136 posts categorized "Internet Access" Feed

Poll Finds Republicans Rollback of Broadband Privacy Very Unpopular

A recent poll found that the Republican rollback of broadband privacy rules is very unpopular. Very unpopular. The poll included 1,000 Americans, and the results cut across age, gender, and political affiliations. Despite this, President Trump signed the privacy-rollback legislation on April 3. Since then, many consumers have sought online tools to protect their privacy.

Vox reported the survey results:

Image of Yougov poll results about Republican rollback of broadband privacy. Click to view larger version

Late last week, several Republicans in the House of Representatives sent a letter (Adobe PDF) to Ajit Pai, the Chairman of the U.S. Federal Communications Commission (FCC), urging the FCC to regulate broadband service providers. The letter read, in part:

"We write to ensure that the Federal Communications Commission (FCC) stands ready to protect consumer privacy... The Federal Trade Commission (FTC) has long been the standard bearer for striking the right balance of consumer protection with a pro-innovative construct that encourages consumer choice, opportunities, and new jobs... An FCC approach that mirrors the FTC will continue to protect consumers in this tumultuous time... Until such time as the FCC rectifies the Title II reclassification that inappropriately removed ISPs from the FTC's jurisdiction, we urge the FCC to hold Internet service providers (ISPs) to their privacy promises..."

The letter was signed by Greg Walden (Chairman, Committee on Energy & Commerce), Marsha Blackburn (Chairman, Subcommittee on Communications & Technology), and 48 other representatives.

Tumultuous times? The tumult was created by the rollback of privacy rules -- a situation created by Republicans. All would have been fine if they'd left the FCC's broadband privacy rules in place; rules consumers clear want -- rules that keep users in control of their online privacy.

Representative Blackburn and her fellow Republicans either doesn't know history or have chosen to ignore it. Several problems have plagued the industry: a lack of ISP competition in key markets, consumers in the United States pay more for broadband and get slower speeds compared to other countries, and numerous privacy violations and lawsuits:

Clearly, the FCC had to act, it did, it held hearings, and then finalized improved broadband privacy rules to help consumers. Now, the Congress and President undid all of that creating the tumult they now claim to want to solve.

Clearly, Representative Blackburn and others are happy to comply with the wishes of their corporate donors -- who don't want broadband classified as a utility. Internet access is a basic consumer need for work, entertainment, and school -- just like water, electricity, and natural gas (for cooking). Internet access is a utility, like it or not. The FCC under Chairman Wheeler had the right consumer-friendly approach, despite the spin by Blackburn and others.

What are your opinions?


President Trump Signed Legislation Revoking FCC's Broadband Privacy Rules. Lots Of Consequences

Late yesterday, President Trump signed legislation revoking broadband privacy rules adopted by the Federal Communications Commission (FCC). The rules would have kept consumers in control of their information online. Instead, internet service providers (ISPs) are free to collect, archive, and share at will without notice nor consent information about consumers' online activities (e.g., far more than browsing histories).

The legislation narrowly passed both in the Senate (50 - 48) and in the House (210 - 205). Proponents of the legislation claimed duplicate legislation. Representative Marsha Blackburn (R-Tenn.), who introduced the legislation in the House, said plenty recently according to Breitbart News:

"What we are doing is recalling a privacy rule that the FCC issued right at the end of the Obama administration, and the reason we are doing this is because it is additional and duplicative regulation... What the FCC did was clearly overreach. It gives you two sets of regulators that you’re trying to comply with, not one. So we are recalling the FCC’s rule, and that authority will go back to the FTC...”

"What the Obama administration did... they reclassified your Internet service as Title II, which is a common carrier classification. It is the rule that governs telephone usage... Those rules were put on the books in the thirties. So what the Democrats did... they reclassified Internet, which is an information service, as a telephone service, and then put those 1930s-era rules on top of your Internet service... They did that so they could tax it, so they could begin to regulate it..."

"You don’t need another layer of regulation. It’s like flashing alerts: We don’t need net neutrality. We don’t need Title II. We don’t need additional regulations heaped on the Internet under Title II. The Internet is not broken. It has done just fine without the government controlling it."

Not broken? The founder of the internet, Tim Berners-Lee gave three solid reasons why the internet is broken. His number one reason: consumers have lost control over their personal information.

And, Representative Blackburn either doesn't know history or has chosen to ignore it. Several problems have plagued the industry: a lack of ISP competition in key markets, consumers in the United States pay more for broadband and get slower speeds compared to other countries, and numerous privacy violations and lawsuits:

Clearly, the FCC had to act, it did, it held hearings, and then finalized improved broadband privacy rules to help consumers. Now, the Congress and President undid all of that.

There are plenty of consequences. To regain some online privacy lost due to the new legislation, many consumers have considered Virtual Private Networks (VPNs) and other online tools to prevent ISPs from spying on them. VPNs are not a cure-all. ISPs can still block or throttle consumers' VPN connection, and VPNs won't protect e-mail nor internet-of-things devices installed in homes.

Basically, there is no substitute for consumers being in control of their online privacy with transparent notice by ISPs. The impact upon consumers: less online privacy and higher internet prices. Consumers are forced to spend more money on VPN and other tools.

Blackburn and others claimed that the U.S. Federal Trade Commission (FTC) should regulate ISPs. Regulation by the FTC is not a slam-dunk. AdAge reported:

"If the FTC does regain its oversight, the result is likely to be weaker privacy protections than what the FCC intended with its rules, as well as a relatively clear path for telcos to pursue their data-revenue-generating goals... One legal peak to climb: precedent set by a U.S district court ruling siding with AT&T against the FTC last year which carved out an exemption for companies that provide bundled phone and ISP services which effectively protected AT&T from FTC regulations protecting consumers from unfair or deceptive practices.

Even if the FTC eventually garners ISP jurisdiction, argued [Gigi Sohn, a senior counselor to former FCC Chairman Tom Wheeler], "it will lead to some privacy protection but much weaker than what people just lost." She pointed to FTC Chairman Ohlausen's high bar for showing harm against consumers before actions against companies are taken, noting, "She wants to see harm first. Well, rules protect you before you're harmed." "

Despite the claims by Blackburn and others, the bottom line is:

"... what we're left with is a period of uncertainty where the carriers may do certain things but it's unclear. Does the FCC have jurisdiction or does the FTC have jurisdiction?"

The Los Angeles Times reported:

"The FTC is empowered to bring lawsuits against companies that violate its privacy guidelines, but it has no authority to create new rules for industry. It also cannot enforce its own guidelines against Internet providers because of a government rule that places those types of companies squarely within the jurisdiction of the FCC and out of the reach of the FTC. As a result, Internet providers exist in a "policy gap" in which the only privacy regulators for the industry operate at the state, not federal, level, analysts say."

Ambiguity. Lack of clarity. Policy gap. None of those are good for business, or for consumers.

Read more about President Trump's signing of the legislation at C/Net and Reuters.


Tools For Consumers To Regain Some Online Privacy. Higher Internet Prices Likely

Now that the Republican-led Congress and President Trump have dismantled broadband privacy rules, internet service providers (ISPs) are free to collect, archive, and share at will without disclosure consumers' complete online activities (e.g., far more than browsing histories) to maximize their profits. Just about all of your online activities are harvested by ISPs, not just your browsing histories. Readers of this blog may remember the Deep-Packet Inspection software some ISPs installed on their servers to track their customers' online usage without notice nor consent.

To combat this, many consumers seek technical solutions, such as a virtual private network (VPN), to maintain as much privacy online as possible. Consumers will need to locate VPN and other tools than run on several devices (e.g., phones, tablets, laptops, desktops, etc.) and browsers (e.g., Firefox, Opera, etc.). Resources about several tools including VPNs:

Reviews and comparisons about VPN providers:

Some recommended, paid VPNs run on several platforms including Apple brand devices: F-Secure Freedome, Private Internet Access, and SurfEasy. Some VPNs offer a lower monthly price for a longer contract term. Look for pricing that covers multiple devices.

All of the above resources contain links to specific VPN brands. Experts recommend that consumers shop around for a paid VPN, since many of the free VPNs collect and resell consumers' information to make money. Some VPN providers offer phone customer service and support. This may be especially helpful for inexperienced users.

If a (free or paid) VPN saves usage logs of its customers' online activity and shares those logs with others (e.g., advertisers, affiliates, marketing partners, law enforcement, etc.), then that totally defeats the purpose of using a VPN service for privacy. So wise consumers shop around, read the terms of service, and read the privacy policy before signing up for a VPN.

Just like anti-virus software, several VPNs running on the same device can cause problems. So, you'll need to spend time sorting that out, too.

Sadly, VPNs are not a cure-all. Your ISP can still block or throttle your connection. Basically, there is no substitute for consumers being in control of their online privacy with transparent notice by ISPs. And, VPNs won't protect internet-of-things devices (e.g., appliances, refrigerators, thermostats, security systems, televisions, etc.) connected in to the WiFi router in your home. Tech Dirt reported:

"VPN clients are typically for desktop machines and, in some cases, mobile devices such as phones and tablets. As previously discussed, IoT devices in homes will continue to generate more traffic. Most such devices do not support VPN software. While it is conceivable that a user could set up an encrypted VPN tunnel from the home router and route all home traffic through a VPN, typical home gateways don’t easily support this functionality at this point, and configuring such a setup would be cumbersome for the typical user."

Note: VPN services don't protect e-mail. ISPs user a different set of servers for e-mail (e.g., SMTP, SMTPS) versus web browsing (e.g., HTTP, HTTPS). You might consider a secure e-mail service like ProtonMail. You might find this review of ProtonMail helpful.

Do you use Gmail? Remember Google scans both inbound and outbound e-mail messages supposedly to serve up relevant ads. While a certain amount of message scanning is appropriate to identify spam and malware, last month a federal court judge rejected a proposed settlement offer with non-Gmail users who had filed a class-action lawsuit because their e-mail messages had been scanned by Google (and they couldn't opt out of the scanning).

So, internet costs for consumers are going up with thanks to privacy-busting legislation passed by a Republican-led Congress. Consumers will pay more, perhaps an additional $50 - $80 yearly for VPN services, on top of already high monthly internet prices -- with a marginal increase in privacy; not the better, more complete solution consumers would have received with the FCC broadband privacy rules. Add in the value of your time spent shopping around for VPN and privacy tools, and the price increase is even greater.

Plus, monthly internet costs for consumers could go far higher if ISPs charge for online privacy. Is that possible you ask? Yep. Comcast and industry lobbyists have already stated that they want "pay-for-privacy" schemes. Congress seems happy to oblige corporate ISPs and stick it to consumers.

Petition to keep FCC broadband privacy rules and nullify Senate Joint Resolution 34 Mad about all of this? You probably are, too. I am. Be sure to tell your Senators and House representatives that voted to revoke FCC online privacy rules. Tell them you dislike the higher prices you're forced to pay to maintain privacy online.

Do any VPN providers act as fronts for government intelligence and spy agencies? I do not have the resources to determine this. Perhaps, some enterprising white-hat users can shed some light on this.

What online privacy resources have you found?


Congress Passed Joint Resolution To Revoke New Online Privacy Rules By The FCC. Plenty of Consequences

On Tuesday, the U.S. House of Representatives approved legislation to revoke new online privacy rules the U.S. Federal Communications Commission (FCC) adopted in 2016 to protect consumers by govern the data collection and sharing of consumers' personal information by Internet Service providers (ISPs). Several cable, telecommunications, and advertising lobbies sent a letter in January asking Congress to remove the new broadband privacy rules, which they viewed as burdensome.

Congress quickly complied. The new legislation consisted of two companion bills: Senate Joint Resolution 34 (S.J. Res. 34) and House Joint Resolution 86 (H.J. Res. 86). The House vote was close: 210 to 205 with 215 Republican representatives voting for S.J. Res. 34. 190 Democratic and 15 Republican representatives voted against it. Consumers can view H.J. Res. 86 votes by their elected officials.

Representative Marsha Blackburn (R-Tenn.) introduced the legislation in the House. Blackburn said plenty in an interview published on Breitbart News:

"What we are doing is recalling a privacy rule that the FCC issued right at the end of the Obama administration, and the reason we are doing this is because it is additional and duplicative regulation... What the FCC did was clearly overreach. It gives you two sets of regulators that you’re trying to comply with, not one. So we are recalling the FCC’s rule, and that authority will go back to the FTC...”

"What the Obama administration did... they reclassified your Internet service as Title II, which is a common carrier classification. It is the rule that governs telephone usage... Those rules were put on the books in the thirties. So what the Democrats did... they reclassified Internet, which is an information service, as a telephone service, and then put those 1930s-era rules on top of your Internet service... They did that so they could tax it, so they could begin to regulate it..."

"You don’t need another layer of regulation. It’s like flashing alerts: We don’t need net neutrality. We don’t need Title II. We don’t need additional regulations heaped on the Internet under Title II. The Internet is not broken. It has done just fine without the government controlling it."

Not broken? Really? The founder of the internet, Tim Berners-Lee gave three solid reasons why the internet is broken. His number one reason on his list: consumers have lost control over their personal information.

Plus, Representative Blackburn either doesn't know history or has chosen to ignore it. Several problems have plagued the industry: a lack of ISP competition in key markets, consumers in the United States pay more for broadband and get slower speeds compared to other countries, and numerous privacy violations and lawsuits:

Clearly, the FCC had to act; and it did. Congress held hearings, too.

Advertisement in the New York Times newspaper after the Senate vote. Click to view larger version The Senate passed S.J. Res. 34 about a week before the House vote Tuesday. The Senate vote was also close: 50 to 48. Senator Jeff Flake (R-Arizona) introduced the legislation in the Senate, and he repeated the same over-reach claims:

"The FCC’s midnight regulation has the potential to limit consumer choice, stifle innovation, and jeopardize data security by destabilizing the internet ecosystem. Passing my resolution is the first step toward restoring a consumer-friendly approach to internet privacy regulation that empowers consumers to make informed choices on if and how their data can be shared. It will not change or lessen existing consumer privacy protections.”

Consumers can view S.J. Res 34 votes by their elected officials. The press release by Senator Flake's office also stated:

"Flake’s resolution, S.J.Res. 34, would not change or lessen existing consumer privacy regulations. It is designed to block an attempt by the Federal Communications Commission (FCC) to expand its regulatory jurisdiction and impose prescriptive data restrictions on internet service providers. These restrictions have the potential to negatively impact consumers and the future of internet innovation."

Federal communications Commission logo Flake's spin of "midnight regulation" is unfair and inaccurate. The new FCC privacy rules were proposed in April 2016, and enacted in October. That provided plenty of time for discussion and input from consumers, experts, and companies. In March 2016, the FCC released a broadband privacy Fact Sheet, which explained the need for the new privacy rules:

"Telephone networks have had clear, enforceable privacy rules for decades, but broadband networks currently do not... An ISP handles all of its customers’ network traffic, which means it has an unobstructed view of all of their unencrypted online activity – the websites they visit, the applications they use. If customers have a mobile device, their provider can track their physical and online activities throughout the day in real time. Even when data is encrypted, broadband providers can still see the websites that a customer visits, how often they visit them, and the amount of time they spend on each website. Using this information, ISPs can piece together enormous amounts of information about their customers – including private information such as a chronic medical condition or financial problems. A consumer’s relationship with her ISP is very different than the one she has with a website or app. Consumers can move instantaneously to a different website, search engine or application. But once they sign up for broadband service, consumers can scarcely avoid the network for which they are paying a monthly fee."

To distinguish spin from facts, it is critical to read the FCC announcement of its new broadband privacy rules from last year:

"Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.

Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out.” All other individually identifiable customer information – for example, email address or service tier information – would be considered non-sensitive and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations.

Exceptions to consent requirements: Customer consent is inferred for certain purposes specified in the statute, including the provision of broadband service or billing and collection. For the use of this information, no additional customer consent is required beyond the creation of the customer-ISP relationship.

Transparency requirements that require ISPs to provide customers with clear, conspicuous and persistent notice about the information they collect, how it may be used and with whom it may be shared, as well as how customers can change their privacy preferences;

A requirement that broadband providers engage in reasonable data security practices and guidelines on steps ISPs should consider taking, such as implementing relevant industry best practices, providing appropriate oversight of security practices, implementing robust customer authentication tools, and proper disposal of data consistent with FTC best practices and the Consumer Privacy Bill of Rights.

Common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information."

Sounds clear, reasonable, and appropriate. Not perfect, but an improvement of what was before. Addressed transparency concerns, too. To summarize, the new FCC broadband privacy rules kept consumers in control of their sensitive personal information. By revoking those rules, Congress is effectively telling consumers they shouldn't be in control of their own information and ISPs should be in control.

Do you want to be in control of your personal information online? I do, and I suspect you do, too.

Think about the consequences. Once the legislation is signed by President Trump, ISPs will be free to collect, use, and share information describing your online activities. Your ISP is in a unique position because it can scan all un-encrypted data flowing through your internet connection. That typically includes: a) the websites you visit and apps you use; b) which items in "a" you use repeatedly, when and how long; c) the searches you perform online at search engine sites, and via personal assistants, d) activity generated by appliances, televisions, thermostats, security systems, and other devices connected to your home WiFi; and d) the geo-location or where in the physical world your perform online activities. (Besides your smartphone, several devices including your car, fitness bands, smart watches, and wearables collect and share your geo-location data.) Perhaps most importantly, your ISP won't need your consent and probably won't tell you what it is sharing and with whom.

Think about the consequences.

It's not just porn. Your online activities reveal plenty: 1) appointment confirmation emails from your doctor reveal the type of doctor and imply certain medical conditions or procedures; 2) online visits to your bank(s) reveal the types of money and the location of your bank accounts; 3) online activities by your CHILDREN reveal much, including the types of toys and devices they use; 4) work-from-home can reveal proprietary information your employer does not want disclosed; and 5) simple curiosity becomes dangerous. Example: a rash appears on your skin, so you surf over to WebMD to read about symptoms and what it might be. Or, maybe you're reading about a condition of an elderly parentor family member. Problem is: your ISP can infer from your online activities conditions and diseases relate to you, even though they may not. Another example: health care organizations have to comply with HIPPA regulations to protect patients' privacy. Many patients use online healthcare portals by their hospital to coordinate care by several doctors and surgeons. Will your ISP honor HIPPA regulations? They probably won't.

Think about the consequences.

All of that information collected about your online activities could be used against you someday... when you apply for a job, when you sign up for insurance, when you apply for a loan, when you try to adopt a baby or child. Remember, two huge industries exist to help companies buy, sell, and trade information (data brokers); the second (data mining) to help companies merge, manipulate, and analyze the data they've collected and bought.

Comcast logo Think about the consequences. Your ISP may not allow you to decline (e.g., opt out of) the data collection, tracking, usage, and sharing. Or your ISP may charge more fees for online privacy. Don't think that can't happen. Comcast and industry lobbyists have already stated that they want "pay-for-privacy" schemes. So, with Congress' latest action, consumers may soon see price increases and higher monthly internet and wireless bills.

Some consumers are worried, and are exploring technical solutions to thwart ISPs that snoop. The problem: there is no cure-all solution. Some people are angry. To show lawmakers how terrible their decision was, a crowd-funding campaign was started to raise money to buy (and then publish publicly) the internet histories of leading Republicans (e.g., Senate Majority Leader Mitch McConnell, House Speaker Paul Ryan, House Representative Marsh Blackburn) and FCC members who voted for and support the privacy-busting legislation. So, we may then learn which members of Congress watch the most porn.

Lawmakers in some states are already responding to voters' online privacy concerns. In Illinois, lawmakers have introduced two items of legislation: the Geolocation Privacy Protection Act (GPPA) and the Right To Know Act (RTKA). Lawmakers in Nevada introduced geolocation privacy legislation. More states will likely follow.

With the FCC broadband privacy rules revoked, there are five creepy things your ISP could do. What are your opinions of Congress revoking FCC broadband privacy rules?

[Editor's note: this blog post was revised on Friday, March 31 with links to new legislation in Illinois and Nevada.]


Study: Many Consumers Don't Secure Their Mobile Devices

Many consumers in the United States don't take the steps experts recommend to secure their mobile devices. Pew Research reported the findings of a recent survey:

"More than a quarter (28%) of smartphone owners say they do not use a screen lock or other security features to access their phone. And while a majority of smartphone users say they have updated their phone’s apps or operating system, about 40% say they only update when it’s convenient for them. Meanwhile, some users forgo updating their phones altogether: Around one-in-ten  smartphone owners report they never update their phone’s operating system (14%) or update the apps on their phone (10%)."

And, there are differences by the age of phone owners:

"owners ages 65 and older are much less likely than adults younger than 65 to use a screen lock and regularly update their phone’s apps and operating system (13% vs. 23%). Smartphone users 65 and older are also more than twice as likely as younger users to report that they do not take any of these actions to secure their phones (8% vs. 3%)..."

Other risky behaviors consumers perform:

"... 54% of internet users use public Wi-Fi networks, and many of these users are performing sensitive activities such online shopping (21%) or online banking (20%)."


Berners-Lee: 3 Reasons Why The Internet Is In Serious Trouble

Most people love the Internet. It's a tool that has made life easier and more efficient in many ways. Even with all of those advances, the founder of the Internet listed three reasons why our favorite digital tool is in serious trouble:

  1. Consumers have lost control of their personal information
  2. It's too easy for anyone to publish misinformation online
  3. Political advertising online lacks transparency

Tim Berners-Lee explained the first reason:

"The current business model for many websites offers free content in exchange for personal data. Many of us agree to this – albeit often by accepting long and confusing terms and conditions documents – but fundamentally we do not mind some information being collected in exchange for free services. But, we’re missing a trick. As our data is then held in proprietary silos, out of sight to us, we lose out on the benefits we could realise if we had direct control over this data and chose when and with whom to share it. What’s more, we often do not have any way of feeding back to companies what data we’d rather not share..."

Given appointees in the U.S. Federal Communications Commission (FCC) by President Trump, it will likely get worse as the FCC seeks to revoke online privacy and net neutrality protections for consumers in the United States. Berners-Lee explained the second reason:

"Today, most people find news and information on the web through just a handful of social media sites and search engines. These sites make more money when we click on the links they show us. And they choose what to show us based on algorithms that learn from our personal data that they are constantly harvesting. The net result is that these sites show us content they think we’ll click on – meaning that misinformation, or fake news, which is surprising, shocking, or designed to appeal to our biases, can spread like wildfire..."

Fake news has become so widespread that many public libraries, schools, and colleges teach students how to recognize fake news sites and content. The problem is more widespread and isn't limited to social networking sites like Facebook promoting certain news. It also includes search engines. Readers of this blog are familiar with the DuckDuckGo search engine for both online privacy online and to escape the filter bubble. According to its public traffic page, DuckDuckGo gets about 14 million searches daily.

Most other search engines collect information about their users and that to serve search results items related to what they've searched upon previously. That's called the "filter bubble." It's great for search engines' profitability as it encourages repeat usage, but is terrible for consumers wanting unbiased and unfiltered search results.

Berners-Lee warned that online political advertising:

"... has rapidly become a sophisticated industry. The fact that most people get their information from just a few platforms and the increasing sophistication of algorithms drawing upon rich pools of personal data mean that political campaigns are now building individual adverts targeted directly at users. One source suggests that in the 2016 U.S. election, as many as 50,000 variations of adverts were being served every single day on Facebook, a near-impossible situation to monitor. And there are suggestions that some political adverts – in the US and around the world – are being used in unethical ways – to point voters to fake news sites, for instance, or to keep others away from the polls. Targeted advertising allows a campaign to say completely different, possibly conflicting things to different groups. Is that democratic?"

What do you think of the assessment by Berners-Lee? Of his solutions? Any other issues?


GOP Legislation In Congress To Revoke Consumer Privacy And Protections

Logo for Republican Party, also known as the GOP The MediaPost Policy Blog reported:

"Republican Senator Jeff Flake, who opposes the Federal Communications Commission's broadband privacy rules, says he's readying a resolution to rescind them, Politico reports. Flake's confirmation to Politico comes days after Rep. Marsha Blackburn (R-Tennessee), the head of the House Communications Subcommittee, said she intends to work with the Senate to revoke the privacy regulations."

Blackburn's name is familiar. She was a key part of the GOP effort in 2014 to keep state laws in place to limit broadband competition by preventing citizens from forming local broadband providers. To get both higher speeds and lower prices compared to offerings by corporate internet service providers (ISPs), many people want to form local broadband providers. They can't because 20 states have laws preventing broadband competition. A worldwide study in 2014 found the consumers in the United States get poor broadband value: pay more and get slower speeds. Plus, the only consumers getting good value were community broadband customers. In June 2014, the FCC announced plans to challenge these restrictive state laws that limit competition, and keep your Internet prices high. That FCC effort failed. To encourage competition and lower prices, several Democratic representatives introduced the Community Broadband Act in 2015.That legislation went nowhere in a GOP-controlled Congress.

Pause for a moment and let that sink in. Blackburn and other GOP representatives have pursued policies where we consumers all pay more for broadband due to the lack of competition. The GOP, a party that supposedly dislikes regulation and prefers free-market competition, is happy to do the opposite to help their corporate donors. The GOP, a party that historically has promoted states' rights, now uses state laws to restrict the freedoms of constituents at the city, town, and local levels. And, that includes rural constituents.

Too many GOP voters seem oblivious to this. Why Democrats failed to capitalize on this broadband issue, especially during the Presidential campaign last year, is puzzling. Everyone needs broadband: work, play, school, travel, entertainment.

Now, back to the effort to revoke the FCC's broadband privacy rules. Several cable, telecommunications, and advertising lobbies sent a letter in January asking Congress to remove the broadband privacy rules. That letter said in part:

"... in adopting new broadband privacy rules late last year, the Federal Communications Commission (“FCC”) took action that jeopardizes the vibrancy and success of the internet and the innovations the internet has and should continue to offer. While the FCC’s Order applies only to Internet Service Providers (“ISPs”), the onerous and unnecessary rules it adopted establish a very harmful precedent for the entire internet ecosystem. We therefore urge Congress to enact a resolution of disapproval pursuant to the Congressional Review Act (“CRA”) vitiating the Order."

The new privacy rules by the FCC require broadband providers (a/k/a ISPs) to obtain affirmative “opt-in” consent from consumers before using and sharing consumers' sensitive information; specify the types of information that are sensitive (e.g., geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications); stop using and sharing information about consumers that have opted out of information sharing; meet transparency requirements to clearly notify customers about the information collection sharing and how to change their opt-in or opt-out preferences, prohibit "take-it-or-leave-it" offers where ISPs can refuse to serve customers who don't consent to the information collection and sharing; and comply with "reasonable data security practices and guidelines" to protect the sensitive information collected and shared.

The new FCC privacy rules are common sense stuff, but clearly these companies view common-sense methods as a burden. They want to use consumers' information however they please without limits, and without consideration for consumers' desire to control their own personal information. And, GOP representatives in Congress are happy to oblige these companies in this abuse.

Alarmingly, there is more. Lots more.

The GOP-led Congress also seeks to roll back consumer protections in banking and financial services. According to Consumer Reports, the issue arose earlier this month in:

"... a memo by House Financial Services Committee Chairman Rep. Jeb Hensarling (R-Tex), which was leaked to the press yesterday... The fate of the database was first mentioned [February 9th] when Bloomberg reported on a memo by Hensarling, an outspoken critic of the CFPB. The memo outlined a new version of the Financial CHOICE Act (Creating Hope and Opportunity for Investors, Consumers and Entrepreneurs), a bill originally advanced by the House Financial Services Committee in September. The new bill would lead to the repeal of the Consumer Complaint Database. It would also eliminate the CFPB's authority to punish unfair, deceptive or abusive practices among banks and other lenders, and it would allow the President to handpick—and fire—the bureau's director at will."

Banks have paid billions in fines to resolve a variety of allegations and complaints about wrongdoing. Consumers have often been abused by banks. You may remember the massive $185 million fine for the phony accounts scandal at Wells Fargo. Or, you may remember consumers forced to use prison-release cards. Or, maybe you experienced debt collection scams. And, this blog has covered extensively much of the great work by the CFPB which has helped consumers.

Does these two legislation items bother you? I sincerely hope that they do bother you. Contact your elected officials today and demand that they support the FCC privacy rules.


Cable, Telecom And Advertising Lobbies Ask Congress To Remove FCC Broadband Privacy Rules

The Association of National Advertisers (ANA) and 15 other cable, telecommunications, advertising lobbies sent a letter on January 27, 2017 to key leaders in Congress urging them to repeal the broadband privacy rules the U.S. Federal Communications Commission (FCC) adopted in October 2016 requiring Internet service providers (ISPs) to protect the privacy of their customers. 15 advertising and lobbyist groups co-signed the letter with the ANA: the American Cable Association, the Competitive Carriers Association, CTIA-The Wireless Association (formerly known as the Cellular Communications Industry Association), the Data & Marketing Association, the Internet Advertising Bureau, the U.S. Chamber of Commerce, the U.S. Telecom Association, and others.

The letter, available at the ANA site and here (Adobe PDF; 354.4k), explained the groups' reasoning:

"Unfortunately, in adopting new broadband privacy rules late last year, the Federal Communications Commission (“FCC”) took action that jeopardizes the vibrancy and success of the internet and the innovations the internet has and should continue to offer. While the FCC’s Order applies only to Internet Service Providers (“ISPs”), the onerous and unnecessary rules it adopted establish a very harmful precedent for the entire internet ecosystem. We therefore urge Congress to enact a resolution of disapproval pursuant to the Congressional Review Act (“CRA”) vitiating the Order.

Adopted on a party-line 3-2 vote just ten days before the Presidential election, over strenuous objections by the minority and strong concerns expressed by entities throughout the internet ecosystem, the new rules impose overly prescriptive online privacy and data security requirements that will conflict with established law, policy, and practice and cause consumer confusion... the FCC Order would create confusion and interfere with the
ability of consumers to receive customized services and capabilities they enjoy and be informed of new products and discount offers. Further, the Order would also result in consumers being bombarded with trivial data breach notifications."

Data breach notifications are trivial? After writing this blog for almost 10 years, I have learned they aren't. Consumers deserve to know when companies fail to protect their sensitive personal information. Most states have laws requiring breach notifications. It seems as these advertising groups don't want to be responsible nor held accountable.

The Hill explained the CRA and how it usually fails:

"The Congressional Review Act (CRA) has only worked precisely one time as a way for Congress to undo an executive branch regulation... The CRA was passed in 1996 as part of then-Speaker Newt Gingrich's (R-Ga.) "Contract with America." While executive branch agencies can only issue regulations pursuant to statutes passed by Congress, Congress wanted to find a way to make it easier to overturn those regulations. Previously there was a process by which, if one house of Congress voted to overturn the regulation, it was invalidated. This procedure was ruled unconstitutional by the Supreme Court in 1983.

Congress was still able to overturn an executive branch regulation by passing a law. Passing a law is, of course, subject to filibusters in the Senate. We've learned that the filibuster in recent years has made it quite difficult to pass laws. The CRA created a period of 60 "session days" (days in which Congress is in session) during which Congress could use expedited procedures to overturn a regulation.

Also on January 27, several consumer privacy advocates sent a letter (Adobe PDF) to the same Congressional representatives. The letter, signed by 20 privacy advocates including the American Civil Liberties Union, the Center for Democracy and Technology, the Center for Media Justice, Consumers Union, the National Hispanic Media Coalition, the Privacy Rights Clearing House, and others urging the Congressional representatives:

"... to oppose the use of the Congressional Review Act (CRA) to adopt a Resolution of Disapproval overturning the FCC’s broadband privacy order. That order implements the mandates in Section 222 of the 1996 Telecommunications Act, which an overwhelming, bipartisan majority of Congress enacted to protect telecommunications users’ privacy. The cable, telecom, wireless, and advertising lobbies request for CRA intervention is just another industry attempt to overturn rules that empower users and give them a say in how their private information may be used.

Not satisfied with trying to appeal the rules of the agency, industry lobbyists have asked Congress to punish internet users by way of restraining the FCC, when all the agency did was implement Congress’ own directive in the 1996 Act. This irresponsible, scorched-earth tactic is as harmful as it is hypocritical. If Congress were to take the industry up on its request, a Resolution of Disapproval could exempt internet service providers (ISPs) from any and all privacy rules at the FCC... It could also preclude the FCC from addressing any of the other issues in the privacy order like requiring data breach notification and from revisiting these issues as technology continues to evolve in the future... Without these rules, ISPs could use and disclose customer information at will. The result could be extensive harm caused by breaches or misuse of data.

Broadband ISPs, by virtue of their position as gatekeepers to everything on the internet, have a largely unencumbered view into their customers’ online communications. That includes the websites they visit, the videos they watch, and the messages they send. Even when that traffic is encrypted, ISPs can gather vast troves of valuable information on their users’ habits; but researchers have shown that much of the most sensitive information remains unencrypted. The FCC’s order simply restores people’s control over their personal information and lets them choose the terms on which ISPs can use it, share it, or sell it..."

The new FCC broadband privacy rules kept consumers in control of their online privacy. The new rules featured opt-in requirements allowing them to collect consumers' sensitive personal information only after gaining customers' explicit consent.

So, advertisers have finally stated clearly how much they care about protecting consumers' privacy. They really don't. They don't want any constraints upon their ability to collect and archive consumers' (your) sensitive personal information. During the 2016 presidential campaign, candidate and now President Donald Trump promised:

"One of the keys to unlocking growth is scaling-back years of disastrous regulations unilaterally imposed by our out-of-control bureaucracy. In 2015 alone, federal agencies issued over 3,300 final rules and regulations, up from 2,400 the prior year. Every year, over-regulation costs our economy $2 trillion dollars a year and reduces household wealth by almost $15,000 dollars. Mr. Trump has proposed a moratorium on new federal regulations that are not compelled by Congress or public safety, and will ask agency and department heads to identify all needless job-killing regulations and they will be removed... A complete regulatory overhaul will level the playing field for American workers and add trillions in new wealth to our economy – keeping companies here, expanding hiring and investment, and bringing thousands of new companies to our shores."

Are FCC rules protecting your privacy "over-regulation," "onerous and unnecessary?" Are FCC privacy rules keeping consumers in control over their sensitive personal information "disastrous?" Will the Trump administration side with corporate lobbies or consumers' privacy protections? We shall quickly see.

There is a clue what the answer to that question will be. President Trump has named Ajit Pai, a Republican member of the Federal Communications Commission, as the new FCC chair replacing Tom Wheeler, the former chair and Democrat, who stepped down on Friday. This will also give the Republicans a majority on the FCC.

Pai is also an opponent of net neutrality rules the FCC has also adopted, which basically says consumers (and not ISPs) decided where consumers go on the Internet with their broadband connections. Republicans in Congress and lobby groups have long opposed net neutrality. In 2014, more than 100 tech firms urged the FCC to protect net neutrality. With a new President in the White House opposing regulations, some companies and lobby groups seem ready to undo these consumer protections.

What do you think?


74 Percent of US Broadband Households Have Internet-Connected Televisions

According to new research from The Diffusion Group (TDG), 74 percent of US households had Internet-connected televisions at year-end 2016. In 2013, 50 percent of households had Internet-connected televisions. Michael Greeson, TDG President and Director of Research, said:

"At 74% penetration, connected TV use is squarely in the Late Mainstream phase of its trajectory. Barring any major disruption in TV technology or market conditions, growth will slow each year as the solution reaches saturation... Broadband pay-TV services are particularly well positioned to leverage this utility, which permits scale at much lower costs."

TDG first noted in 2004 that the penetration of connected televisions would closely follow broadband (a/k/a high-speed Internet) services.

Chart by TDG of Internet-connected televisions in the United States. Click to view larger version


How To Spot Fake News And Not Get Duped

You may have heard about the "pizzagate" conspiracy -- fake news about a supposed child-sex ring operating from a pizzeria in Washington, DC. A heavily armed citizen drove from North Carolina to the pizzeria to investigate to investigate the bogus child-sex ring supposedly run by Presidential candidate Hillary Clinton. The reality: no sex ring. That citizen had been duped by fake news. Shots were fired, and thankfully nobody was hurt.

CBS News reported that the pizzagate conspiracy had been promoted by Michael G. Flynn, son of retired General Michael T. Flynn, Donald Trump's pick for national security adviser. As a result, the younger Flynn resigned Tuesday from President-Elect Trump's transition team.

I use the phrase "fake news" for several types of misleading content: propaganda, unproven or fact-free conspiracy theories, disinformation, and clickbait. The pizzagate incident highlighted two issues: a) fake news has consequences, and b) many people don't know how to distinguish real news from fake news. So, while political operatives reportedly have used a combination of fake news, ads, and social media to both encourage supporters to vote and discourage opponents from voting, there clearly are other real-life consequences.

To help people spot fake news, NPR reported:

"Stopping the proliferation of fake news isn't just the responsibility of the platforms used to spread it. Those who consume news also need to find ways of determining if what they're reading is true. We offer several tips below. The idea is that people should have a fundamental sense of media literacy. And based on a study recently released by Stanford University researchers, many people don't."

The report is enlightening. In the "Evaluating Information: The Cornerstone of Civic Online Reasoning" report, researchers at Stanford University tested about 7,804 students in 12 states between January 2015 and June 2016. They found:

"... at each level—middle school, high school, and college—these variations paled in comparison to a stunning and dismaying consistency. Overall, young people’s ability to reason about the information on the Internet can be summed up in one word: bleak. Our “digital natives” may be able to flit between Facebook and Twitter while simultaneously uploading a selfie to Instagram and texting a friend. But when it comes to evaluating information that flows through social media channels, they are easily duped... We would hope that middle school students could distinguish an ad from a news story. By high school, we would hope that students reading about gun laws would notice that a chart came from a gun owners’ political action committee. And, in 2016, we would hope college students, who spend hours each day online, would look beyond a .org URL and ask who’s behind a site that presents only one side of a contentious issue. But in every case and at every level, we were taken aback by students’ lack of preparation... Many [people] assume that because young people are fluent in social media they are equally savvy about what they find there. Our work shows the opposite."

This is important for both individuals and the future of the nation because:

"For every challenge facing this nation, there are scores of websites pretending to be something they are not. Ordinary people once relied on publishers, editors, and subject matter experts to vet the information they consumed. But on the unregulated Internet, all bets are off... Never have we had so much information at our fingertips. Whether this bounty will make us smarter and better informed or more ignorant and narrow-minded will depend on our awareness of this problem and our educational response to it. At present, we worry that democracy is threatened by the ease at which disinformation about civic issues is allowed to spread and flourish."

While the study focused upon students, but older persons have been duped, too. The suspect in the pizzeria incident was 28 years old. The Stanford report focused upon what teachers and educators can do to better prepare students. According to the researchers, additional solutions are forthcoming.

What can you do to spot fake news? Don't wait for sites and/or social media to do it for you. Become a smarter consumer. The NPR report suggested:

  1. Pay attention to the domain and URL
  2. Read the "About Us" section of the site
  3. Look at the quotes in a story
  4. Look at who said the quotes

All of the suggestions require readers to take the time to understand the website, publication, and/or publisher. A little skepticism is healthy. Also verify the persons quoted and whether the persons quoted are who the article claims. And, verify that any images used actually relate to the event.

We all have to be smarter consumers of news in order to stay informed and meet our civic duties, which includes voting. Nobody wants to vote for politicians that don't represent their interests because they've been duped. To the above list, I would add:

  • Read news wires. These sites include the raw, unfiltered news about who, when, where, and what happened. Some suggested sources: : Associated Press (AP), Reuters, and United Press International (UPI)
  • Learn to recognize advertisements
  • Learn the differences between different types of content: news, opinion, analysis, satire/humor, and entertainment. Reputable sites will label them to help readers.

If you don't know the differences and can't spot each type, then you are likely to get duped.


FCC Adopted New Broadband Privacy Rules

Federal communications Commission logo Late last month, the U.S. Federal Communications Commission (FC) adopted new privacy rules to require high-speed Internet service providers (ISPs) to protect the privacy of their customers. The FCC announcement explained the new privacy rules:

"Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.

Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out.” All other individually identifiable customer information – for example, email address or service tier information – would be considered non-sensitive and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations.

Exceptions to consent requirements: Customer consent is inferred for certain purposes specified in the statute, including the provision of broadband service or billing and collection. For the use of this information, no additional customer consent is required beyond the creation of the customer-ISP relationship.

Transparency requirements that require ISPs to provide customers with clear, conspicuous and persistent notice about the information they collect, how it may be used and with whom it may be shared, as well as how customers can change their privacy preferences;

A requirement that broadband providers engage in reasonable data security practices and guidelines on steps ISPs should consider taking, such as implementing relevant industry best practices, providing appropriate oversight of security practices, implementing robust customer authentication tools, and proper disposal of data consistent with FTC best practices and the Consumer Privacy Bill of Rights.

Common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information."

The new privacy rules prohibit “take-it-or-leave-it” offers, which means an ISP cannot refuse to serve customers who don’t consent to the use and sharing of their information for commercial purposes. The new rules also addressed the desire by ISPs to charge customers more fees for privacy. According to the FCC Fact Sheet:

"Recognizing that so-called “pay for privacy” offerings raise unique considerations, the rules require heightened disclosure for plans that provide discounts or other incentives in exchange for a customer’s express affirmative consent to the use and sharing of their personal information. The Commission will determine on a case-by-case basis the legitimacy of programs that relate service price to privacy protections. Consumers should not be forced to choose between paying inflated prices and maintaining their privacy.

ISPs like Comcast, AT&T, Charter, and Verizon opposed the stricter privacy rules. Google had argued for broader opt-out provisions and privacy rules the same as for websites, not stricter. The U.S. Chamber of Commerce, a political lobbying organization, opposed the stronger privacy rules the FCC proposed in March. Last week, Reuters reported:

"The final regulation is less restrictive than the initial plan proposed by FCC chairman Tom Wheeler in March and closer to rules imposed on websites by the Federal Trade Commission. Republican commissioners said the rules unfairly give websites the ability to harvest more data than service providers and dominate digital advertising."

FCC Chairman Wheeler released a statement on October 27 about the new broadband privacy rules:

"Last week, I visited Consumer Reports’ headquarters in Yonkers, New York, where I toured their product testing facility and met with senior leadership. When looking at a smart refrigerator that collects and shares data over the Internet, the discussion turned to privacy. Who would have ever imagined that what you have in your refrigerator would be information available to AT&T, Comcast, or whoever your network provider is?

The more our economy and our lives move online, the more information about us goes over our Internet Service Provider (ISP) – and the more consumers want to know how to protect their personal information in the digital age.

Today, the Commission takes a significant step to safeguard consumer privacy in this time of rapid technological change, as we adopt rules that will allow consumers to choose how their Internet Service Provider (ISP) uses and shares their personal data.

The bottom line is that it’s your data. How it’s used and shared should be your choice."

The last sentence cannot be over-emphasized. Consumers: it is our information -- property -- which ISPs use, sell, and make money with. Consumers should decide what data broadband and wireless providers share with marketers. Consumers must be in control.

And, there is more to come as the FCC oversees "pay-for-privacy" schemes by ISPs. So, thanks to the FCC and to Chairman Wheeler for fighting strongly for consumers' online privacy rights. What are your opinions of the new broadband privacy rules?


Study: Almost 40 Percent of U.S. Smartphone Owners Use Voice Recognition

According to a recent study by Parks Associations, a market research and consulting company, 39 percent of smartphone owners in the United States use some form of voice recognition (e.g., Siri, Google Now). The usage is higher (more than 50 percent) for iPhone owners compared to Android owners (less than 33 percent). Harry Wang, Director of Health & Mobile Product Research at Parks Associations said:

“Smartphone penetration has reached 86% of U.S. broadband households, so it is a mature market, with users, particularly younger consumers and iOS users, exploring more intelligent features and interfaces, including voice control... The growing consumer interest in voice control features is driving this technology into new IoT areas... Following Apple’s lead with Siri, other brands have created ‘personalities’ for their voice-control solutions, like Alexa for Amazon Echo and Cortana for Windows Phones."

Usage is higher among younger persons. 48 percent of smartphone users ages 18-24, use voice recognition software, usage of the “Siri” voice recognition software increased from 40 to 52 percent between 2013 and 2015. In total, about 15 percent of all U.S. broadband households use Siri.

About 70 percent of smartphone owners who use voice recognition are satisfied. 38 percent said they are very satisfied, and 9 percent said they are not satisfied.

Additional findings about U.S. smartphone users:

  • More than 70 percent watch short streaming video clips, and more than 40 percent watch long streaming videos.
  • 36 percent use WiFi calling.
  • 26 percent use a payment app for purchases at retail stores, and
  • 24 percent stream video from their phones to a second screen (e.g., TV, PC).

Learn more in the "360 View: Mobility and the App Economy" report, or the press release, by Parks Associates.


Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking

[Editor's Note: Today's guest post was originally published by ProPublica on October 21, 2016. It is reprinted with permission.]

Google logo by Julia Angwin, ProPublica

When Google bought the advertising network DoubleClick in 2007, Google founder Sergey Brin said that privacy would be the company's "number one priority when we contemplate new kinds of advertising products."

And, for nearly a decade, Google did in fact keep DoubleClick's massive database of web-browsing records separate by default from the names and other personally identifiable information Google has collected from Gmail and its other login accounts.

But this summer, Google quietly erased that last privacy line in the sand -- literally crossing out the lines in its privacy policy that promised to keep the two pots of data separate by default. In its place, Google substituted new language that says browsing habits "may be" combined with what the company learns from the use Gmail and other tools.

The change is enabled by default for new Google accounts. Existing users were prompted to opt-in to the change this summer.

Revised Google privacy terms

The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on the keywords they used in their Gmail. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct.

The move is a sea change for Google and a further blow to the online ad industry's longstanding contention that web tracking is mostly anonymous. In recent years, Facebook, offline data brokers and others have increasingly sought to combine their troves of web tracking data with people's real names. But until this summer, Google held the line.

"The fact that DoubleClick data wasn't being regularly connected to personally identifiable information was a really significant last stand," said Paul Ohm, faculty director of the Center on Privacy and Technology at Georgetown Law.

"It was a border wall between being watched everywhere and maintaining a tiny semblance of privacy," he said. "That wall has just fallen."

Google spokeswoman Andrea Faville emailed a statement describing Google's change in privacy policy as an update to adjust to the "smartphone revolution"

"We updated our ads system, and the associated user controls, to match the way people use Google today: across many different devices," Faville wrote. She added that the change "is 100% optional -- if users do not opt-in to these changes, their Google experience will remain unchanged." (Read Google's entire statement.)

Existing Google users were prompted to opt-into the new tracking this summer through a request with titles such as "Some new features for your Google account."

The "new features" received little scrutiny at the time. Wired wrote that it "gives you more granular control over how ads work across devices." In a personal tech column, the New York Times also described the change as "new controls for the types of advertisements you see around the web."

Connecting web browsing habits to personally identifiable information has long been controversial.

Privacy advocates raised a ruckus in 1999 when DoubleClick purchased a data broker that assembled people's names, addresses and offline interests. The merger could have allowed DoubleClick to combine its web browsing information with people's names. After an investigation by the Federal Trade Commission, DoubleClick sold the broker at a loss.

In response to the controversy, the nascent online advertising industry formed the Network Advertising Initiative in 2000 to establish ethical codes. The industry promised to provide consumers with notice when their data was being collected, and options to opt out.

Most online ad tracking remained essentially anonymous for some time after that. When Google bought DoubleClick in 2007, for instance, the company's privacy policy stated:

"DoubleClick's ad-serving technology will be targeted based only on the non-personally-identifiable information."

In 2012, Google changed its privacy policy to allow it to share data about users between different Google services - such as Gmail and search. But it kept data from DoubleClick 2013 whose tracking technology is enabled on half of the top 1 million websites -- separate.

But the era of social networking has ushered in a new wave of identifiable tracking, in which services such as Facebook and Twitter have been able to track logged-in users when they shared an item from another website.

Two years ago, Facebook announced that it would track its users by name across the Internet when they visit websites containing Facebook buttons such as "Share" and "Like" 2013 even when users don't click on the button. (Here's how you can opt out of the targeted ads generated by that tracking).

Offline data brokers also started to merge their mailing lists with online shoppers. "The marriage of online and offline is the ad targeting of the last 10 years on steroids," said Scott Howe, chief executive of broker firm Acxiom.

To opt-out of Google's identified tracking, visit the Activity controls on Google's My Account page, and uncheck the box next to "Include Chrome browsing history and activity from websites and apps that use Google services." You can also delete past activity from your account.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.


Report: Consumer Usage of Video Streaming Services in The US

New research revealed that 16% of the "viewing population" have multiple subscription video-on-demand (SVOD) services in their homes. That's up from 10% three years ago. Consumer market research firm Gfk studied consumers in the United States, and also found that almost half (49%) of the "viewing population" subscribes to at least one SVOD service, 17% have both Netflix and Amazon Prime, 9% have Netflix and Hulu Plus, and 5% have all three of the major services.

The “viewing population” includes consumers who watch video at least once per week via any format: regular TV, streaming, or otherwise. According to Gfk, this is 95 percent of the total number of people 13 to 64 US years of age. Gfk also found that consumers:

"... who pay for combinations of Netflix, Amazon Prime, Hulu, and other subscription streaming services – are more likely to have kids under 18 in their homes (50%, versus an average of 41% among all weekly viewers of any type). “Self-bundlers” also have higher mean incomes than average weekly viewers – at $90,000 per year versus $76,000 – but are less likely to subscribe to traditional pay TV services.."

GfK interviewed 1,054 consumers in the United States for its “Over-the-Top TV 2016: A Complete Video Landscape” report. In related studies during the past year, Gfk found:

Below is an infographic from Gfk's "Over the Top TV 2016" report with additional information:

Infographic from Gfk Over the Top TV 2016 report. Click to view larger version


Yahoo Confirms Massive Data Breach. Unclear If Users At Its Outsourcing Clients Were Also Affected

Yahoo logo After reports about a rumored announcement, Yahoo confirmed late on Thursday a massive data breach affecting half a billion users -- 500 million persons. Yahoo believes the breach was performed by a "state-sponsored actor."

Data elements exposed and stolen during the breach include full names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, security questions and answers. The breach dated back to 2014. This is very serious, and by far the largest breach ever. The data elements stolen facilitate spam and a variety of scams; plus access to email contacts such as clients, customers, and patients.

Yahoo's breach announcement stated:

"The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter..."

Yahoo is in the process of notifying affected persons. Affected users should change their passwords, security questions, and answers.

The breach announcement did not state if users at outsourcing clients were affected. Other companies and entities can outsource their e-mail services to Yahoo, or to other e-mail providers offering similar services. One such company appears to be AT&T. The "AT&T Email Basics" page (see image below) references a co-branded AT&T-Yahoo website for AT&T customers to check their e-mail.

AT&T Email Basics page references Yahoo site for email. Click to view larger version I reached out to AT&T for a comment. A reply was not received by press time. If its email users were affected by the breach, then those users will probably want to know who is going to assist them, and what assistance will be offered.

Given the pending acquisition of Yahoo by Verizon, several AT&T customers already discussed in an online forum concerns about what might happen to their e-mail service operated by a competitor. (Verizon said on Thursday it learned about the breach two days ago.) If users at outsourcing clients were also affected by the breach, then this might add to their uncertainty.

If you received a breach notice from Yahoo, what is your opinion of the response?


Comcast And The Wireless Industry Defend 'Pay For Privacy' Schemes

Logo of CTIA, The Wireless Association Some big Internet service providers (ISPs) want consumers to pay for privacy. Earlier this month, both Comcast and the CTIA-The Wireless Association (formerly known as the Cellular Communications Industry Association) submitted comments about the broadband privacy rules proposed by the U.S. Federal Communications Commission (FCC) in April.

Portions of August 18, 2016 comments submitted by the CTIA to the FCC:

"Finally, we briefly noted that allowing consumers a variety of options regarding whether to receive a discount on broadband service in exchange for personalized advertising should be preserved. Hybrid payment models have been in commerce for centuries, including advertising supported magazines, grocery store loyalty programs, and app-based discount programs for retail establishments. Many internet companies rely on use of consumer data as their sole source of income, like search engines and social networks. Such offerings can lead to significant cost savings for all consumers, enable more valuable services for consumers, and mirror much of the economic activity that consumers expect. On this point, we provided a copy of a recent report by the Information Technology & Innovation Foundation, titled “Why Broadband Discounts for Data are Pro-Consumer,” which is attached to this filing."

Let's unpack this. It says that ISPs should be able to charge their customers for privacy, since many ISPs rely upon using (and reselling) their customers' information to make money. This would be an opt-out for customers, since the default is customers' information is used and resold. There are several problems with this approach:

  1. The pay-for-privacy business model is camouflaged in a seemingly harmless term: "hybrid payment models"
  2. The CTIA's argument falsely assumes ISPs are equivalent to search engines or social networking sites. They aren't. When a consumer uses the Internet, he/she has a choice of which search engine or social networking site to use; or none. Not so with ISPs. A consumer must use the Internet to do anything. Plus, there is a lack of ISP competition in key markets, which provides consumers with fewer choices. Is the industry suggesting more competition? Doubtful. In fact, the industry lobbied for and obtained local laws in about 20 states that deny residents the rights and benefits from competition by community-run ISPs; laws which a federal court recently (and mistakenly) upheld. And, proposed legislation to encourage ISP competition to gain lower prices and more choices for consumers has been blocked by the industry, by politicians, by attorneys general in some states.
  3. The CTIA's position is harmful. It essentially says this: the default is no privacy. Customers get privacy only when they pay for it. Huh? I find this at odds with traditional property rights laws. Information about consumers is owned by consumers until and unless they share it.
  4. Most customers already pay a monthly fee for Internet access. So, paying for privacy amounts to a price increase... a premium price, for something that should be baked into the service at the start. Plus, consumers in the United States already pay more for broadband and get slower speeds compared to other countries.
  5. The pay-for-privacy model does not address under- and un-served broadband segments: rural and low-income consumers. One could argue that paying for privacy is a greater burden on low-income consumers, when everyone has property rights and Fourth Amendment rights.
  6. Consumers need simplicity and clarity. For example, should a service offer a pay-for-privacy, it should mention optional components (e.g., web browsing, scan email contents, scan text message content, etc.) with standardized labels and language. Otherwise, consumers have more difficulty comparing services, and privacy policies that are already too long, complicated and difficult to read become even more so.

Comcast logo The CTIA's position seems to have followed Comcast's position. Portions of August 1, 2016 comments submitted by Comcast to the FCC:

"We also urged that the Commission allow business models offering discounts or other
value to consumers in exchange for allowing ISPs to use their data. As Comcast and others have argued, the FCC has no authority to prohibit or limit these types of programs. Moreover, such a prohibition would harm consumers by, among other things, depriving them of lower-priced offerings... A bargained-for exchange of information for service is a perfectly acceptable and widely used model throughout the U.S. economy, including the Internet ecosystem, and is consistent with decades of legal precedent and policy goals related to consumer protection and privacy.

Finally, we discussed how Comcast has partnered with vendors who have helped to
enhance consumer data privacy, and that the Commission should be clear that any rules it adopts do not prevent ISPs from providing CPNI to a vendor based on implied consent, provided the ISP has an agreement with the vendor requiring it to safeguard the CPNI and to use it solely on behalf of and as directed by the ISP..."

The same problems I listed above also apply to Comcast's comments. This is not theory. MotherBoard reported:

"Telecom giant AT&T already offers such a [pay for privacy] plan, called “Internet Preferences,” which tempts consumers with “best pricing” if they are willing to let the company “use your individual web browsing information, like the search terms you enter and the web pages you visit, to tailor ads and offers to your interests.” Users who opt-out of "Internet Preferences," which DSLReports calls a “deep packet inspection program that tracks your browsing behavior around the internet—down to the second,” face a $30 premium on their monthly bill."

Last year, Gigaom reported that price premium by AT&T for privacy is really far more:

"But $29 isn’t actually the price that AT&T charges per month for privacy. As I discussed back in May last year after I tried to sign up for AT&T’s GigaPower service to find out more about the pricing and the disclosures associated with the plan, the actual costs were closer to $44 or even $62 per month. This time around the price differentials are $44 for gigabit internet and $66 for HD TV and HBO Go plus gigabit internet."

Like anything else, the devil is in the details. $44 and $62 monthly both sound excessive. Apparently, the more services a consumer has, the more privacy costs. Regular readers of this blog already know about CPNI notices from AT&T.

The problems I see with both Comcast's and the wireless industry's pay-for-privacy positions are rooted in a lack of trust and transparency. The ISP industry has a long history of abuses, customer service failures, and a lack of transparency. Both the Gigaom and MotherBoard articles mentioned above highlight problems and failures, plus:

Consumers are rightfully wary and skeptical of pay-for-privacy schemes. Plus, consumers have no way to confirm that in a pay-for-privacy scheme their information is not being reused and resold anyway.

A solution based upon transparency that promotes trust would help: regular privacy audits by an independent third-party to ensure that the information of consumers who paid a privacy price premium are getting what they paid for.

Also available in this blog are the CTIA letter to the FCC (Adobe PDF; 247.2K bytes), and Comcast's letter to the FCC (Adobe PDF; 176.3K bytes).

To me, the whole thing smells like another excuse for ISPs to increase prices on services that are already too expensive and too slow. What do you think?


Federal Court Upholds State Laws To Restrict And Prevent City-Run Broadband Services

Last week, a federal appeals court overturned a Federal Communications Commission (FCC) ruling allowing community (a/k/a "city-run" or municipal) high-speed Internet service providers (ISPs) to expand into areas not served by commercial providers. The court decision immediately affects the expansion plans of community ISPs in Tennessee and North Carolina.

Community high-speed or broadband ISPs typically provide faster speeds (e.g., upload, download) and lower prices compared to commercial ISPs. Both states had passed laws preventing community ISPs from expanding, or making it onerous to expand. he FCC sought to stop such laws to encourage more competition, more choices, and lower prices for consumers.

The initial Reuters news report did not explain the rationale the court used. ABC News reported:

"The appeals court said that the FCC's order pre-empted the state laws and "the allocation of power between a state and its subdivisions." The court said the FCC's action requires a "clear statement" of authority in federal law, but the law does not contain a clear statement authorizing pre-emption of Tennessee's and North Carolina's laws... The appeals court said its ruling was a limited one, and it does not address other issues debated in the case, including whether the FCC has any pre-emptive power at all under the Telecommunications Act of 1996."

Chattanooga, Tennessee advertises itself as "Gig City," and is proud of its fiber broadband network:

"Only in Chattanooga, Tennessee is 1 Gigabit-per-second Internet speed available to every home and business - over 150,000 of them - throughout the entire community. Urban or rural, business or residence, Internet speeds that are unsurpassed in the Western Hemisphere – from 50 Megabits-per-second all the way up to one gigabit-per-second are accessible here. Today... Chattanooga's Fiber Optic network enables upload and download speeds 200 times faster than the current national average, and 10 times faster than the FCC's National Broadband Plan (a decade ahead of schedule)."

How fast is that? You can download a full-length movie in about 2 minutes. Is that faster than the broadband speed you get in your town or city? Probably. Is it cheaper than what you're paying? Probably.

The Attorneys Generals in several states have worked to prevent their residents from forming city-run ISPs. Tennessee Attorney General Herbert H. Slattery III released a statement:

"We are pleased with the 6th Circuit decision reversing the FCC’s Order. As we have stated from the outset, this case was not about access to broadband. Instead, it was about preventing the federal government from exercising power over the state of Tennessee that it does not have. Current state law allows a municipal Power Board to provide internet service only within its electric service area. Today’s decision preserves Tennessee’s right to determine the authority and market area of a political subdivision organized under Tennessee law."

The trade associations that represents corporate ISPs, US Telecom released a statement:

"Today’s decision is a victory for the rule of law. The FCC’s authority is not unbridled, it is limited to powers specifically delegated by the Congress, and it does not extend to preemption of state legislatures’ exercise of jurisdiction over their own political subdivisions. As an industry that shares the commission’s interest in accelerating broadband deployment, we would suggest that the best way for the FCC to accomplish its goals is to concentrate on eliminating federal regulatory impediments to innovation and investment – where there remains to be much that can and should be done."

Of course, the trade group is happy with the court decision. State laws that restrict or prevent city-run ISPs mean less competition, which makes it easier for corporate ISPs to maintain higher prices and slower speeds (which equals greater profits).

Community ISPs provide benefits for small businesses, and not only consumers. The benefits include more jobs, better services, and the ability of local towns to attract new businesses and start-ups. These benefits apply to rural areas, too; especially rural areas not served by corporate ISPs.

The Community Broadband Networks site described the benefits for small businesses of community broadband in North Carolina:

"... Speed is important, but so is Internet choice, reliable service, and respectful customer service... Before Greenlight began serving Pinetops, the best community members could get was sluggish Centurylink DSL - or Internet access offered over the phone lines... Suzanne Coker Craig, owner of CuriosiTees, described the situation... Her business, a custom screen printing shop, uses an “on-time” inventory system, so speed and reliability is critical for last-minute or late orders... She also subscribes to Greenlight from home and her fiber connection is able to manage data intense uploads required for sending artwork, sales reports, and other large document transfers... Brent Wooten is a sales agent and Manager for Mercer Transportation, a freight management business... moving freight across the country via trucks, requires being on time; he’s an information worker in a knowledge economy... Before Greenlight came to town, Brent’s business paid Centurylink $425 per month for a few phone lines, long distance, an 800 number, and Internet access at 10 Megabits per second (Mbps) download and 1.5 Mbps upload. He was also wasting hours and even days each month trying to get his Internet fixed... When Greenlight came to the community, Centurylink changed their tune. Within hours of his business phone being ported to Greenlight, a Centurylink representative called him. “He offered to cut my current prices in half and double my Internet speed, from 10 to 20 Mbps…My Centurylink 10 Mbps speed never tested at more than 6 Mbps.” Brent chose to keep his Centurylink phone service, but he kept his 25 Mbps symmetrical Greenlight Internet service because upload speed is critical to his business..."

Will these rural consumers and small businesses lose their community broadband services? Given the court decision, that is possible. Will the court decision negatively affect jobs? Probably, since many small businesses depend upon the faster community ISPs. FCC Chairman Wheeler stated:

"While we continue to review the decision, it appears to halt the promise of jobs, investment and opportunity that community broadband has provided in Tennessee and North Carolina. In the end, I believe the Commission’s decision to champion municipal efforts highlighted the benefits of competition and the need of communities to take their broadband futures in their own hands.

In the past 18 months, over 50 communities have taken steps to build their own bridges across the digital divide. The efforts of communities wanting better broadband should not be thwarted by the political power of those who, by protecting their monopoly, have failed to deliver acceptable service at an acceptable price. The FCC’s mandate is to make sure that Americans have access to the best possible broadband. We will consider all our legal and policy options to remove barriers to broadband deployment wherever they exist so that all Americans can have access to 21st Century communications. Should states seek to repeal their anti-competitive broadband statutes, I will be happy to testify on behalf of better broadband and consumer choice. Should states seek to limit the right of people to act for better broadband, I will be happy to testify on behalf of consumer choice...”

In January 2015, several U.S. Senators introduced the Community Broadband Act legislation in to block these restrictive laws in 20 states and to encourage more competition and lower prices for more consumers by allowing residents the right to operate city-run ISPs offering faster speeds and lower prices. Last week, Senator Ron Wyden (Oregon - Democrat) tweeted about the federal court decision:

Tweet by Senator Ron Wyden about Community Broadband Act

The legislation has stalled in the Republican-led Congress. Once again, you will hear politicians shout about the importance of defending state's rights against the FCC, while ignoring the rights of rural and small town residents to form community ISPs. Hypocritical politicians do this to protect their corporate ISPs donors from competition, which basically screws over residents by keeping prices high and speeds slow.

Residents in rural areas, small towns, and cities can claim, "we've been mugged" by state' legislatures that enacted laws preventing competition (and lower prices) from community ISPs.

Researchers compared high-speed Internet services worldwide, and found that consumers in the USA pay more and get slower speedsAnd Get Slower Speeds. That's great for corporate ISP profits and bad for consumers. The Community Broadband Act is an attempt to solve this problem.

Read the court decision: State of Tennessee, and the State of North Carolina; versus the U.S. Federal Communications Commission - (Adobe PDF). The FCC is reviewing the court's decision, and has not decided whether to appeal it.

The court decision is definitely pro-state law and anti-consumer. The court decision basically allows states to continue with laws that deny residents in local cities and towns the right to form, operate, and expand their own municipal broadband services to get lower prices and better services. That means less competition and higher prices for consumers living in states with these laws. Consider that when you vote in November.


The U.S. Copyright Office Commented on The FCC's Set-top Box Proposal

Federal communications Commission logo After the U.S. Federal Communications Commission proposed in February new set-top box rules for cable TV providers to encourage innovation, choices, and lower prices for consumer, the pay TV industry countered with its own proposal in June. Earlier this month, the U.S. Copyright Office shared its views about the matter.

Maria A. Pallante, a United States register of Copyrights and Director, provided the agency's views in a detailed 18-page letter to the FCC. The FCC used "Multi-Channel Video Programming Distributors" (MBPD) in its proposal to refer to the variety of companies (e.g., cable TV, wireless, Internet distributors, etc.) that distribute TV,, film, and video content. Pallante's letter is available at the Electronic Frontier Foundation (EFF) website:

"As requested, our comments pertain to the potential copyright implications of the Proposed Rule, as well as the general copyright principles at issue. Please note that although the Copyright Office did not file public comments in the FCC proceeding, the FCC did request our advice on the copyright issues raised by its proposal... we have no doubt that a number of the third-party products facilitated by the FCCs rule would enable fair and other nonfringing consumer uses of MVPD programming. The Copyright Office is therefore focused on whether these goals can be accomplished without overriding other concerns of copyright law and policy. The Office's principal reservation is that, as currently proposed, the rule could interfere with copyright owners' rights to license their works as provided by copyright law, and restrict their ability to impose reasonable conditions on the use of those works through the private negotiations that are the hallmark of the vibrant and dynamic MVPD marketplace..."

In short, the TV landscape today consists of many, secret, complicated licensing agreements between content producers and distributors. A Forbes Magazine article by Larry Downes described the landscape:

"Hollywood, for better and for worse, is built on a complicated legal regime of content licensing. That licensing limits when, where, and how programs are broadcast, and to whom. It includes limitations of the number and types of commercials that can be inserted into the programming, and even where in the channel line-up the programs will appear to consumers. Licensing agreements between producers and distributors are long, complicated, and mostly secret.

Opening the information flows for undefined new forms of access through new set-top boxes will almost certainly undermine those agreements. Third party boxes may change the channel line-up, replace the commercials, or offer programs on-demand that aren’t licensed for that use. Existing security and consumer privacy protections, mandated by law for pay TV providers, can’t be enforced by the FCC against new unregulated providers."

What we consumers see on TV, when we see it, how often we wee it, the number of commercials we see during shows, whether the show can be recorded (e.g., time shifted), whether the show can be device shifted (e.g., from television to a phone, tablet), and whether we see the show on pay-per-view, on-demand, on an Internet site, and/or on our phones are all governed by those private contracts.

Pallante's letter described the landscape similarly, but in greater detail. It also analyzed the FCC's proposed set-top box rule:

"In its most basic form, the rule contemplated by the FCC would seem to take a valuable good -- bundled video programming created through private effort and agreement under the protections of the Copyright Act -- and deliver it to third parties who are not in privity with the copyright owners, but who may nonetheless exploit the content for profit. Under the Proposed Rule, this would be accomplished without compensation to the creators or licensors of the copyrighted programming, and without requiring the third party to adhere to agreed-upon license terms. Indeed, a third party would have no way of knowing all of the requirements and liitations imposed under that license. As a result, it appears inevitable that many negotiated conditions upon which copyright owners license their works to MVPDs would not be honored under the Proposed Rule..."

"The FCC has stated that the Proposed Rule is not intended to negate these private contractual arrangements. However, it is not clear how the FCC wold prevent such an outcome under the Proposed Rule, for it appears to obligate MVPDs to deliver licensed works to third parties that could then unfairly exploit the works in ways that would be contrary to the essential conditions upon which the works were originally licensed... Thus, rather than being passive conduits for licensed programming, it seems that a broad array of the third-party devices and services would be enabled by the Proposed Rule would essentially be given access to a valuable bundle of copyrighted works, and could repackage and re-transmit those works for a profit, without having to comply with agreed contractual terms. And even though such activities -- for instance, competing or incompatible advertising -- could easily lessen the value of the rights licensed by program producers to the MVPDs, no offsetting compensation would flow back to the copyright holders or their actual licensees. THe Proposed Rule would thus appear to inappropriately restrict copyright owners' exclusive right to authorize parties of their choosing to publicly perform, display, reproduce and distribute their works according to agreed conditions, and to seek remuneration for additional uses of their works."

The Copyright Office's letter also discussed enforcement issues:

"... there already exists today a variety of third-party set-top box devices, mainly produced overseas, that are used to view pirated content delivered over the Internet. A reasonable concern is that, in response to the Proposed Rule, this market might expand to encompass devices designed to exploit the more readily available MVPD programming streams without adhering to the prescribed security measures. In addition, some commenters have suggested that limiting options for content security in this manner could jeopardize robust content security regimes -- including innovations to those systems -- thereby opening doors for third parties to acquire content illegally..."

Pallante and the Copyright Office concluded:

"We note that at the July 12th Congressional oversight hearing, FCC Commissioners acknowledged that they might choose to follow a different approach to achieve the FCC's objectives than that outlined in the NPRM, and that emerging alternative proposals showed promise. The Copyright Office is therefore hopeful that the FCC will refine its approach as necessary to avoid conflicts with copyright law and authors' interests under that law... it seems critical that any revised proposal respect the authority of creators to manage the exploitation of their copyrighted works through private licensing arrangements, because regulatory actions that undermine such arrangements would be inconsistent with the rights granted under the Copyright Act..."

So, the FCC's set-top box rule as initially proposed is too disruptive, and is effectively dead, since it would interfere with copyright owners' rights to license their content. Hopefully, the FCC won't give up and will refine its set-top box approach.

Pallante's letter to the FCC is also available here (Adobe PDF; 278.1K).