IoT
IoT
Mobile // Mobile Devices
News
3/9/2016
08:06 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Verizon Wireless Settles FCC 'Supercookie' Complaint

For failing to inform customers about its ad tracking identifier, the telecom company must pay a $1.35 million fine, a tiny fraction of its annual revenue.

7 Tech Jobs Hardest Hit By Layoffs In 2015
7 Tech Jobs Hardest Hit By Layoffs In 2015
(Click image for larger view and slideshow.)

The Federal Communications Commission on Monday said it has reached an agreement with Verizon Wireless to settle charges that it employed an online advertising identifier without the knowledge or consent of customers.

There's no agreement, however, about how to identify the identifier. The FCC maintains Verizon Wireless inserted "unique identifier headers or so-called 'supercookies' into its customers' mobile Internet traffic" for the purpose of delivering targeted ads.

Verizon chief privacy officer Karen Zacharia in a blog post insists the company's unique identifier header (UIDH) "is not a 'supercookie.' It's not a cookie at all. Cookies are placed and stored on devices. The UIDH is a piece of data included in the header of certain Internet traffic."

Zacharia's definition is conveniently narrow. Cookies exist as fixed files associated with Web browsers, but they don't cease to exist when transmitted as data across a network through an HTTP response. According to the Internet Engineering Task Force (IETF), cookies are simply "name/value pairs and associated metadata." What makes them meaningful in a privacy context is their potential use as a unique identifier, whether that identifier is defanged with cutesy language ("cookie"), made obtuse through abbreviation ("UIDH"), or made threatening through size ("supercookie").

(Image: Aziko25 via Pixabay)

(Image: Aziko25 via Pixabay)

The Electronic Frontier Foundation describes the UIDH thus: "The X-UIDH header effectively reinvents the cookie, but does so in a way that is shockingly insecure and dangerous to your privacy."

Regardless of the relevant terminology, Verizon has agreed to pay $1.35 million to settle the FCC's complaint. It has also agreed to obtain customer opt-in consent before it shares a customer's UIDH with a third-party advertising service.

The penalty amounts to about 0.0015% of the $91.7 billion revenue reported by Verizon Wireless in 2015.

According to the FCC, Verizon began inserting UIDH data into consumer Internet traffic around December 2012 and failed to disclose the practice until October 2014. In a list of FAQs subsequently posted on its website, Verizon said, "It is unlikely that sites and ad entities will attempt to build customer profiles for online advertising or any other purpose using the UIDH."

Are you prepared for a new world of enterprise mobility? Attend the Wireless & Mobility Track at Interop Las Vegas, May 2-6. Register now!

Yet, as the FCC notes in its consent decree through the citation of a ProPublica investigation, Verizon ad partner Turn did use Verizon's unique identifier to track the online activities of Verizon customers on their mobile devices.

"Consumers care about privacy and should have a say in how their personal information is used, especially when it comes to who knows what they're doing online," said FCC Enforcement Bureau chief Travis LeBlanc, in a statement. "Privacy and innovation are not incompatible."

Zacharia meanwhile defends the need for online advertising and observes that at least Verizon lets customers opt out. "Most of the other leading ad IDs, including those that Google and Apple use, are sent even when customers don't want to be in the advertising program," she said.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tjgkg
50%
50%
tjgkg,
User Rank: Ninja
3/10/2016 | 9:14:04 AM
Re: Take a page from the EU
I wish the US would take another page out of the EU privacy laws and allow people to have their names omitted from searches. It really is scary how people have no control of information about them once it gets to the internet.
Pablo Valerio
50%
50%
Pablo Valerio,
User Rank: Ninja
3/9/2016 | 8:57:21 AM
Take a page from the EU
Tom, the FCC should take a look at the EU privacy directive, and look for fines of 10% of the global annual tunrover of the company. That is the only way the rules are enforced.
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of August 21, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.