ISPs Claim a Privacy Law Would Weaken Online Security, Increase Pop-Ups

An anonymous reader quotes a report from Ars Technica: The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers. AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service." The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer's personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

Re: Bogus

[Anonymous Coward]

These companies are too big for the truth... they have been making money by selling their customers private info while charging same customers for the privilege.

Together with abolishing net neutrality they will be triple dipping... the customer, the marketers, and the sites that pay the bribe to be throttled less than the competition.

Re: Bogus

[Anonymous Coward]

5x dipping. They often recive government subsidies as well.

Re: Bogus

[carlos_danger]

At&t and Google fiber are the worst at this, selling as much data as they can to advertisers. I expect this law to result in At&T raising prices and Google fiber leaving the state.

Browsers could remove popup support.

[Anonymous Coward]

If web browsers removed the code that implements popups, then it would be far less likely that they show up, regardless of what privacy laws are in place.

Re:Browsers could remove popup support.

[LinuxIsGarbage]

If web browsers removed the code that implements popups, then it would be far less likely that they show up, regardless of what privacy laws are in place.

Modern Web Browsers have Popup blockers that block standard HTML popups, giving indication that a popup was blocked, with options to create an exception. However they still seem to allow popups created by other means (JavaScript, HTML5, etc). The result seems to be annoying popups still show up, but useful popups from a legacy application are blocked.

Re:

[ShanghaiBill]

Modern Web Browsers have Popup blockers that block standard HTML popups, giving indication that a popup was blocked, with options to create an exception.

That works well. I get popup alerts from my bank, letting me know my session is about to expire, but only because I have specifically enabled those. I never see unexpected popups from other sites.

However they still seem to allow popups created by other means (JavaScript, HTML5, etc).

Those are not real popups. They don't appear in a separate window, they have no ability to grab the focus from other tabs, and they are easy to ignore.

Re:Browsers could remove popup support.

[radams217]

Javascript Popups are not easier to ignore. They are much more invasive when you want to read an article or not have to mute your sound. The websites that do the follow me as a scroll video ads need to die a slow death.

Re:

[Anonymous Coward]

Those are not real popups. They don't appear in a separate window, they have no ability to grab the focus from other tabs, and they are easy to ignore.

I work in porn, those are called pop-unders and they make a lot of money to my boss, more than good old popups. They all pop in a new window and they're all annoying.

I wish browser vendors would just disable new windows unless I ^n it explicitely.

Re:

[Cederic]

They all pop in a new window

Those are not what he's referring to.

I wish browser vendors would just disable new windows unless I ^n it explicitely.

That's what popup blockers achieve. Your pop-under windows are blocked by those too.

Re:

[ShanghaiBill]

They all pop in a new window and they're all annoying.

I don't believe you. Can you provide a link to a page that does this?

I use Chrome. I NEVER see a popup in a new window except for the one site (my bank) where I have explicitly enabled it.

Re:

[fustakrakich]

Then the ISP will simply redirect.

What they meant

[sit1963nz]

" Privacy laws directly attack one of our income streams, our ability to collect, store, and sell your personal information"

Re: What they meant

[easyTree]

...which is why we are uncharacteristically unified.

Re:What they meant

[Altrag]

Basically yes, and they're implying that if you remove that income stream, they'll just go ahead and implement something even worse to be a new income stream.

Of course, that leaves out the little tidbit that if they could actually use all those popups and shit as a revenue stream, they would already be doing it. Its not like ISPs are known to be terribly scrupulous.

Re:

[Altrag]

Hm.. I didn't consider that. Looks like there's a paragraph way down TFA mentioning the possibility but yikes. If they went that route they'd be really asking for a battle as "showing the opt-in box continuously until the user clicks yes" is not really any different from being opted in automatically. What's the point of a "no" button if it does effectively nothing? Essentially they'd be 100% violating the spirit of the new law.

Re:

[JohnFen]

Essentially they'd be 100% violating the spirit of the new law.

These people don't give two shits about the "spirit" of any laws. They view laws as things to be worked around.

Re:

[Altrag]

The companies might not, but lawmakers and judges certainly do. If lawmakers spend a bunch of time and effort coming up with a law and the first thing you do is skirt it, they're going to patch it up pretty quick. Its one thing when someone finds a loophole down the line, or there's a loophole intentionally left in.. its quite another to be blatantly flagrant about it.

Judges also tend to be pretty pissy about things like that (even moreso than the lawmakers lately it feels like,) so if it ended up in cour

Re:

[Big Hairy Ian]

Remember to marketers you are the product what they sell is you!

Re:

[syn3rg]

"That's a nice Internet experience you have there. It'd be a shame if something happened to it..."

Perfect Opportunity.

[sexconker]

This is the perfect opportunity for that one AC to come along and say "ISPs can suck my DAMN balls!".

Re:Perfect Opportunity.

[MightyMartian]

Would you actually want their lips on your testicles?
  I think I'd rather get it done by ten dollar prostitute with cold sores, she'd be cleaner.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[sexconker]

I miss the app apping APPER. APPS!!! ac.

LUDDITES

Re:

[sconeu]

Sigh.... I miss the old time trolls, like OOG the Internet Caveman, The Glorious MEEPT!, The "IF I EVER MEET YOU I WILL KICK YOUR ASS" guy....

Oh my god!

[Opportunist]

I had no idea what saint my ISP is. Just think how many ads and how much spam you'd get if they did NOT sell your personal information to advertisers and spammers.

Re:

[Ichijo]

Protecting "us" from "them" is the same argument the GOP makes for voter ID laws [dailykos.com].

Re:

[Opportunist]

Me? Yes.

Millions of people using Facebook? Well...

It's a nightmare in Canada with Privacy

[WillAffleckUW]

In Canada, the Canadian Constitution mandates Privacy.

People spend years handling the privacy popups required.

Oh. Wait. They don't. They just say "No" once and then the ads can't steal their info.

Hmmm.

Re:

[WillAffleckUW]

Blanket? NORAD just admitted they won't do anything.

You're welcome for the satellites that keep you safe.

Re:

[WillAffleckUW]

And you are welcome for not having to spend money on defense since your cousins down here do it for you.

I'm a veteran. "Spend money on defense"?

Privacy is a Constitutional Right. It doesn't end at the border. And I kept your "cousins" safe.

Re:

[ShanghaiBill]

You're welcome for the US blanket of protection you live under.

Please provide a list of countries that would attack Canada if not for American protection.

Some factoids to help you prepare your list:
Canada's GDP: 1.53 T USD
Russia's GDP: 1.28 T USD

Do what now?

[PopeRatzo]

Privacy laws will also cause you to become sterile. You can look it up.

Well done, ISP lobbyists!

[llamalad]

As a direct result of your efforts, I just clicked over to the EFF site to sign up to do recurring monthly donations to them.

I've had a vague intention to do so for a while, but thanks much for pushing me into action.

Why oh why

[Anonymous Coward]

Seriously, why are ISPs in the US seems to treat everyone like they are god damn morons?
This kind of BS wouldn't even make it in the news in other countries, they wouldn't try to do this shit to begin.

Re: Why oh why

[Anonymous Coward]

Because you ain't gonna do anything about it you cuck.

Popup concern?

[mysidia]

The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing ....

In addition to REQUIRING customers' permission, I suggest they add the following to the law:

• For the purposes of this act; specific permission MUST be obtained from the customer IN WRITING with the customer's official signature EACH time their history information or private details are to be shared, sold, or used for any purpose not directly essential to providing that customer's broadband service or resolving abuse complaints due to customer's activity. Non-written forms such as a verbal direction or acknowledging a "Click-Through Agreement" may not be used to obtain permission.
• Customer's permission to share information SHALL NOT be required as a condition to purchase or renew subscription to any broadband, or internet access services.
• Service providers SHALL NOT interfere with network access or delivery of purchased services in any way order to request or wait for permission.

Re:Popup concern?

[RLaager]

At that point, it is effectively a ban on sharing. I assume that is what you want. It is what I want, and I am a manager at a small ISP (not in California). We should just enact an outright ban.

This sort of thing was not allowed in telephone, as far as I know. I see no reason it should be different for Internet.

Re:

[Anonymous Coward]

I agree. Internet should be handled like telephone or the post. Unless there is a court order it should be illegal for anyone other than the recipient to interpret anything but the IP header.

Re:

[mysidia]

At that point, it is effectively a ban on sharing.

Exactly, because any required "Consent" is going to be obtained surreptitiously or through coercion, or annoying end users;
the providers simply cannot be trusted, and sharing/selling for an additional marketing revenue stream should just be banned, EXCEPT possibly if the customer
voluntarily opts to purchase an additional service completely separate and not bundled with the broadband,
where sharing may be technically necessary to provide the separate ser

HAHAHA

[XSportSeeker]

These fuckers... they really think people are idiots to beliebe in such outlandish claims.
WE NEED TO COLLECT YOUR DATA AND SELL IT FOR YOUR PRIVACY AND SECURITY

What's next? We need to double the price or your current plan because that prevents you from wasting it all on booze and drugs?

Re:

[Xyrus]

Well, we elected Trump. They figure with a bar that low they can do just about whatever they want.

Pop-ups and EULAs

[thereitis]

This claim is a lie too, and we have no idea how any rational person could read A.B. 375 and think “maybe that will mean more pop-ups.” The best we can come up with is that since A.B. 375 would require Internet providers to get your consent before sharing your data, maybe they think that if they constantly pester people with pop-ups, they’ll succeed in wearing people down until they give their consent. If that’s really what Comcast and Verizon are implying, then lawmakers should understand the claim for what it really is: a threat to hold consumers hostage in the fight for online privacy. As with Lie #1, if big Internet providers have a better explanation, we challenge them to provide it publicly.

Regarding pop-ups, IMO the whole "click to agree to this legally binding document" idea should be rethought. It's far too easy to embed all sorts of nasty stuff in EULA's and most people can't fully understand the implications even if they do take the time to skim/read through it.

That would be like programmers saying: hey, read through the source code at this github address and if you click I Agree, then you are declaring you are ok with whatever the code is doing with your system/data, for better or worse. You don't understand it? Ah well, too bad. Hire a programmer to try and figure it out.

The right to privacy and security should be inalienable rights, impervious to click-wrap agreements.

In the words of the great Capt. Picard: Dafuq?

[sandbagger]

Why is this the dilemma presented. We get user privacy at the cost of a parade of pop up windows. Really? Maaaaaybe you could decide to not spam your customers with popup windows.

This is how bullies talk: don't make me hurt you!

The sooner ISPs become regulated as utilities, the better.

Re:

[Anonymous Coward]

... don't make me hurt you!

... It's your fault for disobeying your corporate masters. Why are you spamming yourself? Why are you spamming yourself?

Pop ups?

[thegreatbob]

People still use those for advertising? I haven't seen one on my own machines in 10+ years.

Re:

[thegreatbob]

(Hyperbolic of course, one gets through every now and again.. but almost always when the script/other condition that allows it to happen are hosted on the same site)

decentralization and VPNs are amazing tech

[Anonymous Coward]

We should all assume our internet connections are being monitored by our ISPs because they can't be trusted. This is where VPNs come into play because unlike the monopolies why rely on to get online we do have a choice which service providers take our privacy seriously. I've got a few I'd put some level of trust in, like ThinkPenguin's VPN wifi router produce + VPN service and Private Internet Access. Both have demonstrated a genuine concern. On the other hand most other VPN providers I wouldn't trust as fa

Re:

[JohnFen]

It's just moving the trust issue to another company. On the other hand, any random VPN provider has a higher chance of treating your data with a modicum of respect than any of the major ISPs, so it's probably a good move.

They are absolutely right

[Erik Hensema]

Over here in Europe we've got a crazy law requiring websites to ask visitor consent before placing tracking cookies. Now all websites have popups. You can't refuse the cookies like envisioned by the privacy lobbyists when drafting the bill. You can either accept or leave the site. The law is a useless disaster doing absolutely nothing for privacy. It just annoys everybody.

Needless to say, lots of people now just use a browser plugin to just accept the cookies blindly.

Also please note this isn't a browser window popping up of course. It's an overlay over the web page.

Re:

[GuB-42]

This is the website, not the browser that's asking you.
Usually it is just a popup saying "we use cookies" with an OK button and a link to their privacy policy. There is no "refuse" option. This changed absolutely nothing to the way cookies are used and you can still configure your browser to refuse or accept them, but now you have popups.
The intention was that website would let you choose if you want cookies and adapt accordingly. As if the developers would actually spend time and money implementing a featu

Re:

[JohnFen]

Needless to say, lots of people now just use a browser plugin to just accept the cookies blindly.

Why? When I encounter those overlays, I just ignore them. But, if you're concerned about cookies, then most browsers have a "private mode" and many browsers have a self-destructing cookie add-on of some sort. Use them.

Re:

[JohnFen]

"Becoming"? We crossed that line quite a while ago. Now, they're just trying to determine what the maximally accepted level of scum is.