If you think Facebook’s “Cambridge Analytica problem” is bad, just wait until Comcast and Verizon are able to do the same thing.
In response to the Cambridge Analytica data privacy scandal, Facebook took out full-page apology ads in several prominent British and US newspapers. While the company acknowledged a “breach of trust”, it also pointed out that third-party developers like Cambridge Analytica no longer get access to as much information about users under Facebook’s current terms of service.
But contractual tweaking does little to change the privacy risks that techno-sociologist Zeynep Tufekci calls “an all too natural consequence of Facebook’s business model, which involves having people go to the site for social interaction, only to be quietly subjected to an enormous level of surveillance”.
The thing is, Facebook isn’t the only company that amasses troves of data about people and leaves it vulnerable to exploitation and misuse. As of last year, Congress extended the same data-gathering practices of tech companies like Google and Facebook to internet providers like Comcast, AT&T and Verizon.
Because service providers serve as gatekeepers to the entire internet, they can collect far more information about us, and leave us with far less power to opt out of that process. This means that the risks of allowing our internet providers to collect and monetise the same type of user data that Facebook collects – and the potential that such data will therefore be misused – are much, much worse.
Your internet provider doesn’t just know what you do on Facebook – it sees all the sites you visit and how much time you spend there. Your provider can see where you shop, what you watch on TV, where you choose to eat dinner, what medical symptoms you search, where you apply for work, school, a mortgage. Everything that is unencrypted is fair game.
But internet providers don’t just pose a greater surveillance risk than Facebook –their surveillance is also far harder to avoid. “Choosing” not to use an internet provider to avoid surveillance is not really a choice at all. As of 2016, only about half of Americans have more than one option for broadband internet. In rural areas, this number drops to just 13%.
For these Americans, access to the internet means being subjected to whatever forms of surveillance their provider adopts. Even in places where users have more than one option, the decision to switch providers is much more costly and time-intensive than deleting an app. Many – though by no means all – of us are privileged enough to #DeleteFacebook, or at least reduce the time we spend there. But at a time when the internet is essential to completing schoolwork, finding and applying to jobs, running a business and maintaining community, very few of us are privileged enough to #DeleteTheInternet.
Among the Obama administration’s last major policy reforms was implementing Federal Communications Commission rules limiting how internet providers use and sell customer data, and giving customers more control over how personal information like browsing habits, app usage history, location data and social security numbers may be used by service providers. These rules would have prevented ISPs from carelessly exposing data to third parties, as Facebook did with Cambridge Analytica.
Last March, Republicans and President Trump overturned these rules, allowing providers like Verizon and Comcast to monitor their customers’ behaviour online and, without their permission, sell that data for targeted ads. In other words, instead of restricting the dangerous and exploitative market of consumer data, Congress has expanded that market to include internet service providers.
Several states, including Massachusetts, have introduced legislation to reinstate – and in some cases, extend – the Obama-era privacy protections. And, unlike in the case of state efforts to restore net neutrality, privacy protections like Massachusetts’ senate bill 2062 are far more likely to withstand federal preemption challenges and provide enforceable state protections for internet users’ data.
The past few weeks have shown us that the stakes for establishing meaningful limits to corporate surveillance couldn’t be higher. By encouraging state lawmakers to step in to protect internet privacy and limit the use of our data by service providers, we can take a first step toward an internet where users aren’t forced to choose between data exploitation and the ability to live their digital lives.
- Salome Viljoen is a fellow in the Privacy Initiatives Project at the Berkman Klein Center for Internet and Society
Since you're here…
… we have a small favour to ask. More people are reading and supporting our independent, investigative reporting than ever before. And unlike many news organisations, we have chosen an approach that allows us to keep our journalism accessible to all, regardless of where they live or what they can afford.
The Guardian’s model for open, independent journalism is working and it’s inspiring – thank you. Readers’ support powers our work, giving our reporting impact and safeguarding our essential editorial independence. This means the responsibility of protecting independent journalism is shared, enabling us all to feel empowered to bring about real change in the world. Your support gives Guardian journalists the time, space and freedom to report with tenacity and rigor, to shed light where others won’t. It emboldens us to challenge authority and question the status quo. And by keeping all of our journalism free and open to all, we can foster inclusivity, diversity, make space for debate, inspire conversation – so more people, across the world, have access to accurate information with integrity at its heart.
The Guardian is editorially independent, meaning we set our own agenda. Our journalism is free from commercial bias and not influenced by billionaire owners, politicians or shareholders. No one edits our editor. No one steers our opinion. This is important as it enables us to give a voice to those less heard, challenge the powerful and hold them to account. It’s what makes us different to so many others in the media, at a time when factual, honest reporting is critical.
Every contribution we receive from readers like you, big or small, goes directly into funding our journalism. This support enables us to keep working as we do – but we must maintain and build on it for every year to come. Support The Guardian from as little as $1 – and it only takes a minute. Thank you.
View all comments >
comments (56)
Sign in or create your Guardian account to join the discussion.
As I understand it, the big problem with cambridge analytica is that they're going to try to target adverts to make you vote for bad men.
So I save myself 50 quid because i don't believe the hype.
If you don't want a friendly warning when doing piracy in the UK a VPN is worth it. I also like to make life as awkward as possible for the guys at GCHQ etc, although I realise I'm deluding myself on that score really.
So you are saying that you are not among, or close to, the mean when it comes to social psychological phenomenon and its effects on human behavior? That may well be true, but you should be terrified at what the effect is on non-outliers (the statistical "everybody else")---they may determine your future.
Western Democracies have had a greater level of surveillance on you since the 1990's. PROMIS,Snowden etc should make everyone realise that data collection now is greater than all previous Fascist Dictatorships throughout history. And this is sold on to r controlled by multi-nationals to maintain obscene pricing, coerced lobbying of governments, spying on foreign tech etc very little is used on fighting terrorism or white collar crime or multinational arms or drug deals.
Soviets.
I somewhat surprised at the level of naivete concerning surveillance on the internet. The internet has always been subject to a high degree of such monitoring. Indeed, in the pre-public era (i.e. before 1995) emails and other communications were inspected from time to time to ensure people weren't using the internet for personal of commercial purposes. Such network monitoring and surveillanvce is nothing new & it will continue for as long as their are computer networks.
The rule has remained the same since the beginning: Once the data leaves your host and/or network, it's no longer yours & will be subject to whatever monitoring is imposed by other hosts and/or networks. Just because you might be browsing the web from the privacy of your own home does not entail that the networks and hosts you are accessing are private as well--nor should you expect them to be. They aren't yours.
Perhaps, but it was clearly understood at that time that the internet was DARPA and used by the military, educational institutions, and industry. We had no allusions of privacy, it was just... cool. Do you remember Archie? If you think that's a persons name then you haven't been on the internet as long as I have.
And one more thing.... I remember that we all thought it sucked when Compuserve gained access to our sanctuary. All of the un-moderated news groups that were completely dependent on user netiquette went straight to hell. All of a sudden there was this big flood of pedestrian users and it was a chaos of spam and stupidity.
When I first started on it (I was rather young then, so it's a bit hazy), NSFNet formed the core of the Internet. By that time DARPANET & MILNET (both of which proceeded the Internet) were connected to it along with various other networks.
Which is why I'm not quite sure where this idea of privacy finds it's origin. It seems that as soon as people started signing up to commercial dialup services & started accessing it from their homes (rather than from the office), they began to nurture these ideas of privacy. The nature of the internet itself didn't really change then, just the locations whence people connected to it--and hence the expectations.
It was a search engine for public FTP sites (and Gopher too, if I recall correctly). I don't recall ever using it.
This is an exaggeration. Most of the data going over the line is encrypted nowadays. So while ISPs can gather data about your destination IP addresses, they don't know what you are sending or receiving. For example, although they might know that you are visiting Facebook, they don't know what you are doing on Facebook (as Facebook itself does). They might now you are visiting Netflix or Youtube, but as for the movies & clips you are streaming? Again, that's all encrypted going over the line, so ISPs don't know. What you search on Google? Again, google.com is secure HTTP as well, so it's all encrypted.
Your ISP can log each site you visit, this is the type of data they can acquire and sell. Even if you have a VPN, they will still see you access their DNS lookup (with a VPN IP address) for every site you go to unless you change the DNS lookup to use something that's publicly available like Google's DNS (8.8.8.8).
Yes, but as I said, they cannot know what you are actually doing on this or that website or any other service for that matter (provided that the connection is encrypted, which is usually the case nowadays). They certainly cannot access data related to online banking (which is always encrypted), as the article seemed to imply with its talk of knowing about your mortgage. As I said, the claim I cited above is an exaggeration.
A lot of the VPN services will automatically update your resolver to use their own nameservers. That's usually listed as one of their selling points. Even if you did continue to use an ISP nameserver, matching the DNS lookups coming from the VPN server IP to you would not be a trivial task.
And then of course Google can track it. It should also be pointed out that DNS is not encrypted by default, which means that ISPs can intercept this traffic regardless of what nameserver you use (unless of course your using a VPN or something of the sort).
I do have a VPN and hard code my DNS to Google. The DNS request does go through the VPN so they only get to see the VPN's IP
How about the Facebook user gets privacy protection in exchange for a paying subscription? But of course that wouldn't be fair because of money privilege or something, so it's best to let government control the data so only. After all, we can trust them to do what's best for us, right?
...so only they have access to it.
I run a proxy app called Netshade, it's under a tenner per year IIRC, let's you choose what country you want to appear to be in, so my ISP sees me connected to the same few IP addresses and that's it.
yeah, and anyone who thinks this info isn't farmed by Google or Facebook is kidding themselves. kinda like the "militia" in the US with their gun stockpiles, so sure the government is unaware of them...
Buying a vpn is simply the cost of using the internet, unfortunately. Combine that with a privacy focused browser and good internet hygiene habits (expelling cookies regularly etc), and you at least have a basic degree of privacy.
but... people agree to almost all the surveillance by agreeing to the Terms & Conditions. privacy is seemingly not valued by people, or less valued than finding the lowest price for dog food, or finding the best Thai place in Brooklyn, or knowing what all your "friends" are doing all.the.damned. time. sad, but please stop baling the "tech companies" for getting you to buy in to their products and services. maybe opting out is not doable in today's world, but signing over your life at the other extreme is hardly necessary either. consumers could force change if they wanted, by boycotting products (or by other means), but that would involve a level of participation and thought that most won't apply to their lives. ironically, they'd rather let Google do their thinking for them...
"...by agreeing to the Terms & Condition" ---- the mythology of choice. Where is the power here?
I am behind 7 proxies and are unhackable. Your move hacker idiots.
Makes me wonder if you have Hillary's 30 000 deleted emails?
Or, perhaps casually hanging out in an Ecuadorian Embassy?
What are you really hiding?
Let's just say I know what happened to the crew of the Mary Celeste.
Please do tell all, was it aliens?
& what about Flight 19?
VPNs and Tor is all very fine but does anyone really know who runs and develops them? I mean really know.
You know who. If you use them you are on a watchlist. Don't change any behaviour patterns Oran algorithm is activated. Secret courts. Secret laws. No habeus corpus. Rendition. Execution without trial. So-called democracy? Only a fool would believe anymore...
If they're open-source then "really know" is irrelevant since many eyes scrutinize the source code. And with many eyes, all bugs - and backdoors - are shallow.
So what is the Guardian doing? Oh they data mine you. That's spying as well.
You have no frakin credibility.
You do understand the guardian gets paid via advertising, the same as facebook. The internet providers already get paid for providing their service, the shouldn't get to exploit you data further.
so my VPN subscription is well worth its cost.
"Facebook's surveillance is nothing compared with Comcast, AT&T and Verizon"
imo
Every corp with the budget—pretty much all of them—is in that bucket.
While it may be true that tech giveth and tech taketh away, tech never gives security or privacy.
imo
Well, you seem to have accepted the "popular narrative" that this is a Cambridge Analytica problem. That makes it seem that you haven't analysed this independently. Firstly it wasn't CA, it was Kogan/Spectre who signed the deal with FB. Secondly there are probably hundreds of thousands of others who have done much the same but weren't the target of the machine that launched this "version" of reality.
Then there's no mention of Google. In many ways their reach exceeds that of FB and the ISP's you mention. Their's is not a theoretical situation, they already watch much of the world. There are of course more beyond that too.
The article is misleading.
duckduckgo is a workable solution to googles snooping
Maybe because the focus of the article was on what the ISP's can gather as opposed to your particular obsession of corporate metadata.
https://www.independent.co.uk/life-style/gadgets-and-tech/news/investigatory-powers-bill-act-snoopers-charter-browsing-history-what-does-it-mean-a7436251.html
Corporate slime....all of them.....and we want to reduce the power of unions????
Who else will stand up to these monsters?
funny
I don't know where this whole selling of data thing to advertisers is going to end up. I suspect it's going to end up with paying to use Facebook. As for Google, I suspect they are going to regulated within an inch of their profit lines. With ISPs, I suspect people will demand public utilities provide them an alternative ISP paid for with taxes. Of course, everything will get worse before it gets better. Right now, I am willing to pay more taxes for an advertising free ISP.
" “Choosing” not to use an internet provider to avoid surveillance is not really a choice at all"
NOT TRUE. Use an encrypted VPN and all they know is you are using a VPN. The VPN provider knows what you are doing but there is real choice in VPN providers.
Didnt think Comcast, AT&T and Verizon were players in the Australian market. However - we have legislated for out carriers to collect info on us. Came in as part of a trade deal with the U.S to stop illegal downloads.
All US parties interested in this topic should learn about CALEA, a law that requires telecommunications providers to make and keep records of your communications activities and provide technical support for government monitoring of subscribers activities, including wiretap
http://www.subsentio.com/calea-affairs/faqs-on-calea-compliance/
"Are Internet Service Providers Subject to CALEA?
Yes. As long as the ISP provides paying subscribers with access to the public Internet it is subject to CALEA."
Check out 1.1.1.1 for a possible free solution to the ISP issue.
aren't you missing the point?
ATT is an observer, Facebook is an active participant in undermining our political system
2 HUGE differences between telecoms and facebook
1 telecoms like AT&T etc are regulated where as facebook is not....specifically dealing with personal info is heavily regulated by governments of the telecoms
2 facebook sells/shares everyones personal info to others where as telecoms do not. The only ones telecoms can share info with is governments / police forces if a warrant is provided by a judge
comparing AT&T etc vs facebook handling of personal info is an apples to oranges comparison as well as a known talking point directly from cambridge analytics & facebook
Sign in or create your Guardian account to recommend a comment