Where is the line?
April 20, 2010 5:08 PM
What legal barriers prevent ISPs from violating their users' privacy?
I was recently surprised to learn that companies like Hitwise and Compete are buying "clickstream" data from ISPs.
Assuming that their privacy policies don't, what legally prevents ISPs from selling other information about my internet use (IM logs, email headers, contents, etc) to 3rd parties?
I was recently surprised to learn that companies like Hitwise and Compete are buying "clickstream" data from ISPs.
Assuming that their privacy policies don't, what legally prevents ISPs from selling other information about my internet use (IM logs, email headers, contents, etc) to 3rd parties?
There's a current push for more clearly defined privacy guidelines and laws for ISPs and other online companies. here's a blog post from google (obviously an interested party, so take with a grain of salt). There's been other news recently -- you can get some from that blog post, or googling for other public comments in response to the FTC series.
posted by mercredi at 7:09 PM on April 20, 2010
posted by mercredi at 7:09 PM on April 20, 2010
(Not anything like a lawyer.)
Basically contract law. When you signed up with them what have they said they wouldn't do in the contract? If they violate that you will have legal recourse.
One possible exception is if the account is owned or managed by someone under 13. Selling and marketing to kids in the US is covered by COPPA which is a little more strict on what and how you can collect from kids.
posted by Ookseer at 12:17 AM on April 21, 2010
Basically contract law. When you signed up with them what have they said they wouldn't do in the contract? If they violate that you will have legal recourse.
One possible exception is if the account is owned or managed by someone under 13. Selling and marketing to kids in the US is covered by COPPA which is a little more strict on what and how you can collect from kids.
posted by Ookseer at 12:17 AM on April 21, 2010
FYI: ISPs can't extract any information that's encrypted, so they can't see any https:// connections.
(they can only get the IP address, and the size. But size can be a problem. It's actually possible to see what someone is typing into, say, a search query with a suggestion box by looking at the size of the information returned, even if the connection is encrypted)
Chat is an interesting question. I kind of doubt ISPs would try to analyze/monetize that because the risks if people found out would be pretty huge. But I don't think most chat programs use encryption.
posted by delmoi at 3:52 AM on April 21, 2010
(they can only get the IP address, and the size. But size can be a problem. It's actually possible to see what someone is typing into, say, a search query with a suggestion box by looking at the size of the information returned, even if the connection is encrypted)
Chat is an interesting question. I kind of doubt ISPs would try to analyze/monetize that because the risks if people found out would be pretty huge. But I don't think most chat programs use encryption.
posted by delmoi at 3:52 AM on April 21, 2010
I work for a small to medium sized service provider, but I'm not speaking on their behalf...
The biggest barrier to doing anything with your, or anyone's, information is that there's a whole lot of it. Even if we were interested in trying to do something with your data (trust me, we're not), it'd be like trying to find a specific needle in a fast moving sea of needles.
I'm sure that the very large service providers probably pay people to think about ways of monetizing the shit out of the mundane (things like DNS hijacking come to mind). Hitwise and Compete have never contacted us as far as I know, and even if they did I can't imagine us agreeing to help them or how useful the information would be if we did. At best they could generalize things like "People seem to really like this Justin Bieber kid."
posted by togdon at 8:38 AM on April 21, 2010
The biggest barrier to doing anything with your, or anyone's, information is that there's a whole lot of it. Even if we were interested in trying to do something with your data (trust me, we're not), it'd be like trying to find a specific needle in a fast moving sea of needles.
I'm sure that the very large service providers probably pay people to think about ways of monetizing the shit out of the mundane (things like DNS hijacking come to mind). Hitwise and Compete have never contacted us as far as I know, and even if they did I can't imagine us agreeing to help them or how useful the information would be if we did. At best they could generalize things like "People seem to really like this Justin Bieber kid."
posted by togdon at 8:38 AM on April 21, 2010
This thread is closed to new comments.
posted by Rhomboid at 6:00 PM on April 20, 2010