June 20, 2008
Legal
No Comments
Every American has heard of the concept we call “Freedom of Speech.” It is specifically listed in the First Amendment to the U.S. Constitution, and is the cornerstone of the Bill of Rights. The First Amendment actually covers five specific freedoms, those being:
- The freedom of religion
- Freedom of speech
- Freedom of the press
- Freedom of assembly
- Freedom to petition the government for redress of grievances
All five of these are important because they lay the groundwork for all of our other freedoms. Without the right to speak our minds there is no debate. Without the right to gather together to address issues nothing can be changed. The Supreme Court has also repeatedly upheld another “freedom” not specifically enumerated in the Constitution, the “freedom of association.”
Freedom of association is mandatory to the function of free speech because in many cases people can only exercise their freedom of speech when in groups or otherwise associating with others. It is similar to the freedom of assembly, but different in that “freedom of association” does not necessarily require individuals to actually meet physically or even gather to discuss a matter. When you order a book from Amazon.com you are exercising your freedom of association with the seller of the product you buy. When you consult WebMD you are associating yourself with the people who run the site. When you chat online you are associating with those other individuals interested in a shared topic.
You and I have a right to conduct ourselves however we want online, and we have a basic right to privacy in the process. Our associations are our own, and any negative repercussions stemming from those associations are in violation of our Constitution and human rights.
We all live in the real world, though, and we all know that our associations can be a cause for concern to many people. Some companies won’t hire individuals who have known medical conditions. Government agencies might be interested in people who seek out information on corruption and civil rights infractions. Prosecutors regularly submit search terms and emails as evidence in everything from fraud to murder cases. Our associations online are of great interest to many people and organizations, and if monitored or recorded are of even greater interest.
It is the responsibility of the federal government, and of companies operating in the United States, to protect our freedom, especially those enumerated in the Bill of Rights, without which no freedom is possible. For a company like Charter to take active steps to the contrary which will clearly make it easier for our associations to become public knowledge is not only a violation of the public trust, but also flies in the face of the basic human right to free speech and the enumerated right to such in the First Amendment.
A recent study in Germany found that retention laws and monitoring in that country changed the behavior of its citizens in more than 50% of respondents. More than half of the people questioned said that “they probably would not use telecommunication for contacts like drug counselors, psychotherapists or marriage counselors because of data retention.” People are the same around the world. If a person knows they’re being watched, then they’ll change their behavior so as not to raise any degree of suspicion, even if their business is legitimate. For Charter users that means that we may not visit a chatroom about suicide prevention or abortion. We might not order Ron Paul’s new book because its title “The Revolution: A Manifesto” might send the wrong message. We won’t conduct banking or brokerage transactions online. We might not even send pictures of our kids to the grandparents.
And we would have good reason not to do any of those things. Our future may be affected by our associations, despite those associations being Constitutionally protected.
This chilling effect is what the First Amendment specifically protects us against. We have a right to call our doctor when we need help without worrying about losing our job or our insurance if our condition becomes public knowledge. We have a right to chat about topics which might be cause for alarm to people with alternate beliefs. We have the right to order and read any material we want without fear of that transaction being turned over to any individual, company, or oversight body. We have the right to freely associate ourselves with whatever and whoever we like, and Charter has teamed up with NebuAD to absolutely trample on this right.
I have been very reluctant to carry out some actions that I might have prior to learning about Charter’s new wiretapping program. There are websites I won’t visit anymore, people I won’t email without strong encryption anymore, and even books I will never order as long as my packets are being read while in transit. In a very real and very tangible way Charter has already committed a civil rights violation against me and indeed against every one of its customers, and at some point in the future they will be made to stand accountable for that.
You either stand for the rights and freedoms that we as Americans enjoy, or you don’t. Charter and NebuAD most obviously don’t, so today I’d like to introduce another word to the debate over their spying program:
Unamerican.
June 17, 2008
Legal, Technical
No Comments
Mediapost has an article this morning that showed up in Google Finance about Charter’s delay in selling our personal information to NebuAD. It seems like concerns over privacy may be partly to blame, but a quote from a Charter rep is the most telling part of this story.
From the article:
A Charter spokesperson attributed the delay to technology issues. “It will happen when we’re technologically ready,” the spokesperson told Online Media Daily.
This doesn’t surprise me either. As I’ve talked about before, Charter doesn’t have the slightest clue how this is going to work. Charter customers will tell you how bad their network is in general, with outages being far too common and complete hackery on the part of techs and admins being par for the course. Let’s not forget the thousands of email accounts which had all of their data erased back in January. This is what makes Charter’s wiretapping program so terrible. These people can hardly keep their own subscribers online and functional, and yet they want to dedicate their resources to something which, if done poorly, will have vast privacy implications to more than three million Americans. And you can bet your bottom dollar that if Charter does this, it will in fact be done poorly.
If you’re a Charter stockholder you might want to start getting concerned now too. Not only will this program likely lead to a pretty significant drop in subscribers, it will eventually give way to some horribly huge lawsuits. Imagine how many zeros are going to be in the checks paid out to people who have reporters knock on their doors based on information being captured by Charter. It happened to AOL with their “anonymous” customer information, and there’s a 100% chance that Charter will leak private data at some point through this program. Meanwhile Charter is just barely rebounding from having been delisted from Nasdaq, and when this program blows up in their face I’m sure their stock will once again crumble.
It’s good to see that Google Finance is picking up on the story, and I expect to see more financial publications taking it on as details unfold. Anytime a company is making decisions which severely threaten the financial well being of not only the company, but that of every customer which the company serves, it’s a safe bet that the market folks will take an interest.
June 16, 2008
Legal, Technical
No Comments
An article in the East Oregonian discusses Charter’s plans to begin wiretapping its customers, and explains why Charter has yet to flip the on switch just yet. After posting up several articles where Charter vice president Ted Schremp contradicts himself in explaining the technology, and further learning that NebuAD’s hardware doesn’t even function according to their own patents, I somehow believed that they weren’t starting yet due to sheer incompetence. Apparently they’ve gotten past the fact that they themselves have no clue how the technology works and can’t coherently explain it to the public though. Their holdup isn’t technical though, you see; it’s legal.
From the article:
Charter’s proposal, however, caught the attention of two U.S. House members. Massachusetts Democrat Rep. Edward J. Markey and Texas Republican Rep. Joe Barton sent a letter expressing serious concerns about the plan to Charter President and Chief Executive Officer Neil Smit.
Markey is the chairman of the House Subcommittee on Telecommunications and the Internet and Barton is a ranking member on the House Committee on Energy and Commerce.
The lawmakers told Smit Charter’s plan to collect information about its customers’ Web-related habits without their prior consent “raises substantial questions related to Section 631″ of the federal Communications Act.
Charter spokeswoman Anita Lamont said Smit and the two lawmakers and their staff held a “low key” meeting this week. She said Charter hasn’t decided anything for certain and hasn’t moved forward with its plan to pilot the program this month.
I like the idea of a “low key” meeting which halts the progress of completely illegal and anti-customer programs. Congressional hearings are coming up very soon, and I expect to hear some of the things Markey and Barton said behind closed doors aired in public.
A few of the things Congress needs to address are:
- Why doesn’t this program require an opt-in as opposed to an opt-out?
- If the law requires all “enhancements” which collect data to benefit the customer, do Charter’s outright lies about this program being beneficial fall under illegal and/or misleading statements?
- What about the “chilling effect” with this program? If a person who knows they’re being monitored does not feel comfortable alerting their psychiatrist on a tapped telephone or Internet connection and later goes on to kill twenty people, does the company which instituted the monitoring bear some liability?
- Charter and NebuAD have been using very different language in explaining this program in several different ways. Congress needs to get clearly-understandable technical documentation on this program in the hands of the public.
- What is NebuAD’s legal responsibility with data purchased from Charter? They’ve expressed intent to sell it to other companies, for instance. Can they really do that?
- What are the legal ramifications for Charter if and when this data is made available to the public? We all know it’s only a matter of time before anyone who wants it will have access to several gigs of Charter customer click stream. What happens then?
- Does this program have any future intentions, such as detecting copyright infringement or supplying warrantless data on civilians to the U.S. Government?
The good news is that Charter’s program has been halted, presumably by the efforts of Markey and Barton. I’m sure they’ll send a couple of slick executives with trunks loaded with stacks of cash to ensure that Congress sees things their way. Maybe we’ll get lucky though, and Charter will suffer a setback that isn’t predicated on their being run by the best team of retarded monkeys ever to run a communications company into the ground.
June 15, 2008
Doublespeak, Legal, Technical
No Comments
I had the most interesting conversation with a Charter employee on Thursday. A couple of weeks ago I was speaking with Carla Conner, who is Charter’s customer care advocate for government issues. After explaining my concerns, a task made difficult by her lack of technical background, I asked to be escalated to her boss. Several weeks and a half-dozen phone calls later, I finally got a telephone call from a fellow named Michael Perisho, whose title I do not yet know.
I told Mike how Charter’s program would be invasive to privacy, that there were concerns with information being sold to third party advertising companies, that customers would be chilled from using their Internet access to conduct sensitive business knowing that they were monitored, that Charter’s misleading speech on the program was abusive to the public trust, and that American citizens had a right to be free from monitoring without a court order. What he said next absolutely floored me.
Charter Communications, and all other ISP’s, have monitoring hardware supplied by the United States federal government which maintains a records of what sites a customer visits. He explained in detail how smaller ISP’s which may not have the money to implement the technology themselves get it done for them by the government. He went on to explain that certain websites and material gets flagged and automatically turned over to the feds, which I assume is done without a warrant. He then went a step further, describing how at times the government will visit some specific and targeted web sites with an unknown IP address to check up on Charter to ensure that the system works, fining those ISPs which do not capture or report the traffic.
The Fourth Amendment to the United States Constitution states, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
Our founding fathers could not possibly have envisioned the rise of the Internet. They had no concept of an ISP. They did, however, account for every shred of personal property a person could own in their time. Their person, houses, papers, effects; one can surely categorize one’s own email inbox, bookmarks, and surfing habits as being among one’s personal papers or effects. The obvious conclusion is that a government organization attempting to gather data on an Internet user must have a warrant, if we’re to believe that the Constitution has any standing. The question is, when Charter and other ISP’s are installing their data retention hardware and colluding with the federal government to monitor your traffic, are they doing so in a manner which is consistent with United States law? If so, is the law which grants them access to such information consistent with the Constitution? Finally, why would Michael Perisho, when confronted with a broad line of questioning regarding Charter’s new advertising program, choose to start discussing Charter’s government-mandated monitoring instead?
Charter’s intention to pair up with NebuAD to monitor customers for the purposes of increasing advertising revenue is a major violation of both personal and consumer privacy. Charter’s collusion with the federal government to turn over information about a customer based on their surfing habits is unconstitutional, going completely against of one of our most basic freedoms. I can sort of see how Michael could get the two mixed up. They’re both really nasty, and both likely to eventually result in testimony before Congress.
What really bothers me is the future implications of these programs existing within the same network infrastructure. If Charter somehow gets the legal go-ahead with this deep packet inspection program, what’s to stop NebuAD’s unpatented, unexplained, untested hardware appliance from directing every blob with your MAC, IP, and raw packet to another database before creating their “anonymous” profiles? We’re talking about a literal recreation of your entire browsing history. If Charter and the federal government are already involved in red-flagging people for the feds, what’s to stop them from using the already-available DPI data mined for free by NebuAD to improve their hit rate?
Charter is currently only alerting the government when people visit certain websites. Soon they might be capable of alerting the feds when you string certain words together across a series of emails. They’ll also be able to turn over a complete reproduction of your clickstream to back it up. They’ll do this automatically, based on the keywords you type, the websites you visit, or the content of any emails you send or receive. Maybe they’ll have warrants, maybe they won’t.
But you’re not supposed to care. You’re next in line to get Charter’s “enhanced service,” which will help you keep up with the latest fashion by providing you with an endless stream of enhanced advertising directed to your personal interests. Ted Schremp, your personal guide to the world of better ads, is here to help!
June 12, 2008
Legal, Technical, Utter BS
No Comments
NPR posted an absolutely terrible article on Charter’s wiretapping program today. Cyrus Farivar spends most of the piece drawing stupid comparisons to Google and Facebook, dedicating nary a word to Congressional interest and legal aspects of the topic. I guess maybe I just expect more out of NPR, but even the audio accompanying the story is bad. If anyone from NPR is reading this, you can contact me here when you’d like a coherent and thorough report on this case.
From the article:
[F]our years ago, when Google launched its free Web-based Gmail, a lot of people were concerned that Google would be scanning private e-mails to allow targeted ads. Today, most people don’t seem to mind so much and continue to use it. Just like Gmail, Blum says, some customers might not mind the more targeted ads.
Let me explain this again for Mr. Farivar and Mr. Blum:
What Google does is legal because the data they collect does not leave the company. Gmail users do not have their information sold to an advertising company because Google itself is the advertising company. As long as Google is competent enough to protect the data used to generate the advertising, which most reasonable people believe Google to be, then the privacy concern in their case is not as significant. I’m not saying it doesn’t exist, and I’m not suggesting that what Google does is right (because it isn’t), but at least what Google does is legal, as it isn’t predicated on user data being sent into the wild.
Charter, on the other hand, is breaking several federal laws. As an ISP they are held to regulations which disallow them from collecting data from their customers outside of that which is legally mandated. There is very little comparison to be drawn between the program put forth by Charter and NebuAD and that run by Google.
Charter would not go on the record to discuss its upcoming ad program, but the company already makes it possible for customers to opt out.
Do they now? Perhaps the dozens of articles to the contrary should have been consulted prior to your submitting a report to NPR on the matter, Mr. Farivar.
At its core, Charter’s initiaive is about money, says Chris Hoofnagle, a privacy law expert at the University of California, Berkeley.
“ISPs have to find a way to become profitable,” says Hoofnagle. “And they need to find ways to generate revenue on top of merely connecting people to the Internet.”
I don’t think anyone has any problem with Charter finding new ways to make money. That’s what companies are supposed to do. Nobody is ever going to speak negatively of Charter for exploring new ways to make money, except when those ways stomp all over the very people responsible for their current income. It’s robbing Peter to pay Paul. Wait, no, it’s selling Peter’s personal information to a bunch of people on the Internet so that they can steal Peter’s identity for fun and for profit, from which you will receive a kickback which you then use to pay Paul. Or better yet, just forget Paul and give Ted Schremp a bigger bonus!
Indeed, a recent filing with the Securities and Exchange Commission states that Charter is $20 billion in debt, has lost billions of dollars over the last three years, and adds that the company expects “to continue to incur net losses for the foreseeable future.”
I wasn’t aware of that. That’s the best news I’ve heard all week.
June 7, 2008
Legal
No Comments
Computerworld reports that fifteen privacy groups have come together to press Congress for investigations into wiretapping practices by Charter Communications and other providers. Rep. Edward Markey and Rep. Joe Barton have previously voiced concerns in this matter, and have personally requested that Charter freeze their program until Congressional hearings can be held as to the legality of these programs.
There is obviously significant concern within these privacy groups and, if the comments from any of the articles linked from this site over the last few weeks is any indication, those concerns are shared by a significant number of Charter customers. How a company can continue to pursue a program which is so obviously detrimental to the well-being of their own customers is completely beyond me.
It’s fascinating. The decision-makers at Charter Communications really do seem so incompetent as to continue with this plan in the face of such opposition. It really says a lot about how much they think of you and I as customers, huh?
May 23, 2008
Legal
No Comments
PrivacyDigest.com has an interesting article up today suggesting that individual sysadmins and other employees at Charter Communications who participate in the wiretapping program may themselves be committing felonies! I wonder if that means that Ted Schremp could go to jail too?
From the article:
These schemes all seem to violate the Wiretap Act, a federal statute banning eavesdropping that comes with criminal and civil penalties. That law has some exceptions for service providers to monitor content, but only when necessary to deliver service, or to protect the company’s “rights and property.”
In fact, Ohm thinks network system administrators could themselves be in legal trouble, just for following orders from their bosses to install monitoring devices.
“Not only is this a five-year felony, it also has individual accountability,” Ohm said. “The sys admin could be sued individually and prosecuted individually If you are asked by your manager to go and do this kind of monitoring, you yourself may be legally exposed.”
What about call center workers? Could they all pick up jail time for repeating the company line on the matter too?
The legality of Charter’s snooping is not really even all that questionable. Most of the legal challenges are based on a law from 1984. In order for these monitoring programs to be legal we all have to believe that cable companies took 24 years to finally get around to reading that law and discovering that they could have been snooping on you all along!
Then again, given the intelligence displayed by the Charter management team such a thing just might be possible.
May 20, 2008
Legal, Opt-out, Technical
1 Comment
A letter I wrote to The Consumerist a few days ago was just published as an update to their previous coverage of Charter’s illegal wiretapping program. It’s good that they’re covering this, because Charter doesn’t seem to understand that their customers are pretty much universally pissed. Here’s my letter (areas highlighted by The Consumerist have been left as such):
Dear Consumerist,
I spent a long time last night looking into the way Charter is handling this program, and based on their own explanation it’s obvious that the cookie is not a “real” opt-out. Here’s why.
When a customer clicks a link, advertisement, or visits a page, Charter will capture the browsing data and send it to the third-party advertising provider. If Charter wanted to offer a functional opt-out, it would be at this deep-packet inspection level. The do not offer a way out of that service, however. The only thing they offer is the cookie-based solution you’ve previously covered, which merely tells the third-party organization not to match the machine with the DPI-harvested data or deliver the advertising. Customer browsing is still being captured and is still being turned over regardless of anyone’s individual opt-out status, but the third party is just blocked from doing anything with it by the cookie.
I might also point out that by doing this Charter is explicitly requesting that their customers choose not to follow safe browsing best practices. Every modern browser available today has an option for clearing cookies when the browser is closed, and many people choose to take advantage of this practice, myself included. Charter is either demanding that I and many others either fill out their form several dozen times per day (every time we open our browser) or specifically switch off browsing features intended to keep customers safe. Neither of these are acceptable, of course.
I am going to contact Charter’s executive team again this morning on the matter, as well as an attorney. I have not been notified of Charter’s changes through a letter or email, and learned about this program last night via other means. Having read through the Cable Privacy Act, which governs Charter’s use of personally identifiable information, I have discovered no fewer than three potential violations. Moreover, Charter is required by law to make any collected data available to its customers, so I would suggest that all Charter customers request their DPI browsing data on a daily basis, and file appropriate complaints when they fail to deliver it as required by law.
They’re not going to stop doing this until or unless they lose more money than they make on it. We have vehicles available to us to lose them vast sums of money on this project, if only the word gets out.
I did contact an attorney here in town, but he flat-out refused to consider the case. Maybe his being on the Chamber of Commerce, who bears partial responsibility for saddling myself and my neighbors with the scourge that is Charter Communications by granting them a monopoly, had something to do with his decision. Congress has since gotten involved, so I’m going to wait before I call another one. We might yet still get out of this without individual legal action being necessary.
May 17, 2008
Legal, Opt-out, Technical
No Comments
Wired has done a great job of covering Charter’s new anti-customer-privacy advertising initiative, but their offering today simply takes the cake. Chock full of technical information, Wired takes a deep look at the technology employed by NebuAD in their collusion with Charter to spy on everything we broadband subscribers do online.
From the article:
NebuAd’s appliance categorizes users and their interests, and then uses the data to customize ads on the internet. Charter says the device will not actively inject NebuAd’s advertising into web sessions, but rather NebuAd will provide the profile information to third-party advertisers already paying to place their ads on major websites.
So now we’re learning that Charter sells our information to NebuAD, who then makes it available to even more companies? At exactly what point is the customer’s privacy taken into consideration in this chain of events? Is it before or after the data gets sold to NebuAD, who has no legal obligation not to resell your habits to every data-mining house on the planet?
Charter’s own opt-out page is careful not to claim that opted-out users won’t be monitored, saying only that if a user “would like to opt-out of this process” an opt-out cookie means they “will no longer receive ads that are tailored to your web preferences, usage patterns and commercial interests.”
Indeed, it is possible that the cookie system works to prevent opted-out users from receiving the third-party ads, and it could stop NebuAd from sharing a user’s profile with third-party ad networks — assuming those networks include a NebuAd image file, or some other embedded code, in the ads they serve on the web. But NebuAd’s claim that you can opt-out of the surveillance itself remains unexplained.
But don’t worry. I’m sure Ted Schremp has six or seven different explanations he can offer on the matter, each one more puppy dog and rainbow than the last.
In all seriousness, Charter Communications commits a federal crime every time it collects data on a customer which isn’t used to enhance their service. They commit a second federal crime every time they sell our information without our express consent allowing them to do so. Once the information is in NebuAD’s hands, though, they can do whatever they want with it. They’re not explaining their opt-out system because, to be blunt, they’re not under any obligation to reveal anything at all about it. Charter is the one on the hook for committing the crimes, so why not just let them lie about it?
There are also lingering questions about whether NebuAd’s systems are as non-invasive as described. A patent application filed by the company in March 2007 describes a monitoring system that actually manipulates data packets and replaces advertisements on third-party websites with their own ads.
Finally, Charter gets company as NebuAD commits federal copyright violations!
The legality of eavesdropping on Americans’ internet usage also isn’t clear. The practice could violate anti-wiretapping law, according to recent analyses of the legality of academic internet research, because the law says an ISP is only allowed to monitors its customers for security reasons.
Could violate the law? If the law says that an ISP can only monitor customers for security reasons, but Charter monitors its customers in order to sell their surfing habits for increased profits, then how exactly is that a matter of “could.” If I’m not mistaken, that’s a pretty direct violation.
But why wait for the lawyers to settle that? Charter wants to monitor you now.
May 16, 2008
Legal
No Comments
Two House Representatives, Massachusetts Democrat Edward Markey and Texas Republican Joe Barton, have joined forces and asked Charter to put its spying program on hold! Citing privacy and legal concerns, they have requested that Charter freeze the program until its legality can be determined. Can anyone guess how that will turn out?
From the letter:
As you are likely aware, Section 631 of the Communications Act contains privacy provisions regarding cable operators. The legislative history of Section 631 of the Communications Act of 1934, which was added as part of the Cable Act of 1984, notes that “[c]able systems, particularly those with a “two-way” capability, have an enormous capacity to collect and store personally identifiable information about each cable subscriber.” and that “[s]ubscriber records from interactive systems can reveal details about bank transactions, shopping habits, political contributions, viewing habits and other significant personal decisions.” (see H.Conf.Rep. No. 102-862, 1992 U.S. Code Cong. And Adm. News 1275-76).
It sounds to me like these two just might get it, at least in part. What’s interesting is that Charter’s system is specifically designed to capture exactly the kind of things this letter mentions. Shopping habits are precisely what NebuAD needs to develop your personal advertising profile!
Hopefully Charter will recognize this as a real issue and freeze their program as requested. To be fair, however, we all know that it will only take a couple of suitcases full of cash for Markey and Barton to somehow find what Charter is doing perfectly legal again. The fight goes on.
The full letter is available here. Wired also has coverage here.
« Previous Entries