“As the FCC moves toward a formal rulemaking on broadband privacy, it should consider the implications of what it uncovered in this investigation on children’s advertising”.
For years Verizon Wireless has been inserting unique identifier headers (UIDH) – known as “supercookies” – into its customers’ mobile Internet traffic.
After an initial backlash, Verizon allowed customers to opt out of its supercookie tracking program about a year ago. Supercookies are persistent, are always tied to your Verizon account, and originally were implemented for all customers – there was no opt-in or opt-out, supercookies followed you no matter where you went. While the FCC politely lauds Verizon’s cooperation in the investigation, these kinds of consumer protections are precisely what Verizon was trying to stop when it sued to cripple net neutrality (both in 2010 and again last year). While a federal appeals court mostly sided with Verizon, the ruling upheld the transparency rule that Verizon violated with its supercookies. But news reports in January 2015 claimed that a Verizon partner had used super cookies for unauthorized purposes, effectively overriding customers’ privacy choices. But Verizon’s decision to covertly fiddle with packets and track tens of millions of customers without bothering to tell any of them indicates just how well that plan actually worked in practice. Verizon uses them to deliver targeted ads to cellphone customers.
The FCC settlement says Verizon customers have to choose to opt in before the company shares the consumer data with a third party. “We will continue to give customers the information they need to decide what programs and services are right for them”.
The settlement is the second of the agency’s Open Internet enforcement actions.