Which ISPs Are Spying on You?

J

Julian

Which ISPs Are Spying on You?
http://www.wired.com/politics/onlinerights/news/2007/05/isp_privacy
The few souls that attempt to read and understand website privacy policies
know they are almost universally unintelligible and shot through with clever
loopholes. But one of the most important policies to know is your internet
service provider's -- the company that ferries all your traffic to and from
the internet, from search queries to BitTorrent uploads, flirty IMs to porn.

Wired News, with help from some readers, attempted to get real answers from
the largest United States-based ISPs about what information they gather on
their customers' use of the internet, and how long they retain records like
IP addresses, e-mail and real-time browsing activity. Most importantly, we
asked what they require from law-enforcement agencies before coughing up the
data, and whether they sell your data to marketers.

Only four of the eight largest ISPs responded to the 10-question survey,
despite being contacted repeatedly over the course of two months. Some ISPs
wouldn't talk to us, but gave answers to customers responding to a call for
reader help on Wired's Threat Level blog.

Marc Rotenberg, the executive director of the Electronic Privacy Information
Center, says ISPs should be more circumspect about keeping user data.
Maintaining detailed data for long periods of time makes any internet
company a huge target for law enforcement fishing expeditions.

"From a user perspective, the best practice would be for ISPs to delete data
as soon as possible," Rotenberg said. "(The government) will treat ISPs as
one-stop shops for subpoenas unless there is a solid policy on data
destruction," Rotenberg said.

The results:

AOL, AT&T, Cox and Qwest all responded to the survey, with a mix of
timeliness and transparency.

But only Cox answered the question, "How long do you retain records of the
IP addresses assigned to customers."

These records can be used to trace an internet posting, website visit or an
e-mail back to an ISP's customers. The records are useful to police tracking
down child-porn providers, and music-industry groups use them to sue file
sharers. Companies have also used the records to track down anonymous
posters who write unflattering comments in stock-trading boards.

Cox's answer: six months. AOL says "limited period of time," while AT&T says
it varies across its internet-access offerings but that the time limits are
all "within industry standards."

Comcast, EarthLink, Verizon and Time Warner didn't respond.

Some of the most sensitive information sent across an ISP's network are the
URLs of the websites that people visit. This so-called clickstream data
includes every URL a customer visits, including URLs from search engines,
which generally include the search term.

AOL, AT&T and Cox all say they don't store these URLs at all, while Qwest
dodged the question. Comcast, EarthLink, Verizon and Time Warner didn't
respond.

When asked if they allow marketers to see anonymized or partially-anonymized
clickstream data, AOL, AT&T and Cox said they did not, while Qwest gave a
muddled answer and declined to answer a follow-up question. Comcast,
EarthLink, Verizon and Time Warner didn't respond.

This question was prompted by hints at a web-data conference last March that
ISPs were peddling their customer's anonymized clickstream data to web
marketers. Anonymization of data such as URLs and search histories is not,
however, a perfect science. This became clear last summer when AOL employees
attempted to provide the search-research community with a large body of
queries that researchers could mine to improve search algorithms. AOL
researchers replaced IP addresses with different unique numbers, but news
organizations quickly were able to find individuals based on the content of
their queries.

Wired News also asked the companies if they have been in contact or
discussions with the government about how long they should be keeping data.
The Justice Department, along with some members of Congress, are pushing for
European Union-style data-retention rules that would require ISPs to store
customer information for months or years -- a measure law enforcement says
is necessary to prosecute computer crimes, such as trading in child
pornography.

ISPs were nearly universally reluctant to talk about any conversations or
meetings they have had with federal officials. AOL had no comment, Qwest
dodged the question, AT&T wouldn't say, but noted it would broach the issue
with the government as part of an industry-wide discussion. For its part,
Cox says it has not been contacted.

As for whether they oppose data retention: Qwest said that the market should
decide how long data is kept, while Cox was "studying the issue"; AOL is
working with the industry and Congress, and AT&T is "ready to work with all
parties."

Internet surveillance recently got easier, as the deadline passed last week
for ISPs to equip their networks to federal specifications for real-time
surveillance of a target's e-mails, VOIP calls and internet usage -- as well
as data like IP address assignment and web URLs. While law enforcement
currently prefers to ask for stored internet records rather than get
real-time surveillance, that balance may shift once the nation's networks
are wired to government surveillance standards.
 
G

Guest

Julian,
What a great article. Being by nature a conspiracy kind of guy, you have
whet my appetite for more info.
You seem to be saying that some service providers are going beyond the
call of duty and legal requirements to help law enforcement, and make a few
bucks selling information on the side.
My view is that the provider's loyalty should be to their customer.
Would you provide some generalized advice as to what constitutes violation
of law? I know it varies from state to state, and country to country.
For instance, just having records of someones web-surfing wouldn't lead to
charges, would it? Wouldn't actually saving to hard-drive or CD or DVD, for
instance, be required to be a violation?
Now you've got me wondering why Microsoft's Vista, and possibly XP,
doesn't have a setting for History to not show. Setting to "zero days" does
not work. It has to be manually deleted. If you remember!
Are they in on it too?
Look forward to reading more from you.
Thanks, Wayne.
 
J

Julian

Wayne L. said:
Julian,
What a great article. Being by nature a conspiracy kind of guy, you have
whet my appetite for more info.
You seem to be saying that some service providers are going beyond the
call of duty and legal requirements to help law enforcement, and make a
few
bucks selling information on the side.
My view is that the provider's loyalty should be to their customer.
Would you provide some generalized advice as to what constitutes
violation
of law? I know it varies from state to state, and country to country.
For instance, just having records of someones web-surfing wouldn't lead
to
charges, would it? Wouldn't actually saving to hard-drive or CD or DVD,
for
instance, be required to be a violation?
Now you've got me wondering why Microsoft's Vista, and possibly XP,
doesn't have a setting for History to not show. Setting to "zero days"
does
not work. It has to be manually deleted. If you remember!
Are they in on it too?
Look forward to reading more from you.
Thanks, Wayne.

I just cut and pasted it from Wired Magazine.
You could sunscribe to, or at least search that site
for fuirther discussions on the topic or look into
the Electronic Frontier Fouindation http://www.eff.org/

ps Zero days is just shorthand for... "forever".
One day is the minimum and that is for your own benefit.
 
G

Guest

Julian, Thanks for your response. The site you gave is a bit much. It's for
another day.
Is there a more suitable forum for this topic that you can suggest? This
is Windows Mail after all?
Thanks, Wayne. PS - Microsoft's "zero" def. is not in Wikepedia!



Wayne L.
 
J

Julian

Wayne L. said:
Julian, Thanks for your response. The site you gave is a bit much. It's
for
another day.
Is there a more suitable forum for this topic that you can suggest? This
is Windows Mail after all?

A conveniet way to find fora you are inetrested in is a keyword search of
your newsgroup list or, perhaps more 'tunable" a Google Groups search
specifying keywords or interest.

Here for example is a starting point searching on
Electronic Frontier Foundation....

http://groups.google.co.uk/groups/search?hl=en&q=Electronic+Frontier+Foundation&qt_s=Search

or conspiracy

http://groups.google.co.uk/groups/search?hl=en&q=conspiracy
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top