On paper this law doesn’t change anything since the FCC privacy rules never went into effect. However, even before the prior FCC adopted the privacy rules they had been confronting ISPs over privacy issues which kept the biggest ISPs from going too far with using customer data. Just the threat of regulation has curbed the worst abuses.
How will the big ISPs be likely to now use customer data? We don’t have to speculate too hard because some of them have already used customer data in various ways in the recent past, all of which seem to be allowable under this new law.
Selling Data to Marketers. This is the number one opportunity for big ISPs. Companies like Facebook and Google have been mining customer data, but they can only do that when somebody is inside their platforms – they have no idea what else you do outside their domains. But your ISP can know every keystroke you make, every email your write, every website you visit, and with a cellphone, every place you’ve been. With deep data mining ISPs can know everything about your on-line life.
We know some of the big ISPs have already been mining customer data. For example, last year AT&T offered to sell connections that were not monitored for a premium price. AT&T also has a product that has been selling masses of customer phone and data usage to federal and local law enforcement. Probably other ISPs have been doing this as well, but this has been a well-guarded secret.
Inserting Ads. This is another big revenue opportunity for the ISPs. The companies will be able to create detailed profiles of customers and then sell targeted advertising to reach specific customers. Today Google and a few other large advertising companies dominate the online advertising business of inserting ads into web sites. With the constraints off, the big ISPs can enter this business since they will have better customer profiles than anybody else. We know that both AT&T and Charter have already been doing this.
Hijacking Customer Searches. Back in 2011 a bunch of large ISPs like Charter, Frontier and others were caught hijacking customer DNS searches. When customers would hit buttons on web sites or on embedded links in articles the ISPs would sometimes send users to a different web site than the one they thought they were selecting. The FCC told these companies to stop the practice then, but the new law probably allows the practice again.
Inserting Supercookies. Verizon Wireless inserted Supercookies on cellphones back in 2014. AT&T started to do this as well but quickly backed off when the FCC came down hard on Verizon. These were undetectable and undeletable cookies that allowed the company to track customer behavior. The advantage of the supercookies is that they bypass most security schemes since they grab customer info before it can be encrypted or sent through a secure connection. For example, this let the company easily track customers with iPhones.
Pre-installing Tracking Software on Cellphones. And even better than supercookies is putting software on all new phones that directly snags data before it can be encrypted. AT&T, T-Mobile and Sprint all did this in the past – just using a different approach than supercookies. The pre-installed software would log things like every website visited and sent the data back to the cellular carriers.