For failing to inform customers about its ad tracking identifier, the telecom company must pay a $1.35 million fine, a tiny fraction of its annual revenue.

Thomas Claburn, Editor at Large, Enterprise Mobility

March 9, 2016

3 Min Read
<p style="text-align:left">(Image: <a href=""target="_blank">Aziko25</a> via <a href=""target="_blank">Pixabay</a>)</p>

7 Tech Jobs Hardest Hit By Layoffs In 2015

7 Tech Jobs Hardest Hit By Layoffs In 2015

7 Tech Jobs Hardest Hit By Layoffs In 2015 (Click image for larger view and slideshow.)

The Federal Communications Commission on Monday said it has reached an agreement with Verizon Wireless to settle charges that it employed an online advertising identifier without the knowledge or consent of customers.

There's no agreement, however, about how to identify the identifier. The FCC maintains Verizon Wireless inserted "unique identifier headers or so-called 'supercookies' into its customers' mobile Internet traffic" for the purpose of delivering targeted ads.

Verizon chief privacy officer Karen Zacharia in a blog post insists the company's unique identifier header (UIDH) "is not a 'supercookie.' It's not a cookie at all. Cookies are placed and stored on devices. The UIDH is a piece of data included in the header of certain Internet traffic."

Zacharia's definition is conveniently narrow. Cookies exist as fixed files associated with Web browsers, but they don't cease to exist when transmitted as data across a network through an HTTP response. According to the Internet Engineering Task Force (IETF), cookies are simply "name/value pairs and associated metadata." What makes them meaningful in a privacy context is their potential use as a unique identifier, whether that identifier is defanged with cutesy language ("cookie"), made obtuse through abbreviation ("UIDH"), or made threatening through size ("supercookie").

The Electronic Frontier Foundation describes the UIDH thus: "The X-UIDH header effectively reinvents the cookie, but does so in a way that is shockingly insecure and dangerous to your privacy."

Regardless of the relevant terminology, Verizon has agreed to pay $1.35 million to settle the FCC's complaint. It has also agreed to obtain customer opt-in consent before it shares a customer's UIDH with a third-party advertising service.

The penalty amounts to about 0.0015% of the $91.7 billion revenue reported by Verizon Wireless in 2015.

According to the FCC, Verizon began inserting UIDH data into consumer Internet traffic around December 2012 and failed to disclose the practice until October 2014. In a list of FAQs subsequently posted on its website, Verizon said, "It is unlikely that sites and ad entities will attempt to build customer profiles for online advertising or any other purpose using the UIDH."

Are you prepared for a new world of enterprise mobility? Attend the Wireless & Mobility Track at Interop Las Vegas, May 2-6. Register now!

Yet, as the FCC notes in its consent decree through the citation of a ProPublica investigation, Verizon ad partner Turn did use Verizon's unique identifier to track the online activities of Verizon customers on their mobile devices.

"Consumers care about privacy and should have a say in how their personal information is used, especially when it comes to who knows what they're doing online," said FCC Enforcement Bureau chief Travis LeBlanc, in a statement. "Privacy and innovation are not incompatible."

Zacharia meanwhile defends the need for online advertising and observes that at least Verizon lets customers opt out. "Most of the other leading ad IDs, including those that Google and Apple use, are sent even when customers don't want to be in the advertising program," she said.

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights