What Does Your Internet Provider Know About You?

By Ken Silva
Ken Silva
Ken Silva
Ken Silva covers national security issues for The Epoch Times. His reporting background also includes cybersecurity, crime and offshore finance – including three years as a reporter in the British Virgin Islands and two years in the Cayman Islands. Contact him at ken.silva@epochtimes.us
November 8, 2021 Updated: November 10, 2021

Much attention has been paid to the pervasive surveillance that consumers face from social media companies, but a recent study from the Federal Trade Commission (FTC) suggests that internet providers may know just as much, if not more, about their users.

Differing from social media platforms and other websites, internet service providers (ISPs) give their customers access to the infrastructure powering the internet. As such, ISPs have access to all unencrypted internet traffic taking place on their networks.

Because ISPs own and operate internet infrastructure, there’s little that consumers can do to prevent them from collecting personal data, according to an Oct. 21 FTC report.

“Unlike many other entities, these ISPs have access to each of the websites a consumer visits, and they can target based on subscriber information,” the report reads, also using the analogy of how recipients of mail can’t hide their address from a letter carrier.

“Notably, unlike traditional ad networks whose tracking consumers can block through browser or mobile device settings, consumers cannot use these tools to stop tracking by these ISPs, which use ‘supercookie’ technology to persistently track users.”

This state of affairs has led to what the FTC has called “troubling” data collection practices among these companies, including mixing data across product lines; combining personal, app usage, and web browsing data to target ads; placing consumers into sensitive categories, such as race and sexual orientation; and sharing real-time location data with third parties.

The ability for ISPs to granularly track consumers is heightened further by the fact that many of them offer various other services, such as video streaming, content creation, advertising, email, search, and wearables, according to the report.

For example, Google offers Gmail and YouTube, while also operating the internet provider Google Fiber in many parts of the country. Additionally, ISP Comcast owns NBC Universal, Verizon purchased AOL in 2015 before selling it earlier in 2021, and Amazon received approval in 2020 to deploy and operate 3,236 satellites to deliver broadband services in the United States.

“This rapid consolidation has allowed ISPs to access and control a much larger and broader cache of consumer data than ever before, without having to explain fully their purposes for such collection and use, much less whether such collection and use is good for consumers,” the report reads.

“This means a single ISP has the ability to track the websites their subscribers visit, the shows they watch, the apps they use, their energy habits, their real-time whereabouts and historical location, the search queries they make, and the contents of their email communications.”

According to the report, one ISP told the FTC that it doesn’t combine data from its various services, but three other ISPs admitted to doing so. The report is based on information provided by six major ISPs: AT&T, Verizon Wireless, Charter Communications Operating, Xfinity, T-Mobile U.S., and Google Fiber. The report doesn’t state which specific ISPs engage in specific data-collection practices.

The ability for ISPs to monetize data was enhanced following the approval of a joint resolution by Congress in 2017, repealing Federal Communications Commission (FCC) rules that prohibited ISPs from selling consumer personal information. ISPs had argued for the repeal of the rules on the grounds that they should be on equal footing with other internet operators.

Some states have responded with laws seeking to regulate how ISPs use data. Maine approved a law in 2019 preventing ISPs from using, disclosing, selling or permitting access to customer personal information unless customers give them consent to do so.

The report doesn’t make any policy recommendations, but FTC Chair Lina Khan suggested in a statement that further antitrust scrutiny should be placed on ISPs that offer a variety of other services.

“Internet service providers today have access to not only what websites you visit and your location at any given moment but also the content of the emails you write, the videos you stream, and the devices you wear,” Khan said.

“The ways in which expansion across markets enables firms to combine highly sensitive–and, often, highly valuable–commercial data underscores the need for us to consider in our merger review process how certain deals may enable degradation of user privacy.”

As for consumers, the report suggests that they could protect their privacy from ISPs by using virtual private networks (VPNs)—tools that provide what amounts to a private, encrypted network over the public internet. However, the report notes that only about 6 percent of Americans use VPNs because most are subscription services.

Ken Silva
Ken Silva covers national security issues for The Epoch Times. His reporting background also includes cybersecurity, crime and offshore finance – including three years as a reporter in the British Virgin Islands and two years in the Cayman Islands. Contact him at ken.silva@epochtimes.us