HackerSecret.com - The Most Authoritative Site in the World on the Hacking Tools and Techniques, Penetration Testing and CyberSecurity

  • Home
  • Visit Our Shop
  • Download the free App
  • Contact us for Info
VISIT OUR SHOP! CLICK HERE !

Maine inches closer to shutting down ISP pay-for-privacy schemes

by / Friday, 14 June 2019 / Published in Hacking
Share
Tweet
Pin
0 Shares

Maine residents are one step closer to being protected from the unapproved use, sharing, and sale of their data by Internet service providers (ISPs). A new state bill, already approved by the state House of Representatives and Senate, awaits the governor’s signature.

If signed, the bill would provide some of the strongest data privacy protections in the United States, putting a latch on emails, online chats, browser history, IP addresses, and geolocation data collected and stored by ISPs like Verizon, Comcast, and Spectrum. The bill goes further: Unlike a data privacy proposal in the US and a new data privacy law in California, the Maine bill explicitly shuts down any pay-for-privacy schemes.

The Act to Protect the Privacy of Online Customer Information (or LD 946 for short) would go into effect on July 1, 2020. It is, with minor exception, widely supported, even among its intended targets.

“We sell Internet access, and we know that if people can’t trust the Internet, then the value of the Internet is significantly lessened, as it will be used less for sensitive applications,” wrote Fletcher Kittredge and Kerem Durdag, CEO and COO of Maine-based ISP GWI. “Even if government regulation blocks us from making money selling customer data (something we never ever do), we still benefit because a trusted Internet is more valuable to all our customers.”

Not everyone agrees, though.

The Maine State Chamber of Commerce opposes the bill and, following the Senate’s unanimous approval last week (35–0), has vowed to “ensure that this harmful bill does not become law.”

The Chamber’s arguments have puzzled the ACLU of Maine, a supporter of LD 946. According to the nonprofit, the Chamber has engaged in “gaslighting” and “disingenuous” advertising, serving as a mouthpiece for the region’s big ISPs.

The Chamber did not respond to requests for comment.

Further, the Chamber commissioned a public survey that handwaves away the actual matter at hand: Should ISPs be restricted from selling user data?

To the ACLU of Maine, that answer is clear: Yes.

“This bill protects Mainers from having their ISPs sell their data without their knowledge and consent,” said Oamshri Amarasingham, advocacy director of ACLU of Maine.

The bill

Sponsored by Maine state Democratic Senator Shenna Bellows, LD 946 would prohibit ISPs from using, disclosing, selling, or allowing access to customers’ “personal information.” That includes the content of online communications, web browsing history, app usage history, “precise geolocation information,” and health and financial information.

This bill does not exist in a vacuum. In February, Motherboard revealed that, for years, actual, honest-to-God bounty hunters could access the location data of AT&T, T-Mobile, and Sprint customers. It gets better (worse): The location data was initially intended for 911 operators, but was sold to data aggregators by the telecom companies themselves.

Away from bounty hunter headlines, The Verge also spotlighted AT&T’s future profiteering plans last month to monetize nearly every piece of its customers’ data.

Under LD 946, that activity would be regulated.

The bill allows for some exceptions. An ISP could sell user data so long as the user consents to that sale, and ISPs could also use and disclose user data when complying with court orders, rendering bills, protecting users from fraud and abuse, and providing their services, so long as the user data is necessary to those services. Further, ISPs could disclose geolocation data in the case of emergencies, like dispatching 911 services.

The bill also closes a few potential loopholes, prohibiting ISPs from requiring that users consent to the sale of their data in order to use their services. The bill also states that ISPs must provide “clear, conspicuous, and nondeceptive notice” when users consent to sell their data.

Finally, the bill shuts down any “pay-for-privacy” schemes that have already proved popular. According to the bill, ISPs cannot “charge a customer a penalty or offer a customer a discount based on the customer’s decision to provide or not provide consent” to having their data sold, shared, or accessed by third parties.

Good.

As we previously wrote about Sen. Ron Wyden’s data privacy proposal, which includes a pay-for-privacy stipulation:

“[Pay-for-privacy] casts privacy as a commodity that individuals with the means can easily purchase. But a move in this direction could further deepen the separation between socioeconomic classes. The ‘haves’ can operate online free from prying eyes. But the ‘have nots’ must forfeit that right.”

The Maine state bill does its part to prevent that unequal outcome.

Maine Governor Janet Mills has until June 11 to sign the bill and turn it into law. If she misses the deadline, the bill automatically becomes law.

Amarasingham of ACLU of Maine expects a positive outcome.

“We are optimistic that [Governor Mills] will sign this bill,” Amarasingham said. “I know ISPs and the Chamber of Commerce are exerting a lot of pressure, but I’m proud to say Maine legislators didn’t cave to that. I hope the governor’s office won’t either.”

The opposition

The challenge to LD 946 includes claims of insufficiency, unproven rhetoric, misguiding statistics, and a question as to what legislation should accomplish.

As Amarasingham said, one of the bill’s main opponents is the Maine State Chamber of Commerce. In recent months, the Chamber funded a 30-second video ad criticizing the bill, hired a research firm to conduct public surveys about data privacy, and launched a website that asked Maine residents to tell their representatives to vote against the bill.

That website labeled LD 946 as “harmful to Maine’s consumers,” because, allegedly, the bill “will create greater consumer confusion and undermine consumers’ confidence in their online activities—a risk to the continued growth of the digital economy.”

That confusion argument showed up in a Central Maine opinion piece written by Mid-Maine Chamber of Commerce president and CEO Kimberly Lindlof. Lindlof wrote that a “patchwork” of state data privacy laws—with different standards across different state lines—could create a scenario where Maine residents “might have to opt in to a privacy setting in Maine but opt out of that setting if you go into another state for vacation.”

But the Mid-Maine Chamber of Commerce and the Maine State Chamber of Commerce both oppose LD 946 for another reason: The bill does not go far enough.

According to both agencies, LD 946 should apply not just to companies that provide Internet service, but also companies that operate their businesses online, such as Google and Facebook. The Chamber’s video ad, which it posted on Facebook, said that “it doesn’t make sense” to leave out these big Silicon Valley tech companies which have repeatedly failed to protect user data. (The video ad also claims that that LD 946 “exempts Facebook,” which is flatly untrue—it simply does not apply to Facebook. There are no written exemptions for the company.)

Boiled down, the Chamber wants a stronger bill.

However, this is an ideological argument about policy: Should legislation immediately achieve broad goals, or should it take individual steps towards those goals?

According to Amarasingham, the reality of policy-making is the latter.

“The nature of legislation and law reform is that it is incremental,” she said. “There is no one bill on any issue that solves an entire problem. This bill is an enormous first step and it is very important.”

Following the Senate’s approval of LD 946 last week, the Chamber responded on its website:

“Today the State Senate failed to protect the online privacy of all Maine consumers in passing LD 946, a fundamentally flawed bill that will do little to make Mainers’ personal privacy more secure on the Internet. Despite the fact that 87% [nearly 90%] of Mainers believe a state law should apply to all companies on the Internet according to a recent survey, senators chose to pass a bill that leaves consumers’ personal data unprotected when they are using websites, search engines, and social media apps.”

Those statistics deserve scrutiny.

The statement cites a Chamber-funded survey by David Binder Research, in which the firm conducted 600 telephone interviews between May 9 and May 11. The statistic referenced by the Chamber pertains to this question:

“If the Maine state legislature were to pass a law today to protect your personal privacy, should this law apply to just a few companies on the Internet, with the idea of passing more law [sic] in the future to cover additional companies on the Internet, or should this law apply to all companies?”

According to the survey, 87 percent of respondents answered “All companies.”

But that question asks respondents to make a choice between two entirely different things—one of them literally exists and the other does not.

LD 946, which applies to a “few companies,” is written. A bill that applies to “all companies” is not. This is a choice between reality and possibility.

Further, the question’s language obfuscates a core difference between “companies on the Internet”—like Google and Facebook—and companies that provide the internet. These are not the same.

The Maine State Chamber of Commerce did not respond to emailed questions about when it last created a website campaign against a bill, or about why it believes the potential for broader privacy protections supersedes the current bill’s incremental protections. The Chamber also did not reply to a voicemail providing similar questions.

If at this point, you’re confused about how incremental protections against sneaky ISP behavior could be seen as “harmful,” you’re not alone. Tracking the Chamber’s privacy-protective messaging against its anti-ISP-protection messaging can make anyone’s head spin.

“I can’t say that I fully understand why the Chamber is carrying Spectrum and AT&T’s water on this,” Amarasingham said. “Their top line, outward-facing message was Mainers deserve privacy protections, which is also our top line message.”

Amarasingham continued: “This is real privacy protection.”

Data privacy shoulds and should-nots

Should rules be written to stop Facebook and Google and dozens of Silicon Valley tech companies from profiting off your data? That depends on several factors, like what those rules would look like, how they would be implemented and enforced, and what exemptions would apply, not to mention whether those rules would nullify current state rules that are being pushed forward today.

But should ISPs be allowed to sell user data without consent when there is already a widely-supported plan in place to stop them? Absolutely not.

The post Maine inches closer to shutting down ISP pay-for-privacy schemes appeared first on Malwarebytes Labs.

Malwarebytes Labs

Share
Tweet
Pin
0 Shares
Tagged under: closer, Down, inches, Maine, payforprivacy, schemes, shutting

Click here now to visit our Shop!

Click here now to visit our Shop!

Other 2300 users like you have already done it this year!

Choose the product you need here!

  • THE FIRST TRUE ANDROID SMARTPHONE FOR HACKING WITHOUT ROOT UNIQUE IN THE WORLD WITH ALL THE APPS !!! 499,99€ 249,99€
  • HACKER LIBRARY THE LARGEST COLLECTION OF BOOKS AND MANUALS ON HACKING + 100 !!! 99,99€ 49,99€
  • HACK SOCIAL THE GUIDE TO HACK ALL THE SOCIAL ACCOUNTS 99,99€ 49,99€
  • HACKER PACK FOR YOUR SMARTPHONE AND YOUR TABLET WITH ROOT GUIDE AND + 100 PROGRAMS !!! 99,99€ 49,99€
  • THE FIRST TRUE ANDROID SMARTPHONE FOR HACKING UNIQUE IN THE WORLD WITH ALL THE APPS !!! 599,99€ 299,99€
  • HACKER PACK FOR YOUR COMPUTER AND NOTEBOOK + 1000 PROGRAMS 5 GB OF STUFF !!! 99,99€ 49,99€

Our customers say

Annabel M. – Systems Engineer

 
Samuel D. – Ethical Hacker

 
Karola M. – Influencer

 
Marcus P. – Private Investigator

 
Rosemary S. – Housewife

 
Amit V. – IT Consultant

 
Matthew C. – Entrepreneur

 
Aisha B. – Computer Science student

 
Li W. – IT Analyst

 
Robert C. – Programmer

 

DOWNLOADED 1316 TIMES!

DOWNLOADED 1316 TIMES!

Download now Hacker Secret our free Android app.

CONTACT US NOW FOR IMMEDIATE SUPPORT!

Contact Us
Write your email address here
Write here how we can help you - we support you immediately for all your needs!

## Are you looking for products for hacking, computer security and penetration testing? Do you need to clean up your smartphone, your PC or your site from viruses and malware? Do you need to track down someone or retrieve urgent information? Do you want to buy devices already configured to experiment all the hacking techniques quickly and easily? Do you have special needs in software or hardware? ##

Contact us now … another 2300 users like you have already done it this year!

Click here now!

 

Search on the site

Latest posts

  • Veracode CEO on the Relationship Between Security and Business Functions: Security Can’t Be Effective in a Silo

  • Half a million stolen French medical records, drowned in feeble excuses

  • Google looks at bypass in Chromium’s ASLR security defense, throws hands up, won’t patch garbage issue

  • Announcing Veracode in AWS Marketplace: Streamlining Secure Software Development for AWS Customers

  • Imperva pretty adamant that security analytics aggregator product Sonar is not ‘one dashboard to rule them all’

All the techniques, products and services described or contained on this site are intendend for exclusive use of study and professional training and to test the security of own's computer network in accordance with the national legislations on access to computer and online systems. All the services provided on this site (penetration testing, social accounts hardening, Incident Response & CSIRT, MSSP, Cybersecurity Consultancy, etc.) can be provided only with prior written and documented authorization from the owners or their legitimate representatives in accordance with current national regulations .

TOP