A week ago, the Senate slapped a price tag on the rumps of internet users.
Just like ISPs had requested, Congress undid broadband privacy rules that kept ISPs from selling customers’ data without their consent.
As you sow, so shall you reap. Or, at least, that’s what a few GoFundMe campaigners would like us to believe – though you should most certainly dissect the premise before reaching for your wallet.
They’re promising to turn the tables, collecting funds to buy the browsing history of each and every politician who voted to do away with the privacy rules via joint resolution S.J. Res. 34.
The most recent initiative to go viral comes to us courtesy of privacy activist and net neutrality advocate Adam McElhaney. It’s called Search Internet History.
McElhaney says he plans to purchase the browsing records of “all legislators, congressmen, executives, and their families and make them easily searchable at searchinternethistory.com”. He says that will include…
Everything from their medical, pornographic, to their financial and infidelity.
Anything they have looked at, searched for, or visited on the internet will now be available for everyone to comb through.
Voters didn’t get the opportunity to vote on whether our private and personal browsing history should be bought and sold, he noted. So he decided to remind legislators of how a democracy works – by giving supporters the opportunity to vote on whose history will be purchased first.
The votes are in. The purchase and posting would be in this order (if individuals could actually make such purchases, which they can’t).
- Paul Ryan, Speaker of the House
- Marsha Blackburn, the congresswoman who authored the resolution and who’s reportedly racked up $693,000 in campaign donations from industry players including AT&T, Comcast and Verizon, according to the Center for Responsive Politics
- Mitch McConnell, Senate majority leader
- Ajit Pai, chairman of the FCC
- Brian Roberts, chairman and CEO of Comcast.
- Randall Stephenson, CEO of AT&T
This will be a pricey undertaking, McElhaney said. He says on the initiative’s site that he set a GoFundMe fundraising goal of $1m, though his GoFundMe page shows the goal as $10,000.
Do you think this will be a cheap endeavor? 50 Republicans were lobbied by Telecom and ISPs in an effort to kill your privacy. So they can make more money. If all it takes is a million dollars to buy legislators, let’s do it.
As of Friday, McElhaney had raised $189,738 and the total was ticking ever upward.
The poetic justice would be sweet, wouldn’t it? But before you hit that donate button, there are a few warning flags that are worthy of heeding.
First, the idea that individuals can waltz right in and purchase de-anonymized internet data on politicians, CEOs or anybody else is flat-out wrong. TechDirt published a good explanation of what really happens with internet browsing data, which boils down to aggregation and sales to ad marketers who bid on what ads they want to show to a given demographic of people whose names have been stripped out of the datasets.
An excerpt:
It may say that it has a page being viewed by a male from Texas, who was recently visiting webpages about boardgames and cow farming (to randomly choose some items). Then, from that marketplace, some advertisers’ computerized algorithms will more or less say “well, I’m selling boardgames about cows in Texas, and therefore, this person’s attention is worth 1/10th of a penny more to me than some other company that’s selling boardgames about moose”. And then the webpage will display the ad about cow boardgames. All this happens in a split second, before the page has fully loaded.
At no point does the ad exchange or any of the advertisers know that this is “Louis Gohmert, Congressional Rep.” Nor do they get any other info. They just know that if they are willing to spend the required amount to get the ad shown via the marketplace bidding mechanism, it will show up in front of someone who is somewhat more likely to be interested in the content.
Another thing to note is that McElhaney’s initiative isn’t unique. There’s a GoFundMe campaign from Misha Collins to do the same thing. As of Friday, that had hit $79,160 in its $500m goal.
Where will the money go when – not if – these initiatives fail?
Collins says the funds will go to the American Civil Liberties Union (ACLU), “to help fight to protect all Americans’ rights”. McElhaney urges supporters to fund ACLU, but he doesn’t actually say that the money he raises will be donated to any organization if his initiative fails. Which it will.
Save your money. It’s a compelling premise, but Paul Ryan, et al., can sleep well at night after voting to gut internet privacy.
Their individual data isn’t going to be shared with the likes of you and me.
Douglas Leeder
I guess the obvious question is: Is this always going to be the case, or has Congress’s recent action meant that ISPs can sell personalised information if they want?
Brian T. Nakamoto
Congress has sent to POTUS (whose administration has endorsed passage) a complete repeal of FCC rules “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” (81 Fed. Reg. 87274), which would’ve started going into effect this year. “The rules require carriers to provide privacy notices that clearly and accurately inform customers; obtain opt-in or opt-out customer approval to use and share sensitive or non-sensitive customer proprietary information, respectively; take reasonable measures to secure customer proprietary information; provide notification to customers, the Commission, and law enforcement in the event of data breaches that could result in harm; not condition provision of service on the surrender of privacy rights; and provide heightened notice and obtain affirmative consent when offering financial incentives in exchange for the right to use a customer’s confidential information.”
abandonthepast
“Firs[t], the idea that individuals can waltz right in and purchase de-anonymized internet data on politicians, CEOs or anybody else is flat-out wrong.” – No shit that is the entire point of doing this, to make a statement to those that passed the law to show how invasive this truly is.
Will
I think maybe you missed the point of what Lisa was saying. Buying the browsing data of an individual is not possible. You can only buy data in aggregate populations as she illustrates toward the end. Thus, these individuals are collecting money for something that isn’t possible.
Max
With “flat-out wrong” they didn’t mean it as “the wrong thing to do”, they meant it as “not true”. They aren’t saying an individual shouldn’t purchase de-anonymized internet data on anyone. They are saying it is not possible to do so, even with the bill.
Adam
I don’t fully understand all the details, but it seems the Obama Administration made it so that the FCC had the power to protect consumers from ISPs selling their data without their explicit permission, but the current Administration (or at least the current Congress, anyway) has reversed that, and also passed a law preventing the FCC from enacting any similar protections in the future.
Pingu
So presumably you could buy “advertising clicks” that would be likely to put say an ACLU advert (or something more specific) in front of anyone based in Washington who is a male lawyer and who has recently visited Republican Websites and who reads every one of Trump’s twits?
Danny Agro
More power to their elbow say I.
Steve
It doesn’t matter that this sort of effort won’t accomplish anything. It’s all purely a political show.
The hypocrisy is astounding. It’s wrong to allow an ISP to share your (anonymized!) data, but it’s perfectly okay to share private personal data about specific individuals *and their families*?!
How about considering the argument that the objectives of these GoFundMe operations are JUST PLAIN WRONG? My Mother taught me that “two wrongs don’t make a right”. Sadly, she’s gone now, and apparently so is that concept.
Wilderness
If the information is anonymized to that extent, why is everyone so pissed off about it in the first place?
Max
I’d say the big question is how anonymized is this data, and how anonymized does it have to be? It’s ok that they know it was a male from Texas, looking for some cow related stuff. Is it ok to know it’s a 32 year old man from a specific district of Dallas looking to buy a specific cow at a specific time? At what point is the data to specific? Is it enough as long as the actual name of the person is not directly included, even if there are easy ways to get back to that name through combination of different “anonymized” data? Facebook, Twitter, or other social media should make it pretty easy.
BT
Adam’s GoFundME says if it doesn’t succeed that the funds will go to the EFF. Noticed this on Friday of last week but he may have added it after this article was posted. Is there any actual guidelines for how anonymized the content has to still be? Or is that part purely left up to whatever the ISP’s want to do?
Max
That would be my biggest issue as well. If they take away any regulation of the FCC, and any power of the FCC to enforce such consumer protections in the future, what stops ISPs from just outright selling user data that isn’t (properly) anonymized? Advertisers might not care about who you are specifically as long as they can target an ad for you, at you. But insurance companies for example might care a lot who you are and what your internet history says about you. Not to mention any people with malicious intent. As long as there is someone willing to pay for it, if no regulations stop ISPs from (collecting and) selling your personal data, they will do exactly that.
None
The real question is, will the data advertisers can buy contain IP addresses? If they do, sending phishing emails to politicians with unique identifier links on them is trivial. So you would know IP address 169.169.10.10 looks at porn (from the data you bought) and Paul Ryan’s IP address is 169.169.10.10 from him clicking on your email. BAM Paul Ryan looks at porn.