AT&T’s privacy plan may be short-lived and may not even be as bad as we think

5 Comments

AT&T hit a nerve with its privacy-eroding Internet Preferences Plan, which lets customers surf the web at gigabit speeds but also lets the telecom giant see what sites they visit in order to serve up relevant ads. AT&T’s plan may be short-lived, however, if the FCC takes action under its new neutrality rules and, in any case, AT&T may catch less of your web surfing than you fear.

If you’re unfamiliar, the issue arose back in December of 2013 when AT&T launched its GigaPower service in Austin with a footnote in its press release noting that in exchange for giving up their privacy, AT&T gives subscribers a $29 discount. That’s now how AT&T sells its GigaPower plan, which is currently offered in Austin, Texas; Dallas and Fort Worth, Texas; and Raleigh-Durham and Winston-Salem markets; as well as parts of Kansas City, Kansas and Missouri.

But AT&T’s sales pitch deserves a bit more scrutiny. First, the idea that gigabit service should come with a privacy clause that you must opt-into by paying an extra fee each month rubs many people the wrong way. (AT&T charges people $70 a month for its privacy eroding Internet Preferences plan, but $99 a month plus extra fees that eventually totaled $44 a month for a standard plan that lets you surf unseen by Ma Bell.)

The good news is that under Section 222 of Title II of the Communications Act that the FCC recently decided to implement as part of its net neutrality order, the agency can do something about Ma Bell’s plan. Section 222 protects the private information of a customer that carriers are privy to given their position as the providers of telecommunications services, and lays out how that information can be used or shared. It’s not clear if the FCC will choose to implement Section 222, although in the original proposal it has planned on keeping it.

The next question is whether or not the FCC would use it in the case of AT&T’s plan. When I asked the agency, it confirmed that the terms and conditions of any ISP plan would have to be fully disclosed under the FCC’s transparency rules, and Section 222 will require broadband Internet access providers to protect the privacy of their customers. Cynics suggest that the net neutrality ruling took all of the political capital that the agency had, and now it will settle back into complacency, but I suspect that Wheeler has actually shifted his mindset entirely.

And if he has gone to seeing the Internet as a consumer sees it, then my gut says his agency couldn’t ignore a plan like this, especially if a consumer or consumer group filed complaints over AT&T’s plans. Wheeler would very likely take issue with the likely use of deep packet inspection by AT&T to watch where its customers are surfing, and use of economic incentives to essentially coerce customers into accepting this plan.

But, in the meantime, let’s take a look at what AT&T says about its plan to see how bad it really is. I asked AT&T if it was using deep packet inspection, which is the same tool that NebuAd and Phorm tried to use in 2008 here in the U.S. and led to a Congressional hearing. AT&T’s response was evasive.


Note that, under AT&T’s own terms and conditions of the plan, it’s unclear how much of your web surfing Ma Bell can actually track in the first place since more sites have begun using the secure https protocol.

No matter what AT&T is using, it is clear that it will not collect information from secure web sites that use https. When I asked the spokesman relied: “We are not collecting information from secure or otherwise encrypted web sites.” This is actually helpful, because today, more sites outside of the traditional banks and e-commerce shopping carts are using https including Twitter, Google, Yahoo, Bing and Facebook. One reason might be because Google last year let the world know it would use https as a factor when determining how highly a page ranks in its search algorithms.

Still, large portions of the web, from Amazon’s general shopping pages to Wikipedia, as well as many major media sites are not using https, which can cost a lot of time and effort to implement. So while you perform a a search from many of the major search engines (including Duck Duck Go for the truly privacy conscious) you might avoid AT&T’s prying eyes under the plan, but once you land on a non-https page you’ll be back under its scrutiny.

To truly solve the issue, you can pay more and hope that your packets somehow avoid AT&T’s packet sniffing (or are you just avoiding the advertising emails?) or you can write the FCC a letter complaining that AT&T’s Internet Preference Plan invades your privacy in a way you think violates Section 222 of Title II. Or maybe you can hope John Oliver picks up on this story and calls Tom Wheeler a dingo again.

Updated: This post was updated on March 4 to add more cities with GigaPower availability.

5 Comments

Richard Bennett

ISPs know what sites you’re visiting because they route to them via the destination IP address.

The AT&T plan highlights the fact that Google Fiber can keep prices low because they make up the difference on the ads they sell.

Double standard.

XavierZen

You would think that a journalist would take the time to research the topic they are writing about. The Author says that AT&T GigaPower is only offered in Austin, TX, and Kansas City, KS. But according to the AT&T website, services are also offered in Raleigh, NC, Winston-Salem, NC, Dallas, TX, and Ft. Worth, TX. I also see where they have named many other cities who will be getting GigaPower…none of which are mentioned in the article.

Stany Rod

why is AT&T snooping bad, while Google, Microsoft and Yahoo’s model to monetize is dependent on reading through you e-mail content and the website you visit if you use their sign-on. Why this double standards.

Stacey Higginbotham

IT’s not a double standard, just a subtle one. I object to AT&T spying on customers at the packet level for two reasons. The first is people already pay for this service ad presumably already pay for privacy, so charging them twice in effect rubs me the wrong way. Two, the market isn’t exactly competitive. Google is in some of these markets with Gigabit service, but it may not serve these exact homes, so there is likely in some of the cases no alternative to Gigabit service or possibly even superfast broadband. Thus, AT&T is the sole provider and is coercing customers economically to give up their privacy to obtain a service they can’t get otherwise.

In the case of Google and others, they are monitoring you at the application layer, where you can preserve your privacy by switching providers, taking some preventative means such as blocking cookies or trying to install ad-blocking software (it depends on the service). Also, those services are free, and in the paid versions of Google’s Apps you don’t get ads for example.

Comments are closed.