Consumers have every right to be disgusted by Facebook’s failure to protect consumer privacy in the wake of the Cambridge Analytica scandal. They should be just as disgusted by reports that Facebook threatened to sue media outlets for telling the truth.
But while Facebook has been on the receiving end of some heated and justified media criticism for its privacy abuses, that criticism feels detached from a broader context: namely that we’ve increasingly approved of the wholesale collection and sale of our private data without anything even vaguely resembling transparency, accountability, or oversight.
Nothing personifies this more clearly than the telecom industry, which has been gobbling up and selling consumer data on an industrial scale for the better part of the last few decades. Often with only an iota of the outrage we’ve already seen during Facebook’s latest scandal.
More than a decade ago, ISPs began hoovering up your clickstream data (data on every website you visit) and selling it with little accountability and absolutely no transparency. When press outlets back then asked ISPs about what data they were collecting, most would simply refuse to respond. And regulators (and most press outlets) saw no real problem with that.
AT&T and Verizon’s roles as extensions of the nation’s intelligence apparatus have since been well documented, and when AT&T was caught (with the help of former employee-turned whistleblower Mark Klein) helping the government spy on Americans without warrants, they simply lobbied to have the laws changed to dodge any accountability whatsoever.
Given this lucrative alliance, government willingness to rein in privacy abuses on the telecom front have been tepid at best. And this cultural, corporate and regulatory apathy to privacy abuse as a revenue stream only paved the way for even less transparency and accountability in both telecom and newer, emerging tech sectors like social media.
In telecom, this apathy has become an ever-looming problem as giant ISPs increasingly utilize more sophisticated tracking technologies like deep packet inspection to hoover up and sell not only metadata and online behavior tracked by the second, but location data that documents your daily routine in often stark, profitable detail.
And as the nation’s ISPs increasingly realized the public and regulatory punishment for privacy violations were often non-existent, they quickly began finding ever-more “creative” ways to turn your daily behavior (both online and off) into ever-expanding revenue streams.
For example, Verizon Wireless was busted in 2014 actively modifying user packets to track its customers around the internet—without telling them or giving them the ability to opt out. It took two years before security researchers even discovered what Verizon was up to, and other six months of public shaming before Verizon was willing to include an opt-out function.
The Verizon scandal ultimately culminated in a $1.3 million wrist slap by the FCC. But it didn’t really result in any substantive changes to the casual, non-transparent way ISPs often treat your data. And Verizon still uses a more powerful variant of the technology across its Oath advertising empire, the ultimate combination of its Yahoo and AOL acquisitions.
Other ISPs have similarly abused this lack of oversight and accountability, often to a comical degree.
AT&T, for example, has charged broadband users hundreds of additional dollars annually just to protect their own privacy, an idea Comcast has also considered in filings with regulators. Other ISPs, like CableOne, have publicly toyed with the idea of using private subscriber financial data to justify providing even worse customer service than they already offer.
This privacy apathy we’ve gradually cultivated has a more dramatic impact in telecom than in other sectors thanks to a lack of broadband competition. Whereas you can choose not to use Facebook, limited options mean you’re often stuck with your ISP (and its abysmal privacy practices) for the foreseeable future.
Realizing that the broadband industry was starting to run amok on privacy, the FCC under former boss Tom Wheeler proposed implementing some fairly basic privacy rules last year. Under Wheeler’s proposal, ISPs would have to transparently reveal what data was being collected and sold, and provide users with working opt out tools.
But thanks to their profound control over cash-compromised lawmakers, large ISPs like AT&T, Verizon and Comcast convinced loyal allies in Congress to kill the rules before they could take effect. And when states like California responded by trying to pass their own privacy rules, large ISPs worked in concert with Google to mislead lawmakers and scuttle the proposal.
That included ISPs and Google telling California lawmakers that privacy protections would encourage extremism, harm children, and somehow increase popups on the internet. The scuttling of such protections barely registered as a blip among the nation’s tech outlets, and we’ve since moved on to gutting other popular consumer protections (like net neutrality).
None of this is to say users shouldn’t be outraged by Facebook’s behavior. But such casual treatment of consumer data doesn’t occur in a vacuum, and entrenched telecom duopolies and collective, systemic apathy paved the way toward casual, non-transparent abuse of private consumer data becoming the gold standard in the quest for fatter revenues.
So if you’re going to be angry with Facebook’s casual disregard of your privacy, you should be absolutely livid when it comes to your ISP.
Correction: This article has been corrected to remove Comcast's name from a reference to consumer data collection. Comcast said in a statement that it does not sell consumer browsing data: "We don’t collect ‘clickstream data’ from the websites our broadband customers visit, nor have we ever sold that information."