to do what you can to avoid or minimize the tracking.

Consumers have plenty of choices for which ad-blocking software to use. As TechCrunch reported:

"Apple’s iOS has recently allowed for content blocking extensions in its Safari browser, so now it’s possible to block ads on mobile websites, as well. Both iOS and Android also allow for third-party browsers that can come with ad-blocking abilities built in."

You can't block ads that appear within a mobile (or desktop) app, so that maybe another reason to use your web browser instead of a mobile app (which is usually a piece of a website). I happen to use, with the Firefox web browser, the Privacy Badger tool from the Electronic Frontier Foundation. I am delighted with it. Yes, some websites won't display content when you block their ads, but most do.

For private online searches, I use the DuckDuckGo search engine instead of Google, Bing, and Yahoo. What ad-blocking software do you use? If not, do you plan to start using it?