FTC Study Highlights How 'Big Telecom' Privacy Practices Are Even Worse Than 'Big Tech'

I've noted for a few times that the very obvious dysfunction in "big tech" has proven to be the gift that keeps on giving for "big telecom." While tech giants like Google, Amazon, and Facebook get the entirety of (often very justified) attention for dodgy business practices and terrible judgement, telecom has basically been forgotten in the DC Policy conversation. While lawsuits and Congressional posturing all focus on expanding oversight of "big tech," "big telecom" and "big media" have been able to lobotomize most of the oversight of its own businesses, despite engaging in all the same (and sometimes worse) dubious business practices.

An FTC report on privacy reiterated that forgetting about telecom and media was a mistake. The FTC's latest report on privacy noted largely what most people knew: telecom and cable companies collect an absolute ocean of data on U.S. consumers, then "sell" access to that data to third parties (they usually just call it something else) without being clear about it. They then provide users with opt out and transparency tools that are intentionally cumbersome, if they work at all. This data then bounces around the internet creating potential harm and abuse among countless parties, whether stalkers, law enforcement, people pretending to be law enforcement, or other corporations.

The FTC found that many ISP and cable companies "privacy policies" are utterly theatrical in nature. As in they're designed to be so cumbersome as to deter people from using them (which companies then use as evidence that consumers "don't care about privacy"). Other times the "opt out" tools don't work at all, and in some cases they result in even more user data being collected. None of this is made particularly clear to the end user:

"...rapid consolidation has allowed ISPs to access and control a much larger and broader cache of consumer data than ever before, without having to explain fully their purposes for such collection and use, much less whether such collection and use is good for consumers."

The FTC correctly noted that as network operators, ISPs and cable companies have access to way more data than even tech giants, app makers, or advertising companies. This includes DNS data, browsing data, clickstream data (how long you spend on each site down to the second), behavioral ad information, location data, race and ethnicity data, data on which TV programs you watch, and more. The report is quick to bring up the repeated location data scandals that have plagued the wireless industry, as well as the "zombie cookie" scandals at Verizon (and briefly AT&T) that involved embedding tracker headers in each user data packet to track them around the internet (again without informing them or letting them opt out):

"Unlike traditional ad networks whose tracking consumers can block through browser or mobile device settings, consumers cannot use these tools to stop tracking by these ISPs, which use supercookie' technology to persistently track users," the FTC report said.

ISPs and cable companies will usually tell the press, lawmakers, and regulators they don't "sell" access to this data, but they still technically do. They simply call the practice something else.

Like a network security, auditing, or marketing company will get access to "anonymized" (a worthless term) user datasets as part of a broader contract for "security consultation," "marketing and brand awareness," or "strategic consultation." That company will get a bit more money for whatever their broader contract is, while also often being allowed to sell that data out the back door. It's not technically "selling access to your data" because they've actively just called it something else, knowing that U.S. regulators are too feckless and understaffed to dig through a tangled web of intentional complication.

Of course the FTC's report on the terrible privacy practices of the telecom industry is just a report. Actually doing something about the problem is another issue entirely. And every time we've tried to do something about the problem, lobbyists scuttle it in pretty short order (like those FCC broadband privacy rules killed by a heavily-lobbied Congress before they could even take effect, or even a basic federal privacy law). And, more recently, with telecom and media giant lobbying encouragement, the entirety of DC is so fixated exclusively on the problems with tech giants, telecom and media reform has effectively been forgotten entirely.