AT&T hit a nerve with its privacy-eroding Internet Preferences Plan, which lets customers surf the web at gigabit speeds but also lets the telecom giant see what sites they visit in order to serve up relevant ads. AT&T’s plan may be short-lived, however, if the FCC takes action under its new neutrality rules and, in any case, AT&T may catch less of your web surfing than you fear.
If you’re unfamiliar, the issue arose back in December of 2013 when AT&T launched its GigaPower service in Austin with a footnote in its press release noting that in exchange for giving up their privacy, AT&T gives subscribers a $29 discount. That’s now how AT&T sells its GigaPower plan, which is currently offered in Austin, Texas; Dallas and Fort Worth, Texas; and Raleigh-Durham and Winston-Salem markets; as well as parts of Kansas City, Kansas and Missouri.
But AT&T’s sales pitch deserves a bit more scrutiny. First, the idea that gigabit service should come with a privacy clause that you must opt-into by paying an extra fee each month rubs many people the wrong way. (AT&T charges people $70 a month for its privacy eroding Internet Preferences plan, but $99 a month plus extra fees that eventually totaled $44 a month for a standard plan that lets you surf unseen by Ma Bell.)
The good news is that under Section 222 of Title II of the Communications Act that the FCC recently decided to implement as part of its net neutrality order, the agency can do something about Ma Bell’s plan. Section 222 protects the private information of a customer that carriers are privy to given their position as the providers of telecommunications services, and lays out how that information can be used or shared. It’s not clear if the FCC will choose to implement Section 222, although in the original proposal it has planned on keeping it.
The next question is whether or not the FCC would use it in the case of AT&T’s plan. When I asked the agency, it confirmed that the terms and conditions of any ISP plan would have to be fully disclosed under the FCC’s transparency rules, and Section 222 will require broadband Internet access providers to protect the privacy of their customers. Cynics suggest that the net neutrality ruling took all of the political capital that the agency had, and now it will settle back into complacency, but I suspect that Wheeler has actually shifted his mindset entirely.
And if he has gone to seeing the Internet as a consumer sees it, then my gut says his agency couldn’t ignore a plan like this, especially if a consumer or consumer group filed complaints over AT&T’s plans. Wheeler would very likely take issue with the likely use of deep packet inspection by AT&T to watch where its customers are surfing, and use of economic incentives to essentially coerce customers into accepting this plan.
But, in the meantime, let’s take a look at what AT&T says about its plan to see how bad it really is. I asked AT&T if it was using deep packet inspection, which is the same tool that NebuAd and Phorm tried to use in 2008 here in the U.S. and led to a Congressional hearing. AT&T’s response was evasive.
Note that, under AT&T’s own terms and conditions of the plan, it’s unclear how much of your web surfing Ma Bell can actually track in the first place since more sites have begun using the secure https protocol.
No matter what AT&T is using, it is clear that it will not collect information from secure web sites that use https. When I asked the spokesman relied: “We are not collecting information from secure or otherwise encrypted web sites.” This is actually helpful, because today, more sites outside of the traditional banks and e-commerce shopping carts are using https including Twitter, Google, Yahoo, Bing and Facebook. One reason might be because Google last year let the world know it would use https as a factor when determining how highly a page ranks in its search algorithms.
Still, large portions of the web, from Amazon’s general shopping pages to Wikipedia, as well as many major media sites are not using https, which can cost a lot of time and effort to implement. So while you perform a a search from many of the major search engines (including Duck Duck Go for the truly privacy conscious) you might avoid AT&T’s prying eyes under the plan, but once you land on a non-https page you’ll be back under its scrutiny.
To truly solve the issue, you can pay more and hope that your packets somehow avoid AT&T’s packet sniffing (or are you just avoiding the advertising emails?) or you can write the FCC a letter complaining that AT&T’s Internet Preference Plan invades your privacy in a way you think violates Section 222 of Title II. Or maybe you can hope John Oliver picks up on this story and calls Tom Wheeler a dingo again.
Updated: This post was updated on March 4 to add more cities with GigaPower availability.