The FCC is on the cusp of proposing new rules for the internet, and it may have a chance to kill two birds with one stone: along with preserving so-called “net neutrality,” the rules could serve to stop the use of “supercookies” that phone carriers like Verizon are using to track their wireless subscribers.
In case you’re unfamiliar, supercookies are akin to regular internet cookies, which advertisers use to create a record of users’ browser activities. The difference is that the supercookies are tied to a users’ mobile device at a network level, and create a permanent customer profile that can’t be deleted. The profiling process not only tracks web browsing, but also app activities, and it can’t be thwarted by using a browser’s “private” or “incognito” mode.
Carriers like Verizon use the supercookies to assemble marketing segments such as “low-income Spanish-speaking moms in the Bronx” (for instance), and offer them to advertisers. While this profiling feature can be a boon to marketers, it has also alarmed privacy advocates, who say supercookies are invasive and point out they are being abused by outside ad companies.
After an outcry, phone giant AT&T said in November that it would stop using supercookies. Its rival Verizon, however, has so far rebuffed calls to cease using the tool, known in the industry as unique ID headers, to tag and track users.
Verizon, which declined to comment for this story, has presumably calculated that the value of the marketing data from supercookies outweighs whatever privacy headaches they create. Most consumers, meanwhile, don’t know or care about cookies in the first place, so it’s unlikely that Verizon will suffer any sort of customer exodus.
Enter Title II
Verizon’s support for supercookies could one day lead to class-action lawsuits, as some have suggested. But in the meantime, the FCC may soon be in position to address the privacy implications of what the company is doing.
The opportunity comes about as a result of the current net neutrality debate, which is widely expected to result in the FCC reclassifying internet providers as so-called “Title II” companies.
The Title II designation is the only legal avenue the agency can use to stop broadband companies from favoring some websites over others, but it also contains important authority for the FCC to protect privacy.
“The critical provision is Section 222, which concerns customers’ proprietary network information,” said Harold Feld, a lawyer and telecom expert with the group, Public Knowledge, in a recent phone interview.
Section 222 is one of a list of rules that Title II imposes on phone companies and other “common carriers,” and serves to restrict companies from using customer communications data for marketing purposes.
According to Feld, however, it’s not certain that the FCC would include Section 222 as part of any reclassification process. Chairman Tom Wheeler has suggested that any action under Title II would include so-called forbearance measures, which could excuse the companies from many of the new obligations.
Feld suggested that if the FCC does choose to implement Title II without Section 222, it could fall back on the more general provision known as Section 201, which requires carriers among other things to act in the “public interest.”
The outcome of the final net neutrality debate, slated for a likely FCC vote on February 26, is far from certain. But the emergence of the supercookie issue could provide another argument for net neutrality supporters to urge the FCC to go-ahead with reclassification.